ࡱ> U**)))))))))))))))))))))))))))))))))))))))))))********* * * * * ******************* *!*"*#*$*%*&*'*(*)* g2ɀ\p Sain, Joe Ba=@rstdjc@qlpomnkD8uvw\4h6fgie=b18X@"1Arial1Arial1Arial1Arial1Arial1Arial1Arial1Arial1Arial1Arial1Arial1Verdana1Arial10Arial Unicode MS1 Arial10Arial Unicode MS1 Arial1Arial1Arial1Calibri1Calibri1Arial1Arial1Calibri1Arial1Calibri1(Arial1Arial1 Arial1Arial14Arial1 Arial1Calibri1Arial1Arial1,8Arial18Arial18Arial1>Arial14Arial1<Arial1Calibri1Calibri1?Arial1h8Cambria1Arial1 Arial1Arial1Arial1Calibri1Arial1Arial1 Arial1<Calibri1Calibri1Arial1 Arial18Arial1?Arial1Arial1Arial1Tahoma"$"#,##0_);\("$"#,##0\)!"$"#,##0_);[Red]\("$"#,##0\)""$"#,##0.00_);\("$"#,##0.00\)'""$"#,##0.00_);[Red]\("$"#,##0.00\)7*2_("$"* #,##0_);_("$"* \(#,##0\);_("$"* "-"_);_(@_).))_(* #,##0_);_(* \(#,##0\);_(* "-"_);_(@_)?,:_("$"* #,##0.00_);_("$"* \(#,##0.00\);_("$"* "-"??_);_(@_)6+1_(* #,##0.00_);_(* \(#,##0.00\);_(* "-"??_);_(@_)[$-409]General                                                                      (  (     ff + ) , * ! " #  $ P % P &  &   5 5 '   ( `  (d  (d  (d  (d  (d  (d  (d  (d  (d  (d  (d  1(d  1(d  1(d  1(d  1(d  1(d  1(d  1(d  1(d  1(d  1(d  1(d  1(d  1(d  1(d  1(d  1(d  1(d  1(d  1(d  1(d  1(d  1(d  1(d  1(d  1(d  1(d  1(d  1(d  1(d  1(d  1(d  1(d  1(d  1(d  1(d  1(d  1(d  1(d  1(d  1(d  1(d  1(d  1(d  1(d  1(d  1(d  1(d  1(d  1(d  1(d  1(d  1(d  1(d  (d  (d  (d  (d  (d  (d  (d  (d  (d  (d  (d  (d  (d  (d  (d  (d  (d  (d  (d  (d  (d  (d  (d  (d  (d  (d  (d  (d  (d  (d  (d  (d  (d  (d  (d  (d  (d  (d  (d  (d  (d  (d ( )  )  6                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                *             (   (                   +                 ,    - . a> / )x  (<   (x  (8  (4  (p (x (0  x  8  x x 8  (p  (8  (x  (8  (x (p-  x-  (8   (8  x/  p/  (p(  x/  x(  (x/  )x/  )|/   )x  (x  (x  (|  (|  (p  (x7  (p  (x  (p  x  x 1 \7  x  x  (x@ @   (x@ @   (x 1 (|@ @ 7  x@ @   X   (x  (t  (x  (x  x  x  (|  (p7  x (x (x (x  x  (x 1 \7  (x@ @  1 (|@ @ 7 1 (|@ @ 7 1 (|@ @ 7 (0@ @  0(8@ @  18@ @  1x@ @  1x@ @  1x@ @  .(8@ @   x@ @  (<@ @  )x )x@ @   (x@ @  (|@ @  (|@ @  (x@ @  (x@ @  (8@ @   (|@ @  x@ @  8@ @  x@ @  8@ @   )8@ @   )x@ @  (x@ @   )x@ @   (x@ @   (x3  (x2  x3  x2  )x )x )x )x  (0@ @  @ @  (@ @  (  (4@ @ +)0@ @  +)p@ @  +)p@ @  )x@ @  )x@ @  )8@ @  )8@ @ +0@ @  x@ @  x@ @  8@ @ 2)8@ @  )0@ @   @ .)8@ @  )x@ @  0)8@ @  31)@ @  41)@ @  1)@ @  31)x@ @  41)x@ @  )p@ @  )x@ @ + @ @  + `@ @  + `@ @  x@ @  !8@ @ q)8@ @ !y)@ @ 1)|@ @ .р)8@ @  р)8@ @  р)x@ @  р)x@ @ 2 1x@ @  (8@ @  (p@ @  (  q(x@ @ q(x@ @    (8@ @  (x@ @ (x@ @   (<  )8@ @  8@ @  0@ @  x@ @ 1 |@ @  x@ @  )x@ @ 1 )|@ @ 1 )t@ @  )8@ @ 3Q )|@ @  1 )|@ @ 4Q )|@ @  8@ @   (@ @   (x  (x x/  (x( (8@ @ x@ @ >   (x@ @   (<@ @  (p@ @    (8@ @  (p@ @ +  p@ @ +  x@ @   x@ @   x@ @ +  x@ @   (x@ @ +  (x@ @   (x@ @   (p@ @  (<@ @   (x@ @ + . (|@ @ +  )p@ @   (<@ @   (x@ @   p@ @  (x@ @   (t@ @  (x@ @  (t@ @  (x@ @   (p@ @ >  (x@ @ >  8@ @   (x@ @ +   (x@ @ +  x@ @ +   x@ @  (|@ @  1Q (|@ @  Q (|@ @ Q (|@ @ >   )x@ @   )4@ @  !8@ @  )<@ @   )<@ @  )t@ @  )x@ @    )<@ @ р)x  )<  )<  !8  )x3  )x2   )<  )8   )x  )|  !x   (x@ @   (x@ @ + (@ @ + у(x@ @  )x(  !x/   )x/   !8  !8  )x  )x  P (p@ @  .(x@ @  (x@ @  (p@    (p@  (8@ @  )0@ @  )p1 !t@ @ 2  !0@ @ 1 !|@ @ 2  (8@ @  (p@ @  x@ @ 2   x@ @   !8@ @  )p@ @ 1 )t@ @ 2  p@ @  0@ @ 1 t@ @ 2  )x@ @   )x@ @   )x 1 )|@ @ 7  )p  )x  !x@ @   !X  )x  !x@ @   )8@ @  (x@ @ 1 |@ @  x@ @  )x )x )x !x  )p   )x  )t  )x@ @   )x@ @  1 )|@ @ 7  (p@ @   (p@ @ 7  (p@ @   x@ @   x@ @  )x@ @  )x@ @  )x@ @  )x@ @  !x@ @   )p@ @   )p@ @    (x  (4   (8  )8@ @   )8@ @   8@ @ (8@ @ (x@ @  + p@ @  + 0@ @  (x@ @  + p@ @   )x-  !x )x  )x )p-  x@ @  Q )|@ @ (|@ @  Q )|@ @ Q )|@ @ Q )|@ @ > (|@ @ (x@ @  (x@ @  (x@ @   h@ @ > (x@ @ > (<@ @   (x@ @   Q (|@ @ Q (|@ @ Q (|@ @ Q (<@ @  1Q (|@ @ 1(|@ @  (p>  (x  (|   (x  )x Q )|> Q )| )x (|  Q )| Q )| (x>  )x  !x )x- !x )x )x  )x !x Q |> x(8@ @ )8@ @ (8@ @ (x@ @ > (x@ @  (x@ @ 2  (@ @   (@ @  (@ @ р( A(|@ @   (x@ @  (x @  1Q (|@ @ A(|@ @  (x@ @ A(8@ @  A&(8@ @  (x@ @  (x@ @  (8@ @ A&(x@ @ 8@ @  (@ @  (x*  (x-  (p  (p 1 (|@ @   (x 1 (|@ @  1 (|@ @  (x Q p@ @ Q 0@ @ 1Q t@ @  (x@ @   (@  (@ (x@   (x@ (x@ 2 (x@   Q (|@ >(x@ > (x@  (8@ 8Q@ @ xQ@ @   xQ@ @ xQ@ @ 2 xQ@ @  xQ@ @ > xQ@ @  8Q@ @ .р(8 @   8 @   )8@  )8@  )x@  (x 1(@  ( (-  (x*  (p  xQ  xQ  xQ 1 |Q  xQ  xQ-  xQ*  xQ )x )8 )x  H " )x  8 5)p  x  (P )x )x )x )8  8 8 8 xQ@ @  xQ@ @  xQ@ @   hQ@ @  8Q@ @ )8  (p  (p   (|   (x  (p (p   (|   (x  (p (p  )p@ @    )|@ @   )x@ @   )p@ @   )|@ @  *р(p@ @  *р(0@ @  7р  )|@ @   )p@ @   )t@ @  *р(P р(x@ @   )t@ @   (p  )p@   )p@   )t@   )t@   )4@  xQ  xQ  |Q  8Q  (pQ xQ +)p@ @ - )x@ @ *р(p@ @ - 8@ @ x@ @ - !y !yH !yH- !y !y  !y !yh@ @  !y|@ @ - !yh@ @ - !y|@ @  !y)|@ @ !y)|@ @   !y 8@ @ !y)|@ @  !y)|@ @ !y(|@ @ - !y(|@ @  /!y)|@ @  !y(8@ @ !y)|@ @  !y(|@ @  :!y(|@ @  ;!y(x@ @  !y(x@ @  !y(|@ @ - !yX !y|@   !y|@ @ - <!y|@ @  !y|@ @  (x  (p- !y  !y P- !y P1  !y  !y  !y  !y x@ @ - !y(|@ @ 1 !y(8@ @  !y)|@ @  !yX !y|@ @ 1 )x   )x  (p  h )8  8  x )8  h  (0 )8  8 8 x@ @   h@ @  8@ @  @ )x   (  )8   x  h 8  (@ @  @-  @7 p- )x- )x7 =(|- x- x7 )x )x- )x- )x (x  h (| (x )x  `@ @    (@ @    (@ @  )8 x- x x  @ @  `@ @ - )x@ @  )8@ @ )8@ @  @/  @ )x/ )x (8  ( 8 5)x x/ x  `@ @ /  `@ @  )x. )x )x/ )x. )x )x/  @ )x. (p/ (p )x  (p x. x x/ )x )x7 )x )x7 )x (0 (p (p7 )x 5)p )x7 (x.  (p x *р(p || }(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}<} 00\);_(*ef_)?_);_(}<} 00\);_(*ef_)?_);_(}<} 00\);_(*ef_)?_);_(}<} 00\);_(*ef_)?_);_(}<} 00\);_(*ef_)?_);_(}<} 00\);_(*ef _)?_);_(}<} 00\);_(*L_)?_);_(}<} 00\);_(*L_)?_);_(}<} 00\);_(*L_)?_);_(}<} 00\);_(*L_)?_);_(}<} 00\);_(*L_)?_);_(}<} 00\);_(*L _)?_);_(}<} 00\);_(*23_)?_);_(}<} 00\);_(*23_)?_);_(}<} 00\);_(*23_)?_);_(}<} 00\);_(*23_)?_);_(}<}  00\);_(*23_)?_);_(}<}! 00\);_(*23 _)?_);_(}<}" 00\);_(*_)?_);_(}<}# 00\);_(*_)?_);_(}<}$ 00\);_(*_)?_);_(}<}% 00\);_(*_)?_);_(}<}& 00\);_(*_)?_);_(}<}' 00\);_(* _)?_);_(}<}( 00\);_(* _)?_);_(}<}) 00\);_(*_)?_);_(}<}* 00\);_(*_)?_);_(}(}+00\);_(*}}- }00\);_(*_)?_);_(   }}. 00\);_(*_)?_);_(??? ??? ??? ???}(}/ 00\);_(*}(}0 00\);_(*}(}1 00\);_(*}(}2 00\);_(*}(}3 00\);_(*}(}4 00\);_(*}<}5 a00\);_(*_)?_);_(}<}6 00\);_(*_)?_);_(}<}7 00\);_(*?_)?_);_(}<}8 00\);_(*23_)?_);_(}(}9 00\);_(*}}> ??v00\);_(*̙_)?_);_(   }<}? }00\);_(*_)?_);_(}<} e00\);_(*_)?_);_(}<} e00\);_(*_)?_);_(}(}M 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(}0 00\);_(*}(}2 00\);_(*}(}3 00\);_(*}(}4 00\);_(*}(}5 00\);_(*}(}6 00\);_(*}(}7 00\);_(*}(}8 00\);_(*}(}9 00\);_(*}(}: 00\);_(*}(}; 00\);_(*}(}= 00\);_(*}(}> 00\);_(*}(}? 00\);_(*}(}@ 00\);_(*}(}A 00\);_(*}(}B 00\);_(*}(}C 00\);_(*}(}D 00\);_(*}(}E 00\);_(*}(}F 00\);_(*}(}H 00\);_(*}(}I 00\);_(*}(}J 00\);_(*}(}K 00\);_(*}(}L 00\);_(*}(}M 00\);_(*}(}N 00\);_(*}(}O 00\);_(*}(}P 00\);_(*}(}Q 00\);_(*}(}S 00\);_(*}(}T 00\);_(*}(}U 00\);_(*}(}V 00\);_(*}(}W 00\);_(*}(}X 00\);_(*}(}Y 00\);_(*}(}Z 00\);_(*}(}[ 00\);_(*}(}\ 00\);_(*}(}^ 00\);_(*}(}_ 00\);_(*}(}` 00\);_(*}(}a 00\);_(*}(}b 00\);_(*}(}c 00\);_(*}(}d 00\);_(*}(}e 00\);_(*}(}f 00\);_(*}(}g 00\);_(*}(}i 00\);_(*}(}j 00\);_(*}(}k 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(}  00\);_(*}(}  00\);_(*}(}  00\);_(*}(}  00\);_(*}-}  00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}}0}}9 00\);_(*_)?_);_(   }}: 00\);_(*_)?_);_(   }}; ???00\);_(*_)?_);_(??? ??? ??? ???}(}< 00\);_(*}-}> 00\);_(*}P}? 00\);_(*_)?_);_( }(}@ 00\);_(*}(}Y00\);_(*}(}[00\);_(*}x}a00\);_(*_)?_);_(  }x}b00\);_(*_)?_);_(  }x}c00\);_(*_)?_);_(  }x}d00\);_(*_)?_);_(  }x}e00\);_(*_)?_);_(  }x}f00\);_(*_)?_);_(  }x}g00\);_(*_)?_);_(  }d}h00\);_(*_)?_);_(   }x}i00\);_(*_)?_);_(  }x}j00\);_(*_)?_);_(  }(}k00\);_(*}x}l00\);_(*_)?_);_(  }d}m00\);_(*_)?_);_(   }(}n00\);_(*}(}o00\);_(*}x}p00\);_(*_)?_);_(  }(}q00\);_(*}(}r00\);_(*}(}s00\);_(*}x}t00\);_(*_)?_);_(  }d}u00\);_(*_)?_);_(   }x}v >00\);_(*_)?_);_(  }x}w00\);_(*_)?_);_(  }x}x >00\);_(*_)?_);_(  }x}y00\);_(*_)?_);_(  }d}z00\);_(*_)?_);_(   }x}{00\);_(*_)?_);_(  }d}|00\);_(*_)?_);_(   }x}}00\);_(*_)?_);_(  }x}~00\);_(*_)?_);_(  }x}00\);_(*_)?_);_(  }x}00\);_(*_)?_);_(  }d}00\);_(*_)?_);_(   }(}00\);_(*}(}00\);_(*}(}00\);_(*}(}00\);_(*}(}00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}<} 00\);_(*_)?_);_(}<} 00\);_(*_)?_);_(}<} 00\);_(*_)?_);_(}(} 00\);_(*}(}00\);_(*}(}P00\);_(*}(}00\);_(*}(}P00\);_(*}}}-}_(*}-}_(*}(}_(*}(}_(*}}}(}_(*}(}_(*}}}(} _(*}<} _(*_)?_);_(}(} _(*}(}_(*}(} _(*}(} _(*}(} _(*}(} _(*}(} _(*}(} _(*}}}-}_(*}-}_(*}(}_(*}(} _(*}(} _(*}<} _(*_)?_);_(}<} _(*_)?_);_(}(} _(*}(} _(*}<} _(*_)?_);_(}(} _(*}(}_(*}(} _(*}(} _(*}d}_(*_)?_);_(   }(}_(*}(}_(*}(} _(*}(} _(*}(} _(*}(} _(*}(}_(*}(}O_(*}(}_(*}(}_(*}(}_(*}(}_(*}(}_(*}(}_(*}(}_(*}(}_(*}(}_(*}(}_(*}(}_(*}(} _(*}(} _(*}(} _(*}(} _(*}(} _(*}(} _(*}(} O_(*}(} O_(*}(} _(*}(} _(*}(} _(*}t} `V@?}}  V@`V@?}t} `V@?}<} OV@ef}(} OV@}(} V@}(} V@}d}# V@  }(}$ V@}(}% PV@}d}* V@  }(}+ V@}(}, V@}(}- V@}(}/ V@}<}6  V@}(}7  V@}(}8  V@}(}9 V@}(}:  V@}(};  V@}(}<  V@}(}E PV@}(}M V@}(}N V@}x}O V@  }(}P V@}x}Q V@  }x}R V@  }(}S V@}(}T V@}x}U V@  }(}V V@}(}X V@}(}Z V@}x}[ V@  }x}\ V@  }x}] V@  }x}^ V@  }x}_ V@  }x}` V@  }d}a V@  }(}b V@}(}c V@}(}d V@}(}e V@}(}f V@}(}g V@}(}h V@}(}j V@}(}k V@}(}l V@}(}m V@}(}n V@}(}o V@}(}p V@}(}x V@}-}y }}z }(}{ }-}| }(}  }<} ef}(} }<}  }<}  }<}  }<}  O}<}  O}(}  }t} `V@?}<} efV@ef}(} V@}(} V@}(} V@}(} V@}(}  V@}(}  V@}<} V@ef}(} V@}(} V@}(}  V@}(}  V@}(} V@}(}  V@}<} V@}(} V@}(} OV@}(} V@}(} V@}(}  V@}}  V@`V@?}t} `V@?}<} V@ef}P}  V@ef}<} V@ef}(}  V@}(}  V@}(} V@}x} efV@  }x} efV@  }x} efV@  }x} V@  }(} V@}x} efV@  }(} V@}(} V@}x} efV@  }(} V@}(} V@}(} V@}(} V@}(} V@}<} OV@}(} OV@}(} V@}(} V@}(} V@}(} OV@}(} V@}(}  V@}d} V@  }(} V@}d} efV@  }d} efV@  }d} efV@  }P} V@  }x} V@  }d} V@  }x} V@  }P} V@}x} efV@  }x} efV@  }x} efV@  }d} V@  }(} cXV@}(} V@}(} LV@}(}<  V@}<}   V@}A} eV@ }(} V@}(} cXV@}(} LV@}(} V@}(} cXV@}(} LV@}(} V@}(} cXV@}(} LV@}(} V@}(} V@}(} V@}(} LV@}(} V@}(} V@}(} V@}(} cXV@}(} LV@}(} V@}(} V@}(} V@}(} V@}A}  V@cX }-}  V@}-}  V@}(} V@}(} V@}(}! V@}A}"  V@cX }(}# cXV@}(}$ V@}(}% cXV@}(}& LV@}(}' V@}(}( V@}(}) V@}(}+ cXV@}(}, LV@}(}- V@}(}/ V@}-}1 |}A}3  || }(}5 ||}(}7 |}(}8 ||}(}< |}(}= ||}(}> ||}(}? |}<}A  ||}(}C |}(}E ||}(}F |}(}G  |}(}I |}(}J |}<}K  ||}<}L  """||}(}M |}(}N ||}<}P ||}(}Q ||}<}R   h||}x}T ||  }x}U |||  }(}W ||}(}X |}(}\ ||}(}] |}(}^  |}(}_  |}(}a |}(}b |}(}d |}(}e |}(}p |}(}s |}(}t |}(}x |}(}| ||}(}} |}(}~ ||}(} ||}(} |}(} ||}(} ||}(} |}(} |}(} ||}(} ||}(} |}(} |}(} |}(} |}(} |}(} |}(} ||}(} |}(} |}(} ||}(} |}(} ef |}(} 23|}(} ef |}(} 23|}(}=  |}<}   |23|}(} ef |}(} 23|}(} ef |}(} 23|}(} L|}(} 23|}(} ef |}(} L|}(} 23|}(} ef |}(} L|}(} ef |}(} 23|}(} 23|}(} 23|}(} L|}(} 23|}(} ef |}(} L|}(} |}(} L|}(} |}(} L|}(} L|}(} |}(} L|}<}   |L|}(} |}(} L|}(} L|}(} L|}A}  |cX 20% - Accent1H 20% - Accent1 ef  20% - Accent2H" 20% - Accent2 ef  20% - Accent3H& 20% - Accent3 ef  20% - Accent4H* 20% - Accent4 ef  20% - Accent5H. 20% - Accent5 ef  20% - Accent6H2 20% - Accent6  ef  40% - Accent1H 40% - Accent1 L  40% - Accent2H# 40% - Accent2 L渷  40% - Accent3H' 40% - Accent3 L  40% - Accent4H+ 40% - Accent4 L  40% - Accent5H/ 40% - Accent5 L  40% - Accent6H3 40% - Accent6  Lմ  60% - Accent1H 60% - Accent1 23  60% - Accent2H$ 60% - Accent2 23ږ  60% - Accent3H( 60% - Accent3 23כ  60% - Accent4H, 60% - Accent4 23  60% - Accent5H0 60% - Accent5 23 ! 60% - Accent6H4 60% - Accent6  23  "Accent1<Accent1 O  #Accent2<!Accent2 PM  $Accent3<%Accent3 Y  %Accent4<)Accent4 d  &Accent5<-Accent5 K  'Accent6<1Accent6  F ( Accent6 2@ Accent6 2  F )Bad4Bad   *Bad 28Bad 2  +Blue Background@Blue Background  ,Bold- Calculation| Calculation  } . Check Cellz Check Cell  ????????? ???/ Comma0( Comma [0]1&Currency2. Currency [0]3Excel Built-in Normal 1PExcel Built-in Normal 1 4Explanatory TextB5Explanatory Text  5Good6Good  a6 Heading 1B Heading 1 I}O7 Heading 2B Heading 2 I}?8 Heading 3B Heading 3 I}239 Heading 44 Heading 4 I}:( Hyperlink; Hyperlink 2, Hyperlink 2< Hyperlink 38 Hyperlink 3  = Hyperlink 48 Hyperlink 4   >InputpInput ̙ ??v ? Linked CellF Linked Cell } @Mine AMine 10 BMine 11 CMine 12 DMine 13 EMine 14 FMine 15 GMine 16 HMine 17 IMine 18 JMine 19 KMine 2L Mine 2 10M Mine 2 11N Mine 2 12O Mine 2 13P Mine 2 14Q Mine 2 15R Mine 2 16S Mine 2 17T Mine 2 18U Mine 2 19 VMine 2 2W Mine 2 20X Mine 2 21Y Mine 2 22Z Mine 2 23[ Mine 2 24\ Mine 2 25] Mine 2 26^ Mine 2 27_ Mine 2 28` Mine 2 29 aMine 2 3b Mine 2 30c Mine 2 31d Mine 2 32e Mine 2 33f Mine 2 34g Mine 2 35h Mine 2 36i Mine 2 37j Mine 2 38k Mine 2 39 lMine 2 4m Mine 2 40n Mine 2 41o Mine 2 42p Mine 2 43q Mine 2 44r Mine 2 45s Mine 2 46t Mine 2 47u Mine 2 48v Mine 2 49 wMine 2 5x Mine 2 50y Mine 2 51z Mine 2 52{ Mine 2 53| Mine 2 54 }Mine 2 6 ~Mine 2 7 Mine 2 8 Mine 2 9 Mine 20 Mine 21 Mine 22 Mine 23 Mine 24 Mine 25 Mine 26 Mine 27 Mine 28 Mine 29 Mine 3 Mine 30 Mine 31 Mine 32 Mine 33 Mine 34 Mine 35 Mine 36 Mine 37 Mine 38 Mine 39 Mine 4 Mine 40 Mine 41 Mine 42 Mine 43 Mine 44 Mine 45 Mine 46 Mine 47 Mine 48 Mine 49 Mine 5 Mine 50 Mine 51 Mine 52 Mine 53 Mine 54 Mine 6 Mine 7 Mine 8 Mine 9 My Normal Neutral<Neutral  e Neutral 2@ Neutral 2  e Neutral 3E Neutral 3  e%"Normal Normal 10 Normal 10 2 Normal 109 Normal 109 2 Normal 109 3 Normal 11 Normal 110 Normal 110 2 Normal 110 3 Normal 12 Normal 127 Normal 127 2 Normal 13 Normal 135 Normal 135 2 Normal 136 Normal 136 2 Normal 137 Normal 137 2 Normal 138 Normal 138 2 Normal 139 Normal 139 2 Normal 14 Normal 140 Normal 140 2 Normal 143 Normal 143 2 Normal 144 Normal 144 2 Normal 15 Normal 16 Normal 17 Normal 178 Normal 18 Normal 19 Normal 2&Normal 2 Normal 2 10 Normal 2 10 2 Normal 2 11 Normal 2 12 Normal 2 13 Normal 2 14 Normal 2 15 Normal 2 16 Normal 2 17 Normal 2 18Normal 2 18 10Normal 2 18 10 2Normal 2 18 10 3Normal 2 18 11Normal 2 18 11 2Normal 2 18 12Normal 2 18 12 2Normal 2 18 13Normal 2 18 13 2Normal 2 18 14Normal 2 18 14 2Normal 2 18 15Normal 2 18 15 2Normal 2 18 16Normal 2 18 16 2Normal 2 18 17Normal 2 18 17 2Normal 2 18 18Normal 2 18 18 2Normal 2 18 19Normal 2 18 19 2 Normal 2 18 2Normal 2 18 20Normal 2 18 20 2Normal 2 18 21Normal 2 18 21 2Normal 2 18 22Normal 2 18 22 2Normal 2 18 23Normal 2 18 23 2Normal 2 18 24Normal 2 18 25Normal 2 18 26Normal 2 18 27 Normal 2 18 3Normal 2 18 3 2Normal 2 18 3 3 Normal 2 18 4Normal 2 18 4 2Normal 2 18 4 3 Normal 2 18 5Normal 2 18 5 2Normal 2 18 5 3  Normal 2 18 6 Normal 2 18 6 2 Normal 2 18 6 3  Normal 2 18 7 Normal 2 18 7 2Normal 2 18 7 3 Normal 2 18 8Normal 2 18 8 2Normal 2 18 8 3 Normal 2 18 9Normal 2 18 9 2Normal 2 18 9 3 Normal 2 19Normal 2 19 10Normal 2 19 10 2Normal 2 19 10 3Normal 2 19 11Normal 2 19 11 2Normal 2 19 12Normal 2 19 12 2Normal 2 19 13Normal 2 19 13 2Normal 2 19 14 Normal 2 19 14 2!Normal 2 19 15"Normal 2 19 15 2#Normal 2 19 16$Normal 2 19 16 2%Normal 2 19 17&Normal 2 19 17 2'Normal 2 19 18(Normal 2 19 18 2)Normal 2 19 19*Normal 2 19 19 2+ Normal 2 19 2,Normal 2 19 20-Normal 2 19 20 2.Normal 2 19 21/Normal 2 19 21 20Normal 2 19 221Normal 2 19 22 22Normal 2 19 233Normal 2 19 23 24Normal 2 19 245Normal 2 19 256Normal 2 19 267Normal 2 19 278 Normal 2 19 39Normal 2 19 3 2:Normal 2 19 3 3; Normal 2 19 4<Normal 2 19 4 2=Normal 2 19 4 3> Normal 2 19 5?Normal 2 19 5 2@Normal 2 19 5 3A Normal 2 19 6BNormal 2 19 6 2CNormal 2 19 6 3D Normal 2 19 7ENormal 2 19 7 2FNormal 2 19 7 3G Normal 2 19 8HNormal 2 19 8 2INormal 2 19 8 3J Normal 2 19 9KNormal 2 19 9 2LNormal 2 19 9 3M Normal 2 26 Normal 2 2 N Normal 2 2 10O Normal 2 2 11P Normal 2 2 12Q Normal 2 2 13R Normal 2 2 14S Normal 2 2 15T Normal 2 2 16U Normal 2 2 17V Normal 2 2 18W Normal 2 2 19X Normal 2 2 2YNormal 2 2 2 10ZNormal 2 2 2 10 2[Normal 2 2 2 10 3\Normal 2 2 2 11]Normal 2 2 2 11 2^Normal 2 2 2 11 3_Normal 2 2 2 12`Normal 2 2 2 12 2aNormal 2 2 2 12 3bNormal 2 2 2 13cNormal 2 2 2 13 2dNormal 2 2 2 13 3eNormal 2 2 2 14fNormal 2 2 2 14 2gNormal 2 2 2 14 3hNormal 2 2 2 15iNormal 2 2 2 15 2jNormal 2 2 2 16kNormal 2 2 2 16 2lNormal 2 2 2 17mNormal 2 2 2 17 2nNormal 2 2 2 18oNormal 2 2 2 18 2pNormal 2 2 2 19qNormal 2 2 2 2rNormal 2 2 2 20sNormal 2 2 2 21tNormal 2 2 2 22uNormal 2 2 2 23vNormal 2 2 2 24wNormal 2 2 2 25xNormal 2 2 2 26yNormal 2 2 2 27zNormal 2 2 2 28{Normal 2 2 2 29|Normal 2 2 2 3}Normal 2 2 2 3 2~Normal 2 2 2 3 3Normal 2 2 2 3 4Normal 2 2 2 3 5Normal 2 2 2 3 6Normal 2 2 2 30Normal 2 2 2 30 2Normal 2 2 2 31Normal 2 2 2 31 2Normal 2 2 2 32Normal 2 2 2 32 2Normal 2 2 2 33Normal 2 2 2 33 2Normal 2 2 2 34Normal 2 2 2 34 2Normal 2 2 2 35Normal 2 2 2 35 2Normal 2 2 2 36Normal 2 2 2 36 2Normal 2 2 2 37Normal 2 2 2 37 2Normal 2 2 2 38Normal 2 2 2 39Normal 2 2 2 4Normal 2 2 2 40Normal 2 2 2 41Normal 2 2 2 42Normal 2 2 2 43Normal 2 2 2 44Normal 2 2 2 45Normal 2 2 2 46Normal 2 2 2 47Normal 2 2 2 48Normal 2 2 2 48 2Normal 2 2 2 49Normal 2 2 2 5Normal 2 2 2 5 2Normal 2 2 2 5 3Normal 2 2 2 5 4Normal 2 2 2 50@Normal 2 2 2 50 Normal 2 2 2 50 2DNormal 2 2 2 50 2 Normal 2 2 2 50 3DNormal 2 2 2 50 3 Normal 2 2 2 50 4DNormal 2 2 2 50 4 Normal 2 2 2 50 5DNormal 2 2 2 50 5 Normal 2 2 2 50 6DNormal 2 2 2 50 6 Normal 2 2 2 50 7DNormal 2 2 2 50 7 Normal 2 2 2 50 8DNormal 2 2 2 50 8 Normal 2 2 2 51@Normal 2 2 2 51 Normal 2 2 2 52@Normal 2 2 2 52 Normal 2 2 2 53@Normal 2 2 2 53 Normal 2 2 2 54Normal 2 2 2 55Normal 2 2 2 56Normal 2 2 2 57Normal 2 2 2 58Normal 2 2 2 59Normal 2 2 2 6Normal 2 2 2 60Normal 2 2 2 7Normal 2 2 2 7 2Normal 2 2 2 7 3Normal 2 2 2 8Normal 2 2 2 8 2Normal 2 2 2 8 3Normal 2 2 2 9Normal 2 2 2 9 2Normal 2 2 2 9 3 Normal 2 2 20 Normal 2 2 21 Normal 2 2 22 Normal 2 2 23 Normal 2 2 24 Normal 2 2 25Normal 2 2 25 10Normal 2 2 25 10 2Normal 2 2 25 10 3Normal 2 2 25 11Normal 2 2 25 11 2Normal 2 2 25 12Normal 2 2 25 12 2Normal 2 2 25 13Normal 2 2 25 13 2Normal 2 2 25 14Normal 2 2 25 14 2Normal 2 2 25 15Normal 2 2 25 15 2Normal 2 2 25 16Normal 2 2 25 16 2Normal 2 2 25 17Normal 2 2 25 17 2Normal 2 2 25 18Normal 2 2 25 18 2Normal 2 2 25 19Normal 2 2 25 19 2Normal 2 2 25 2Normal 2 2 25 20Normal 2 2 25 20 2Normal 2 2 25 21Normal 2 2 25 21 2Normal 2 2 25 22Normal 2 2 25 22 2Normal 2 2 25 23Normal 2 2 25 23 2Normal 2 2 25 24Normal 2 2 25 25Normal 2 2 25 3Normal 2 2 25 3 2Normal 2 2 25 3 3Normal 2 2 25 4Normal 2 2 25 4 2Normal 2 2 25 4 3Normal 2 2 25 5Normal 2 2 25 5 2Normal 2 2 25 5 3Normal 2 2 25 6Normal 2 2 25 6 2Normal 2 2 25 6 3Normal 2 2 25 7Normal 2 2 25 7 2Normal 2 2 25 7 3Normal 2 2 25 8Normal 2 2 25 8 2Normal 2 2 25 8 3Normal 2 2 25 9Normal 2 2 25 9 2Normal 2 2 25 9 3 Normal 2 2 26 Normal 2 2 27 Normal 2 2 28Normal 2 2 28 10Normal 2 2 28 10 2Normal 2 2 28 11Normal 2 2 28 11 2Normal 2 2 28 12Normal 2 2 28 12 2Normal 2 2 28 13Normal 2 2 28 13 2Normal 2 2 28 14Normal 2 2 28 14 2Normal 2 2 28 15 Normal 2 2 28 15 2 Normal 2 2 28 16 Normal 2 2 28 16 2 Normal 2 2 28 17 Normal 2 2 28 17 2Normal 2 2 28 18Normal 2 2 28 18 2Normal 2 2 28 19Normal 2 2 28 19 2Normal 2 2 28 2Normal 2 2 28 2 2Normal 2 2 28 2 3Normal 2 2 28 20Normal 2 2 28 20 2Normal 2 2 28 21Normal 2 2 28 21 2Normal 2 2 28 22Normal 2 2 28 22 2Normal 2 2 28 3Normal 2 2 28 3 2Normal 2 2 28 3 3Normal 2 2 28 4Normal 2 2 28 4 2 Normal 2 2 28 4 3!Normal 2 2 28 5"Normal 2 2 28 5 2#Normal 2 2 28 5 3$Normal 2 2 28 6%Normal 2 2 28 6 2&Normal 2 2 28 6 3'Normal 2 2 28 7(Normal 2 2 28 7 2)Normal 2 2 28 7 3*Normal 2 2 28 8+Normal 2 2 28 8 2,Normal 2 2 28 8 3-Normal 2 2 28 9.Normal 2 2 28 9 2/Normal 2 2 28 9 30 Normal 2 2 29< Normal 2 2 29 1 Normal 2 2 32 Normal 2 2 30< Normal 2 2 30 3 Normal 2 2 31< Normal 2 2 31 4 Normal 2 2 32< Normal 2 2 32 5 Normal 2 2 33< Normal 2 2 33 6 Normal 2 2 34< Normal 2 2 34 7 Normal 2 2 35< Normal 2 2 35 8 Normal 2 2 36< Normal 2 2 36 9 Normal 2 2 37< Normal 2 2 37 : Normal 2 2 38< Normal 2 2 38 ; Normal 2 2 39< Normal 2 2 39 < Normal 2 2 4= Normal 2 2 40< Normal 2 2 40 > Normal 2 2 41< Normal 2 2 41 ? Normal 2 2 42< Normal 2 2 42 @ Normal 2 2 43< Normal 2 2 43 A Normal 2 2 44< Normal 2 2 44 B Normal 2 2 45< Normal 2 2 45 C Normal 2 2 46< Normal 2 2 46 D Normal 2 2 47< Normal 2 2 47 E Normal 2 2 48< Normal 2 2 48 F Normal 2 2 49< Normal 2 2 49 G Normal 2 2 5H Normal 2 2 50< Normal 2 2 50 I Normal 2 2 51< Normal 2 2 51 J Normal 2 2 52< Normal 2 2 52 K Normal 2 2 53< Normal 2 2 53 L Normal 2 2 54< Normal 2 2 54 M Normal 2 2 55< Normal 2 2 55 N Normal 2 2 56< Normal 2 2 56 O Normal 2 2 57< Normal 2 2 57 P Normal 2 2 58< Normal 2 2 58 Q Normal 2 2 59< Normal 2 2 59 R Normal 2 2 6S Normal 2 2 60< Normal 2 2 60 T Normal 2 2 61< Normal 2 2 61 U Normal 2 2 62< Normal 2 2 62 V Normal 2 2 63< Normal 2 2 63 W Normal 2 2 64< Normal 2 2 64 X Normal 2 2 65< Normal 2 2 65 Y Normal 2 2 66< Normal 2 2 66 Z Normal 2 2 67< Normal 2 2 67 [ Normal 2 2 68< Normal 2 2 68 \ Normal 2 2 69< Normal 2 2 69 ] Normal 2 2 7^ Normal 2 2 70< Normal 2 2 70 _ Normal 2 2 71< Normal 2 2 71 ` Normal 2 2 72< Normal 2 2 72 a Normal 2 2 73< Normal 2 2 73 b Normal 2 2 74< Normal 2 2 74 c Normal 2 2 75< Normal 2 2 75 d Normal 2 2 76< Normal 2 2 76 e Normal 2 2 77< Normal 2 2 77 f Normal 2 2 78< Normal 2 2 78 g Normal 2 2 79< Normal 2 2 79 h Normal 2 2 8i Normal 2 2 80< Normal 2 2 80 j Normal 2 2 85< Normal 2 2 85 k Normal 2 2 86< Normal 2 2 86 l Normal 2 2 9m Normal 2 20nNormal 2 20 10oNormal 2 20 10 2pNormal 2 20 10 3qNormal 2 20 11rNormal 2 20 11 2sNormal 2 20 12tNormal 2 20 12 2uNormal 2 20 13vNormal 2 20 13 2wNormal 2 20 14xNormal 2 20 14 2yNormal 2 20 15zNormal 2 20 15 2{Normal 2 20 16|Normal 2 20 16 2}Normal 2 20 17~Normal 2 20 17 2Normal 2 20 18Normal 2 20 18 2Normal 2 20 19Normal 2 20 19 2 Normal 2 20 2Normal 2 20 20Normal 2 20 20 2Normal 2 20 21Normal 2 20 21 2Normal 2 20 22Normal 2 20 22 2Normal 2 20 23Normal 2 20 23 2Normal 2 20 24Normal 2 20 25Normal 2 20 26Normal 2 20 27 Normal 2 20 3Normal 2 20 3 2Normal 2 20 3 3 Normal 2 20 4Normal 2 20 4 2Normal 2 20 4 3 Normal 2 20 5Normal 2 20 5 2Normal 2 20 5 3 Normal 2 20 6Normal 2 20 6 2Normal 2 20 6 3 Normal 2 20 7Normal 2 20 7 2Normal 2 20 7 3 Normal 2 20 8Normal 2 20 8 2Normal 2 20 8 3 Normal 2 20 9Normal 2 20 9 2Normal 2 20 9 3 Normal 2 21Normal 2 21 10Normal 2 21 10 2Normal 2 21 10 3Normal 2 21 11Normal 2 21 11 2Normal 2 21 12Normal 2 21 12 2Normal 2 21 13Normal 2 21 13 2Normal 2 21 14Normal 2 21 14 2Normal 2 21 15Normal 2 21 15 2Normal 2 21 16Normal 2 21 16 2Normal 2 21 17Normal 2 21 17 2Normal 2 21 18Normal 2 21 18 2Normal 2 21 19Normal 2 21 19 2 Normal 2 21 2Normal 2 21 20Normal 2 21 20 2Normal 2 21 21Normal 2 21 21 2Normal 2 21 22Normal 2 21 22 2Normal 2 21 23Normal 2 21 23 2Normal 2 21 24Normal 2 21 25Normal 2 21 26Normal 2 21 27 Normal 2 21 3Normal 2 21 3 2Normal 2 21 3 3 Normal 2 21 4Normal 2 21 4 2Normal 2 21 4 3 Normal 2 21 5Normal 2 21 5 2Normal 2 21 5 3 Normal 2 21 6Normal 2 21 6 2Normal 2 21 6 3 Normal 2 21 7Normal 2 21 7 2Normal 2 21 7 3 Normal 2 21 8Normal 2 21 8 2Normal 2 21 8 3 Normal 2 21 9Normal 2 21 9 2Normal 2 21 9 3 Normal 2 22Normal 2 22 10Normal 2 22 10 2Normal 2 22 10 3Normal 2 22 11Normal 2 22 11 2Normal 2 22 12Normal 2 22 12 2Normal 2 22 13Normal 2 22 13 2Normal 2 22 14Normal 2 22 14 2Normal 2 22 15Normal 2 22 15 2Normal 2 22 16Normal 2 22 16 2Normal 2 22 17Normal 2 22 17 2Normal 2 22 18Normal 2 22 18 2Normal 2 22 19Normal 2 22 19 2 Normal 2 22 2Normal 2 22 20Normal 2 22 20 2Normal 2 22 21Normal 2 22 21 2Normal 2 22 22Normal 2 22 22 2Normal 2 22 23Normal 2 22 23 2Normal 2 22 24Normal 2 22 25Normal 2 22 26Normal 2 22 27 Normal 2 22 3Normal 2 22 3 2Normal 2 22 3 3 Normal 2 22 4Normal 2 22 4 2Normal 2 22 4 3 Normal 2 22 5Normal 2 22 5 2Normal 2 22 5 3  Normal 2 22 6 Normal 2 22 6 2 Normal 2 22 6 3  Normal 2 22 7 Normal 2 22 7 2Normal 2 22 7 3 Normal 2 22 8Normal 2 22 8 2Normal 2 22 8 3 Normal 2 22 9Normal 2 22 9 2Normal 2 22 9 3 Normal 2 23Normal 2 23 10Normal 2 23 10 2Normal 2 23 10 3Normal 2 23 11Normal 2 23 11 2Normal 2 23 12Normal 2 23 12 2Normal 2 23 13Normal 2 23 13 2Normal 2 23 14 Normal 2 23 14 2!Normal 2 23 15"Normal 2 23 15 2#Normal 2 23 16$Normal 2 23 16 2%Normal 2 23 17&Normal 2 23 17 2'Normal 2 23 18(Normal 2 23 18 2)Normal 2 23 19*Normal 2 23 19 2+ Normal 2 23 2,Normal 2 23 20-Normal 2 23 20 2.Normal 2 23 21/Normal 2 23 21 20Normal 2 23 221Normal 2 23 22 22Normal 2 23 233Normal 2 23 23 24Normal 2 23 245Normal 2 23 256Normal 2 23 267Normal 2 23 278 Normal 2 23 39Normal 2 23 3 2:Normal 2 23 3 3; Normal 2 23 4<Normal 2 23 4 2=Normal 2 23 4 3> Normal 2 23 5?Normal 2 23 5 2@Normal 2 23 5 3A Normal 2 23 6BNormal 2 23 6 2CNormal 2 23 6 3D Normal 2 23 7ENormal 2 23 7 2FNormal 2 23 7 3G Normal 2 23 8HNormal 2 23 8 2INormal 2 23 8 3J Normal 2 23 9KNormal 2 23 9 2LNormal 2 23 9 3M Normal 2 24NNormal 2 24 10ONormal 2 24 10 2PNormal 2 24 10 3QNormal 2 24 11RNormal 2 24 11 2SNormal 2 24 12TNormal 2 24 12 2UNormal 2 24 13VNormal 2 24 13 2WNormal 2 24 14XNormal 2 24 14 2YNormal 2 24 15ZNormal 2 24 15 2[Normal 2 24 16\Normal 2 24 16 2]Normal 2 24 17^Normal 2 24 17 2_Normal 2 24 18`Normal 2 24 18 2aNormal 2 24 19bNormal 2 24 19 2c Normal 2 24 2dNormal 2 24 20eNormal 2 24 20 2fNormal 2 24 21gNormal 2 24 21 2hNormal 2 24 22iNormal 2 24 22 2jNormal 2 24 23kNormal 2 24 23 2lNormal 2 24 24mNormal 2 24 25nNormal 2 24 26oNormal 2 24 27p Normal 2 24 3qNormal 2 24 3 2rNormal 2 24 3 3s Normal 2 24 4tNormal 2 24 4 2uNormal 2 24 4 3v Normal 2 24 5wNormal 2 24 5 2xNormal 2 24 5 3y Normal 2 24 6zNormal 2 24 6 2{Normal 2 24 6 3| Normal 2 24 7}Normal 2 24 7 2~Normal 2 24 7 3 Normal 2 24 8Normal 2 24 8 2Normal 2 24 8 3 Normal 2 24 9Normal 2 24 9 2Normal 2 24 9 3 Normal 2 25Normal 2 25 10Normal 2 25 10 2Normal 2 25 10 3Normal 2 25 11Normal 2 25 11 2Normal 2 25 12Normal 2 25 12 2Normal 2 25 13Normal 2 25 13 2Normal 2 25 14Normal 2 25 14 2Normal 2 25 15Normal 2 25 15 2Normal 2 25 16Normal 2 25 16 2Normal 2 25 17Normal 2 25 17 2Normal 2 25 18Normal 2 25 18 2Normal 2 25 19Normal 2 25 19 2 Normal 2 25 2Normal 2 25 20Normal 2 25 20 2Normal 2 25 21Normal 2 25 21 2Normal 2 25 22Normal 2 25 22 2Normal 2 25 23Normal 2 25 23 2Normal 2 25 24Normal 2 25 25Normal 2 25 26Normal 2 25 27 Normal 2 25 3Normal 2 25 3 2Normal 2 25 3 3 Normal 2 25 4Normal 2 25 4 2Normal 2 25 4 3 Normal 2 25 5Normal 2 25 5 2Normal 2 25 5 3 Normal 2 25 6Normal 2 25 6 2Normal 2 25 6 3 Normal 2 25 7Normal 2 25 7 2Normal 2 25 7 3 Normal 2 25 8Normal 2 25 8 2Normal 2 25 8 3 Normal 2 25 9Normal 2 25 9 2Normal 2 25 9 3 Normal 2 26Normal 2 26 10Normal 2 26 10 2Normal 2 26 10 3Normal 2 26 11Normal 2 26 11 2Normal 2 26 12Normal 2 26 12 2Normal 2 26 13Normal 2 26 13 2Normal 2 26 14Normal 2 26 14 2Normal 2 26 15Normal 2 26 15 2Normal 2 26 16Normal 2 26 16 2Normal 2 26 17Normal 2 26 17 2Normal 2 26 18Normal 2 26 18 2Normal 2 26 19Normal 2 26 19 2 Normal 2 26 2Normal 2 26 20Normal 2 26 20 2Normal 2 26 21Normal 2 26 21 2Normal 2 26 22Normal 2 26 22 2Normal 2 26 23Normal 2 26 23 2Normal 2 26 24Normal 2 26 25Normal 2 26 26Normal 2 26 27 Normal 2 26 3Normal 2 26 3 2Normal 2 26 3 3 Normal 2 26 4Normal 2 26 4 2Normal 2 26 4 3 Normal 2 26 5Normal 2 26 5 2Normal 2 26 5 3 Normal 2 26 6Normal 2 26 6 2Normal 2 26 6 3 Normal 2 26 7Normal 2 26 7 2Normal 2 26 7 3 Normal 2 26 8Normal 2 26 8 2Normal 2 26 8 3 Normal 2 26 9Normal 2 26 9 2Normal 2 26 9 3 Normal 2 27Normal 2 27 10Normal 2 27 10 2Normal 2 27 10 3Normal 2 27 11Normal 2 27 11 2Normal 2 27 12Normal 2 27 12 2Normal 2 27 13Normal 2 27 13 2Normal 2 27 14Normal 2 27 14 2Normal 2 27 15Normal 2 27 15 2Normal 2 27 16Normal 2 27 16 2Normal 2 27 17Normal 2 27 17 2Normal 2 27 18Normal 2 27 18 2 Normal 2 27 19 Normal 2 27 19 2  Normal 2 27 2 Normal 2 27 20 Normal 2 27 20 2Normal 2 27 21Normal 2 27 21 2Normal 2 27 22Normal 2 27 22 2Normal 2 27 23Normal 2 27 23 2Normal 2 27 24Normal 2 27 25Normal 2 27 26Normal 2 27 27 Normal 2 27 3Normal 2 27 3 2Normal 2 27 3 3 Normal 2 27 4Normal 2 27 4 2Normal 2 27 4 3 Normal 2 27 5Normal 2 27 5 2 Normal 2 27 5 3! Normal 2 27 6"Normal 2 27 6 2#Normal 2 27 6 3$ Normal 2 27 7%Normal 2 27 7 2&Normal 2 27 7 3' Normal 2 27 8(Normal 2 27 8 2)Normal 2 27 8 3* Normal 2 27 9+Normal 2 27 9 2,Normal 2 27 9 3- Normal 2 28.Normal 2 28 10/Normal 2 28 10 20Normal 2 28 10 31Normal 2 28 112Normal 2 28 11 23Normal 2 28 124Normal 2 28 12 25Normal 2 28 136Normal 2 28 13 27Normal 2 28 148Normal 2 28 14 29Normal 2 28 15:Normal 2 28 15 2;Normal 2 28 16<Normal 2 28 16 2=Normal 2 28 17>Normal 2 28 17 2?Normal 2 28 18@Normal 2 28 18 2ANormal 2 28 19BNormal 2 28 19 2C Normal 2 28 2DNormal 2 28 20ENormal 2 28 20 2FNormal 2 28 21GNormal 2 28 21 2HNormal 2 28 22INormal 2 28 22 2JNormal 2 28 23KNormal 2 28 23 2LNormal 2 28 24MNormal 2 28 25NNormal 2 28 26ONormal 2 28 27P Normal 2 28 3QNormal 2 28 3 2RNormal 2 28 3 3S Normal 2 28 4TNormal 2 28 4 2UNormal 2 28 4 3V Normal 2 28 5WNormal 2 28 5 2XNormal 2 28 5 3Y Normal 2 28 6ZNormal 2 28 6 2[Normal 2 28 6 3\ Normal 2 28 7]Normal 2 28 7 2^Normal 2 28 7 3_ Normal 2 28 8`Normal 2 28 8 2aNormal 2 28 8 3b Normal 2 28 9cNormal 2 28 9 2dNormal 2 28 9 3e Normal 2 29f Normal 2 3g Normal 2 30hNormal 2 30 10iNormal 2 30 10 2jNormal 2 30 10 3kNormal 2 30 11lNormal 2 30 11 2mNormal 2 30 12nNormal 2 30 12 2oNormal 2 30 13pNormal 2 30 13 2qNormal 2 30 14rNormal 2 30 14 2sNormal 2 30 15tNormal 2 30 15 2uNormal 2 30 16vNormal 2 30 16 2wNormal 2 30 17xNormal 2 30 17 2yNormal 2 30 18zNormal 2 30 18 2{Normal 2 30 19|Normal 2 30 19 2} Normal 2 30 2~Normal 2 30 20Normal 2 30 20 2Normal 2 30 21Normal 2 30 21 2Normal 2 30 22Normal 2 30 22 2Normal 2 30 23Normal 2 30 23 2Normal 2 30 24Normal 2 30 25Normal 2 30 26Normal 2 30 27 Normal 2 30 3Normal 2 30 3 2Normal 2 30 3 3 Normal 2 30 4Normal 2 30 4 2Normal 2 30 4 3 Normal 2 30 5Normal 2 30 5 2Normal 2 30 5 3 Normal 2 30 6Normal 2 30 6 2Normal 2 30 6 3 Normal 2 30 7Normal 2 30 7 2Normal 2 30 7 3 Normal 2 30 8Normal 2 30 8 2Normal 2 30 8 3 Normal 2 30 9Normal 2 30 9 2Normal 2 30 9 3 Normal 2 31Normal 2 31 10Normal 2 31 10 2Normal 2 31 10 3Normal 2 31 11Normal 2 31 11 2Normal 2 31 12Normal 2 31 12 2Normal 2 31 13Normal 2 31 13 2Normal 2 31 14Normal 2 31 14 2Normal 2 31 15Normal 2 31 15 2Normal 2 31 16Normal 2 31 16 2Normal 2 31 17Normal 2 31 17 2Normal 2 31 18Normal 2 31 18 2Normal 2 31 19Normal 2 31 19 2 Normal 2 31 2Normal 2 31 20Normal 2 31 20 2Normal 2 31 21Normal 2 31 21 2Normal 2 31 22Normal 2 31 22 2Normal 2 31 23Normal 2 31 23 2Normal 2 31 24Normal 2 31 25Normal 2 31 26Normal 2 31 27 Normal 2 31 3Normal 2 31 3 2Normal 2 31 3 3 Normal 2 31 4Normal 2 31 4 2Normal 2 31 4 3 Normal 2 31 5Normal 2 31 5 2Normal 2 31 5 3 Normal 2 31 6Normal 2 31 6 2Normal 2 31 6 3 Normal 2 31 7Normal 2 31 7 2Normal 2 31 7 3 Normal 2 31 8Normal 2 31 8 2Normal 2 31 8 3 Normal 2 31 9Normal 2 31 9 2Normal 2 31 9 3 Normal 2 32Normal 2 32 10Normal 2 32 10 2Normal 2 32 10 3Normal 2 32 11Normal 2 32 11 2Normal 2 32 12Normal 2 32 12 2Normal 2 32 13Normal 2 32 13 2Normal 2 32 14Normal 2 32 14 2Normal 2 32 15Normal 2 32 15 2Normal 2 32 16Normal 2 32 16 2Normal 2 32 17Normal 2 32 17 2Normal 2 32 18Normal 2 32 18 2Normal 2 32 19Normal 2 32 19 2 Normal 2 32 2Normal 2 32 20Normal 2 32 20 2Normal 2 32 21Normal 2 32 21 2Normal 2 32 22Normal 2 32 22 2Normal 2 32 23Normal 2 32 23 2Normal 2 32 24Normal 2 32 25Normal 2 32 26Normal 2 32 27 Normal 2 32 3Normal 2 32 3 2Normal 2 32 3 3 Normal 2 32 4Normal 2 32 4 2Normal 2 32 4 3 Normal 2 32 5Normal 2 32 5 2Normal 2 32 5 3 Normal 2 32 6Normal 2 32 6 2Normal 2 32 6 3 Normal 2 32 7Normal 2 32 7 2Normal 2 32 7 3  Normal 2 32 8 Normal 2 32 8 2 Normal 2 32 8 3  Normal 2 32 9 Normal 2 32 9 2Normal 2 32 9 3 Normal 2 33Normal 2 33 10Normal 2 33 10 2Normal 2 33 10 3Normal 2 33 11Normal 2 33 11 2Normal 2 33 12Normal 2 33 12 2Normal 2 33 13Normal 2 33 13 2Normal 2 33 14Normal 2 33 14 2Normal 2 33 15Normal 2 33 15 2Normal 2 33 16Normal 2 33 16 2Normal 2 33 17 Normal 2 33 17 2!Normal 2 33 18"Normal 2 33 18 2#Normal 2 33 19$Normal 2 33 19 2% Normal 2 33 2&Normal 2 33 20'Normal 2 33 20 2(Normal 2 33 21)Normal 2 33 21 2*Normal 2 33 22+Normal 2 33 22 2,Normal 2 33 23-Normal 2 33 23 2.Normal 2 33 24/Normal 2 33 250Normal 2 33 261Normal 2 33 272 Normal 2 33 33Normal 2 33 3 24Normal 2 33 3 35 Normal 2 33 46Normal 2 33 4 27Normal 2 33 4 38 Normal 2 33 59Normal 2 33 5 2:Normal 2 33 5 3; Normal 2 33 6<Normal 2 33 6 2=Normal 2 33 6 3> Normal 2 33 7?Normal 2 33 7 2@Normal 2 33 7 3A Normal 2 33 8BNormal 2 33 8 2CNormal 2 33 8 3D Normal 2 33 9ENormal 2 33 9 2FNormal 2 33 9 3G Normal 2 34HNormal 2 34 10INormal 2 34 10 2JNormal 2 34 10 3KNormal 2 34 11LNormal 2 34 11 2MNormal 2 34 12NNormal 2 34 12 2ONormal 2 34 13PNormal 2 34 13 2QNormal 2 34 14RNormal 2 34 14 2SNormal 2 34 15TNormal 2 34 15 2UNormal 2 34 16VNormal 2 34 16 2WNormal 2 34 17XNormal 2 34 17 2YNormal 2 34 18ZNormal 2 34 18 2[Normal 2 34 19\Normal 2 34 19 2] Normal 2 34 2^Normal 2 34 20_Normal 2 34 20 2`Normal 2 34 21aNormal 2 34 21 2bNormal 2 34 22cNormal 2 34 22 2dNormal 2 34 23eNormal 2 34 23 2fNormal 2 34 24gNormal 2 34 25hNormal 2 34 26iNormal 2 34 27j Normal 2 34 3kNormal 2 34 3 2lNormal 2 34 3 3m Normal 2 34 4nNormal 2 34 4 2oNormal 2 34 4 3p Normal 2 34 5qNormal 2 34 5 2rNormal 2 34 5 3s Normal 2 34 6tNormal 2 34 6 2uNormal 2 34 6 3v Normal 2 34 7wNormal 2 34 7 2xNormal 2 34 7 3y Normal 2 34 8zNormal 2 34 8 2{Normal 2 34 8 3| Normal 2 34 9}Normal 2 34 9 2~Normal 2 34 9 3 Normal 2 35Normal 2 35 10Normal 2 35 10 2Normal 2 35 10 3Normal 2 35 11Normal 2 35 11 2Normal 2 35 12Normal 2 35 12 2Normal 2 35 13Normal 2 35 13 2Normal 2 35 14Normal 2 35 14 2Normal 2 35 15Normal 2 35 15 2Normal 2 35 16Normal 2 35 16 2Normal 2 35 17Normal 2 35 17 2Normal 2 35 18Normal 2 35 18 2Normal 2 35 19Normal 2 35 19 2 Normal 2 35 2Normal 2 35 20Normal 2 35 20 2Normal 2 35 21Normal 2 35 21 2Normal 2 35 22Normal 2 35 22 2Normal 2 35 23Normal 2 35 23 2Normal 2 35 24Normal 2 35 25Normal 2 35 26Normal 2 35 27 Normal 2 35 3Normal 2 35 3 2Normal 2 35 3 3 Normal 2 35 4Normal 2 35 4 2Normal 2 35 4 3 Normal 2 35 5Normal 2 35 5 2Normal 2 35 5 3 Normal 2 35 6Normal 2 35 6 2Normal 2 35 6 3 Normal 2 35 7Normal 2 35 7 2Normal 2 35 7 3 Normal 2 35 8Normal 2 35 8 2Normal 2 35 8 3 Normal 2 35 9Normal 2 35 9 2Normal 2 35 9 3 Normal 2 36 Normal 2 36 2Normal 2 36 2 10Normal 2 36 2 10 2Normal 2 36 2 11Normal 2 36 2 11 2Normal 2 36 2 12Normal 2 36 2 12 2Normal 2 36 2 13Normal 2 36 2 13 2Normal 2 36 2 14Normal 2 36 2 14 2Normal 2 36 2 15Normal 2 36 2 15 2Normal 2 36 2 16Normal 2 36 2 16 2Normal 2 36 2 17Normal 2 36 2 17 2Normal 2 36 2 18Normal 2 36 2 18 2Normal 2 36 2 19Normal 2 36 2 19 2Normal 2 36 2 2Normal 2 36 2 2 2Normal 2 36 2 2 3Normal 2 36 2 20Normal 2 36 2 20 2Normal 2 36 2 21Normal 2 36 2 21 2Normal 2 36 2 22Normal 2 36 2 22 2Normal 2 36 2 23Normal 2 36 2 24Normal 2 36 2 3Normal 2 36 2 3 2Normal 2 36 2 3 3Normal 2 36 2 4Normal 2 36 2 4 2Normal 2 36 2 4 3Normal 2 36 2 5Normal 2 36 2 5 2Normal 2 36 2 5 3Normal 2 36 2 6Normal 2 36 2 6 2Normal 2 36 2 6 3Normal 2 36 2 7Normal 2 36 2 7 2Normal 2 36 2 7 3Normal 2 36 2 8Normal 2 36 2 8 2Normal 2 36 2 8 3Normal 2 36 2 9Normal 2 36 2 9 2Normal 2 36 2 9 3 Normal 2 36 3 Normal 2 36 4 Normal 2 36 5 Normal 2 36 6 Normal 2 37 Normal 2 37 2Normal 2 37 2 10Normal 2 37 2 10 2Normal 2 37 2 11Normal 2 37 2 11 2Normal 2 37 2 12Normal 2 37 2 12 2Normal 2 37 2 13Normal 2 37 2 13 2Normal 2 37 2 14Normal 2 37 2 14 2Normal 2 37 2 15Normal 2 37 2 15 2Normal 2 37 2 16Normal 2 37 2 16 2Normal 2 37 2 17Normal 2 37 2 17 2Normal 2 37 2 18Normal 2 37 2 18 2Normal 2 37 2 19Normal 2 37 2 19 2Normal 2 37 2 2Normal 2 37 2 2 2 Normal 2 37 2 2 3 Normal 2 37 2 20 Normal 2 37 2 20 2 Normal 2 37 2 21 Normal 2 37 2 21 2Normal 2 37 2 22Normal 2 37 2 22 2Normal 2 37 2 23Normal 2 37 2 24Normal 2 37 2 3Normal 2 37 2 3 2Normal 2 37 2 3 3Normal 2 37 2 4Normal 2 37 2 4 2Normal 2 37 2 4 3Normal 2 37 2 5Normal 2 37 2 5 2Normal 2 37 2 5 3Normal 2 37 2 6Normal 2 37 2 6 2Normal 2 37 2 6 3Normal 2 37 2 7Normal 2 37 2 7 2 Normal 2 37 2 7 3!Normal 2 37 2 8"Normal 2 37 2 8 2#Normal 2 37 2 8 3$Normal 2 37 2 9%Normal 2 37 2 9 2&Normal 2 37 2 9 3' Normal 2 37 3( Normal 2 37 4) Normal 2 37 5* Normal 2 37 6+ Normal 2 38, Normal 2 38 2-Normal 2 38 2 10.Normal 2 38 2 10 2/Normal 2 38 2 110Normal 2 38 2 11 21Normal 2 38 2 122Normal 2 38 2 12 23Normal 2 38 2 134Normal 2 38 2 13 25Normal 2 38 2 146Normal 2 38 2 14 27Normal 2 38 2 158Normal 2 38 2 15 29Normal 2 38 2 16:Normal 2 38 2 16 2;Normal 2 38 2 17<Normal 2 38 2 17 2=Normal 2 38 2 18>Normal 2 38 2 18 2?Normal 2 38 2 19@Normal 2 38 2 19 2ANormal 2 38 2 2BNormal 2 38 2 2 2CNormal 2 38 2 2 3DNormal 2 38 2 20ENormal 2 38 2 20 2FNormal 2 38 2 21GNormal 2 38 2 21 2HNormal 2 38 2 22INormal 2 38 2 22 2JNormal 2 38 2 23KNormal 2 38 2 24LNormal 2 38 2 3MNormal 2 38 2 3 2NNormal 2 38 2 3 3ONormal 2 38 2 4PNormal 2 38 2 4 2QNormal 2 38 2 4 3RNormal 2 38 2 5SNormal 2 38 2 5 2TNormal 2 38 2 5 3UNormal 2 38 2 6VNormal 2 38 2 6 2WNormal 2 38 2 6 3XNormal 2 38 2 7YNormal 2 38 2 7 2ZNormal 2 38 2 7 3[Normal 2 38 2 8\Normal 2 38 2 8 2]Normal 2 38 2 8 3^Normal 2 38 2 9_Normal 2 38 2 9 2`Normal 2 38 2 9 3a Normal 2 39b Normal 2 39 2cNormal 2 39 2 10dNormal 2 39 2 10 2eNormal 2 39 2 11fNormal 2 39 2 11 2gNormal 2 39 2 12hNormal 2 39 2 12 2iNormal 2 39 2 13jNormal 2 39 2 13 2kNormal 2 39 2 14lNormal 2 39 2 14 2mNormal 2 39 2 15nNormal 2 39 2 15 2oNormal 2 39 2 16pNormal 2 39 2 16 2qNormal 2 39 2 17rNormal 2 39 2 17 2sNormal 2 39 2 18tNormal 2 39 2 18 2uNormal 2 39 2 19vNormal 2 39 2 19 2wNormal 2 39 2 2xNormal 2 39 2 2 2yNormal 2 39 2 2 3zNormal 2 39 2 20{Normal 2 39 2 20 2|Normal 2 39 2 21}Normal 2 39 2 21 2~Normal 2 39 2 22Normal 2 39 2 22 2Normal 2 39 2 23Normal 2 39 2 24Normal 2 39 2 3Normal 2 39 2 3 2Normal 2 39 2 3 3Normal 2 39 2 4Normal 2 39 2 4 2Normal 2 39 2 4 3Normal 2 39 2 5Normal 2 39 2 5 2Normal 2 39 2 5 3Normal 2 39 2 6Normal 2 39 2 6 2Normal 2 39 2 6 3Normal 2 39 2 7Normal 2 39 2 7 2Normal 2 39 2 7 3Normal 2 39 2 8Normal 2 39 2 8 2Normal 2 39 2 8 3Normal 2 39 2 9Normal 2 39 2 9 2Normal 2 39 2 9 3 Normal 2 4 Normal 2 40Normal 2 40 10Normal 2 40 10 2Normal 2 40 11Normal 2 40 11 2Normal 2 40 12Normal 2 40 12 2Normal 2 40 13Normal 2 40 13 2Normal 2 40 14Normal 2 40 14 2Normal 2 40 15Normal 2 40 15 2Normal 2 40 16Normal 2 40 16 2Normal 2 40 17Normal 2 40 17 2Normal 2 40 18Normal 2 40 18 2Normal 2 40 19Normal 2 40 19 2 Normal 2 40 2Normal 2 40 2 2Normal 2 40 2 3Normal 2 40 20Normal 2 40 20 2Normal 2 40 21Normal 2 40 21 2Normal 2 40 22Normal 2 40 22 2Normal 2 40 23Normal 2 40 24 Normal 2 40 3Normal 2 40 3 2Normal 2 40 3 3 Normal 2 40 4Normal 2 40 4 2Normal 2 40 4 3 Normal 2 40 5Normal 2 40 5 2Normal 2 40 5 3 Normal 2 40 6Normal 2 40 6 2Normal 2 40 6 3 Normal 2 40 7Normal 2 40 7 2Normal 2 40 7 3 Normal 2 40 8Normal 2 40 8 2Normal 2 40 8 3 Normal 2 40 9Normal 2 40 9 2Normal 2 40 9 3 Normal 2 41Normal 2 41 10Normal 2 41 10 2Normal 2 41 11Normal 2 41 11 2Normal 2 41 12Normal 2 41 12 2Normal 2 41 13Normal 2 41 13 2Normal 2 41 14Normal 2 41 14 2Normal 2 41 15Normal 2 41 15 2Normal 2 41 16Normal 2 41 16 2Normal 2 41 17Normal 2 41 17 2Normal 2 41 18Normal 2 41 18 2Normal 2 41 19Normal 2 41 19 2 Normal 2 41 2Normal 2 41 2 2Normal 2 41 2 3Normal 2 41 20Normal 2 41 20 2Normal 2 41 21Normal 2 41 21 2Normal 2 41 22Normal 2 41 22 2 Normal 2 41 3Normal 2 41 3 2Normal 2 41 3 3 Normal 2 41 4Normal 2 41 4 2Normal 2 41 4 3 Normal 2 41 5Normal 2 41 5 2Normal 2 41 5 3 Normal 2 41 6Normal 2 41 6 2Normal 2 41 6 3 Normal 2 41 7Normal 2 41 7 2Normal 2 41 7 3 Normal 2 41 8Normal 2 41 8 2Normal 2 41 8 3 Normal 2 41 9Normal 2 41 9 2Normal 2 41 9 3 Normal 2 42 Normal 2 43 Normal 2 44 Normal 2 45 Normal 2 46 Normal 2 47 Normal 2 48 Normal 2 49 Normal 2 5  Normal 2 50  Normal 2 51  Normal 2 52  Normal 2 6  Normal 2 7 Normal 2 8 Normal 2 808 Normal 2 80  Normal 2 9 Normal 20 Normal 21 Normal 22 Normal 23 Normal 24 Normal 25 Normal 26 Normal 27 Normal 28 Normal 29 Normal 3 Normal 3 10 Normal 3 11 Normal 3 12 Normal 3 13  Normal 3 14! Normal 3 15" Normal 3 16# Normal 3 17$ Normal 3 18% Normal 3 19& Normal 3 2' Normal 3 20( Normal 3 21) Normal 3 22* Normal 3 23+ Normal 3 24, Normal 3 25- Normal 3 26. Normal 3 27/ Normal 3 280 Normal 3 291 Normal 3 32 Normal 3 303 Normal 3 44 Normal 3 55 Normal 3 66 Normal 3 77 Normal 3 88 Normal 3 99 Normal 30: Normal 31; Normal 32< Normal 33= Normal 34> Normal 35? Normal 36@ Normal 37A Normal 38B Normal 39 CNormal 4D Normal 40E Normal 41F Normal 42G Normal 43H Normal 44I Normal 45J Normal 46K Normal 47L Normal 48M Normal 49 NNormal 5O Normal 50P Normal 51Q Normal 52R Normal 53S Normal 54T Normal 55U Normal 56V Normal 57W Normal 58X Normal 59 YNormal 6Z Normal 6 2[ Normal 6 2 10\Normal 6 2 10 2]Normal 6 2 10 3^ Normal 6 2 11_Normal 6 2 11 2` Normal 6 2 12aNormal 6 2 12 2b Normal 6 2 13cNormal 6 2 13 2d Normal 6 2 14eNormal 6 2 14 2f Normal 6 2 15gNormal 6 2 15 2h Normal 6 2 16iNormal 6 2 16 2j Normal 6 2 17kNormal 6 2 17 2l Normal 6 2 18mNormal 6 2 18 2n Normal 6 2 19oNormal 6 2 19 2p Normal 6 2 2q Normal 6 2 20rNormal 6 2 20 2s Normal 6 2 21tNormal 6 2 21 2u Normal 6 2 22vNormal 6 2 22 2w Normal 6 2 23xNormal 6 2 23 2y Normal 6 2 24z Normal 6 2 25{ Normal 6 2 26| Normal 6 2 27} Normal 6 2 3~Normal 6 2 3 2Normal 6 2 3 3 Normal 6 2 4Normal 6 2 4 2Normal 6 2 4 3 Normal 6 2 5Normal 6 2 5 2Normal 6 2 5 3 Normal 6 2 6Normal 6 2 6 2Normal 6 2 6 3 Normal 6 2 7Normal 6 2 7 2Normal 6 2 7 3 Normal 6 2 8Normal 6 2 8 2Normal 6 2 8 3 Normal 6 2 9Normal 6 2 9 2Normal 6 2 9 3 Normal 6 3 Normal 60 Normal 61 Normal 62 Normal 63 Normal 64 Normal 65 Normal 66 Normal 67 Normal 68 Normal 69 Normal 72Normal 7  Normal 7 108 Normal 7 10  Normal 7 118 Normal 7 11  Normal 7 128 Normal 7 12  Normal 7 138 Normal 7 13  Normal 7 148 Normal 7 14  Normal 7 158 Normal 7 15  Normal 7 168 Normal 7 16  Normal 7 178 Normal 7 17  Normal 7 188 Normal 7 18  Normal 7 198 Normal 7 19  Normal 7 2 Normal 7 2 10 Normal 7 2 11 Normal 7 2 12 Normal 7 2 13 Normal 7 2 14 Normal 7 2 15 Normal 7 2 16 Normal 7 2 17 Normal 7 2 18 Normal 7 2 19 Normal 7 2 2Normal 7 2 2 2Normal 7 2 2 3Normal 7 2 2 4Normal 7 2 2 5Normal 7 2 2 6 Normal 7 2 20 Normal 7 2 21 Normal 7 2 22 Normal 7 2 23 Normal 7 2 24 Normal 7 2 25 Normal 7 2 26 Normal 7 2 27 Normal 7 2 28 Normal 7 2 29 Normal 7 2 3 Normal 7 2 30 Normal 7 2 31 Normal 7 2 32 Normal 7 2 33 Normal 7 2 34 Normal 7 2 35 Normal 7 2 36 Normal 7 2 37 Normal 7 2 38 Normal 7 2 39 Normal 7 2 4 Normal 7 2 40 Normal 7 2 41 Normal 7 2 42 Normal 7 2 43 Normal 7 2 44 Normal 7 2 45 Normal 7 2 46 Normal 7 2 47 Normal 7 2 48< Normal 7 2 48 Normal 7 2 48 2@Normal 7 2 48 2 Normal 7 2 48 3@Normal 7 2 48 3 Normal 7 2 48 4@Normal 7 2 48 4 Normal 7 2 48 5@Normal 7 2 48 5 Normal 7 2 48 6@Normal 7 2 48 6 Normal 7 2 48 7@Normal 7 2 48 7 Normal 7 2 48 8@Normal 7 2 48 8  Normal 7 2 49< Normal 7 2 49  Normal 7 2 5 Normal 7 2 50< Normal 7 2 50  Normal 7 2 51< Normal 7 2 51  Normal 7 2 52 Normal 7 2 53 Normal 7 2 54 Normal 7 2 55 Normal 7 2 56 Normal 7 2 57 Normal 7 2 6 Normal 7 2 7 Normal 7 2 8 Normal 7 2 9 Normal 7 208 Normal 7 20  Normal 7 218 Normal 7 21  Normal 7 228 Normal 7 22  Normal 7 238 Normal 7 23  Normal 7 248 Normal 7 24  Normal 7 258 Normal 7 25  Normal 7 268 Normal 7 26  Normal 7 278 Normal 7 27  Normal 7 288 Normal 7 28  Normal 7 298 Normal 7 29  Normal 7 3 Normal 7 308 Normal 7 30  Normal 7 318 Normal 7 31  Normal 7 328 Normal 7 32  Normal 7 338 Normal 7 33  Normal 7 348 Normal 7 34  Normal 7 358 Normal 7 35  Normal 7 368 Normal 7 36  Normal 7 378 Normal 7 37  Normal 7 388 Normal 7 38  Normal 7 398 Normal 7 39  Normal 7 4 Normal 7 408 Normal 7 40  Normal 7 418 Normal 7 41  Normal 7 428 Normal 7 42  Normal 7 438 Normal 7 43  Normal 7 448 Normal 7 44  Normal 7 458 Normal 7 45   Normal 7 468 Normal 7 46   Normal 7 478 Normal 7 47   Normal 7 488 Normal 7 48   Normal 7 498 Normal 7 49   Normal 7 5; Normal 7 5 % Normal 7 508 Normal 7 50  Normal 7 51 Normal 7 66 Normal 7 6  Normal 7 76 Normal 7 7  Normal 7 86 Normal 7 8  Normal 7 96 Normal 7 9  Normal 70 Normal 71 Normal 72 Normal 73 Normal 74 Normal 75 Normal 76( Normal 76 Normal 76 2 Normal 77 Normal 78( Normal 78 Normal 78 2 Normal 79 Normal 8! Normal 80" Normal 81# Normal 82$ Normal 83% Normal 84& Normal 85' Normal 86( Normal 87) Normal 88* Normal 89 +Normal 9, Normal 9 2- Normal 9 3. Normal 9 4/ Normal 900 Normal 91( Normal 911 Normal 922 Normal 933 Normal 944 Normal 955 Normal 966 Normal 977 Normal_Sheet18 Normal_Sheet2 9Noteb Note   :Note 2fNote 2   ;OutputrOutput  ???????????? ???<$Percent =Style 1 >Title1Title I}% ?TotalHTotal OO@ Warning Text: Warning Text XTableStyleMedium9PivotStyleLight16` 5aix5.3s5apache-httpd1.36apache-httpd2.0%6apache-httpd2.2 7 exchange20078 exchange2010: hpux11.23 S:ie7 ^.;ie8 1=iis5 >iis6x> ms-sql20001> ms-sql2005? office2k7h@ office2010Cpolycom-hdx-3.x ǭDrhel4 sErhel5Fsolaris8-Gsolaris9_G solaris10Htomcat4&Itomcat5YHItomcat6rIweblogicserver11g Iwin2k KwinxpNwin2k3 tNvistaOwin2k8 pPwin7Qwin2k8r2 & !  ; !  ; b:B1\:G4b1:8bZ   3 A@@   CCE IDCCE DescriptionCCE ParametersCCE Technical MechanismsOld "Unix-CCE-DRAFT-2" ID CCE-4508-8AThe tooltalk service should be enabled or disabled as appropriateenabled / disabled / offline CCE-4327-3BThe calendar manager should be enabled or disabled as appropriate. CCE-4468-5DThe GNOME logon service should be enabled or disabled as appropriate CCE-U-120 CCE-4512-0CThe CDE logon service should be enabled or disabled as appropriate. CCE-4375-2CThe sendmail services should be enabled or disabled as appropriate. CCE-4393-5=The web console should be enabled or disabled as appropriate. CCE-3662-4?The WBEM services should be enabled or disabled as appropriate. CCE-4442-0KThe BSD line printer protocol should be enabled or disabled as appropriate. CCE-4596-3AThe keyserv service should be enabled or disabled as appropriate. CCE-U-203 CCE-4486-7BThe NIS server daemon should be enabled or disabled as appropriate via svcadm CCE-4362-0BThe NIS passwd daemon should be enabled or disabled as appropriate CCE-3622-8BThe NIS update daemon should be enabled or disabled as appropriate CCE-4299-4?The NIS xfr daemon should be enabled or disabled as appropriate CCE-4592-2CThe NIS client daemons should be enabled or disabled as appropriate CCE-4614-4@The nisplus daemons should be enabled or disabled as appropriate CCE-4279-6CThe ldap cache manager should be enabled or disabled as appropriate CCE-4557-5PThe Kerberos TGT Expiration warning should be enabled or disabled as appropriate CCE-4588-0QThe Generic Security Service daemons should be enabled or disabled as appropriate CCE-4354-7>The volfs service should be enabled or disabled as appropriate CCE-4240-8AThe smserver service should be enabled or disabled as appropriate CCE-4517-9BThe Samba smbd service should be enabled or disabled as approriate CCE-U-142 CCE-4284-6BThe Samba nmbd service should be enabled or disabled as approriate CCE-4429-7AThe automount daemon should be enabled or disabled as appropriate CCE-4306-7DThe apache web servicer should be enabled or disabled as appropriate CCE-4499-0FThe mpxio-upgrade service should be enabled or disabled as appropriate CCE-4266-3WThe metainit service (Solaris 10 <= 11/06) should be enabled or disabled as appropriate CCE-4411-5XThe mdmonitor service (Solaris 10 <= 11/06) should be enabled or disabled as appropriate CCE-4305-9RThe volume manager GUI mdcomm service should be enabled or disabled as appropriate CCE-4477-6=The meta service should be enabled or disabled as appropriate CCE-3650-9?The metaed service should be enabled or disabled as appropriate CCE-4571-6?The metamh service should be enabled or disabled as appropriate CCE-3950-3OThe local rpc port mapping service should be enabled or disabled as appropriate CCE-4470-1JThe Kerberos kadmind service should be enabled or disabled as appropriate. CCE-4598-9JThe Kerberos krb5kdc service should be enabled or disabled as appropriate. CCE-4620-1IThe Kerberos kpropd service should be enabled or disabled as appropriate. CCE-4333-1MThe Kerberos ktkt_warnd service should be enabled or disabled as appropriate. CCE-3857-0FNFS server functionality should be enabled or disabled as appropriate. CCE-4359-6FNFS client functionality should be enabled or disabled as appropriate. /etc/vfstab CCE-4615-1@The telnet service should be enabled or disabled as appropriate. CCE-U-104 CCE-4007-1=The FTP service should be enabled or disabled as appropriate. CCE-U-103 CCE-3901-6?The BOOTP service should be enabled or disabled as appropriate. CCE-4553-4>The RARP service should be enabled or disabled as appropriate. CCE-4584-9KThe DHCP server functionality should be enabled or disabled as appropriate. CCE-4611-0JThe DNS server functionality should be enabled or disabled as appropriate. CCE-3655-8ZThe TFTP server functionality should be configured and enabled or disabled as appropriate./etc/inetd.conf CCE-U-118 CCE-4541-9@The BSD print spooler should enabled or disabled as appropriate.via inetadm and svcadm CCE-4483-4TThe Solaris print server functionality should be enabled or disabled as appropriate. CCE-3663-2>The IPP listener should be enabled or disabled as appropriate. CCE-4037-8>The SNMP service should be enabled or disabled as appropriate. CCE-4540-1@The read-only SNMP community string should be set appropriately.string/etc/snmp/conf/snmpd.conf CCE-U-122 CCE-4434-7KTCP Wrappers should be enabled or disabled as appropriate for all services.enabled / disabledvia inetadm -M CCE-4570-83The core dump directory owner should be restricted.user /var/coreCCE-U-65 CCE-4478-49The core dump directory group owner should be restricted.groupCCE-U-66 CCE-4623-5EFile permissions for the core dump directory should be set correctly. permissionsCCE-U-67 CCE-4522-94Core dumps should be enabled/disabled as appropriateenabled/disabled/etc/coreadm.conf CCE-4297-8EKernel stack protection should be enabled or disabled as appropriate. /etc/system CCE-U-68 CCE-4548-4IStrong TCP Sequence numbers should be enabled or disabled as appropriate./etc/default/inetinit CCE-U-70 CCE-4566-6JIPv4 source route forwarding should be enabled or disabled as appropriate. /lib/svc/method/cis_netconfig.sh CCE-4439-6JIPv6 source route forwarding should be enabled or disabled as appropriate. CCE-4456-0KReverse source routed packets should be enabled or disabled as appropriate. CCE-4602-9CForwarding broadcasts should be enabled or disabled as appropriate. CCE-3752-3?Unestablished tcp connection queue should be set appropriately.numeral CCE-4417-2=Established tcp connection queue should be set appropriately. CCE-4311-7@Respond to ICMP timestamp request should be enabled or disabled. CCE-4562-5JRespond to ICMP broadcast timestamp request should be enabled or disabled. CCE-4082-4MRespond to ICMP netmask request should be enabled or disabled as appropriate. CCE-3681-4TRespond to ICMP echo broadcast request should be enabled or disabled as appropriate. CCE-4642-5;The ARP cache cleanup interval should be set appropriately. CCE-4532-82The ARP IRE scan rate should be set appropriately. CCE-4624-34The IPv4 ICMP redirect should be enabled or disabled CCE-4518-7DThe IPv6 ICMP redirect should be enabled or disabled as appropriate. CCE-4676-38Extended TCP reserved ports should be set appropriately.list of ports above 1023 CCE-3699-6EIPv4 strict multihoming should be enabled or disabled as appropriate. CCE-4575-7EIPv6 strict multihoming should be enabled or disabled as appropriate. CCE-4593-0>ICMPv4 redirects should be enabled or disabled as appropriate. CCE-4095-6>ICMPv6 redirects should be enabled or disabled as appropriate. CCE-3684-88IP forwarding should enabled or disabled as appropriate. via routeadm CCE-4288-78IP routing should be enabled or disabled as appropriate. CCE-4671-4/inetd tracing should be enabled as appropriate.CCE-U-80 CCE-4455-2TThe logging option for the ftp service should be enabled or disabled as appropriate.via inetadm -m CCE-U-113 CCE-4397-65The daemon debug log file owner should be restricted./var/log/connlog CCE-4415-6BThe daemon debug log file permissions should be set appropriately. CCE-4560-9;The daemon debug log file group owner should be restricted. CCE-4582-3RThe debug logging option for daemons should be enabled or disabled as appropriate./etc/syslog.conf CCE-3979-2LCapture of syslog AUTH Messages should be enabled or disabled as appropriateCCE-U-2 CCE-4124-4-The loginlog file owner should be restricted./var/adm/loginlog CCE-4626-8:The loginlog file permissions should be set appropriately. CCE-4635-93The loginlog file group owner should be restricted. CCE-3930-5MCapture of failed login attempts should be enabled or disabled as appropriate CCE-4309-1XThe threshold of syslog logging of failed login attempts should b< e configured correctly.numeric value /etc/default/login CCE-4591-4:Cron logging should be enabled or disabled as appropriate./etc/default/cron CCE-U-38 CCE-4490-9(Cron log file owner should be restricted /var/cron/log CCE-4683-9.Cron log file group owner should be restricted CCE-4472-75Cron log file permissions should be set appropriately CCE-3992-5>System Accounting should be enabled or disabled as appropriate,via svcadm enable  r svc:/system/sar:default CCE-4481-86The system accounting file owner should be restricted. /var/adm/sa/* CCE-4630-0=The systems accounting file group owner should be restricted. CCE-4542-7CThe system accounting file permissions should be set appropriately. CCE-4675-5BKernel level auditing should be enabled or disabled as appropriatevia /etc/security/bsmconv CCE-4679-7SKernel level auditing for login/logout should be enabled or disabled as appropriatesuccessfull/unsuccesfull/etc/security/audit_control CCE-4075-8]Kernel level auditing for administrative actions should be enabled or disabled as appropriate CCE-4600-3bKernel level auditing for file attribute modification should be enabled or disabled as appropriate CCE-4498-2YKernel level auditing for process start/stop should be enabled or disabled as appropriate CCE-4401-6UKernel level auditing for process modify should be enabled or disabled as appropriate CCE-4337-2PKernel level auditing for processes should be enabled or disabled as appropriate CCE-4606-0KKernel level auditing for exec should be enabled or disabled as appropriate CCE-4610-2XKernel level auditing for root login/logout should be enabled or disabled as appropriate/etc/security/audit_user CCE-4126-9.Audit log file ownership should be restricted. /var/audit/* CCE-4633-44Audit log file group ownership should be restricted. CCE-4527-8+Audit log permissions should be restricted. CCE-4672-24The daemon user's umask should be set appropriately./etc/default/init CCE-4315-8RThe setuid option should be enabled or disabled on removable media as appropriate./etc/rmmount.conf CCE-U-170 CCE-3760-6The pkgchk utility should be used to verify ownership, group ownership, and access permissions for installed packages as appropriate.!list of packages, or all packages via pkgchk CCE-4312-5The pkgchk utility should be used to force default settings for ownership, group ownership, and access permissions for installed packages as appropriate. via pkgchk -f CCE-4721-7_The sticky bit should be enabled or disabled as appropriate for all world-writable directories. via chmod CCE-U-171 CCE-4351-3FWorld-writable files should be found and examined for appropriateness. CCE-4743-1=setgid files should be found and examined for appropriateness CCE-4281-2=setuid files should be found and examined for appropriateness CCE-4660-7RUnowned files should be found and removed or given to a valid user as appropriate.via chown or rm CCE-4682-1JFiles with extended attributes should be found and handled as appropriate. CCE-4435-4GSerial port login prompts should be enabled or disabled as appropriate. via pmadm CCE-U-155 CCE-4576-5XAccess to secure RPC for the 'nobody' user should be enabled or disabled as appropriate./etc/default/keyserv CCE-U-161 CCE-4726-6DSSH version 2 protocol should be enabled or disabled as appropriate./etc/ssh/sshd_config CCE-U-132 CCE-4638-3@SSH X11 forwarding should be enabled or disabled as appropriate. string yes/no CCE-4748-0NSSH maximum number of retries for authentication should be set as appropriate. CCE-4395-0RSSH maximum number or retries for authentication log should be set as appropriate. CCE-4030-3JSSH integration with .rhosts should be enabled or disabled as appropriate. CCE-4655-7VSSH integration with .rhosts/hosts.equiv should be enabled or disabled as appropriate. CCE-3946-1KSSH Rhosts RSA Authentication should be enabled or disabled as appropriate. CCE-4713-4@Root login via SSH should be enabled or disabled as appropriate. CCE-4708-4MSSH should be configured to enable or disable empty passwords as appropriate. CCE-4603-7<The SSH banner should be enabled or disabled as appropriate.uncomment string CCE-4021-21PAM Rhosts support should be enabled or disabled. /etc/pam.confCCE-U-28 CCE-4678-9BThe ftpusers file should restrict the root account as appropriate./etc/ftpd/ftpusers CCE-U-105 CCE-4695-3DThe ftpusers file should restrict the daemon account as appropriate. CCE-U-108 CCE-4510-4AThe ftpusers file should restrict the bin account as appropriate. CCE-4157-4AThe ftpusers file should restrict the sys account as appropriate. CCE-4677-1AThe ftpusers file should restrict the adm account as appropriate. CCE-4179-8@The ftpusers file should restrict the lp account as appropriate. CCE-4589-8BThe ftpusers file should restrict the uucp account as appropriate. CCE-4113-7CThe ftpusers file should restrict the smmsp account as appropriate. CCE-4739-9DThe ftpusers file should restrict the listen account as appropriate. CCE-4135-0AThe ftpusers file should restrict the gdm account as appropriate. CCE-3768-9FThe ftpusers file should restrict the webservd account as appropriate. CCE-3782-0DThe ftpusers file should restrict the nobody account as appropriate. CCE-4347-1FThe ftpusers file should restrict the noaccess account as appropriate. CCE-4497-4EThe ftpusers file should restrict the nobody4 account as appropriate. CCE-4432-13The failed login delay should be set appropriately.number of secondsCCE-U-5 CCE-4705-0?The default CDE screenlock timeout should be set appropriately.number of minutes/usr/dt/config/*/sys.resources CCE-U-158 CCE-4723-3AThe default GNOME screenlock timeout should be set appropriately.*/usr/openwin/lib/app-defaults/Xscreensaver CCE-4622-7BThe GNOME screenlock should be enabled or disabled as appropriate.boolean true/false CCE-4644-1GUse of the cron.allow file should be enabled or disabled as appropriate/etc/cron.d/cron.allowCCE-U-32 CCE-4543-5EUse of the at.allow file should be enabled or disabled as appropriate/etc/cron.d/at.allowCCE-U-47 CCE-4437-0HThe /etc/cron.d/cron.allow file should be owned by the appropriate user./etc/cron.d/cron.allow CCE-U-40 CCE-4706-8IThe /etc/cron.d/cron.allow file should be owned by the appropriate group.CCE-U-41 CCE-4693-8TFile permissions for the /etc/cron.d/cron.allow file should be configured correctly.CCE-U-36 CCE-4710-0RFile permissions for the /etc/cron.d/at.allow file should be configured correctly.CCE-U-51 CCE-4230-9FThe /etc/cron.d/at.allow file should be owned by the appropriate user.CCE-U-54 CCE-4445-3GThe /etc/cron.d/at.allow file should be owned by the appropriate group.CCE-U-55 CCE-4458-6EThe ability to login as root directly should be configured correctly./etc/default/login CCE-U-15 CCE-4102-0JThe "account lockout threshold" policy should meet minimum requirements. number of retriesCCE-U-4 CCE-4754-8=Account lockout should be enabled or disabled as appropriate.yes/no/etc/security/policy.conf CCE-4648-2<The eeprom security mode should be configured appropriately.none/full/command CCE-3826-5OThe grub menu password protection should be enabled or disabled as appropriate.password vi grub> prompt md5cyrpt command CCE-4525-2?The daemon account should be locked or unlocked as appropriate.locked / unlocked / non-login via passwd CCE-U-174 CCE-4657-3<The bin account should be locked or unlocked as appropriate. CCE-U-175 CCE-4661-5?The shell for the bin account should be assigned appropriately.path via passmgmt CCE-4807-4>The nuucp account should be locked or unlocked as appropriate. CCE-U-180 CCE-4701-9AThe shell for the nuucp account should be assigned appropriately. CCE-4669-8>The smmsp account should be locked or unlocked as appropriate. CCE-U-181< CCE-4436-2AThe shell for the smmsp account should be assigned appropriately. CCE-4815-7?The listen account should be locked or unlocked as appropriate. CCE-U-182 CCE-4696-1BThe shell for the listen account should be assigned appropriately. CCE-4216-8<The gdm account should be locked or unlocked as appropriate. CCE-4758-9?The shell for the gdm account should be assigned appropriately. CCE-4621-9AThe webservd account should be locked or unlocked as appropriate. CCE-4515-3DThe shell for the webservd account should be assigned appropriately. CCE-4282-0?The nobody account should be locked or unlocked as appropriate. CCE-U-183 CCE-4802-5BThe shell for the nobody account should be assigned appropriately. CCE-4806-6AThe noaccess account should be locked or unlocked as appropriate. CCE-U-184 CCE-4471-9DThe shell for the noaccess account should be assigned appropriately. CCE-4617-7@The nobody4 account should be locked or unlocked as appropriate. CCE-U-185 CCE-4418-0CThe shell for the nobody4 account should be assigned appropriately. CCE-4810-8<The sys account should be locked or unlocked as appropriate. CCE-U-176 CCE-3955-2<The adm account should be locked or unlocked as appropriate. CCE-U-177 CCE-3834-9?The shell for the adm account should be assigned appropriately. CCE-4408-1;The lp account should be locked or unlocked as appropriate. CCE-U-178 CCE-4536-9>The shell for the lp account should be assigned appropriately. CCE-4809-0=The uucp account should be locked or unlocked as appropriate. CCE-U-179 CCE-3841-4@The shell for the uucp account should be assigned appropriately. CCE-4724-1YAll user login accounts with empty passwords should be locked or unlocked as appropriate. CCE-4367-9DThe "minimum password age" policy should meet minimum requirements. 1Use the set-user-password-reqs.fin Finish script CCE-U-7 CCE-4165-7CThe "maximum password age" policy should meet minimum requirements.CCE-U-8 CCE-4836-3@The password expiration warning time should be set appropriately CCE-4625-0EThe strong password PASSLENGTH value should meet minimum requirementsvUse the set-user-password-reqs.fin, set-strict-password-checks.fin and the enable-password-history.fin Finish scripts CCE-4770-4DThe strong password NAMECHECK value should meet minimum requirements CCE-4563-3BThe strong password HISTORY value should meet minimum requirementsCCE-U-10 CCE-4832-2BThe strong password MINDIFF value should meet minimum requirements CCE-4572-4CThe strong password MINALPHA value should meet minimum requirements CCE-4480-0CThe strong password MINUPPER value should meet minimum requirements CCE-4731-6CThe strong password MINLOWER value should meet minimum requirements CCE-4753-0FThe strong password MINNONALPHA value should meet minimum requirements CCE-4775-3EThe strong password MAXREPEATS value should meet minimum requirements CCE-3856-2EThe strong password WHITESPACE value should meet minimum requirementsyes / no CCE-4402-4EThe strong password DICTIONDBDIR value should be configured correctly CCE-4670-6DThe strong password DICTIONLIST value should be configured correctly CCE-4314-1]No Legacy "+" entries in passwd, shadow, and group files should be verified to be appropriate file list/Use the check-include-nis-map.aud Audit script. CCE-4816-5LNo UID 0 Accounts exist other than root should be verified to be appropriate account list*Use the check-uids-unique.aud Audit script CCE-4834-8=Default group for root account should be configured correctly(Use the set-root-group.fin Finish script CCE-4728-2<The home directory of the root user should be set correctly.+Use the set-root-home-dir.fin Finish scriptCCE-U-11 CCE-4631-8:The PATH for the root user should be configured correctly.A1) Set of directories to include 2) Set of directories to exclude(Use the check-root-path.aud Audit scriptCCE-U-13 CCE-4538-5XFile permissions should be set correctly for the home directories for all user accounts.0Use the check-home-permissions.aud Audit script. CCE-U-162 CCE-4561-7FFile permissions should be set correctly for user configuration files.+Use the check-hidden-files.aud Audit script CCE-4578-1:File permissions should be set correctly for .netrc files.*Use the check-netrc-files.aud Audit script CCE-4843-9<Presence of .rhost files should be checked to be appropriate true/false%Use the print-rhosts.aud Audit script CCE-4737-31The default umask should be configured correctly.permissions mask(Use the set-user-umask.fin Finish scriptCCE-U-31 CCE-3897-6<The default umask for ftp users should be set appropriately.)Use the set-ftpd-umask.fin Finish script. CCE-U-115 CCE-4746-4qThe default setting for all users to allow terminal messages via the mesg utility should be configured correctly.&Use the disable-mesg.fin Finish scriptCCE-U-25 CCE-4760-5TGeneral login services should display a banner as appropriate before authentication. banner text /etc/issue CCE-4301-8SGeneral login services should display a banner as appropriate after authentication. /etc/motd CCE-4698-7ACDE should display a banner as appropriate before authentication./usr/dt/config/*/Xresources CCE-4222-6CGNOME should display a banner as appropriate before authentication./etc/X11/gdm/gdm.conf CCE-4103-8MThe FTP service should display a banner as appropriate before authentication./etc/ftpd/banner.msg CCE-4870-26The telnet service banner should be set appropriately./etc/default/telnetd CCE-4896-70The power-on banner should be set appropriately.ovia the 'eeprom oem-banner=' command (provide a string after the =) then the "eeprom oem-banner\?=true" command CCE-4663-12The sendmail greeting should be set appropriately.@via the "O SmtpGreetingMessage" setting in /etc/mail/sendmail.cfCCE-U-97 CCE-3416-5?The rhnsd service should be enabled or disabled as appropriate. via chkconfig CCE-4218-4FThe yum-updatesd service should be enabled or disabled as appropriate. CCE-4209-3:The AIDE package should be installed or not as appropriateinstalled / uninstalledvia yum CCE-4249-9ZThe nodev option should be enabled or disabled as appropriate for all non-root partitions.via /etc/fstab CCE-3522-0VThe nodev option should be enabled or disabled as appropriate for all removable media.Similar to CCE-U-170 CCE-4275-4WThe noexec option should be enabled or disabled as appropriate for all removable media. CCE-4042-8WThe nosuid option should be enabled or disabled as appropriate for all removable media. CCE-3685-5JConsole device ownership should be restricted to root-only as appropriate.root-only / not root-only2via /etc/security/console.perms.d/50-default.perms CCE-4187-1DThe USB device support module should be loaded or not as appropriateloaded / not loadedvia /etc/modprobe.conf CCE-4006-3GThe USB device support module should be installed or not as appropriate via kernel CCE-4173-1@USB kernel support should be enabled or disabled as appropriate.via /etc/grub.conf CCE-3944-6QThe ability to boot from USB devices should be enabled or disabled as appropriatevia BIOS CCE-4072-5@The autofs service should be enabled or disabled as appropriate. CCE-4231-7YThe GNOME automounter (gnome-volume-manager) should be enabled or disabled as appropriate CCE-3988-3>The /etc/shadow file should be owned by the appropriate group. via chownCCE-U-23 CCE-3883-6=The /etc/group file should be owned by the appropriate group. CCE-U-202 CCE-3276-3<The /etc/group file should be owned by the appropriate user. CCE-U-201 CCE-3932-1:File permissions for /etc/gshadow should be set correctly. CCE-U-200 CCE-4064-2?The /etc/gshadow file should be owned by the appropriate group. CCE-4210-1>The /etc/gshadow file should be owned by the appropriate user. CCE-3918-0=The /etc/shadow file should be owned by the appropriate user.CCE-U-22 CCE-3566-79File permissions for /etc/passwd should< be set correctly.CCE-U-19 CCE-3958-6=The /etc/passwd file should be owned by the appropriate user.CCE-U-20 CCE-3967-78File permissions for /etc/group should be set correctly. CCE-3495-9>The /etc/passwd file should be owned by the appropriate group.CCE-U-21 CCE-4130-19File permissions for /etc/shadow should be set correctly.CCE-U-24 CCE-3399-3ZThe sticky bit should be set or not set as appropriate for all world-writable directories. set / not set CCE-3795-2VThe world-write permission should be enabled or disabled as appropriate for all files. CCE-4178-0CThe sgid bit should be set or not set as appropriate for all files. CCE-3324-1CThe suid bit should be set or not set as appropriate for all files. CCE-4223-42All files should be owned by a user as appropriate user / none CCE-3573-33All files should be owned by a group as appropriate group / none via chgrp CCE-4220-0-The daemon umask should be set as appropriatevia /etc/sysconfig/init CCE-4225-9ECore dumps for all users should be enabled or disabled as appropriatevia /etc/security/limits.conf CCE-4247-3KCore dumps for setuid programs should be enabled or disabled as appropriatevia sysctl - fs.suid_dumpable CCE-4146-7fExecShield randomized placement of virtual memory regions should be enabled or disabled as appropriate&via sysctl - kernel.randomize_va_space CCE-4168-17ExecShield should be enabled or disabled as appropriatevia sysctl - kernel.exec-shield CCE-4172-3[Kernel support for the XD/NX processor feature should be enabled or disabled as appropriatevia kernel-PAE CCE-4177-2TThe XD/NX processor feature should be enabled or disabled as appropriate in the BIOS CCE-3820-8cLogins through the specified virtual console interface should be enabled or disabled as appropriatevia /etc/securetty CCE-3485-0`Logins through the specified virtual console device should be enabled or disabled as appropriate CCE-4111-1VLogins through the primary console device should be enabled or disabled as appropriate CCE-4256-4KLogin prompts on serial ports should be enabled or disabled as appropriate. CCE-4274-7PCommand access to the root account should be enabled or disabled as appropriate.via pam CCE-4044-4LSudo privileges should granted or rejected to the wheel group as appropriate grant/rejectvi /etc/sudoers CCE-3987-5VLogin access to non-root system accounts should be enabled or disabled as appropriate via /etc/passwd CCE-4238-2WLogin access to accounts without passwords should be enabled or disabled as appropriatevia /etc/shadow CCE-4009-7<Anonymous root logins are enabled or disabled as appropriate CCE-4154-17The password minimum length should be set appropriatelylength of passwordvia /etc/login.defs CCE-4180-6EThe "minimum password age" policy should meet minimum requirements. number of days CCE-4092-3EThe "maximum password age" policy should meet minimum requirements. CCE-4097-21The password warn age should be set appropriately CCE-4114-5GNIS file inclusions should be set appropriately in the /etc/passwd file CCE-3762-2via PAM CCE-3410-8number of attempts CCE-4185-5GThe /usr/sbin/userhelper file should be owned by the appropriate group. CCE-3952-9BFile permissions for /usr/sbin/userhelper should be set correctly. CCE-U-200 CCE-3301-97The PATH variable should be set correctly for user rootCCE-U-26 CCE-4090-7 CCE-3844-8JThe default umask for all users should be set correctly for the bash shellumask CCE-4227-5IThe default umask for all users should be set correctly for the csh shell CCE-3870-37The default umask for all users should be set correctly CCE-4144-2@The /etc/grub.conf file should be owned by the appropriate user. CCE-3923-0<File permissions for /etc/grub.conf should be set correctly. CCE-3818-2WThe grub boot loader should have password protection enabled or disabled as appropriate CCE-4197-0AThe /etc/grub.conf file should be owned by the appropriate group. CCE-4241-6\The requirement for a password to boot into single-user mode should be configured correctly.via /etc/inittabCCE-U-1 CCE-4245-7cThe ability for users to perform interactive startups should be enabled or disabled as appropriate. CCE-3689-7]The idle time-out value for the default /bin/tcsh shell should meet the minimum requirements.via autolockout CCE-3707-7]The idle time-out value for the default /bin/bash shell should meet the minimum requirements.via /etc/profile.d CCE-3315-9VThe allowed period of inactivity gnome desktop lockout should be configured correctly.via gconftool-2CCE-U-6 CCE-3910-7;The vlock package should be installed or not as appropriate CCE-4060-05The system login banner text should be set correctly. CCE-4188-9>The direct gnome login warning banner should be set correctly.banner text/xml via RHEL.xml CCE-3977-64SELinux should be enabled or disabled as appropriate!enforcing / permissive / disabledvia /etc/selinux/config CCE-3999-0.The SELinux state should be set appropriately. CCE-3624-4/The SELinux policy should be set appropriately.targeted / strict / mls CCE-4254-9HThe setroubleshoot service should be enabled or disabled as appropriate. CCE-4148-3MThe setroubleshoot package should be installed or uninstalled as appropriate. CCE-3668-1BThe mcstrans service should be enabled or disabled as appropriate. CCE-4129-3EThe restorecond service should be enabled or disabled as appropriate. CCE-4151-7sThe default setting for sending ICMP redirects should be enabled or disabled for network interfaces as appropriate.1via sysctl - net.ipv4.conf.default.send_redirects CCE-4155-8WSending ICMP redirects should be enabled or disabled for all interfaces as appropriate.-via sysctl - net.ipv4.conf.all.send_redirects CCE-3561-8;IP forwarding should be enabled or disabled as appropriate. via sysctl - net.ipv4.ip_forward CCE-U-134 CCE-3472-8Accepting "secure" ICMP redirects (those from gateways listed in the default gateways list) should be enabled or disabled for all interfaces as appropriate./via sysctl - net.ipv4.conf.all.secure_redirects CCE-4217-6YAccepting ICMP redirects should be enabled or disabled for all interfaces as appropriate./via sysctl - net.ipv4.conf.all.accept_redirects CCE-4133-5YIgnoring bogus ICMP responses to broadcasts should be enabled or disabled as appropriate.6via sysctl - net.ipv4.icmp_ignore_bogus_error_messages CCE-4265-5DSending TCP syncookies should be enabled or disabled as appropriate.$via sysctl - net.ipv4.tcp_syncookies CCE-3644-2yIgnoring ICMP echo requests (pings) sent to broadcast / multicast addresses should be enabled or disabled as appropriate.1via sysctl - net.ipv4.icmp_echo_ignore_broadcasts CCE-4186-3uThe default setting for accepting ICMP redirects should be enabled or disabled for network interfaces as appropriate.3via sysctl - net.ipv4.conf.default.accept_redirects CCE-4080-8mPerforming source validation by reverse path should be enabled or disabled for all interfaces as appropriate.(via sysctl - net.ipv4.conf.all.rp_filter CCE-3339-9The default setting for accepting "secure" ICMP redirects (those from gateways listed in the default gateways list) should be enabled or disabled for network interfaces as appropriate.3via sysctl - net.ipv4.conf.default.secure_redirects CCE-4320-8Logging of "martian" packets (those with impossible addresses) should be enabled or disabled for all interfaces as appropriate.+via sysctl - net.ipv4.conf.all.log_martians CCE-3840-6The default setting for performing source validation by reverse path should be enabled or disabled for network interfaces as appropriate.,via sysctl - net.ipv4.conf.default.rp_filter CCE-4091-5|The default setting for accepting source routed packets should be enabled or disabled for network interfaces as appropriate.6via sysctl - net.ipv4.conf.default.accept_source_route CCE-4236-6`Accepting source routed packets should be enabled or disabled for a< ll interfaces as appropriate.2via sysctl - net.ipv4.conf.all.accept_source_route CCE-3628-5NAll wireless devices should be enabled or disabled in the BIOS as appropriate.via BIOS menus CCE-4276-2EAll wireless interfaces should be enabled or disabled as appropriate. via ifconfig CCE-4170-7bDevice drivers for wireless devices should be included or excluded from the kernel as appropriate.included / excluded via modprobe CCE-3562-6YAutomatic loading of the IPv6 kernel module should be enabled or disabled as appropriate. CCE-3377-9HGlobal IPv6 initialization should be enabled or disabled as appropriate.via /etc/sysconfig/network CCE-4296-0SIPv6 configuration should be enabled or disabled as appropriate for all interfaces. CCE-3381-1oThe default setting for IPv6 configuration should be enabled or disabled for network interfaces as appropriate. CCE-4269-7mAccepting IPv6 router advertisements should be enabled or disabled as appropriate for all network interfaces. CCE-4291-1The default setting for accepting IPv6 router advertisements should be enabled or disabled for network interfaces as appropriate. CCE-4313-3nAccepting redirects from IPv6 routers should be enabled or disabled as appropriate for all network interfaces. CCE-4198-8The default setting for accepting redirects from IPv6 routers should be enabled or disabled for network interfaces as appropriate. CCE-3842-2NIPv6 privacy extensions should be configured appropriately for all interfaces.,disabled / lightweight / rfc3041 (alias yes)Dvia IPV6_PRIVACY in /etc/sysconfig/network-scripts/ifcfg- CCE-4221-8The default setting for accepting router preference via IPv6 router advertisement should be enabled or disabled for network interfaces as appropriate.5via sysctl - net.ipv6.conf.default.accept_ra_rtr_pref CCE-4137-6oThe default number of global unicast IPv6 addresses allowed per network interface should be set appropriately. number0via sysctl - net.ipv6.conf.default.max_addresses CCE-4159-0lThe default number of IPv6 router solicitations for network interfaces to send should be set appropriately. 7via sysctl - net.ipv6.conf.default.router_solicitations CCE-3895-0The default number of IPv6 duplicate address detection solicitations for network interfaces to send per configured address should be set appropriately. 0via sysctl - net.ipv6.conf.default.dad_transmits CCE-4287-9The default setting for autoconfiguring network interfaces using prefix information in IPv6 router advertisements should be enabled or disabled as appropriate.+via sysctl - net.ipv6.conf.default.autoconf CCE-4058-4The default setting for accepting prefix information via IPv6 router advertisement should be enabled or disabled for network interfaces as appropriate.2via sysctl - net.ipv6.conf.default.accept_ra_pinfo CCE-4128-5The default setting for accepting a default router via IPv6 router advertisement should be enabled or disabled for network interfaces as appropriate.3via sysctl - net.ipv6.conf.default.accept_ra_defrtr CCE-4167-3CThe ip6tables service should be enabled or disabled as appropriate. CCE-4189-7BThe iptables service should be enabled or disabled as appropriate. CCE-3679-8@The syslog service should be enabled or disabled as appropriate. CCE-3701-0>All syslog log files should be owned by the appropriate group. CCE-U-202? CCE-4233-3BFile permissions for all syslog log files should be set correctly. CCE-U-200? CCE-4366-1=All syslog log files should be owned by the appropriate user. CCE-U-201? CCE-4260-6DSyslog logs should be sent to a remote loghost or not as appropriatesent / not sentvia /etc/syslog.conf CCE-3382-9;Syslogd should accept remote messages or not as appropriateaccept / rejectvia /etc/sysconfig/syslog CCE-U-131 CCE-4182-2TThe logrotate (syslog rotater) service should be enabled or disabled as appropriate.via cron CCE-4323-2AThe logwatch service should be enabled or disabled as appropriate CCE-4292-9@The auditd service should be enabled or disabled as appropriate. CCE-4234-1?The inetd service should be enabled or disabled as appropriate.CCE-U-72 CCE-4252-3@The xinetd service should be enabled or disabled as appropriate.CCE-U-73 CCE-4023-8DThe inetd package should be installed or uninstalled as appropriate. CCE-4164-0 CCE-3390-2 CCE-4330-7LThe telnet-server package should be installed or uninstalled as appropriate. CCE-3974-3=The rcp service should be enabled or disabled as appropriate. CCE-4141-8=The rsh service should be enabled or disabled as appropriate.CCE-U-83 CCE-3537-8@The rlogin service should be enabled or disabled as appropriate.CCE-U-82 CCE-4308-3 CCE-3705-1@The ypbind service should be enabled or disabled as appropriate. CCE-4348-9EThe ypserv package should be installed or uninstalled as appropriate. CCE-4273-9>The tftp service should be enabled or disabled as appropriate. CCE-3916-4JThe tftp-server package should be installed or uninstalled as appropriate. CCE-3412-4CThe firstboot service should be enabled or disabled as appropriate. CCE-4229-1=The gpm service should be enabled or disabled as appropriate. CCE-4123-6DThe irqbalance service should be enabled or disabled as appropriate. CCE-4286-1>The isdn service should be enabled or disabled as appropriate. CCE-3425-6?The kdump service should be enabled or disabled as appropriate. CCE-4211-9?The kudzu service should be enabled or disabled as appropriate. CCE-3854-7CThe mdmonitor service should be enabled or disabled as appropriate. CCE-4356-2GThe microcode_ctl service should be enabled or disabled as appropriate. CCE-4369-5AThe network service should be enabled or disabled as appropriate. CCE-4100-4?The pcscd service should be enabled or disabled as appropriate. CCE-3455-3@The smartd service should be enabled or disabled as appropriate. CCE-4421-4IThe readahead_early service should be enabled or disabled as appropriate. CCE-4302-6IThe readahead_later service should be enabled or disabled as appropriate. CCE-3822-4DThe messagebus service should be enabled or disabled as appropriate. CCE-4364-6CThe haldaemon service should be enabled or disabled as appropriate. CCE-4355-4CThe bluetooth service should be enabled or disabled as appropriate. CCE-4377-8>The hidd service should be enabled or disabled as appropriate. CCE-4289-5>The apmd service should be enabled or disabled as appropriate. CCE-4298-6?The acpid service should be enabled or disabled as appropriate. CCE-4051-9BThe cpuspeed service should be enabled or disabled as appropriate. CCE-4324-0?The crond service should be enabled or disabled as appropriate. CCE-4406-5AThe anacron service should be enabled or disabled as appropriate. CCE-4428-9FThe anacron package should be installed or uninstalled as appropriate. CCE-4322-4DThe /etc/cron.monthly file should be owned by the appropriate group. CCE-4450-3=File permissions for /etc/cron.daily should be set correctly. CCE-4331-5CThe /etc/cron.weekly file should be owned by the appropriate group. CCE-3851-3>The /etc/crontab file should be owned by the appropriate user. CCE-4379-4AThe /etc/anacrontab file should be owned by the appropriate user. CCE-4388-5:File permissions for /etc/crontab should be set correctly. CCE-4054-3CThe /etc/cron.hourly file should be owned by the appropriate group. CCE-4441-2CThe /etc/cron.monthly file should be owned by the appropriate user. CCE-4212-7>The /etc/cron.d file should be owned by the appropriate group. CCE-4380-2=The /etc/cron.d file should be owned by the appropriate user. CCE-3833-1BThe /etc/cron.weekly file should be owned by the appropriate user. CCE-3604-6BThe /etc/anacrontab file should be owned by the appropriate group. CCE-4106-1>File permissions for /etc/cron.hourly should be set correctly. CCE-3983-4BThe /etc/cron.hourly file should be owned by the appropriate user. CCE-3626-9?The /etc/crontab file should be owned by the appropr< iate group. CCE-4022-0AThe /etc/cron.daily file should be owned by the appropriate user. CCE-4304-2=File permissions for /etc/anacrontab should be set correctly. CCE-4203-6>File permissions for /etc/cron.weekly should be set correctly. CCE-4251-5?File permissions for /etc/cron.monthly should be set correctly. CCE-3481-9BThe /etc/cron.daily file should be owned by the appropriate group. CCE-4250-79File permissions for /etc/cron.d should be set correctly. CCE-4268-9>The sshd service should be enabled or disabled as appropriate. CCE-4272-15SSH should be installed or uninstalled as appropriate CCE-4295-2NInbound connections to the ssh port should be allowed or denied as appropriate allow / deny/etc/sysconfig/iptables CCE-4325-7LSSH version 1 protocol support should be enabled or disabled as appropriate.permitted / not permittedvia /etc/ssh/sshd_config CCE-3845-5BThe SSH idle timout interval should be set to an appropriate valueinteger (seconds) CCE-4475-0`Emulation of the rsh command through the ssh server should be enabled or disabled as appropriate CCE-4370-3JSSH host-based authentication should be enabled or disabled as appropriate CCE-4387-7?Root login via SSH should be enabled or disabled as appropriate CCE-3660-8bRemote connections from accounts with empty passwords should be enabled or disabled as appropriate CCE-4431-3?SSH warning banner should be enabled or disabled as appropriate CCE-4462-8EX Windows should be enabled or disabled at system boot as appropriate CCE-4422-27X Windows should be installed or removed as appropriateinstalled/removed CCE-4303-4 CCE-4448-7=The xfs service should be enabled or disabled as appropriate. CCE-4074-1^X Windows System Listening for remote connections should be enabled or disabled as appropriatevia /etc/X11/xinit/xserverrc CCE-3717-6PWarning banners for gui login users should be enabled or disabled as appropriatevia /etc/gdm/custom.conf CCE-4365-3FThe avahi-daemon service should be enabled or disabled as appropriate. CCE-4136-8MThe Avahi daemon should be configured to serve via Ipv6 or not as appropriateserve / not serve via /etc/avahi/avahi-daemon.conf CCE-4409-9MThe Avahi daemon should be configured to serve via Ipv4 or not as appropriate CCE-4426-3dAvahi should be configured to accept packets with a TTL field not equal to 255 or not as appropriate CCE-4193-9`Avahi should be configured to allow other stacks from binding to port 5353 or not as appropriateallow / disallow CCE-4444-6RAvahi publishing of local information should be enabled or disabled as appropriate CCE-4352-1gAvahi publishing of local information by user applications should be enabled or disabled as appropriate CCE-4433-9UAvahi publishing of hardware information should be enabled or disabled as appropriate CCE-4451-1QAvahi publishing of workstation name should be enabled or disabled as appropriate CCE-4341-4MAvahi publishing of IP addresses should be enabled or disabled as appropriate CCE-4358-8LAvahi publishing of domain name should be enabled or disabled as appropriate CCE-4112-9>The cups service should be enabled or disabled as appropriate. CCE-3755-69CUPS service should be enabled or disabled as appropriate CCE-3649-1PFirewall access to printing service should be enabled or disabled as appropriatevia /etc/sysconfig/iptables CCE-4420-6BRemote print browsing should be enabled or disabled as appropriatevia /etc/cups/cupsd.conf CCE-4407-3fCUPS should be allowed or denied the ability to listen for Incoming printer information as appropriate CCE-4425-5?The hplip service should be enabled or disabled as appropriate. CCE-4191-3XThe dhcp client service should be enabled or disabled as appropriate for each interface..via /etc/sysconfig/network-scripts/ifcfg-IFACE CCE-4336-4?The dhcpd service should be enabled or disabled as appropriate. CCE-4464-4CThe dhcp package should be installed or uninstalled as appropriate. CCE-4257-2WThe dynamic DNS feature of the DHCP server should be enabled or disabled as appropriatevia /etc/dhcpd.conf CCE-4403-2SDHCPDECLINE messages should be accepted or denied by the DHCP server as appropriateaccepted / denied CCE-4345-5LBOOTP queries should be accepted or denied by the DHCP server as appropriate CCE-3724-2\Domain name server information should be sent or not sent by the DHCP server as appropriate. CCE-4243-2MDefault routers should be sent or not sent by the DHCP server as appropriate. CCE-4389-3IDomain name should be sent or not sent by the DHCP server as appropriate. CCE-3913-1HNIS domain should be sent or not sent by the DHCP server as appropriate. CCE-4169-9INIS servers should be sent or not sent by the DHCP server as appropriate. CCE-4318-2ITime offset should be sent or not sent by the DHCP server as appropriate. CCE-4319-0INTP servers should be sent or not sent by the DHCP server as appropriate. CCE-3733-3;dhcpd logging should be enabled or disabled as appropriate. CCE-4376-0>The ntpd service should be enabled or disabled as appropriate. CCE-4134-3ANetwork access to ntpd should be allowed or denied as appropriatevia /etc/ntp.conf CCE-4385-1VA remote NTP Server for time synchronization should be specified or not as appropriate ip address CCE-4032-9:OpenNTPD should be installed or uninstalled as appropriatevia openntpd package CCE-4424-8;The ntp daemon should be enabled or disabled as appropriatevia /etc/rc.local CCE-3487-6AThe ntp daemon synchronization server should be set appropriatelylocal ntp servervia /usr/local/etc/ntpd.conf CCE-4416-4BThe sendmail service should be enabled or disabled as appropriate. CCE-4293-7KThe listening sendmail daemon should be enabled or disabled as appropriate.via /etc/sysconfig/sendmail CCE-3501-4>The ldap service should be enabled or disabled as appropriate. CCE-4360-4HFile permissions for /etc/pki/tls/CA/cacert.pem should be set correctly. CCE-4378-6MFile permissions for /etc/pki/tls/ldap/serverkey.pem should be set correctly. CCE-4492-5CThe /etc/pki/tls/ldap file should be owned by the appropriate user. CCE-4263-0NFile permissions for /etc/pki/tls/ldap/servercert.pem should be set correctly. CCE-3502-2QThe /etc/pki/tls/ldap/serverkey.pem file should be owned by the appropriate user. CCE-4449-5LThe /etc/pki/tls/CA/cacert.pem file should be owned by the appropriate user. CCE-4361-2?File permissions for /etc/pki/tls/ldap should be set correctly. CCE-4427-1MThe /etc/pki/tls/CA/cacert.pem file should be owned by the appropriate group. CCE-4321-6RThe /etc/pki/tls/ldap/serverkey.pem file should be owned by the appropriate group. CCE-4339-8DThe /etc/pki/tls/ldap file should be owned by the appropriate group. CCE-4105-3RThe /etc/pki/tls/ldap/servercert.pem file should be owned by the appropriate user. CCE-3718-4SThe /etc/pki/tls/ldap/servercert.pem file should be owned by the appropriate group. CCE-4484-2CThe /var/lib/ldap/* files should be owned by the appropriate group. CCE-4502-1BThe /var/lib/ldap/* files should be owned by the appropriate user. CCE-4396-8AThe nfslock service should be enabled or disabled as appropriate. CCE-3535-2AThe rpcgssd service should be enabled or disabled as appropriate. CCE-3568-3CThe rpcidmapd service should be enabled or disabled as appropriate. CCE-4533-6?The netfs service should be enabled or disabled as appropriate. CCE-4550-0AThe portmap service should be enabled or disabled as appropriate. CCE-4559-1oThe lockd service should be configured to use a static port or a dynamic portmapper port for TCP as appropriatestatic / dynamicvia /etc/sysconfig/nfs CCE-4015-4{The statd service should be configured to use an outgoing static port or an outgoing dynamic portmapper port as appropriate CCE-3667-3gThe statd service should be configured to use a static port or a dynamic portmapper port as appropriate CCE-4310-9oThe lockd service should be configured to use a static port or a dyn< amic portmapper port for UDP as appropriate CCE-4438-8hThe mountd service should be configured to use a static port or a dynamic portmapper port as appropriate CCE-3579-0iThe rquotad service should be configured to use a static port or a dynamic portmapper port as appropriate CCE-4473-5<The nfs service should be enabled or disabled as appropriate CCE-4491-7CThe rpcsvcgssd service should be enabled or disabled as appropriate CCE-4368-7PThe nodev option should be enabled or disabled for all NFS mounts as appropriate CCE-4024-6QThe nosuid option should be enabled or disabled for all NFS mounts as appropriate CCE-4526-0QThe noexec option should be enabled or disabled for all NFS mounts as appropriate CCE-4544-3NRoot squashing should be enabled or disabled as appropriate for all NFS sharesvia /etc/exports CCE-4465-1[Restriction of NFS clients to privileged ports should be enabled or disabled as appropriate CCE-4350-5GWrite access to NFS shares should be enabled or disabled as appropriate CCE-3578-2?The named service should be enabled or disabled as appropriate. CCE-4219-2CThe bind package should be installed or uninstalled as appropriate. CCE-3985-9SThe /var/named/chroot/etc/named.conf file should be owned by the appropriate group. CCE-4487-5NFile permissions for /var/named/chroot/etc/named.conf should be set correctly. CCE-4258-0RThe /var/named/chroot/etc/named.conf file should be owned by the appropriate user. CCE-4399-2KLDAP's dynamic updates feature should be enabled or disabled as appropriatevia /etc/named.conf CCE-3919-8@The vsftpd service should be enabled or disabled as appropriate. CCE-4549-2KLogging of vsftpd transactions should be enabled or disabled as appropriatevia /etc/vsftpd.conf CCE-4554-2OA warning banner for all FTP users should be enabled or disabled as appropriate CCE-4443-8SLocal user login to the vsftpd service should be enabled or disabled as appropriate CCE-4461-0DFile uploads via vsftpd should be enabled or disabled as appropriate CCE-4338-0?The httpd service should be enabled or disabled as appropriate. CCE-4514-6DThe httpd package should be installed or uninstalled as appropriate. CCE-4346-3JThe apache 2 server software should be installed or removed as appropriate CCE-4474-3CThe apache2 server's ServerTokens value should be set appropriatelytextvia /etc/httpd/conf/httpd.conf CCE-3756-4FThe apache2 server's ServerSignature value should be set appropriately CCE-4509-6=File permissions for /etc/httpd/conf should be set correctly. CCE-4386-9?File permissions for /etc/httpd/conf/* should be set correctly. CCE-4029-5=File permissions for /usr/sbin/httpd should be set correctly. CCE-3581-6EThe /etc/httpd/conf/* files should be owned by the appropriate group. CCE-4574-0<File permissions for /var/log/httpd should be set correctly. CCE-3847-1AThe dovecot service should be enabled or disabled as appropriate. CCE-4239-0FThe dovecot package should be installed or uninstalled as appropriate. CCE-4384-4NDovecot should be configured to support the imaps protocol or not as necessarysupport / not supportvia /etc/dovecot.conf CCE-3887-7NDovecot should be configured to support the pop3s protocol or not as necessary CCE-4530-2MDovecot should be configured to support the pop3 protocol or not as necessary CCE-4547-6MDovecot should be configured to support the imap protocol or not as necessary CCE-4552-6VDovecot plaintext authentication of clients should be enabled or disabled as necessary CCE-4371-1sThe Dovecot option to drop privileges to user before executing mail process should be enabled or not as appropriate CCE-4410-7fThe Dovecot option to spawn a new login process per connection should be enabled or not as appropriate CCE-4551-8=The smb service should be enabled or disabled as appropriate. CCE-4556-7?The squid service should be enabled or disabled as appropriate. CCE-U-160 CCE-4076-6DThe squid package should be installed or uninstalled as appropriate. CCE-4454-5YThe Squid option to force FTP passive connections should be enabled or not as appropriatevia /etc/squid/squid.conf CCE-4353-9NThe Squid max request HTTP header length should be set to an appropriate value data length CCE-4503-9]The Squid option to check for RFC compliant hostnames should be enabled or not as appropriate CCE-3585-7VThe Squid option to ignore unknown nameservers should be enabled or not as appropriate CCE-4419-8LThe Squid max reply HTTP header length should be set to an appropriate value CCE-3692-13The Squid EUID should be set to an appropriate user CCE-4459-4UThe Squid option to perform FTP sanity checks should be enabled or not as appropriate CCE-4476-84The Squid GUID should be set to an appropriate group CCE-4181-4oThe Squid option to show proxy client IP addresses in HTTP headers should be enabled or disabled as appropriate CCE-4577-3VThe Squid option to log HTTP MIME headers should be enabled or disabled as appropriate CCE-4344-8_The Squid option to allow underscores in hostnames should be enabled or disabled as appropriate CCE-4494-1bThe Squid option to suppress the httpd version string should be enabled or disabled as appropriate CCE-4511-2JSquid should be configured to allow gss-http traffic or not as appropriate CCE-4529-4GSquid should be configured to allow https traffic or not as appropriate CCE-3610-3FSquid should be configured to allow wais traffic or not as appropriate CCE-4466-9PSquid should be configured to allow multiling http traffic or not as appropriate CCE-4607-8FSquid should be configured to allow http traffic or not as appropriate CCE-4255-6ESquid should be configured to allow ftp traffic or not as appropriate CCE-4127-7HSquid should be configured to allow gopher traffic or not as appropriate CCE-4519-5KSquid should be configured to allow filemaker traffic or not as appropriate CCE-4413-1JSquid proxy access to localhost should be allowed or denied as appropriate CCE-4373-7KSquid should be configured to allow http-mgmt traffic or not as appropriate CCE-3765-5?The snmpd service should be enabled or disabled as appropriate. CCE-4404-0GThe net-smtp package should be installed or uninstalled as appropriate.[Microsoft Office 2007 Recommendations (Security Settings for Office 2007 Applications.xlsx)GNIST SCAP Microsoft Office 2007 OVAL (SCAP-Office2007-OVAL-Beta-v1.xml)JNIST SCAP Microsoft Office 2007 XCCDF (SCAP-Office2007-XCCDF-Beta-v1.xml ) CCE-116-4CCE-116QThe "Disable VBA for Office applications" setting should be configured correctly. User Configuration\Administrative Templates\Microsoft Office 2007 system\Security Settings\Disable VBA for Office applications, Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\Disable VBA for Office applicationsoval:org.mitre.oval:def:771DisableVBAForOfficeApplications CCE-908-4CCE-908MThe "ActiveX Control Initialization:" setting should be configured correctly.User Configuration\Administrative Templates\Microsoft Office 2007 system\Security Settings\ActiveX Control Initialization (1 | 2 | 3 | 4 | 5 | 6)oval:org.mitre.oval:def:814ActiveXControlInitialization CCE-184-2CCE-184\The "Enable Customer Experience Improvement Program" setting should be configured correctly.User Configuration\Administrative Templates\Microsoft Office 2007 system\Privacy\Trust Center\Enable Customer Experience Improvement Programoval:org.mitre.oval:def:829*EnableCustomerExperienceImprovementProgram CCE-276-6CCE-276User Configuration\Administrative Templates\Microsoft Office 2007 system\Privacy\Trust Center\Automatically receive small updates to improve reliabilityoval:org.mitre.oval:def:14734AutomaticallyReceiveSmallUpdatesToImproveReliability CCE-967-0CCE-967DThe "Online content options" setting should be configured correctly.%User Configuration\Administrative Templates\Microsoft Office 2007 system\Tools | Options | General | Service Options< ...\Online Content\Online content options (Never show online content or entry points | Search only offline content whenever available | Search online content whenever available)oval:org.mitre.oval:def:1302OnlineContentOptions CCE-427-5CCE-427XThe "VBA Macro Warning Settings" setting should be configured correctly for Access 2007.User Configuration\Administrative Templates\Microsoft Office Access 2007\Application Settings\Security\Trust Center\VBA Macro Warning Settings (Trust Bar warning for all macros | Trust Bar warning for digitally signed macros only (unsigned macros will be disabled) | No Warnings for all macros but disable all macros | No Security checks for macros (Not recommended, code in all documents can run))oval:org.mitre.oval:def:1403VBAMacroWarningSettings-Access CCE-649-4CCE-649WThe "VBA Macro Warning Settings" setting should be configured correctly for Excel 2007.User Configuration\Administrative Templates\Microsoft Office Excel 2007\Excel Options\Security\Trust Center\VBA Macro Warning Settings (Trust Bar warning for all macros | Trust Bar warning for digitally signed macros only (unsigned macros will be disabled) | No Warnings for all macros but disable all macros | No Security checks for macros (Not recommended, code in all documents can run))oval:org.mitre.oval:def:649VBAMacroWarningSettings-Excel CCE-862-3CCE-862jThe "Trust access to Visual Basic Project" setting should be configured correctly for Excel 2007 and 2003.User Configuration\Administrative Templates\Microsoft Office Excel 2007\Excel Options\Security\Trust Center\Trust access to Visual Basic Projectoval:org.mitre.oval:def:1560%TrustAccessToVisualBasicProject-Excel CCE-567-8CCE-567\The "VBA Macro Warning Settings" setting should be configured correctly for PowerPoint 2007.User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\PowerPoint Options\Security\Trust Center\VBA Macro Warning Settings (Trust Bar warning for all macros | Trust Bar warning for digitally signed macros only (unsigned macros will be disabled) | No Warnings for all macros but disable all macros | No Security checks for macros (Not recommended, code in all documents can run))oval:org.mitre.oval:def:654"VBAMacroWarningSettings-PowerPointCCE-68-7CCE-68fThe "Trust access to Visual Basic Project" setting should be configured correctly for PowerPoint 2007.User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\PowerPoint Options\Security\Trust Center\Trust access to Visual Basic Projectoval:org.mitre.oval:def:665*TrustAccessToVisualBasicProject-PowerPoint CCE-537-1CCE-537oval:org.mitre.oval:def:1298DisableRememberPassword CCE-786-4CCE-786oval:org.mitre.oval:def:1390ConfigureAddInTrustLevel CCE-937-3CCE-937CCE-13-3CCE-13IThe "Minimum encryption settings" setting should be configured correctly.{User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Cryptography\Minimum encryption settingsoval:org.mitre.oval:def:661MinimumEncryptionSettings CCE-316-0CCE-316uThe "Do not check e-mail address against address of certificates being using" setting should be configured correctly.User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Cryptography\Do not check e-mail address against address of certificates being usedoval:org.mitre.oval:def:1399;DoNotCheckEmailAddressAgainstAddressOfCertificatesBeingUsedCCE-14-1CCE-14_The "Send all signed messages as clear signed messages" setting should be configured correctly.User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Cryptography\Send all signed messages as clear signed messagesoval:org.mitre.oval:def:1388*SendAllSignedMessagesAsClearSignedMessages CCE-153-7CCE-153fThe "Request an S/MIME receipt for all S/MIME signed messages" setting should be configured correctly.User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Cryptography\Request an S/MIME receipt for all S/MIME signed messagesoval:org.mitre.oval:def:705.RequestAnSMIMEReceiptForAllSMIMESignedMessages CCE-345-9CCE-345TThe "Do not display 'Publish to GAL' button" setting should be configured correctly.User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Cryptography\Do not display 'Publish to GAL' buttonoval:org.mitre.oval:def:741DoNotDisplayPublishToGALButton CCE-700-5CCE-700?The "Signature Warning" setting should be configured correctly.User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Cryptography\Signature Warning (Let user decide if they want to be warned | Always warn about invalid signatures | Never warn about invalid signatures)oval:org.mitre.oval:def:756SignatureWarning CCE-695-7CCE-695GThe "Enable Cryptography Icons" setting should be configured correctly.yUser Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Cryptography\Enable Cryptography Iconsoval:org.mitre.oval:def:1716EnableCryptographyIcons CCE-395-4CCE-395\The "Retrieving CRLs (Certificate Revocation Lists)" setting should be configured correctly.User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Cryptography\Signature Status dialog box\Retrieving CRLs (Certificate Revocation Lists) (Use system Default | When online always retreive the CRL | Never retreive the CRL)oval:org.mitre.oval:def:1700RetrievingCRLs CCE-659-3CCE-659VThe "VBA Macro Warning Settings" setting should be configured correctly for Word 2007.9User Configuration\Administrative Templates\Microsoft Office Word 2007\Word Options\Security\Trust Center\VBA Macro Warning Settings (Trust Bar warning for all macros | Trust Bar warning for digitally signed macros only (unsigned macros will be disabled) | No Warnings for all macros but disable all macros | No )oval:org.mitre.oval:def:1350VBMacroWarningSettings-Word CCE-703-9CCE-703iThe "Trust access to Visual Basic Project" setting should be configured correctly for Word 2007 and 2003.User Configuration\Administrative Templates\Microsoft Office Word 2007\Word Options\Security\Trust Center\Trust access to Visual Basic Projectoval:org.mitre.oval:def:1713$TrustAccessToVisualBasicProject-Word CCE-173-5CCE-173The "Warn before printing, saving or sending a file that contains tracked changes or comments" setting should be configured correctly.oval:org.mitre.oval:def:788JWarnBeforePrintingSavingOrSendingAFileThatContainsTrackedChangesOrComments CCE-784-9CCE-784eThe "Block updates from the Office Update Site from applying" setting should be configured correctly.User Configuration\Administrative Templates\Microsoft Office 2007 system\Miscellaneous\Block updates from the Office Update Site from applyingoval:org.mitre.oval:def:1755/BlockUpdatesFromTheOfficeUpdateSiteFromApplying CCE-1395-3CCE-1395RThe "Underline hyperlinks" setting should be configured correctly for Access 2007.User Configuration\Administrative Templates\Microsoft Office Access 2007\Application Settings\Web Options\General\Underline hyperlinks CCE-1137-9CCE-1137tThe "Number of documents in the Recent Documents list (0-9)" setting should be configured correctly for Access 2007.User Configuration\Administrative Templates\Microsoft Office Access 2007\Application Settings\General\General\Number of documents in the Recent Documents list (0-9) CCE-1423-3CCE-1423}The "Disable Trust Bar Notification for unsigned application add-ins" setting should be configured correctly for Access 2007.User Configuration\Administrative Templates\Microsoft Office Access 2007\Application Settings\Security\Trust Center\Disable Trust Bar Notification for unsigned application add-ins CCE-1238-5CCE-1238]The "Disable all application add-ins" setting should be configured correctly for Access 2007.User Configuration\Administrative Templates\Microsoft Office Access 2007\Application Settings\Security\Trust Center\Disable all application < add-ins CCE-1476-1CCE-1476~The "Require that application add-ins are signed by Trusted Publisher" setting should be configured correctly for Access 2007.User Configuration\Administrative Templates\Microsoft Office Access 2007\Application Settings\Security\Trust Center\Require that application add-ins are signed by Trusted Publisher CCE-1520-6CCE-1520[The "Disable all trusted locations" setting should be configured correctly for Access 2007.User Configuration\Administrative Templates\Microsoft Office Access 2007\Application Settings\Security\Trust Center\Trusted Locations\Disable all trusted locations CCE-780-7CCE-780iThe "Allow Trusted Locations not on the computer" setting should be configured correctly for Access 2007.User Configuration\Administrative Templates\Microsoft Office Access 2007\Application Settings\Security\Trust Center\Trusted Locations\Allow Trusted Locations not on the computer CCE-1214-6CCE-1214WThe "Modal Trust Decision Only" setting should be configured correctly for Access 2007.User Configuration\Administrative Templates\Microsoft Office Access 2007\Application Settings\Security\Trust Center\Trusted Locations\Modal Trust Decision Only CCE-1370-6CCE-1370NThe "Disable commands" setting should be configured correctly for Access 2007.User Configuration\Administrative Templates\Microsoft Office Access 2007\Disable items in user interface\Predefined\Disable commands CCE-1268-2CCE-1268gThe "Disable commands - Office Button | E-Mail" setting should be configured correctly for Access 2007.User Configuration\Administrative Templates\Microsoft Office Access 2007\Disable items in user interface\Predefined\Disable commands - Office Button | E-Mail CCE-1400-1CCE-1400The "Disable commands - Office Button | Access Options | Customize | All Commands | Insert Hyperlink" setting should be configured correctly for Access 2007.User Configuration\Administrative Templates\Microsoft Office Access 2007\Disable items in user interface\Predefined\Disable commands - Office Button | Access Options | Customize | All Commands | Insert Hyperlink CCE-1440-7CCE-1440The "Disable commands - Database Tools | Database Tools | Encrypt with Password" setting should be configured correctly for Access 2007.User Configuration\Administrative Templates\Microsoft Office Access 2007\Disable items in user interface\Predefined\Disable commands - Database Tools | Database Tools | Encrypt with Password CCE-581-9CCE-581The "Disable commands - Database Tools | Administer | Users and Permission | User and Group Permissions" setting should be configured correctly for Access 2007.User Configuration\Administrative Templates\Microsoft Office Access 2007\Disable items in user interface\Predefined\Disable commands - Database Tools | Administer | Users and Permission | User and Group Permissions CCE-1480-3CCE-1480The "Disable commands - Database Tools | Administer | Users and Permissions | User and Group Accounts" setting should be configured correctly for Access 2007.User Configuration\Administrative Templates\Microsoft Office Access 2007\Disable items in user interface\Predefined\Disable commands - Database Tools | Administer | Users and Permissions | User and Group Accounts CCE-1489-4CCE-1489The "Disable commands - Database Tools | Administer | Users and Permission | User-Level Security Wizard..." setting should be configured correctly for Access 2007.User Configuration\Administrative Templates\Microsoft Office Access 2007\Disable items in user interface\Predefined\Disable commands - Database Tools | Administer | Users and Permission | User-Level Security Wizard... CCE-1392-0CCE-1392The "Disable commands - Database Tools | Database Tools | Encode/Decode Database" setting should be configured correctly for Access 2007.User Configuration\Administrative Templates\Microsoft Office Access 2007\Disable items in user interface\Predefined\Disable commands - Database Tools | Database Tools | Encode/Decode Database CCE-1414-2CCE-1414vThe "Disable commands - Database Tools | Macro | Visual Basic" setting should be configured correctly for Access 2007.User Configuration\Administrative Templates\Microsoft Office Access 2007\Disable items in user interface\Predefined\Disable commands - Database Tools | Macro | Visual Basic CCE-1418-3CCE-1418sThe "Disable commands - Database Tools | Macro | Run Macro" setting should be configured correctly for Access 2007.User Configuration\Administrative Templates\Microsoft Office Access 2007\Disable items in user interface\Predefined\Disable commands - Database Tools | Macro | Run Macro CCE-1405-0CCE-1405uThe "Database Tools | Macro | Convert Macros to Visual Basic" setting should be configured correctly for Access 2007.User Configuration\Administrative Templates\Microsoft Office Access 2007\Disable items in user interface\Predefined\Database Tools | Macro | Convert Macros to Visual Basic CCE-1550-3CCE-1550vThe "Database Tools | Macro | Create Shortcut Menu from Macro" setting should be configured correctly for Access 2007.User Configuration\Administrative Templates\Microsoft Office Access 2007\Disable items in user interface\Predefined\Database Tools | Macro | Create Shortcut Menu from Macro CCE-1075-1CCE-1075SThe "Disable shortcut keys" setting should be configured correctly for Access 2007.User Configuration\Administrative Templates\Microsoft Office Access 2007\Disable items in user interface\Predefined\Disable shortcut keys CCE-709-6CCE-709The "Disable commands - Ctrl+K (Office Button | Access Options | Customize | All Commands | Insert Hyperlinks)" setting should be configured correctly for Access 2007.User Configuration\Administrative Templates\Microsoft Office Access 2007\Disable items in user interface\Predefined\Disable commands - Ctrl+K (Office Button | Access Options | Customize | All Commands | Insert Hyperlinks) CCE-1502-4CCE-1502The "Disable commands - Alt+F11 (Database Tools | Macro | Visual Basic)" setting should be configured correctly for Access 2007.User Configuration\Administrative Templates\Microsoft Office Access 2007\Disable items in user interface\Predefined\Disable commands - Alt+F11 (Database Tools | Macro | Visual Basic) CCE-1260-9CCE-1260rThe "Default file format (Access 2007 | Access 2002-2003)" setting should be configured correctly for Access 2007.User Configuration\Administrative Templates\Microsoft Office Access 2007\Miscellaneous\Default file format (Access 2007 | Access 2002-2003) CCE-1510-7CCE-1510fThe "Do not prompt to convert older databases" setting should be configured correctly for Access 2007.User Configuration\Administrative Templates\Microsoft Office Access 2007\Miscellaneous\Do not prompt to convert older databases CCE-1532-1CCE-1532eThe "Internet and network paths as hyperlinks" setting should be configured correctly for Excel 2007.User Configuration\Administrative Templates\Microsoft Office Excel 2007\Excel Options\Proofing\Autocorrect Options\Internet and network paths as hyperlinks CCE-1039-7CCE-1039The "Save Excel files as (Excel Workbook (*.xlsx) | Excel Macro-Enabled Workbook (*.xlsm) | Excel Binary Workbook (*.xlsb) | Web Page (*.htm; *.html) | Excel 97-2003 Workbook (*.xls) | Excel 5.0/95 Workbook (*.xls))" setting should be configured correctly for Excel 2007.-User Configuration\Administrative Templates\Microsoft Office Excel 2007\Excel Options\Save\Save Excel files as (Excel Workbook (*.xlsx) | Excel Macro-Enabled Workbook (*.xlsm) | Excel Binary Workbook (*.xlsb) | Web Page (*.htm; *.html) | Excel 97-2003 Workbook (*.xls) | Excel 5.0/95 Workbook (*.xls)) CCE-1295-5CCE-1295RThe "Disable AutoRepublish" setting should be configured correctly for Excel 2007.pUser Configuration\Administrative Templates\Microsoft Office Excel 2007\Excel Options\Save\Disable AutoRepublish CCE-1334-2CCE-1334The "AutoRepublish Warning Alert (Always show the alert before publishing | Never show the alert before publishing)" setting should be configured correctly for Excel 2007.User Configuration\Admi< nistrative Templates\Microsoft Office Excel 2007\Excel Options\Save\AutoRepublish Warning Alert (Always show the alert before publishing | Never show the alert before publishing) CCE-1308-6CCE-1308The "Determine whether to force encrypted macros to be scanned in Microsoft Excel Open XML workbooks" setting should be configured correctlyUser Configuration\Administrative Templates\Microsoft Office Excel 2007\Excel Options\Security\Determine whether to force encrypted macros to be scanned in Microsoft Excel Open XML workbooks CCE-616-3CCE-616The "Force file extension to match file type (Allow different | Allow different, but warn | Always match file type)" setting should be configured correctly for Excel 2007.User Configuration\Administrative Templates\Microsoft Office Excel 2007\Excel Options\Security\Force file extension to match file type (Allow different | Allow different, but warn | Always match file type) CCE-1246-8CCE-1246^The "Store macro in Personal Macro Workbook by default" setting should be configured correctlyUser Configuration\Administrative Templates\Microsoft Office Excel 2007\Excel Options\Security\Trust Center\Store macro in Personal Macro Workbook by default CCE-1251-8CCE-1251\The "Disable all application add-ins" setting should be configured correctly for Excel 2007.User Configuration\Administrative Templates\Microsoft Office Excel 2007\Excel Options\Security\Trust Center\Disable all application add-ins CCE-1524-8CCE-1524}The "Require that application add-ins are signed by Trusted Publisher" setting should be configured correctly for Excel 2007.User Configuration\Administrative Templates\Microsoft Office Excel 2007\Excel Options\Security\Trust Center\Require that application add-ins are signed by Trusted Publisher CCE-1422-5CCE-1422|The "Disable Trust Bar Notification for unsigned application add-ins" setting should be configured correctly for Excel 2007.User Configuration\Administrative Templates\Microsoft Office Excel 2007\Excel Options\Security\Trust Center\Disable Trust Bar Notification for unsigned application add-ins CCE-1444-9CCE-1444hThe "Allow Trusted Locations not on the computer" setting should be configured correctly for Excel 2007.User Configuration\Administrative Templates\Microsoft Office Excel 2007\Excel Options\Security\Trust Center\Trusted LocationsAllow Trusted Locations not on the computer CCE-1449-8CCE-1449ZThe "Disable all trusted locations" setting should be configured correctly for Excel 2007.User Configuration\Administrative Templates\Microsoft Office Excel 2007\Excel Options\Security\Trust Center\Trusted LocationsDisable all trusted locations CCE-1471-2CCE-1471WThe "Ignore other applications " setting should be configured correctly for Excel 2007.yUser Configuration\Administrative Templates\Microsoft Office Excel 2007\Excel Options\Advanced\Ignore other applications CCE-1119-7CCE-1119ZThe "Ask to update automatic links" setting should be configured correctly for Excel 2007.|User Configuration\Administrative Templates\Microsoft Office Excel 2007\Excel Options\Advanced\Ask to update automatic links CCE-1378-9CCE-1378tThe "Number of documents in the Recent Documents list (0-17)" setting should be configured correctly for Excel 2007.User Configuration\Administrative Templates\Microsoft Office Excel 2007\Excel Options\Advanced\Number of documents in the Recent Documents list (0-17) CCE-1277-3CCE-1277tThe "Save any additional data necessary to maintain formulas" setting should be configured correctly for Excel 2007.User Configuration\Administrative Templates\Microsoft Office Excel 2007\Excel Options\Advanced\Web Options& \GeneralSave any additional data necessary to maintain formulas CCE-1464-7CCE-1464nThe "Load pictures from Web pages not created in Excel" setting should be configured correctly for Excel 2007.User Configuration\Administrative Templates\Microsoft Office Excel 2007\Excel Options\Advanced\Web Options& \GeneralLoad pictures from Web pages not created in Excel CCE-1094-2CCE-1094The "Do not show data extraction options when opening corrupt workbooks" setting should be configured correctly for Excel 2007.User Configuration\Administrative Templates\Microsoft Office Excel 2007\Data Recovery\Do not show data extraction options when opening corrupt workbooks CCE-1129-6CCE-1129The "Assume structured storage format of workbook is intact when recovering data" setting should be configured correctly for Excel 2007.User Configuration\Administrative Templates\Microsoft Office Excel 2007\Data Recovery\Assume structured storage format of workbook is intact when recovering data CCE-1389-6CCE-1389The "Corrupt formula conversion (Convert unrecoverable references to: values | #REF or #NAME)" setting should be configured correctly for Excel 2007.User Configuration\Administrative Templates\Microsoft Office Excel 2007\Data Recovery\Corrupt formula conversion (Convert unrecoverable references to: values | #REF or #NAME) CCE-1433-2CCE-1433VThe "Connection File Locations" setting should be configured correctly for Excel 2007.vUser Configuration\Administrative Templates\Microsoft Office Excel 2007\Data Access Security\Connection File Locations CCE-1323-5CCE-1323The "Automatic Query Refresh (Prompt for all workbooks | Do not prompt; do not allow auto refresh | Do not prompt; allow auto refresh)" setting should be configured correctly for Excel 2007.User Configuration\Administrative Templates\Microsoft Office Excel 2007\Data Access Security\Automatic Query Refresh (Prompt for all workbooks | Do not prompt; do not allow auto refresh | Do not prompt; allow auto refresh) CCE-1469-6CCE-1469MThe "Disable commands" setting should be configured correctly for Excel 2007.User Configuration\Administrative Templates\Microsoft Office Excel 2007\Disable items in user interface\Predefined\Disable commands CCE-1473-8CCE-1473The "Disable commands - Office Button | Excel Options | Customize | All Commands | Save as Web Page" setting should be configured correctly for Excel 2007.User Configuration\Administrative Templates\Microsoft Office Excel 2007\Disable items in user interface\Predefined\Disable commands - Office Button | Excel Options | Customize | All Commands | Save as Web Page CCE-1499-3CCE-1499The "Disable commands - Office Button | Excel Options | Customize | All Commands | Web Page Preview" setting should be configured correctly for Excel 2007.User Configuration\Administrative Templates\Microsoft Office Excel 2007\Disable items in user interface\Predefined\Disable commands - Office Button | Excel Options | Customize | All Commands | Web Page Preview CCE-1024-9CCE-1024lThe "Disable commands - Office Button | Send | Email" setting should be configured correctly for Excel 2007.User Configuration\Administrative Templates\Microsoft Office Excel 2007\Disable items in user interface\Predefined\Disable commands - Office Button | Send | Email CCE-1530-5CCE-1530jThe "Disable commands - Insert | Links | Hyperlink" setting should be configured correctly for Excel 2007.User Configuration\Administrative Templates\Microsoft Office Excel 2007\Disable items in user interface\Predefined\Disable commands - Insert | Links | Hyperlink CCE-1120-5CCE-1120pThe "Disable commands - Review | Changes | Protect Sheet" setting should be configured correctly for Excel 2007.User Configuration\Administrative Templates\Microsoft Office Excel 2007\Disable items in user interface\Predefined\Disable commands - Review | Changes | Protect Sheet CCE-1252-6CCE-1252sThe "Disable commands - Review | Changes | Protect Workbook" setting should be configured correctly for Excel 2007.User Configuration\Administrative Temp< lates\Microsoft Office Excel 2007\Disable items in user interface\Predefined\Disable commands - Review | Changes | Protect Workbook CCE-1151-0CCE-1151}The "Disable commands - Review | Changes | Protect and Share Workbook" setting should be configured correctly for Excel 2007.User Configuration\Administrative Templates\Microsoft Office Excel 2007\Disable items in user interface\Predefined\Disable commands - Review | Changes | Protect and Share Workbook CCE-1301-1CCE-1301fThe "Disable commands - View | Macros | Macros" setting should be configured correctly for Excel 2007.User Configuration\Administrative Templates\Microsoft Office Excel 2007\Disable items in user interface\Predefined\Disable commands - View | Macros | Macros CCE-1310-2CCE-1310iThe "Disable commands - Developer | Code | Macros" setting should be configured correctly for Excel 2007.User Configuration\Administrative Templates\Microsoft Office Excel 2007\Disable items in user interface\Predefined\Disable commands - Developer | Code | Macros CCE-1213-8CCE-1213oThe "Disable commands - Developer | Code | Record Macro" setting should be configured correctly for Excel 2007.User Configuration\Administrative Templates\Microsoft Office Excel 2007\Disable items in user interface\Predefined\Disable commands - Developer | Code | Record Macro CCE-1362-3CCE-1362qThe "Disable commands - Developer | Code | Macro Security" setting should be configured correctly for Excel 2007.User Configuration\Administrative Templates\Microsoft Office Excel 2007\Disable items in user interface\Predefined\Disable commands - Developer | Code | Macro Security CCE-1156-9CCE-1156oThe "Disable commands - Developer | Code | Visual Basic" setting should be configured correctly for Excel 2007.User Configuration\Administrative Templates\Microsoft Office Excel 2007\Disable items in user interface\Predefined\Disable commands - Developer | Code | Visual Basic CCE-1429-0CCE-1429The "Disable commands - Office Button | Excel Options | Customize | All Commands | Document Location" setting should be configured correctly for Excel 2007.User Configuration\Administrative Templates\Microsoft Office Excel 2007\Disable items in user interface\Predefined\Disable commands - Office Button | Excel Options | Customize | All Commands | Document Location CCE-1182-5CCE-1182RThe "Disable shortcut keys" setting should be configured correctly for Excel 2007.User Configuration\Administrative Templates\Microsoft Office Excel 2007\Disable items in user interface\Predefined\Disable shortcut keys CCE-1525-5CCE-1525yThe "Disable shortcut keys - Ctrl+K (Insert | Links | Hyperlink)" setting should be configured correctly for Excel 2007.User Configuration\Administrative Templates\Microsoft Office Excel 2007\Disable items in user interface\Predefined\Disable shortcut keys - Ctrl+K (Insert | Links | Hyperlink) CCE-1547-9CCE-1547wThe "Disable shortcut keys - Alt+F8 (Developer | Code | Macros)" setting should be configured correctly for Excel 2007.User Configuration\Administrative Templates\Microsoft Office Excel 2007\Disable items in user interface\Predefined\Disable shortcut keys - Alt+F8 (Developer | Code | Macros) CCE-1300-3CCE-1300~The "Disable shortcut keys - Alt+F11 (Developer | Code | Visual Basic)" setting should be configured correctly for Excel 2007.User Configuration\Administrative Templates\Microsoft Office Excel 2007\Disable items in user interface\Predefined\Disable shortcut keys - Alt+F11 (Developer | Code | Visual Basic) CCE-1331-8CCE-1331The "Block opening of pre-release versions of file formats new to Excel 2007" setting should be configured correctly for Excel 2007.User Configuration\Administrative Templates\Microsoft Office Excel 2007\Block file formats\Open\Block opening of pre-release versions of file formats new to Excel 2007 CCE-1468-8CCE-1468aThe "Block opening of Open XML file types" setting should be configured correctly for Excel 2007.User Configuration\Administrative Templates\Microsoft Office Excel 2007\Block file formats\Open\Block opening of Open XML file types CCE-1490-2CCE-1490bThe "Block opening of Binary 12 file types" setting should be configured correctly for Excel 2007.User Configuration\Administrative Templates\Microsoft Office Excel 2007\Block file formats\Open\Block opening of Binary 12 file types CCE-1512-3CCE-1512_The "Block opening of Binary file types" setting should be configured correctly for Excel 2007.User Configuration\Administrative Templates\Microsoft Office Excel 2007\Block file formats\Open\Block opening of Binary file types CCE-1543-8CCE-1543hThe "Block opening of Html and Xmlss files types" setting should be configured correctly for Excel 2007.User Configuration\Administrative Templates\Microsoft Office Excel 2007\Block file formats\Open\Block opening of Html and Xmlss files types CCE-1195-7CCE-1195\The "Block opening of Xml file types" setting should be configured correctly for Excel 2007.User Configuration\Administrative Templates\Microsoft Office Excel 2007\Block file formats\Open\Block opening of Xml file types CCE-554-6CCE-554eThe "Block opening of DIF and SYLK file types" setting should be configured correctly for Excel 2007.User Configuration\Administrative Templates\Microsoft Office Excel 2007\Block file formats\Open\Block opening of DIF and SYLK file types CCE-1415-9CCE-1415]The "Block opening of Text file types" setting should be configured correctly for Excel 2007.User Configuration\Administrative Templates\Microsoft Office Excel 2007\Block file formats\Open\Block opening of Text file types CCE-1437-3CCE-1437[The "Block opening of Xll file type" setting should be configured correctly for Excel 2007.~User Configuration\Administrative Templates\Microsoft Office Excel 2007\Block file formats\Open\Block opening of Xll file type CCE-1446-4CCE-1446`The "Block saving of Open Xml file types" setting should be configured correctly for Excel 2007.User Configuration\Administrative Templates\Microsoft Office Excel 2007\Block file formats\Save\Block saving of Open Xml file types CCE-1098-3CCE-1098`The "Block saving of Binary12 file types" setting should be configured correctly for Excel 2007.User Configuration\Administrative Templates\Microsoft Office Excel 2007\Block file formats\Save\Block saving of Binary12 file types CCE-562-9CCE-562^The "Block saving of Binary file types" setting should be configured correctly for Excel 2007.User Configuration\Administrative Templates\Microsoft Office Excel 2007\Block file formats\Save\Block saving of Binary file types CCE-1507-3CCE-1507fThe "Block saving of Html and Xmlss file types" setting should be configured correctly for Excel 2007.User Configuration\Administrative Templates\Microsoft Office Excel 2007\Block file formats\Save\Block saving of Html and Xmlss file types CCE-1406-8CCE-1406XThe "Block saving Xml file types" setting should be configured correctly for Excel 2007.{User Configuration\Administrative Templates\Microsoft Office Excel 2007\Block file formats\Save\Block saving Xml file types CCE-573-6CCE-573aThe "Block saving DIF and SYLK file types" setting should be configured correctly for Excel 2007.User Configuration\Administrative Templates\Microsoft Office Excel 2007\Block file formats\Save\Block saving DIF and SYLK file types CCE-1336-7CCE-1336\The "Block saving of Text file types" setting should be configured correctly for Excel 2007.User Configuration\Administrative Templates\Microsoft Office Excel 2007\Block file formats\Save\Block saving of Text file types CCE-1230-2CCE-1230`The "Locally cache network file storages" setting should be configured correctly for Excel 2007.yUser Configuration\Administrative Templates\Microsoft Office Excel 2007\Miscellaneous\Locally cache network file storages CCE-1375-5CCE-1375]The "Locally cache PivotTable reports" setting should be configured correctly for Excel 2007.vUser Configuration\Administrative Templates\Microsoft Office Excel 2007\Miscellaneous\< Locally cache PivotTable reports CCE-1380-5CCE-1380The "OLAP PivotTable User Defined Function (UDF) security setting (Allow ALL UDFs | Allow safe UDFs only | Allow NO UDFs)" setting should be configured correctly for Excel 2007.User Configuration\Administrative Templates\Microsoft Office Excel 2007\Miscellaneous\OLAP PivotTable User Defined Function (UDF) security setting (Allow ALL UDFs | Allow safe UDFs only | Allow NO UDFs) CCE-1376-3CCE-1376PThe "Recognize SmartTags" setting should be configured correctly for Excel 2007.iUser Configuration\Administrative Templates\Microsoft Office Excel 2007\Miscellaneous\Recognize SmartTags CCE-1398-7CCE-1398xThe "Number of documents in the Recent Documents list (0 - 9)" setting should be configured correctly for InfoPath 2007.User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Tools | Options\General\Number of documents in the Recent Documents list (0 - 9) CCE-569-4CCE-569The "Offline Mode status (Disabled | Enabled, InfoPath in Offline Mode | Enabled, InfoPath not in Offline Mode)" setting should be configured correctly for InfoPath 2007.User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Tools | Options\Advanced\Offline\Offline Mode status (Disabled | Enabled, InfoPath in Offline Mode | Enabled, InfoPath not in Offline Mode) CCE-1065-2CCE-1065PThe "Disable commands" setting should be configured correctly for InfoPath 2007.User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Disable items in user interface\Predefined\Disable commands CCE-1361-5CCE-1361_The "Disable commands - File | Print" setting should be configured correctly for InfoPath 2007.User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Disable items in user interface\Predefined\Disable commands - File | Print CCE-1096-7CCE-1096pThe "Disable commands - File | Send to Mail Recipient" setting should be configured correctly for InfoPath 2007.User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Disable items in user interface\Predefined\Disable commands - File | Send to Mail Recipient CCE-1391-2CCE-1391sThe "Disable commands - File | Open from SharePoint Site" setting should be configured correctly for InfoPath 2007.User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Disable items in user interface\Predefined\Disable commands - File | Open from SharePoint Site CCE-1519-8CCE-1519gThe "Disable commands - File | Print Preview" setting should be configured correctly for InfoPath 2007.User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Disable items in user interface\Predefined\Disable commands - File | Print Preview CCE-1523-0CCE-1523dThe "Disable commands - File | Page Setup" setting should be configured correctly for InfoPath 2007.User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Disable items in user interface\Predefined\Disable commands - File | Page Setup CCE-1171-8CCE-1171iThe "Disable commands - Insert | Hyperlinks..." setting should be configured correctly for InfoPath 2007.User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Disable items in user interface\Predefined\Disable commands - Insert | Hyperlinks... CCE-1457-1CCE-1457gThe "Disable commands - Tools | Set Language" setting should be configured correctly for InfoPath 2007.User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Disable items in user interface\Predefined\Disable commands - Tools | Set Language CCE-1426-6CCE-1426gThe "Disable commands - Tools | Customize..." setting should be configured correctly for InfoPath 2007.User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Disable items in user interface\Predefined\Disable commands - Tools | Customize... CCE-805-2CCE-805eThe "Disable commands - Tools | Options..." setting should be configured correctly for InfoPath 2007.User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Disable items in user interface\Predefined\Disable commands - Tools | Options... CCE-1453-0CCE-1453qThe "Disable commands - Help | Microsoft Office Online" setting should be configured correctly for InfoPath 2007.User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Disable items in user interface\Predefined\Disable commands - Help | Microsoft Office Online CCE-1351-6CCE-1351eThe "Disable commands - Office Diagnostics" setting should be configured correctly for InfoPath 2007.User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Disable items in user interface\Predefined\Disable commands - Office Diagnostics CCE-620-5CCE-620mThe "Disable commands - Help | Activate Product..." setting should be configured correctly for InfoPath 2007.User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Disable items in user interface\Predefined\Disable commands - Help | Activate Product... CCE-1017-3CCE-1017`The "Disable commands - Print Default" setting should be configured correctly for InfoPath 2007.User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Disable items in user interface\Predefined\Disable commands - Print Default CCE-1021-5CCE-1021UThe "Disable shortcut keys" setting should be configured correctly for InfoPath 2007.User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Disable items in user interface\Predefined\Disable shortcut keys CCE-1299-7CCE-1299oThe "Disable shortcut keys - Print Shortcut (Ctrl+P)" setting should be configured correctly for InfoPath 2007.User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Disable items in user interface\Predefined\Disable shortcut keys - Print Shortcut (Ctrl+P) CCE-1197-3CCE-1197zThe "Disable shortcut keys - Insert Hyperlink Shortcut (Ctrl+K)" setting should be configured correctly for InfoPath 2007.User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Disable items in user interface\Predefined\Disable shortcut keys - Insert Hyperlink Shortcut (Ctrl+K) CCE-704-7CCE-704The "Control behavior for Windows SharePoint Services gradual upgrade (Allow redirections to any location | Allow redirections to Intranet only | Block all redirections)" setting should be configured correctly for InfoPath 2007.User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Security\Control behavior for Windows SharePoint Services gradual upgrade (Allow redirections to any location | Allow redirections to Intranet only | Block all redirections) CCE-1105-6CCE-1105|The "Disable opening of solutions from the Internet security zone" setting should be configured correctly for InfoPath 2007.User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Security\Disable opening of solutions from the Internet security zone`CCE-1114wThe "Disable fully trusted solutions full access to computer" setting should be configured correctly for InfoPath 2007.User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Security\Disable fully trusted solutions full access to computer CCE-761-7CCE-761zThe "Allow the use of ActiveX Custom Controls in InfoPath forms" setting should be configured correctly for InfoPath 2007.User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Security\Allow the use of ActiveX Custom Controls in InfoPath forms CCE-739-3CCE-739The "Run forms in restricted mode if they do not specify a publish location and use only features introduced before InfoPath 2003 SP1" setting should be configured correctly for InfoPath 2007.User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Security\Run forms in restricted mode if they do not specify a publish location and use only features introduced before InfoPath 2003 SP1 CCE-1259-1CCE-1259hThe "Allow file types as attachments to forms" setting should be configured correctly < for InfoPath 2007.|User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Security\Allow file types as attachments to forms CCE-1267-4CCE-1267qThe "Block specific file types as attachments to forms" setting should be configured correctly for InfoPath 2007.User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Security\Block specific file types as attachments to forms CCE-1060-3CCE-1060The "Prevent users from allowing unsafe file types to be attached to forms" setting should be configured correctly for InfoPath 2007.User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Security\Prevent users from allowing unsafe file types to be attached to forms CCE-955-5CCE-955qThe "Display a warning that a form is digitally signed" setting should be configured correctly for InfoPath 2007.User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Security\Display a warning that a form is digitally signed CCE-1479-5CCE-1479The "Control behavior when opening forms in the Internet security zone (Block | Prompt | Allow)" setting should be configured correctly for InfoPath 2007.User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Security\Control behavior when opening forms in the Internet security zone (Block | Prompt | Allow) CCE-1360-7CCE-1360The "Control behavior when opening forms in the Intranet security zone (Block | Prompt | Allow)" setting should be configured correctly for InfoPath 2007.User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Security\Control behavior when opening forms in the Intranet security zone (Block | Prompt | Allow) CCE-1386-2CCE-1386The "Control behavior when opening forms in the Local Machine security zone (Block | Prompt | Allow)" setting should be configured correctly for InfoPath 2007.User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Security\Control behavior when opening forms in the Local Machine security zone (Block | Prompt | Allow) CCE-893-8CCE-893The "Control behavior when opening forms in the Trusted Site security zone (Block | Prompt | Allow)" setting should be configured correctly for InfoPath 2007.User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Security\Control behavior when opening forms in the Trusted Site security zone (Block | Prompt | Allow) CCE-1290-6CCE-1290The "Beaconing UI for forms opened in InfoPath (Never show beaconing UI | Always show beaconing UI | Show UI if Form Template is from Internet Zone)" setting should be configured correctly for InfoPath 2007.User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Security\Beaconing UI for forms opened in InfoPath (Never show beaconing UI | Always show beaconing UI | Show UI if Form Template is from Internet Zone) CCE-1381-3CCE-1381The "Beaconing UI for forms opened in InfoPath Editor ActiveX (Never show beaconing UI | Always show beaconing UI | Show UI if Form Template is from Internet Zone)" setting should be configured correctly for InfoPath 2007.User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Security\Beaconing UI for forms opened in InfoPath Editor ActiveX (Never show beaconing UI | Always show beaconing UI | Show UI if Form Template is from Internet Zone) CCE-1135-3CCE-1135_The "Disable all application add-ins" setting should be configured correctly for InfoPath 2007.User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Security\Trust Center\Disable all application add-ins CCE-1157-7CCE-1157The "Require that application add-ins are signed by Trusted Publisher" setting should be configured correctly for InfoPath 2007.User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Security\Trust Center\Require that application add-ins are signed by Trusted Publisher CCE-1434-0CCE-1434The "Disable Trust Bar Notification for unsigned application add-ins" setting should be configured correctly for InfoPath 2007.User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Security\Trust Center\Disable Trust Bar Notification for unsigned application add-ins CCE-1315-1CCE-1315The "Control behavior when opening InfoPath e-mail forms containing code or script (Run without prompting | Prompt before running | Never run)" setting should be configured correctly for InfoPath 2007.User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Disable items in user interface\Control behavior when opening InfoPath e-mail forms containing code or script (Run without prompting | Prompt before running | Never run) CCE-1210-4CCE-1210oThe "Disable sending form template with e-mail forms" setting should be configured correctly for InfoPath 2007.User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Disable items in user interface\Disable sending form template with e-mail forms CCE-1236-9CCE-1236The "Disable dynamic caching of the form template in InfoPath e-mail forms" setting should be configured correctly for InfoPath 2007.User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Disable items in user interface\Disable dynamic caching of the form template in InfoPath e-mail forms CCE-884-7CCE-884sThe "Disable sending InfoPath 2003 Forms as e-mail forms" setting should be configured correctly for InfoPath 2007.User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Disable items in user interface\Disable sending InfoPath 2003 Forms as e-mail forms CCE-1518-0CCE-1518yThe "Disable e-mail forms running in restricted security level" setting should be configured correctly for InfoPath 2007.User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Disable items in user interface\Disable e-mail forms running in restricted security level CCE-1170-0CCE-1170tThe "Disable e-mail forms from the Internet security zone" setting should be configured correctly for InfoPath 2007.User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Disable items in user interface\Disable e-mail forms from the Internet security zone CCE-1316-9CCE-1316tThe "Disable e-mail forms from the Intranet security zone" setting should be configured correctly for InfoPath 2007.User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Disable items in user interface\Disable e-mail forms from the Intranet security zone CCE-1567-7CCE-1567vThe "Disable e-mail forms from the Full Trust security zone" setting should be configured correctly for InfoPath 2007.User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Disable items in user interface\Disable e-mail forms from the Full Trust security zone CCE-1265-8CCE-1265hThe "Disable InfoPath e-mail forms in Outlook" setting should be configured correctly for InfoPath 2007.User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Disable items in user interface\Disable InfoPath e-mail forms in Outlook CCE-1538-8CCE-1538]The "Information Rights Management" setting should be configured correctly for InfoPath 2007.|User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Restricted Features\Information Rights Management CCE-1564-4CCE-1564KThe "Custom code" setting should be configured correctly for InfoPath 2007.jUser Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Restricted Features\Custom code CCE-1212-0CCE-1212The "Email Forms Beaconing UI (Never show UI | Always show UI | Show UI if XSN is in Internet Zone)" setting should be configured correctly for InfoPath 2007.User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Miscellaneous\Email Forms Beaconing UI (Never show UI | Always show UI | Show UI if XSN is in Internet Zone) CCE-1344-1CCE-1344fThe "Disable user customization of Quick Access Toolbar via UI" setting should be configured correctlyUser Configuration\Administrati< ve Templates\Microsoft Office 2007 system\Global Options\Customize\Disable user customization of Quick Access Toolbar via UI CCE-723-7CCE-723yThe "Disable user customization of Quick Access Toolbar via UI - Disallow in Word" setting should be configured correctlyUser Configuration\Administrative Templates\Microsoft Office 2007 system\Global Options\Customize\Disable user customization of Quick Access Toolbar via UI - Disallow in Word CCE-1384-7CCE-1384zThe "Disable user customization of Quick Access Toolbar via UI - Disallow in Excel" setting should be configured correctlyUser Configuration\Administrative Templates\Microsoft Office 2007 system\Global Options\Customize\Disable user customization of Quick Access Toolbar via UI - Disallow in Excel CCE-1159-3CCE-1159The "Disable user customization of Quick Access Toolbar via UI - Disallow in PowerPoint" setting should be configured correctlyUser Configuration\Administrative Templates\Microsoft Office 2007 system\Global Options\Customize\Disable user customization of Quick Access Toolbar via UI - Disallow in PowerPoint CCE-1146-0CCE-1146{The "Disable user customization of Quick Access Toolbar via UI - Disallow in Access" setting should be configured correctlyUser Configuration\Administrative Templates\Microsoft Office 2007 system\Global Options\Customize\Disable user customization of Quick Access Toolbar via UI - Disallow in Access CCE-1542-0CCE-1542|The "Disable user customization of Quick Access Toolbar via UI - Disallow in Outlook" setting should be configured correctlyUser Configuration\Administrative Templates\Microsoft Office 2007 system\Global Options\Customize\Disable user customization of Quick Access Toolbar via UI - Disallow in Outlook CCE-582-7CCE-582cThe "Disable all user customization of Quick Access Toolbar" setting should be configured correctlyUser Configuration\Administrative Templates\Microsoft Office 2007 system\Global Options\Customize\Disable all user customization of Quick Access Toolbar CCE-1291-4CCE-1291vThe "Disable all user customization of Quick Access Toolbar - Disallow in Word" setting should be configured correctlyUser Configuration\Administrative Templates\Microsoft Office 2007 system\Global Options\Customize\Disable all user customization of Quick Access Toolbar - Disallow in Word CCE-1326-8CCE-1326wThe "Disable all user customization of Quick Access Toolbar - Disallow in Excel" setting should be configured correctlyUser Configuration\Administrative Templates\Microsoft Office 2007 system\Global Options\Customize\Disable all user customization of Quick Access Toolbar - Disallow in Excel CCE-1330-0CCE-1330|The "Disable all user customization of Quick Access Toolbar - Disallow in PowerPoint" setting should be configured correctlyUser Configuration\Administrative Templates\Microsoft Office 2007 system\Global Options\Customize\Disable all user customization of Quick Access Toolbar - Disallow in PowerPoint CCE-1335-9CCE-1335xThe "Disable all user customization of Quick Access Toolbar - Disallow in Access" setting should be configured correctlyUser Configuration\Administrative Templates\Microsoft Office 2007 system\Global Options\Customize\Disable all user customization of Quick Access Toolbar - Disallow in Access CCE-1229-4CCE-1229yThe "Disable all user customization of Quick Access Toolbar - Disallow in Outlook" setting should be configured correctlyUser Configuration\Administrative Templates\Microsoft Office 2007 system\Global Options\Customize\Disable all user customization of Quick Access Toolbar - Disallow in Outlook CCE-630-4CCE-630^The "Disable UI extending from documents and templates" setting should be configured correctlyUser Configuration\Administrative Templates\Microsoft Office 2007 system\Global Options\Customize\Disable UI extending from documents and templates CCE-1154-4CCE-1154qThe "Disable UI extending from documents and templates - Disallow in Word" setting should be configured correctlyUser Configuration\Administrative Templates\Microsoft Office 2007 system\Global Options\Customize\Disable UI extending from documents and templates - Disallow in Word CCE-1410-0CCE-1410rThe "Disable UI extending from documents and templates - Disallow in Excel" setting should be configured correctlyUser Configuration\Administrative Templates\Microsoft Office 2007 system\Global Options\Customize\Disable UI extending from documents and templates - Disallow in Excel CCE-1432-4CCE-1432wThe "Disable UI extending from documents and templates - Disallow in PowerPoint" setting should be configured correctlyUser Configuration\Administrative Templates\Microsoft Office 2007 system\Global Options\Customize\Disable UI extending from documents and templates - Disallow in PowerPoint CCE-1198-1CCE-1198sThe "Disable UI extending from documents and templates - Disallow in Access" setting should be configured correctlyUser Configuration\Administrative Templates\Microsoft Office 2007 system\Global Options\Customize\Disable UI extending from documents and templates - Disallow in Access CCE-929-0CCE-929tThe "Disable UI extending from documents and templates - Disallow in Outlook" setting should be configured correctlyUser Configuration\Administrative Templates\Microsoft Office 2007 system\Global Options\Customize\Disable UI extending from documents and templates - Disallow in Outlook CCE-1074-4CCE-1074JThe "Recognize smart tags in Excel" setting should be configured correctlyUser Configuration\Administrative Templates\Microsoft Office 2007 system\Tools | AutoCorrect Options... (Excel, Word, PowerPoint and Access)\Recognize smart tags in Excel CCE-1458-9CCE-1458The "Disable Clip Art and Media downloads from the client and from Office Online website" setting should be configured correctlyUser Configuration\Administrative Templates\Microsoft Office 2007 system\Tools | Options | General | Web Options...\Disable Clip Art and Media downloads from the client and from Office Online website CCE-1233-6CCE-1233vThe "Disable template downloads from the client and from Office Online website" setting should be configured correctlyUser Configuration\Administrative Templates\Microsoft Office 2007 system\Tools | Options | General | Web Options...\Disable template downloads from the client and from Office Online website CCE-1379-7CCE-1379yThe "Disable access to updates, add-ins, and patches on the Office Online website" setting should be configured correctlyUser Configuration\Administrative Templates\Microsoft Office 2007 system\Tools | Options | General | Web Options...\Disable access to updates, add-ins, and patches on the Office Online website CCE-1401-9CCE-1401}The "Prevents users from uploading document templates to the Office Online community." setting should be configured correctlyUser Configuration\Administrative Templates\Microsoft Office 2007 system\Tools | Options | General | Web Options...\Prevents users from uploading document templates to the Office Online community. CCE-1528-9CCE-1528oThe "Disable training practice downloads from the Office Online website" setting should be configured correctlyUser Configuration\Administrative Templates\Microsoft Office 2007 system\Tools | Options | General | Web Options...\Disable training practice downloads from the Office Online website CCE-1533-9CCE-1533nThe "Disable customer-submitted templates downloads from Office Online" setting should be configured correctlyUser Configuration\Administrative Templates\Microsoft Office 2007 system\Tools | Options | General | Web Options...\Disable customer-submitted templates downloads from Office Online CCE-646-0CCE-646_The "Open Office documents as read/write while browsing" setting should be configured correctlyUser Configuration\Administrative Templates\Microsoft Office 2007 system\Tools | Options | General | Web Options...\Files\Open Office documents as read/write while browsing CCE-1438-1CCE-1438\The "Rely on VML for displaying graphics in browsers" setting should be configured correct< lyUser Configuration\Administrative Templates\Microsoft Office 2007 system\Tools | Options | General | Web Options...\Browsers\Rely on VML for displaying graphics in browsers CCE-711-2CCE-711JThe "Allow PNG as an output format" setting should be configured correctlyUser Configuration\Administrative Templates\Microsoft Office 2007 system\Tools | Options | General | Web Options...\Browsers\Allow PNG as an output format CCE-1292-2CCE-1292CThe "Improve Proofing Tools" setting should be configured correctlyUser Configuration\Administrative Templates\Microsoft Office 2007 system\Tools | Options | Spelling\Proofing Data Collection\Improve Proofing Tools CCE-1615-4CCE-1615PThe "Disable Opt-in Wizard on first run" setting should be configured correctly.User Configuration\Administrative Templates\Microsoft Office 2007 system\Privacy\Trust Center\Disable Opt-in Wizard on first run CCE-1191-6CCE-1191DThe "Microsoft Office Online" setting should be configured correctlyeUser Configuration\Administrative Templates\Microsoft Office 2007 system\Help\Microsoft Office Online CCE-1587-5CCE-1587EThe "Disable Password Caching" setting should be configured correctlysUser Configuration\Administrative Templates\Microsoft Office 2007 system\Security Settings\Disable Password Caching CCE-1486-0CCE-1486dThe "Disable all Trust Bar notifications for security issues" setting should be configured correctlyUser Configuration\Administrative Templates\Microsoft Office 2007 system\Security Settings\Disable all Trust Bar notifications for security issues CCE-1508-1CCE-1508oThe "Protect document metadata for rights managed Office Open XML Files" setting should be configured correctlyUser Configuration\Administrative Templates\Microsoft Office 2007 system\Security Settings\Protect document metadata for rights managed Office Open XML Files CCE-1640-2CCE-1640dThe "Protect document metadata for password protected files." setting should be configured correctlyUser Configuration\Administrative Templates\Microsoft Office 2007 system\Security Settings\Protect document metadata for password protected files. CCE-1539-6CCE-1539iThe "Encryption type for password protected Office Open XML files" setting should be configured correctlyUser Configuration\Administrative Templates\Microsoft Office 2007 system\Security Settings\Encryption type for password protected Office Open XML files CCE-1561-0CCE-1561hThe "Encryption type for password protected Office 97-2003 files" setting should be configured correctlyUser Configuration\Administrative Templates\Microsoft Office 2007 system\Security Settings\Encryption type for password protected Office 97-2003 files CCE-1068-6CCE-1068TThe "Load Controls in Forms3 (1 | 2 | 3 | 4)" setting should be configured correctlyUser Configuration\Administrative Templates\Microsoft Office 2007 system\Security Settings\Load Controls in Forms3 (1 | 2 | 3 | 4) CCE-1574-3CCE-1574The "Automation Security (Disable macros by default | Use application macro security level | Macros enabled)" setting should be configured correctlyUser Configuration\Administrative Templates\Microsoft Office 2007 system\Security Settings\Automation Security (Disable macros by default | Use application macro security level | Macros enabled) CCE-1239-3CCE-1239hThe "Prevent Word and Excel from loading managed code extensions" setting should be configured correctlyUser Configuration\Administrative Templates\Microsoft Office 2007 system\Security Settings\Prevent Word and Excel from loading managed code extensions CCE-1623-8CCE-1623GThe "Disable hyperlink warnings" setting should be configured correctlyuUser Configuration\Administrative Templates\Microsoft Office 2007 system\Security Settings\Disable hyperlink warnings CCE-1083-5CCE-1083HThe "Disable password to open UI" setting should be configured correctlyvUser Configuration\Administrative Templates\Microsoft Office 2007 system\Security Settings\Disable password to open UI CCE-1343-3CCE-1343EThe "Download Office Controls" setting should be configured correctlysUser Configuration\Administrative Templates\Microsoft Office 2007 system\Security Settings\Download Office Controls CCE-1242-7CCE-1242@The "Disable All ActiveX" setting should be configured correctlynUser Configuration\Administrative Templates\Microsoft Office 2007 system\Security Settings\Disable All ActiveX CCE-770-8CCE-770SThe "Allow mix of policy and user locations" setting should be configured correctlyUser Configuration\Administrative Templates\Microsoft Office 2007 system\Security Settings\Trust Center\Allow mix of policy and user locations CCE-903-5CCE-903VThe "Disable Smart Document's use of manifests" setting should be configured correctlyUser Configuration\Administrative Templates\Microsoft Office 2007 system\Smart Documents (Word, Excel)\Disable Smart Document's use of manifests CCE-1555-2CCE-1555mThe "Completely disable the Smart Documents feature in Word and Excel" setting should be configured correctlyUser Configuration\Administrative Templates\Microsoft Office 2007 system\Smart Documents (Word, Excel)\Completely disable the Smart Documents feature in Word and Excel CCE-1061-1CCE-1061IThe "Disable Internet Fax feature" setting should be configured correctlyrUser Configuration\Administrative Templates\Microsoft Office 2007 system\Services\Fax\Disable Internet Fax feature CCE-1603-0CCE-1603nThe "Prevent users from changing permissions on rights managed content" setting should be configured correctlyUser Configuration\Administrative Templates\Microsoft Office 2007 system\Manage Restricted Permissions\Prevent users from changing permissions on rights managed content CCE-1612-1CCE-1612qThe "Allow users with earlier versions of Office to read with browsers..." setting should be configured correctlyUser Configuration\Administrative Templates\Microsoft Office 2007 system\Manage Restricted Permissions\Allow users with earlier versions of Office to read with browsers... CCE-1493-6CCE-1493aThe "Always require users to connect to verify permission" setting should be configured correctlyUser Configuration\Administrative Templates\Microsoft Office 2007 system\Manage Restricted Permissions\Always require users to connect to verify permission CCE-1409-2CCE-1409uThe "Always expand groups in Office when restricting permission for documents" setting should be configured correctlyUser Configuration\Administrative Templates\Microsoft Office 2007 system\Manage Restricted Permissions\Always expand groups in Office when restricting permission for documents CCE-1589-1CCE-1589zThe "Never allow users to specify groups when restricting permission for documents" setting should be configured correctlyUser Configuration\Administrative Templates\Microsoft Office 2007 system\Manage Restricted Permissions\Never allow users to specify groups when restricting permission for documents CCE-1237-7CCE-1237vThe "Disable Microsoft Passport service for content with restricted permission" setting should be configured correctlyUser Configuration\Administrative Templates\Microsoft Office 2007 system\Manage Restricted Permissions\Disable Microsoft Passport service for content with restricted permission CCE-1404-3CCE-1404vThe "Do not allow users to upgrade Information Rights Management configuration" setting should be configured correctlyUser Configuration\Administrative Templates\Microsoft Office 2007 system\Manage Restricted Permissions\Do not allow users to upgrade Information Rights Management configuration CCE-1396-1CCE-1396@The "Key Usage Filtering" setting should be configured correctlydUser Configuration\Administrative Templates\Microsoft Office 2007 system\Signing\Key Usage Filtering CCE-1167-6CCE-1167:The "EKU filtering" setting should be configured correctly^User Configuration\Administrative Templates\Microsoft Office 2007 system\Signing\EKU filtering CCE-1585-9CCE-1585EThe "Legacy format signatures" setting should be configured correctly< iUser Configuration\Administrative Templates\Microsoft Office 2007 system\Signing\Legacy format signatures CCE-1572-7CCE-1572The "Suppress Office Signing Providers (Enable Western and East Asian | Suppress default Western | Suppress default East Asian | Suppress both Western and East Asian)" setting should be configured correctlyUser Configuration\Administrative Templates\Microsoft Office 2007 system\Signing\Suppress Office Signing Providers (Enable Western and East Asian | Suppress default Western | Suppress default East Asian | Suppress both Western and East Asian) CCE-1220-3CCE-1220[The "Suppress external signature services menu item" setting should be configured correctlyUser Configuration\Administrative Templates\Microsoft Office 2007 system\Signing\Suppress external signature services menu item CCE-1634-5CCE-1634HThe "Disable Check For Solutions" setting should be configured correctlywUser Configuration\Administrative Templates\Microsoft Office 2007 system\Office Diagnostics\Disable Check For Solutions CCE-1643-6CCE-1643kThe "Disable inclusion of document properties in PDF and XPS output" setting should be configured correctlyUser Configuration\Administrative Templates\Microsoft Office 2007 system\Microsoft Save As PDF and XPS add-ins\Disable inclusion of document properties in PDF and XPS output CCE-1546-1CCE-1546OThe "Disable Document Information Panel" setting should be configured correctlyUser Configuration\Administrative Templates\Microsoft Office 2007 system\Document Information Panel\Disable Document Information Panel CCE-1505-7CCE-1505The "Document Information Panel Beaconing UI (Never show UI | Always show UI | Show UI if XSN is in Internet Zone)" setting should be configured correctlyUser Configuration\Administrative Templates\Microsoft Office 2007 system\Document Information Panel\Document Information Panel Beaconing UI (Never show UI | Always show UI | Show UI if XSN is in Internet Zone) CCE-1545-3CCE-1545yThe "Disable the Office client from polling the Office server for published links" setting should be configured correctlyUser Configuration\Administrative Templates\Microsoft Office 2007 system\Server Settings\Disable the Office client from polling the Office server for published links CCE-1549-5CCE-1549The "Block opening of pre-release versions of file formats new to Word 2007 through the Compatibility Pack for the 2007 Office system and Word 2007 Open XML/Word 97-2003 Format Converter" setting should be configured correctlyUser Configuration\Administrative Templates\Microsoft Office 2007 system\Office 2007 Converters\Block opening of pre-release versions of file formats new to Word 2007 through the Compatibility Pack for the 2007 Office system and Word 2007 Open XML/Word 97-2003 Format Converter CCE-1431-6CCE-1431The "Block opening of pre-release versions of file formats new to Excel 2007 through the Compatibility Pack for the 2007 Office system and Excel 2007 Converter" setting should be configured correctlyUser Configuration\Administrative Templates\Microsoft Office 2007 system\Office 2007 Converters\Block opening of pre-release versions of file formats new to Excel 2007 through the Compatibility Pack for the 2007 Office system and Excel 2007 Converter CCE-1594-1CCE-1594The "Block opening of pre-release versions of file formats new to PowerPoint 2007 through the Compatibility Pack for the 2007 Office system and PowerPoint 2007 Converter" setting should be configured correctlyUser Configuration\Administrative Templates\Microsoft Office 2007 system\Office 2007 Converters\Block opening of pre-release versions of file formats new to PowerPoint 2007 through the Compatibility Pack for the 2007 Office system and PowerPoint 2007 Converter CCE-1241-9CCE-1241The "Control Blogging (Enabled | Only SharePoint blogs allowed | All blogging disabled)" setting should be configured correctlyUser Configuration\Administrative Templates\Microsoft Office 2007 system\Miscellaneous\Control Blogging (Enabled | Only SharePoint blogs allowed | All blogging disabled) CCE-1607-1CCE-1607@The "Enable Smart Resume" setting should be configured correctlyjUser Configuration\Administrative Templates\Microsoft Office 2007 system\Miscellaneous\Enable Smart Resume CCE-752-6CCE-752FThe "Do not upload media files" setting should be configured correctlypUser Configuration\Administrative Templates\Microsoft Office 2007 system\Miscellaneous\Do not upload media files CCE-1166-8CCE-1166mThe "Disable hyperlinks to web templates in File | New and task panes" setting should be configured correctlyUser Configuration\Administrative Templates\Microsoft Office 2007 system\Miscellaneous\Disable hyperlinks to web templates in File | New and task panes CCE-654-4CCE-654UThe "Prevent access to Web-based file storage" setting should be configured correctlyUser Configuration\Administrative Templates\Microsoft Office 2007 system\Miscellaneous\Prevent access to Web-based file storage CCE-1192-4CCE-1192lThe "Do not allow attachment previewing in Outlook" setting should be configured correctly for Outlook 2007.User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Options...\Preferences\E-mail Options\Do not allow attachment previewing in Outlook CCE-791-4CCE-791XThe "Read e-mail as plain text" setting should be configured correctly for Outlook 2007.User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Options...\Preferences\E-mail Options\Read e-mail as plain text CCE-1456-3CCE-1456_The "Read signed e-mail as plain text" setting should be configured correctly for Outlook 2007.User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Options...\Preferences\E-mail Options\Read signed e-mail as plain text CCE-1478-7CCE-1478bThe "Prevent publishing to Office Online" setting should be configured correctly for Outlook 2007.User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Options...\Preferences\Calendar Options\Microsoft Office Online Sharing ServicePrevent publishing to Office Online CCE-1368-0CCE-1368aThe "Prevent publishing to a DAV server" setting should be configured correctly for Outlook 2007.User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Options...\Preferences\Calendar Options\Microsoft Office Online Sharing ServicePrevent publishing to a DAV server CCE-1641-0CCE-1641The "Restrict level of calendar details users can publish (All options are available | Disables 'Full details' | Disables 'Full details' and 'Limited details')" setting should be configured correctly for Outlook 2007.;User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Options...\Preferences\Calendar Options\Microsoft Office Online Sharing ServiceRestrict level of calendar details users can publish (All options are available | Disables 'Full details' | Disables 'Full details' and 'Limited details') CCE-1266-6CCE-1266\The "Access to published calendars" setting should be configured correctly for Outlook 2007.User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Options...\Preferences\Calendar Options\Microsoft Office Online Sharing ServiceAccess to published calendars CCE-1399-5CCE-1399UThe "Restrict upload method" setting should be configured correctly for Outlook 2007.User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Options...\Preferences\Calendar Options\Microsoft Office Online Sharing ServiceRestrict upload method CCE-1187-4CCE-1187PThe "Hide Junk Mail UI" setting should be configured correctly for Outlook 2007.User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Options...\Preferences\Junk E-mail\Hide Junk Mail UI CCE-1588-3CCE-1588The "Junk E-mail protection level (No Protection, Low, High, Trusted Lists Only)" setting should be configured correctly for Outlook 2007.User Configuration\Administrative Templates\Microsoft Offic< e Outlook 2007\Tools | Options...\Preferences\Junk E-mail\Junk E-mail protection level (No Protection, Low, High, Trusted Lists Only) CCE-1117-1CCE-1117YThe "Trust E-mail from Contacts" setting should be configured correctly for Outlook 2007.User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Options...\Preferences\Junk E-mail\Trust E-mail from Contacts CCE-1130-4CCE-1130qThe "Add e-mail recipients to users' Safe Senders Lists" setting should be configured correctly for Outlook 2007.User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Options...\Preferences\Junk E-mail\Add e-mail recipients to users' Safe Senders Lists CCE-1093-4CCE-1093NThe "Dial-up options" setting should be configured correctly for Outlook 2007.wUser Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Options...\Mail Setup\Dial-up options CCE-1599-0CCE-1599yThe "Dial-up options - Warn before switching dial-up connection" setting should be configured correctly for Outlook 2007.User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Options...\Mail Setup\Dial-up options - Warn before switching dial-up connection CCE-1621-2CCE-1621The "Dial-up options - Hang up when finished sending, receiving, or updating" setting should be configured correctly for Outlook 2007.User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Options...\Mail Setup\Dial-up options - Hang up when finished sending, receiving, or updating CCE-1269-0CCE-1269The "Dial-up options - Automatically dial during a background Send/Receive" setting should be configured correctly for Outlook 2007.User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Options...\Mail Setup\Dial-up options - Automatically dial during a background Send/Receive CCE-1419-1CCE-1419The "Do not allow creating, replying, or forwarding signatures for e-mail messages" setting should be configured correctly for Outlook 2007.User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Options...\Mail Format\Do not allow creating, replying, or forwarding signatures for e-mail messages CCE-1551-1CCE-1551The "Send copy of pictures with HTML messages instead of reference to Internet location" setting should be configured correctly for Outlook 2007.User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Options...\Mail Format\Internet Formatting\Send copy of pictures with HTML messages instead of reference to Internet location CCE-655-1CCE-655The "Outlook Rich Text options (Convert to HTML | Convert to Plain Text format | Send Using Outlook Rich Text format)" setting should be configured correctly for Outlook 2007.User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Options...\Mail Format\Internet Formatting\Outlook Rich Text options (Convert to HTML | Convert to Plain Text format | Send Using Outlook Rich Text format) CCE-1592-5CCE-1592QThe "Plain text options" setting should be configured correctly for Outlook 2007.User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Options...\Mail Format\Internet Formatting\Plain text options CCE-1614-7CCE-1614The "Plain text options - Encode attachments in UUENCODE format when sending a plain text message" setting should be configured correctly for Outlook 2007.User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Options...\Mail Format\Internet Formatting\Plain text options - Encode attachments in UUENCODE format when sending a plain text message CCE-1526-3CCE-1526qThe "Set message format (HTML | Rich Text | Plain Text)" setting should be configured correctly for Outlook 2007.User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Options...\Mail Format\Internet Formatting\Message FormatSet message format (HTML | Rich Text | Plain Text) CCE-1111-4CCE-1111The "Make Outlook the default program for E-mail, Contacts, and Calendar" setting should be configured correctly for Outlook 2007.User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Options...\Other\Make Outlook the default program for E-mail, Contacts, and Calendar CCE-1494-4CCE-1494The "Do not allow folders in non-default stores to be set as folder home pages" setting should be configured correctly for Outlook 2007.User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Options...\Other\Advanced\Do not allow folders in non-default stores to be set as folder home pages CCE-1287-2CCE-1287}The "Use Unicode format when dragging e-mail message to file system" setting should be configured correctly for Outlook 2007.User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Options...\Other\Advanced\Use Unicode format when dragging e-mail message to file system CCE-1529-7CCE-1529The "Do not allow Outlook object model scripts to run for shared folders" setting should be configured correctly for Outlook 2007.User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Options...\Other\Advanced\Do not allow Outlook object model scripts to run for shared folders CCE-1560-2CCE-1560The "Do not allow Outlook object model scripts to run for public folders" setting should be configured correctly for Outlook 2007.User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Options...\Other\Advanced\Do not allow Outlook object model scripts to run for public folders CCE-1596-6CCE-1596The "Set maximum level of online status on a person name (Do not allow | Allow everywhere except To and CC field | Allow everywhere)" setting should be configured correctly for Outlook 2007.User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Options...\Other\Person Names\Set maximum level of online status on a person name (Do not allow | Allow everywhere except To and CC field | Allow everywhere) CCE-1604-8CCE-1604The "Display online status on a person name (Never | Everywhere except To and CC field | Everywhere)" setting should be configured correctly for Outlook 2007.User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Options...\Other\Person Names\Display online status on a person name (Never | Everywhere except To and CC field | Everywhere) CCE-1648-5CCE-1648pThe "Turn off Enable the Person Names Smart Tag option" setting should be configured correctly for Outlook 2007.User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Options...\Other\Person Names\Turn off Enable the Person Names Smart Tag option CCE-1516-4CCE-1516The "Outlook Security Mode (Outlook Default Security | Use Security Form from 'Outlook Security Settings' Public Folder | Use Security Form from 'Outlook 10 Security Settings' Public Folder | Use Outlook Security Group Policy)" setting should be configured correctly for Outlook 2007.GUser Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Security Form Settings\Outlook Security Mode (Outlook Default Security | Use Security Form from 'Outlook Security Settings' Public Folder | Use Security Form from 'Outlook 10 Security Settings' Public Folder | Use Outlook Security Group Policy) CCE-1296-3CCE-1296ZThe "Display Level 1 attachments" setting should be configured correctly for Outlook 2007.User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Security Form Settings\Attachment Security\Display Level 1 attachments CCE-1388-8CCE-1388kThe "Allow users to demote attachments to Level 2" setting should be configured correctly for Outlook 2007.User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Security Form Settings\Attachment Security\Allow users to demote attachments to Level 2 CCE-1652-7CCE-1652{The "Do not prompt about Level 1 attachments when sending an item" se< tting should be configured correctly for Outlook 2007.User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Security Form Settings\Attachment Security\Do not prompt about Level 1 attachments when sending an item CCE-1569-3CCE-1569{The "Do not prompt about Level 1 attachments when closing an item" setting should be configured correctly for Outlook 2007.User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Security Form Settings\Attachment Security\Do not prompt about Level 1 attachments when closing an item CCE-1459-7CCE-1459pThe "Allow in-place activation of embedded OLE objects" setting should be configured correctly for Outlook 2007.User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Security Form Settings\Attachment Security\Allow in-place activation of embedded OLE objects CCE-1608-9CCE-1608ZThe "Display OLE package objects" setting should be configured correctly for Outlook 2007.User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Security Form Settings\Attachment Security\Display OLE package objects CCE-1617-0CCE-1617fThe "Add file extensions to block as Level 1" setting should be configured correctly for Outlook 2007.User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Security Form Settings\Attachment Security\Add file extensions to block as Level 1 CCE-1631-1CCE-1631hThe "Remove file extensions blocked as Level 1" setting should be configured correctly for Outlook 2007.User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Security Form Settings\Attachment Security\Remove file extensions blocked as Level 1 CCE-1155-1CCE-1155fThe "Add file extensions to block as Level 2" setting should be configured correctly for Outlook 2007.User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Security Form Settings\Attachment Security\Add file extensions to block as Level 2 CCE-1556-0CCE-1556hThe "Remove file extensions blocked as Level 2" setting should be configured correctly for Outlook 2007.User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Security Form Settings\Attachment Security\Remove file extensions blocked as Level 2 CCE-1595-8CCE-1595eThe "Allow scripts in one-off Outlook forms" setting should be configured correctly for Outlook 2007.User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Security Form Settings\Custom Form Security\Allow scripts in one-off Outlook forms CCE-1436-5CCE-1436The "Set Outlook object model Custom Actions execution prompt (Prompt User | Automatically Approve | Automatically Deny | Prompt user based on computer security)" setting should be configured correctly for Outlook 2007.User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Security Form Settings\Custom Form Security\Set Outlook object model Custom Actions execution prompt (Prompt User | Automatically Approve | Automatically Deny | Prompt user based on computer security) CCE-1586-7CCE-1586The "Set control ItemProperty prompt (Prompt User | Automatically Approve | Automatically Deny | Prompt user based on computer security)" setting should be configured correctlyUser Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Security Form Settings\Custom Form Security\Set control ItemProperty prompt (Prompt User | Automatically Approve | Automatically Deny | Prompt user based on computer security) CCE-1590-9CCE-1590The "Configure Outlook object model prompt when sending mail (Prompt User | Automatically Approve | Automatically Deny | Prompt user based on computer security)" setting should be configured correctly for Outlook 2007.User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Security Form Settings\Programmatic Security\Configure Outlook object model prompt when sending mail (Prompt User | Automatically Approve | Automatically Deny | Prompt user based on computer security) CCE-1004-1CCE-1004The "Configure Outlook object model prompt when accessing an address book (Prompt User | Automatically Approve | Automatically Deny | Prompt user based on computer security)" setting should be configured correctly for Outlook 2007.(User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Security Form Settings\Programmatic Security\Configure Outlook object model prompt when accessing an address book (Prompt User | Automatically Approve | Automatically Deny | Prompt user based on computer security) CCE-1273-2CCE-1273The "Configure Outlook object model prompt when reading address information (Prompt User | Automatically Approve | Automatically Deny | Prompt user based on computer security)" setting should be configured correctly for Outlook 2007.*User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Security Form Settings\Programmatic Security\Configure Outlook object model prompt when reading address information (Prompt User | Automatically Approve | Automatically Deny | Prompt user based on computer security) CCE-1172-6CCE-1172The "Configure Outlook object model prompt when responding to meeting and task requests (Prompt User | Automatically Approve | Automatically Deny | Prompt user based on computer security)" setting should be configured correctly for Outlook 2007.6User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Security Form Settings\Programmatic Security\Configure Outlook object model prompt when responding to meeting and task requests (Prompt User | Automatically Approve | Automatically Deny | Prompt user based on computer security) CCE-1568-5CCE-1568The "Configure Outlook object model prompt when executing Save As (Prompt User | Automatically Approve | Automatically Deny | Prompt user based on computer security)" setting should be configured correctly for Outlook 2007. User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Security Form Settings\Programmatic Security\Configure Outlook object model prompt when executing Save As (Prompt User | Automatically Approve | Automatically Deny | Prompt user based on computer security) CCE-1573-5CCE-1573The "Configure Outlook object model prompt When accessing the Formula property of a UserProperty object (Prompt User | Automatically Approve | Automatically Deny | Prompt user based on computer security)" setting should be configured correctly for Outlook 2007.FUser Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Security Form Settings\Programmatic Security\Configure Outlook object model prompt When accessing the Formula property of a UserProperty object (Prompt User | Automatically Approve | Automatically Deny | Prompt user based on computer security) CCE-1454-8CCE-1454The "Configure Outlook object model prompt when accessing address information via UserProperties.Find (Prompt User | Automatically Approve | Automatically Deny | Prompt user based on computer security)" setting should be configured correctly for Outlook 2007.DUser Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Security Form Settings\Programmatic Security\Configure Outlook object model prompt when accessing address information via UserProperties.Find (Prompt User | Automatically Approve | Automatically Deny | Prompt user based on computer security) CCE-1498-5CCE-1498]The "Required Certificate Authority" setting should be configured correctly for Outlook 2007.~User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Cryptography\Required Certificate Authority CCE-1630-3CCE-1630The "S/MIME interoperability with external clients: (Handle internally | Handle externally | Handle if possible)" setting should be configured correctly for Outlook 2007.User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Cryptography\S/MIME intero< perability with external clients: (Handle internally | Handle externally | Handle if possible) CCE-1626-1CCE-1626qThe "Always use Rich Text formatting in S/MIME messages" setting should be configured correctly for Outlook 2007.User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Cryptography\Always use Rich Text formatting in S/MIME messages CCE-1163-5CCE-1163WThe "S/MIME password settings" setting should be configured correctly for Outlook 2007.xUser Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Cryptography\S/MIME password settings CCE-1445-6CCE-1445The "S/MIME password settings - Default S/MIME password time (minutes): (0 - 2147483647)" setting should be configured correctly for Outlook 2007.User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Cryptography\S/MIME password settings - Default S/MIME password time (minutes): (0 - 2147483647) CCE-1582-6CCE-1582The "S/MIME password settings - Maximum S/MIME password time (minutes): (0 - 2147483647)" setting should be configured correctly for Outlook 2007.User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Cryptography\S/MIME password settings - Maximum S/MIME password time (minutes): (0 - 2147483647) CCE-1357-3CCE-1357NThe "Message Formats" setting should be configured correctly for Outlook 2007.oUser Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Cryptography\Message Formats CCE-1132-0CCE-1132The "Message Formats - Support the following message formats: (S/MIME | Exchange | Fortezza | S/MIME and Exchange | S/MIME and Fortezza | Exchange and Fortezza | S/MIME, Exchange, and Fortezza)" setting should be configured correctly for Outlook 2007.User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Cryptography\Message Formats - Support the following message formats: (S/MIME | Exchange | Fortezza | S/MIME and Exchange | S/MIME and Fortezza | Exchange and Fortezza | S/MIME, Exchange, and Fortezza) CCE-1511-5CCE-15112007: The "Do not provide Continue option on Encryption warning dialog boxes" setting should be configured correctly for Outlook 2007. 2003: The "Disable Continue button on all Encryption warning dialogs" setting should be configured correctly.User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Cryptography\Do not provide Continue option on Encryption warning dialog boxes CCE-1018-1CCE-1018YThe "Run in FIPS compliant mode" setting should be configured correctly for Outlook 2007.zUser Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Cryptography\Run in FIPS compliant mode CCE-1181-7CCE-1181cThe "Encrypt all e-mail messages" setting should be configured correctly for Outlook 2007 and 2003.{User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Cryptography\Encrypt all e-mail messages CCE-1639-4CCE-1639WThe "Sign all e-mail messages" setting should be configured correctly for Outlook 2007.xUser Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Cryptography\Sign all e-mail messages CCE-677-5CCE-677ZThe "URL for S/MIME certificates" setting should be configured correctly for Outlook 2007.{User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Cryptography\URL for S/MIME certificates CCE-687-4CCE-687mThe "Ensure all S/MIME signed messages have a label" setting should be configured correctly for Outlook 2007.User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Cryptography\Ensure all S/MIME signed messages have a label CCE-1613-9CCE-1613The "S/MIME receipt requests (Open message if receipt can't be sent | Don't open message if receipt can't be sent | Always prompt before sending receipt | Never send S/MIME )" setting should be configured correctly for Outlook 2007. User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Cryptography\S/MIME receipt requests (Open message if receipt can't be sent | Don't open message if receipt can't be sent | Always prompt before sending receipt | Never send S/MIME ) CCE-1402-7CCE-1402\The "Fortezza certificate policies" setting should be configured correctly for Outlook 2007.}User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Cryptography\Fortezza certificate policies CCE-1658-4CCE-1658nThe "Require SuiteB algorithms for S/MIME operations" setting should be configured correctly for Outlook 2007.User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Cryptography\Require SuiteB algorithms for S/MIME operations CCE-1662-6CCE-1662KThe "Missing CRLs" setting should be configured correctly for Outlook 2007.User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Cryptography\Signature Status dialog box\Missing CRLs CCE-1080-1CCE-1080The "Missing CRLs - Indicate a missing CRL as a(n): (warning | error)" setting should be configured correctly for Outlook 2007.User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Cryptography\Signature Status dialog box\Missing CRLs - Indicate a missing CRL as a(n): (warning | error) CCE-1076-9CCE-1076XThe "Missing root certificates" setting should be configured correctly for Outlook 2007.User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Cryptography\Signature Status dialog box\Missing root certificates CCE-1636-0CCE-1636The "Missing root certificates - Indicate a missing root certificate as a(n): (neither error nor warning | warning | error)" setting should be configured correctly for Outlook 2007.User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Cryptography\Signature Status dialog box\Missing root certificates - Indicate a missing root certificate as a(n): (neither error nor warning | warning | error) CCE-943-1CCE-943mThe "Promote Level 2 errors as errors, not warnings" setting should be configured correctly for Outlook 2007.User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Cryptography\Signature Status dialog box\Promote Level 2 errors as errors, not warnings CCE-1591-7CCE-1591aThe "Attachment Secure Temporary Folder" setting should be configured correctly for Outlook 2007.User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Cryptography\Signature Status dialog box\Attachment Secure Temporary Folder CCE-1133-8CCE-1133sThe "Display pictures and external content in HTML e-mail" setting should be configured correctly for Outlook 2007.User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Automatic Picture Download Settings\Display pictures and external content in HTML e-mail CCE-725-2CCE-725The "Automatically download content for e-mail from people in Safe Senders and Safe Recipients Lists" setting should be configured correctly for Outlook 2007.User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Automatic Picture Download Settings\Automatically download content for e-mail from people in Safe Senders and Safe Recipients Lists CCE-1347-4CCE-1347pThe "Do not permit download of content from safe zones" setting should be configured correctly for Outlook 2007.User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Automatic Picture Download Settings\Do not permit download of content from safe zones CCE-1475-3CCE-1475RThe "Block Trusted Zones" setting should be configured correctly for Outlook 2007.User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Automatic Picture Download Settings\Block Trusted Zones CCE-1497-7CCE-1497|The "Include Internet in Safe Zones for Automatic Picture Download" setting should be configured correctly for Outlook 2007.User Configuration\Administrative Templ< ates\Microsoft Office Outlook 2007\Security\Automatic Picture Download Settings\Include Internet in Safe Zones for Automatic Picture Download CCE-1501-6CCE-1501|The "Include Intranet in Safe Zones for Automatic Picture Download" setting should be configured correctly for Outlook 2007.User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Automatic Picture Download Settings\Include Intranet in Safe Zones for Automatic Picture Download CCE-1030-6CCE-1030The "Security setting for macros (Always warn | Never warn, disable all | Warn for signed, disable unsigned | No security check)" setting should be configured correctly for Outlook 2007.User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Trust Center\Security setting for macros (Always warn | Never warn, disable all | Warn for signed, disable unsigned | No security check) CCE-1052-0CCE-1052^The "Enable links in e-mail messages" setting should be configured correctly for Outlook 2007.User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Trust Center\Enable links in e-mail messages CCE-1462-1CCE-1462~The "Apply macro security settings to macros, add-ins, and SmartTags" setting should be configured correctly for Outlook 2007.User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Trust Center\Apply macro security settings to macros, add-ins, and SmartTags CCE-1281-5CCE-1281The "Automatically configure profile based on Active Directory Primary SMTP address" setting should be configured correctly for Outlook 2007.User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Account Settings\Exchange\Automatically configure profile based on Active Directory Primary SMTP address CCE-1303-7CCE-1303rThe "Do not allow users to change permissions on folders" setting should be configured correctly for Outlook 2007.User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Account Settings\Exchange\Do not allow users to change permissions on folders CCE-1082-7CCE-1082TThe "Enable RPC encryption" setting should be configured correctly for Outlook 2007.User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Account Settings\Exchange\Enable RPC encryption CCE-1712-9CCE-1712The "Authentication with Exchange Server (Kerberos/NTLM Password Authentication | Kerberos Password Authentication | NTLM Password Authentication)" setting should be configured correctly for Outlook 2007.User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Account Settings\Exchange\Authentication with Exchange Server (Kerberos/NTLM Password Authentication | Kerberos Password Authentication | NTLM Password Authentication) CCE-1131-2CCE-1131rThe "Synchronize Outlook RSS Feeds with Common Feed List" setting should be configured correctly for Outlook 2007.User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Account Settings\RSS Feeds\Synchronize Outlook RSS Feeds with Common Feed List CCE-1620-4CCE-1620SThe "Turn off RSS feature" setting should be configured correctly for Outlook 2007.User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Account Settings\RSS Feeds\Turn off RSS feature CCE-1541-2CCE-1541`The "Automatically download enclosures" setting should be configured correctly for Outlook 2007.User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Account Settings\RSS Feeds\Automatically download enclosures CCE-1311-0CCE-1311qThe "Download full text of articles as HTML attachments" setting should be configured correctly for Outlook 2007.User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Account Settings\RSS Feeds\Download full text of articles as HTML attachments CCE-1682-4CCE-1682aThe "Automatically download attachments" setting should be configured correctly for Outlook 2007.User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Account Settings\Internet Calendars\Automatically download attachments CCE-1461-3CCE-1461vThe "Do not include Internet Calendar integration in Outlook" setting should be configured correctly for Outlook 2007.User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Account Settings\Internet Calendars\Do not include Internet Calendar integration in Outlook CCE-1041-3CCE-1041The "Disable user entries to server list (Publish default, allow others | Publish default, disallow others)" setting should be configured correctly for Outlook 2007.User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Meeting Workspace\Disable user entries to server list (Publish default, allow others | Publish default, disallow others) CCE-1565-1CCE-1565_The "Do not expand distribution lists" setting should be configured correctly for Outlook 2007.xUser Configuration\Administrative Templates\Microsoft Office Outlook 2007\Miscellaneous\Do not expand distribution lists CCE-1719-4CCE-1719The "Save files in this format (PowerPoint Presentation (*.pptx) | PowerPoint Macro-Enabled Presentation (*.pptm) | PowerPoint 97-2003 Presentation (*.ppt))" setting should be configured correctly for PowerPoint 2007.User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\PowerPoint Options\Save\Save files in this format (PowerPoint Presentation (*.pptx) | PowerPoint Macro-Enabled Presentation (*.pptm) | PowerPoint 97-2003 Presentation (*.ppt)) CCE-1477-9CCE-1477{The "Number of documents in the Recent Documents list (0 - 50)" setting should be configured correctly for PowerPoint 2007.User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\PowerPoint Options\Advanced\Number of documents in the Recent Documents list (0 - 50) CCE-1142-9CCE-1142The "Determine whether to force encrypted macros to be scanned in Microsoft PowerPoint Open XML presentations" setting should be configured correctly for PowerPoint 2007.User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\PowerPoint Options\Security\Determine whether to force encrypted macros to be scanned in Microsoft PowerPoint Open XML presentations CCE-1649-3CCE-1649The "Run Programs (disable (don't run any programs) | enable (prompt user before running) | enable all (run without prompting))" setting should be configured correctly for PowerPoint 2007.User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\PowerPoint Options\Security\Run Programs (disable (don't run any programs) | enable (prompt user before running) | enable all (run without prompting)) CCE-1279-9CCE-1279\The "Make hidden markup visible" setting should be configured correctly for PowerPoint 2007.User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\PowerPoint Options\Security\Make hidden markup visible CCE-1451-4CCE-1451mThe "Unblock automatic download of linked images" setting should be configured correctly for PowerPoint 2007.User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\PowerPoint Options\Security\Unblock automatic download of linked images CCE-1204-7CCE-1204aThe "Disable all application add-ins" setting should be configured correctly for PowerPoint 2007.User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\PowerPoint Options\Security\Trust Center\Disable all application add-ins CCE-1107-2CCE-1107The "Require that application add-ins are signed by Trusted Publisher" setting should be configured correctly for PowerPoint 2007.User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\PowerPoint Options\Security\Trust Center\Require that application add-ins are signed by Trusted Publisher CCE-743-5CCE-743The "Disable Trust Bar Notification for unsigned application add-ins" setting should be configured correctly for PowerPoint 2007.User Configuration\Administr< ative Templates\Microsoft Office PowerPoint 2007\PowerPoint Options\Security\Trust Center\Disable Trust Bar Notification for unsigned application add-ins CCE-747-6CCE-747mThe "Allow Trusted Locations not on the computer" setting should be configured correctly for PowerPoint 2007.User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\PowerPoint Options\Security\Trust Center\Trusted LocationsAllow Trusted Locations not on the computer CCE-782-3CCE-782_The "Disable all trusted locations" setting should be configured correctly for PowerPoint 2007.User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\PowerPoint Options\Security\Trust Center\Trusted LocationsDisable all trusted locations CCE-1327-6CCE-1327RThe "Disable commands" setting should be configured correctly for PowerPoint 2007.User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\Disable items in user interface\Predefined\Disable commands CCE-1723-6CCE-1723The "Disable commands - Office Button | PowerPoint Options | Customize | All Commands | Web Page Preview" setting should be configured correctly for PowerPoint 2007.User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\Disable items in user interface\Predefined\Disable commands - Office Button | PowerPoint Options | Customize | All Commands | Web Page Preview CCE-1366-4CCE-1366qThe "Disable commands - Office Button | Send | Email" setting should be configured correctly for PowerPoint 2007.User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\Disable items in user interface\Predefined\Disable commands - Office Button | Send | Email CCE-1679-0CCE-1679oThe "Disable commands - Insert | Links | Hyperlink" setting should be configured correctly for PowerPoint 2007.User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\Disable items in user interface\Predefined\Disable commands - Insert | Links | Hyperlink CCE-1173-4CCE-1173qThe "Disable commands - Review | Proofing | Language" setting should be configured correctly for PowerPoint 2007.User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\Disable items in user interface\Predefined\Disable commands - Review | Proofing | Language CCE-1714-5CCE-1714kThe "Disable commands - View | Macros | Macros" setting should be configured correctly for PowerPoint 2007.User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\Disable items in user interface\Predefined\Disable commands - View | Macros | Macros CCE-1485-2CCE-1485nThe "Disable commands - Developer | Code | Macros" setting should be configured correctly for PowerPoint 2007.User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\Disable items in user interface\Predefined\Disable commands - Developer | Code | Macros CCE-1687-3CCE-1687vThe "Disable commands - Developer | Code | Macro Security" setting should be configured correctly for PowerPoint 2007.User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\Disable items in user interface\Predefined\Disable commands - Developer | Code | Macro Security CCE-1709-5CCE-1709tThe "Disable commands - Developer | Code | Visual Basic" setting should be configured correctly for PowerPoint 2007.User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\Disable items in user interface\Predefined\Disable commands - Developer | Code | Visual Basic CCE-1463-9CCE-1463The "Disable commands - Office Button | PowerPoint Options | Customize | All Commands | Document Location" setting should be configured correctly for PowerPoint 2007.User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\Disable items in user interface\Predefined\Disable commands - Office Button | PowerPoint Options | Customize | All Commands | Document Location CCE-1467-0CCE-1467jThe "Disable commands - Disable shortcut keys" setting should be configured correctly for PowerPoint 2007.User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\Disable items in user interface\Predefined\Disable commands - Disable shortcut keys CCE-1740-0CCE-1740yThe "Disable commands - Ctrl+K (Insert | Links | Hyperlink)" setting should be configured correctly for PowerPoint 2007.User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\Disable items in user interface\Predefined\Disable commands - Ctrl+K (Insert | Links | Hyperlink) CCE-1780-6CCE-1780wThe "Disable commands - Alt+F8 (Developer | Code | Macros)" setting should be configured correctly for PowerPoint 2007.User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\Disable items in user interface\Predefined\Disable commands - Alt+F8 (Developer | Code | Macros) CCE-1661-8CCE-1661~The "Disable commands - Alt+F11 (Developer | Code | Visual Basic)" setting should be configured correctly for PowerPoint 2007.User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\Disable items in user interface\Predefined\Disable commands - Alt+F11 (Developer | Code | Visual Basic) CCE-1688-1CCE-1688The "Block opening of pre-release versions of file formats new to PowerPoint 2007" setting should be configured correctly for PowerPoint 2007.User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\Block file formats\Open\Block opening of pre-release versions of file formats new to PowerPoint 2007 CCE-1701-2CCE-1701gThe "Block opening of Open Xml files types" setting should be configured correctly for PowerPoint 2007.User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\Block file formats\Open\Block opening of Open Xml files types CCE-1348-2CCE-1348dThe "Block opening of Binary file types" setting should be configured correctly for PowerPoint 2007.User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\Block file formats\Open\Block opening of Binary file types CCE-1644-4CCE-1644bThe "Block opening of Html file types" setting should be configured correctly for PowerPoint 2007.User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\Block file formats\Open\Block opening of Html file types CCE-1194-0CCE-1194[The "Block opening of Outlines" setting should be configured correctly for PowerPoint 2007.~User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\Block file formats\Open\Block opening of Outlines CCE-1216-1CCE-1216]The "Block opening of Converters" setting should be configured correctly for PowerPoint 2007.User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\Block file formats\Open\Block opening of Converters CCE-1506-5CCE-1506eThe "Block saving of Open Xml file types" setting should be configured correctly for PowerPoint 2007.User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\Block file formats\Save\Block saving of Open Xml file types CCE-1136-1CCE-1136cThe "Block saving of Binary file types" setting should be configured correctly for PowerPoint 2007.User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\Block file formats\Save\Block saving of Binary file types CCE-1766-5CCE-1766aThe "Block saving of Html file types" setting should be configured correctly for PowerPoint 2007.User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\Block file formats\Save\Block saving of Html file types CCE-1180-9CCE-1180ZThe "Block saving of Outlines" setting should be configured correctly for PowerPoint 2007.}User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\Block file formats\Save\Block saving of Outlines CCE-1722-8CCE-1722`The "Block saving of GraphicFilters" setting should be configured correctly for PowerPoint 2007.User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\Block file formats\Save\Block saving of GraphicFilters< CCE-1731-9CCE-1731VThe "Disable Slide Update" setting should be configured correctly for PowerPoint 2007.User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\Block file formats\Miscellaneous\Disable Slide Update CCE-885-4CCE-885GThe "Hidden text" setting should be configured correctly for Word 2007.gUser Configuration\Administrative Templates\Microsoft Office Word 2007\Word Options\Display\Hidden text CCE-1656-8CCE-1656xThe "Save files in this format (Word document (*.docx) | Single Files Web Page (*.mht) | Web Page (*.htm; *.html) | Web Page, Filtered (*.htm, *.html) | Rich Text Format (*.rtf) | Plain Text (*.txt) | Word 6.0/95 (*.doc) | Word 6.0/95 - Chinese (Simplified) (*.doc) | Word 6.0/95 - Chinese (Traditional) (*.doc) | Word 6.0/95 - Japanese (*.doc) | Word 6.0/95 - Korean (*.doc) | Word 97-2002 & 6.0/95 - RTF | Word 5.1 for Macintosh (*.mcw) | Word 5.0 for Macintosh (*.mcw) | Word 2.x for Windows (*.doc) | Works 4.0 for Windows (*.wps) | WordPerfect 5.x for Windows (*.doc) | WordPerfect 5.1 for DOS (*.doc) | Word 2007 Macro Enabled Document (*.docm) | Word 2007 Macro Free Template (*.dotx) | Word 2007 Macro Enabled Template (*.dotm) | Word 97 - 2003 Document (*.doc) | Word 97 - 2003 Template (*.dot) | Flat XML Document (*.xml))" setting should be configured correctly for Word 2007.User Configuration\Administrative Templates\Microsoft Office Word 2007\Word Options\Save\Save files in this format (Word document (*.docx) | Single Files Web Page (*.mht) | Web Page (*.htm; *.html) | Web Page, Filtered (*.htm, *.html) | Rich Text Format (*.rtf) | Plain Text (*.txt) | Word 6.0/95 (*.doc) | Word 6.0/95 - Chinese (Simplified) (*.doc) | Word 6.0/95 - Chinese (Traditional) (*.doc) | Word 6.0/95 - Japanese (*.doc) | Word 6.0/95 - Korean (*.doc) | Word 97-2002 & 6.0/95 - RTF | Word 5.1 for Macintosh (*.mcw) | Word 5.0 for Macintosh (*.mcw) | Word 2.x for Windows (*.doc) | Works 4.0 for Windows (*.wps) | WordPerfect 5.x for Windows (*.doc) | WordPerfect 5.1 for DOS (*.doc) | Word 2007 Macro Enabled Document (*.docm) | Word 2007 Macro Free Template (*.dotx) | Word 2007 Macro Enabled Template (*.dotm) | Word 97 - 2003 Document (*.doc) | Word 97 - 2003 Template (*.dot) | Flat XML Document (*.xml)) CCE-1537-0CCE-1537sThe "Number of documents in the Recent Documents list (0-50)" setting should be configured correctly for Word 2007.User Configuration\Administrative Templates\Microsoft Office Word 2007\Word Options\Advanced\Number of documents in the Recent Documents list (0-50) CCE-1249-2CCE-1249ZThe "Update automatic links at Open" setting should be configured correctly for Word 2007.{User Configuration\Administrative Templates\Microsoft Office Word 2007\Word Options\Advanced\Update automatic links at Open CCE-1509-9CCE-1509UThe "Save smart tags in e-mail" setting should be configured correctly for Word 2007.User Configuration\Administrative Templates\Microsoft Office Word 2007\Word Options\Advanced\E-mail Options\Save smart tags in e-mail CCE-1280-7CCE-1280The "Determine whether to force encrypted macros to be scanned in Microsoft Word Open XML documents" setting should be configured correctly for Word 2007.User Configuration\Administrative Templates\Microsoft Office Word 2007\Word Options\Security\Trust Center\Determine whether to force encrypted macros to be scanned in Microsoft Word Open XML documents CCE-1681-6CCE-1681[The "Disable all application add-ins" setting should be configured correctly for Word 2007.User Configuration\Administrative Templates\Microsoft Office Word 2007\Word Options\Security\Trust Center\Disable all application add-ins CCE-1562-8CCE-1562|The "Require that application add-ins are signed by Trusted Publisher" setting should be configured correctly for Word 2007.User Configuration\Administrative Templates\Microsoft Office Word 2007\Word Options\Security\Trust Center\Require that application add-ins are signed by Trusted Publisher CCE-1333-4CCE-1333{The "Disable Trust Bar Notification for unsigned application add-ins" setting should be configured correctly for Word 2007.User Configuration\Administrative Templates\Microsoft Office Word 2007\Word Options\Security\Trust Center\Disable Trust Bar Notification for unsigned application add-ins CCE-1355-7CCE-1355gThe "Allow Trusted Locations not on the computer" setting should be configured correctly for Word 2007.User Configuration\Administrative Templates\Microsoft Office Word 2007\Word Options\Security\Trust Center\Trusted LocationsAllow Trusted Locations not on the computer CCE-1637-8CCE-1637YThe "Disable all trusted locations" setting should be configured correctly for Word 2007.User Configuration\Administrative Templates\Microsoft Office Word 2007\Word Options\Security\Trust Center\Trusted LocationsDisable all trusted locations CCE-1659-2CCE-1659LThe "Disable commands" setting should be configured correctly for Word 2007.User Configuration\Administrative Templates\Microsoft Office Word 2007\Disable items in user interface\Predefined\Disable commands CCE-1329-2CCE-1329The "Disable commands - Office Button | Word Options | Customize | All Commands | Save As Web Page" setting should be configured correctly for Word 2007.User Configuration\Administrative Templates\Microsoft Office Word 2007\Disable items in user interface\Predefined\Disable commands - Office Button | Word Options | Customize | All Commands | Save As Web Page CCE-1632-9CCE-1632The "Disable commands - Office Button | Word Options | Customize | All Commands | Web Page Preview" setting should be configured correctly for Word 2007.User Configuration\Administrative Templates\Microsoft Office Word 2007\Disable items in user interface\Predefined\Disable commands - Office Button | Word Options | Customize | All Commands | Web Page Preview CCE-1425-8CCE-1425kThe "Disable commands - Office Button | Send | Email" setting should be configured correctly for Word 2007.User Configuration\Administrative Templates\Microsoft Office Word 2007\Disable items in user interface\Predefined\Disable commands - Office Button | Send | Email CCE-1196-5CCE-1196iThe "Disable commands - Insert | Links | Hyperlink" setting should be configured correctly for Word 2007.User Configuration\Administrative Templates\Microsoft Office Word 2007\Disable items in user interface\Predefined\Disable commands - Insert | Links | Hyperlink CCE-936-5CCE-936rThe "Disable commands - Review | Protect | Protect Document" setting should be configured correctly for Word 2007.User Configuration\Administrative Templates\Microsoft Office Word 2007\Disable items in user interface\Predefined\Disable commands - Review | Protect | Protect Document CCE-1354-0CCE-1354eThe "Disable commands - View | Macros | Macros" setting should be configured correctly for Word 2007.User Configuration\Administrative Templates\Microsoft Office Word 2007\Disable items in user interface\Predefined\Disable commands - View | Macros | Macros CCE-1125-4CCE-1125hThe "Disable commands - Developer | Code | Macros" setting should be configured correctly for Word 2007.User Configuration\Administrative Templates\Microsoft Office Word 2007\Disable items in user interface\Predefined\Disable commands - Developer | Code | Macros CCE-1742-6CCE-1742nThe "Disable commands - Developer | Code | Record Macro" setting should be configured correctly for Word 2007.User Configuration\Administrative Templates\Microsoft Office Word 2007\Disable items in user interface\Predefined\Disable commands - Developer | Code | Record Macro CCE-1782-2CCE-1782pThe "Disable commands - Developer | Code | Macro Security" setting should be configured correctly for Word 2007.User Configuration\Administrative Templates\Microsoft Office Word 2007\Disable items in user interface\Predefined\Disable commands - Developer | Code | Macro Security CCE-1306-0CCE-1306nThe "Disable commands - Developer | Code | Visual Basic" setting should be configured correctly for Word 2007.User Configuration\Administrative Templates\Microso< ft Office Word 2007\Disable items in user interface\Predefined\Disable commands - Developer | Code | Visual Basic CCE-1548-7CCE-1548xThe "Disable commands - Developer | Templates | Document Template" setting should be configured correctly for Word 2007.User Configuration\Administrative Templates\Microsoft Office Word 2007\Disable items in user interface\Predefined\Disable commands - Developer | Templates | Document Template CCE-1716-0CCE-1716QThe "Disable shortcut keys" setting should be configured correctly for Word 2007.User Configuration\Administrative Templates\Microsoft Office Word 2007\Disable items in user interface\Predefined\Disable shortcut keys CCE-1597-4CCE-1597rThe "Disable shortcut keys - Ctrl+F (Home | Editing | Find)" setting should be configured correctly for Word 2007.User Configuration\Administrative Templates\Microsoft Office Word 2007\Disable items in user interface\Predefined\Disable shortcut keys - Ctrl+F (Home | Editing | Find) CCE-1689-9CCE-1689wThe "Disable shortcut keys - Ctrl+K (Insert | Links | Hyperlink)" setting should be configured correctly for Word 2007.User Configuration\Administrative Templates\Microsoft Office Word 2007\Disable items in user interface\Predefined\Disable shortcut keys - Ctrl+K (Insert | Links | Hyperlink) CCE-1570-1CCE-1570vThe "Disable shortcut keys - Alt+F8 (Developer | Code | Macros)" setting should be configured correctly for Word 2007.User Configuration\Administrative Templates\Microsoft Office Word 2007\Disable items in user interface\Predefined\Disable shortcut keys - Alt+F8 (Developer | Code | Macros) CCE-1720-2CCE-1720}The "Disable shortcut keys - Alt+F11 (Developer | Code | Visual Basic)" setting should be configured correctly for Word 2007.User Configuration\Administrative Templates\Microsoft Office Word 2007\Disable items in user interface\Predefined\Disable shortcut keys - Alt+F11 (Developer | Code | Visual Basic) CCE-1746-7CCE-1746The "Block opening of pre-release versions of file formats new to Word 2007" setting should be configured correctly for Word 2007.User Configuration\Administrative Templates\Microsoft Office Word 2007\Block file formats\Open\Block opening of pre-release versions of file formats new to Word 2007 CCE-1504-0CCE-1504`The "Block opening of Open XML file types" setting should be configured correctly for Word 2007.User Configuration\Administrative Templates\Microsoft Office Word 2007\Block file formats\Open\Block opening of Open XML file types CCE-1654-3CCE-1654^The "Block opening of Binary file types" setting should be configured correctly for Word 2007.User Configuration\Administrative Templates\Microsoft Office Word 2007\Block file formats\Open\Block opening of Binary file types CCE-1160-1CCE-1160\The "Block opening of HTML file types" setting should be configured correctly for Word 2007.User Configuration\Administrative Templates\Microsoft Office Word 2007\Block file formats\Open\Block opening of HTML file types CCE-958-9CCE-958eThe "Block opening of Word 2003 XML file types" setting should be configured correctly for Word 2007.User Configuration\Administrative Templates\Microsoft Office Word 2007\Block file formats\Open\Block opening of Word 2003 XML file types CCE-1579-2CCE-1579[The "Block opening of RTF file types" setting should be configured correctly for Word 2007.~User Configuration\Administrative Templates\Microsoft Office Word 2007\Block file formats\Open\Block opening of RTF file types CCE-984-5CCE-984QThe "Block open Converters" setting should be configured correctly for Word 2007.tUser Configuration\Administrative Templates\Microsoft Office Word 2007\Block file formats\Open\Block open Converters CCE-1072-8CCE-1072\The "Block opening of Text file types" setting should be configured correctly for Word 2007.User Configuration\Administrative Templates\Microsoft Office Word 2007\Block file formats\Open\Block opening of Text file types CCE-1503-2CCE-1503`The "Block opening of Internal file types" setting should be configured correctly for Word 2007.User Configuration\Administrative Templates\Microsoft Office Word 2007\Block file formats\Open\Block opening of Internal file types CCE-1371-4CCE-1371aThe "Block opening of files before version" setting should be configured correctly for Word 2007.User Configuration\Administrative Templates\Microsoft Office Word 2007\Block file formats\Open\Block opening of files before version CCE-1019-9CCE-1019_The "Block saving of Open XML file types" setting should be configured correctly for Word 2007.User Configuration\Administrative Templates\Microsoft Office Word 2007\Block file formats\Save\Block saving of Open XML file types CCE-1684-0CCE-1684]The "Block saving of Binary file types" setting should be configured correctly for Word 2007.User Configuration\Administrative Templates\Microsoft Office Word 2007\Block file formats\Save\Block saving of Binary file types CCE-1675-8CCE-1675[The "Block saving of HTML file types" setting should be configured correctly for Word 2007.~User Configuration\Administrative Templates\Microsoft Office Word 2007\Block file formats\Save\Block saving of HTML file types CCE-1200-5CCE-1200dThe "Block saving of Word 2003 XML file types" setting should be configured correctly for Word 2007.User Configuration\Administrative Templates\Microsoft Office Word 2007\Block file formats\Save\Block saving of Word 2003 XML file types CCE-1741-8CCE-1741ZThe "Block saving of RTF file types" setting should be configured correctly for Word 2007.}User Configuration\Administrative Templates\Microsoft Office Word 2007\Block file formats\Save\Block saving of RTF file types CCE-1231-0CCE-1231VThe "Block saving of Converters" setting should be configured correctly for Word 2007.yUser Configuration\Administrative Templates\Microsoft Office Word 2007\Block file formats\Save\Block saving of Converters CCE-1755-8CCE-1755[The "Block saving of Text file types" setting should be configured correctly for Word 2007.~User Configuration\Administrative Templates\Microsoft Office Word 2007\Block file formats\Save\Block saving of Text file types CCE-1169-2CCE-1169MThe InfoPath APTCA Assembly Whitelist setting should be configured correctly.Computer Configuration\Administrative Templates\Microsoft Office InfoPath 2007 (Machine)\Security\InfoPath APTCA Assembly Whitelist CCE-1735-0CCE-1735The Windows Internet Explorer Feature Control Opt-In (None | InfoPath.exe, Document Information Panel and Workflow forms | InfoPath.exe, Document Information Panel, Workflow forms and 3rd Party Hosting) setting should be configured correctly.(Computer Configuration\Administrative Templates\Microsoft Office InfoPath 2007 (Machine)\Security\Windows Internet Explorer Feature Control Opt-In (None | InfoPath.exe, Document Information Panel and Workflow forms | InfoPath.exe, Document Information Panel, Workflow forms and 3rd Party Hosting) CCE-1739-2CCE-1739YThe InfoPath APTCA Assembly Whitelist Enforcement setting should be configured correctly.Computer Configuration\Administrative Templates\Microsoft Office InfoPath 2007 (Machine)\Security\InfoPath APTCA Assembly Whitelist Enforcement CCE-933-2CCE-933BThe Disable Package Repair setting should be configured correctly.Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\Disable Package Repair CCE-1563-6CCE-1563JThe Disable user name and password setting should be configured correctly.Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Disable user name and password CCE-1215-3CCE-1215VThe Disable user name and password - excel.exe setting should be configured correctly.Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Disable user name and password - excel.exe CCE-1484-5CCE-1484YThe Disable user name and password - powerpnt.exe setting should be configure< d correctly.Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Disable user name and password - powerpnt.exe CCE-1629-5CCE-1629XThe Disable user name and password - pptview.exe setting should be configured correctly.Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Disable user name and password - pptview.exe CCE-1762-4CCE-1762XThe Disable user name and password - winword.exe setting should be configured correctly.Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Disable user name and password - winword.exe CCE-1660-0CCE-1660XThe Disable user name and password - outlook.exe setting should be configured correctly.Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Disable user name and password - outlook.exe CCE-1057-9CCE-1057YThe Disable user name and password - spDesign.exe setting should be configured correctly.Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Disable user name and password - spDesign.exe CCE-1285-6CCE-1285YThe Disable user name and password - msaccess.exe setting should be configured correctly.Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Disable user name and password - msaccess.exe CCE-1669-1CCE-1669:The Bind to object setting should be configured correctly.Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Bind to object CCE-1691-5CCE-1691FThe Bind to object - excel.exe setting should be configured correctly.Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Bind to object - excel.exe CCE-1338-3CCE-1338IThe Bind to object - powerpnt.exe setting should be configured correctly.Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Bind to object - powerpnt.exe CCE-1717-8CCE-1717HThe Bind to object - pptview.exe setting should be configured correctly.Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Bind to object - pptview.exe CCE-1488-6CCE-1488HThe Bind to object - winword.exe setting should be configured correctly.Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Bind to object - winword.exe CCE-1638-6CCE-1638HThe Bind to object - outlook.exe setting should be configured correctly.Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Bind to object - outlook.exe CCE-1647-7CCE-1647IThe Bind to object - spDesign.exe setting should be configured correctly.Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Bind to object - spDesign.exe CCE-1294-8CCE-1294IThe Bind to object - msaccess.exe setting should be configured correctly.Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Bind to object - msaccess.exe CCE-1193-2CCE-1193:The Saved from URL setting should be configured correctly.Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Saved from URL CCE-1352-4CCE-1352FThe Saved from URL - excel.exe setting should be configured correctly.Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Saved from URL - excel.exe CCE-928-2CCE-928IThe Saved from URL - powerpnt.exe setting should be configured correctly.Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Saved from URL - powerpnt.exe CCE-1576-8CCE-1576HThe Saved from URL - pptview.exe setting should be configured correctly.Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Saved from URL - pptview.exe CCE-1100-7CCE-1100Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Saved from URL - winword.exe CCE-1232-8CCE-1232HThe Saved from URL - outlook.exe setting should be configured correctly.Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Saved from URL - outlook.exe CCE-1774-9CCE-1774IThe Saved from URL - spDesign.exe setting should be configured correctly.Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Saved from URL - spDesign.exe CCE-906-8CCE-906IThe Saved from URL - msaccess.exe setting should be configured correctly.Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Saved from URL - msaccess.exe CCE-1034-8CCE-10348The Navigate URL setting should be configured correctly.Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Navigate URL CCE-1435-7CCE-1435DThe Navigate URL - excel.exe setting should be configured correctly.Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Navigate URL - excel.exe CCE-1708-7CCE-1708GThe Navigate URL - powerpnt.exe setting should be configured correctly.Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Navigate URL - powerpnt.exe CCE-808-6CCE-808FThe Navigate URL - pptview.exe setting should be configured correctly.Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Navigate URL - pptview.exe CCE-1650-1CCE-1650FThe Navigate URL - winword.exe setting should be configured correctly.Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Navigate URL - winword.exe CCE-1223-7CCE-1223FThe Navigate URL - outlook.exe setting should be configured correctly.Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Navigate URL - outlook.exe CCE-1764-0CCE-1764GThe Navigate URL - spDesign.exe setting should be configured correctly.Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Navigate URL - spDesign.exe CCE-1769-9CCE-1769GThe Navigate URL - msaccess.exe setting should be configured correctly.Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Navigate URL - msaccess.exe CCE-1152-8CCE-11528The Block popups setting should be configured correctly.Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Block popups CCE-1566-9CCE-1566DThe Block popups - excel.exe setting should be configured correctly.Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Block popups - excel.exe CCE-1077-7CCE-1077GThe Block popups - powerpnt.exe setting should be configured correctly.Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Block popups - powerpnt.exe CCE-1606-3CCE-1606FThe Block popups - pptview.exe setting should be configured correctly.Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Sec< urity\Block popups - pptview.exe CCE-1738-4CCE-1738FThe Block popups - winword.exe setting should be configured correctly.Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Block popups - winword.exe CCE-1262-5CCE-1262FThe Block popups - outlook.exe setting should be configured correctly.Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Block popups - outlook.exe CCE-1663-4CCE-1663GThe Block popups - spDesign.exe setting should be configured correctly.Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Block popups - spDesign.exe CCE-1544-6CCE-1544GThe Block popups - msaccess.exe setting should be configured correctly.Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Block popups - msaccess.exe CCE-1443-1CCE-1443iThe "Prevent users from customizing attachment security settings" setting should be configured correctly. CCE-1161-9CCE-1161KThe "Access: Macro Security Level" setting should be configured correctly. CCE-1421-7CCE-1421aThe "Access: Trust all installed add  ins and templates" setting should be configured correctly. CCE-1571-9CCE-1571IThe "Excel: Macro Security Level" setting should be configured correctly. CCE-1721-0CCE-1721`The "Excel: Trust all installed add  ins and templates" setting should be configured correctly. CCE-1602-2CCE-1602KThe "Outlook: Macro Security Level" setting should be configured correctly. CCE-1624-6CCE-1624`The "Outlook: Trust all installed add-ins and templates" setting should be configured correctly. CCE-1522-2CCE-1522MThe "Outlook virus security settings" setting should be configured correctly. CCE-1183-3CCE-1183EThe "S/MIME receipt requests" setting should be configured correctly. CCE-1611-3CCE-1611NThe "PowerPoint: Macro Security Level" setting should be configured correctly. CCE-1633-7CCE-1633eThe "PowerPoint: Trust all installed add  ins and templates" setting should be configured correctly. CCE-822-7CCE-822NThe "Publisher: Macro Security Level" setting should be configured correctly. CCE-1734-3CCE-1734bThe "Publisher: Trust all installed add ins and templates" setting should be configured correctly. CCE-1628-7CCE-1628HThe "Word: Macro Security Level" setting should be configured correctly. CCE-1761-6CCE-1761]The "Word: Trust all installed add ins and templates" setting should be configured correctly. CCE-1302-9CCE-1302[The "Store random number to improve merge accuracy" setting should be configured correctly. CCE-1307-8CCE-1307dThe "Prevent Users from Changing Office Encryption Settings" setting should be configured correctly.fQNIST SCAP Microsoft Internet Explorer Version 7.0 OVAL(SCAP-IE7-OVAL-Beta-v3.xml)SNIST SCAP Microsoft Internet Explorer Version 7.0 XCCDF (SCAP-IE7-XCCDF-Beta-v3.xmlBFDCC IE7 XCCDF (fdcc-accepted-content-20080110\fdcc-ie7-xccdf.xml)?FDCC IE7 OVAL (fdcc-accepted-content-20080110\fdcc-ie7-oval.xml CCE-4017-0CCE-5WThe "Security Zones: Use Only Machine Settings" setting should be configured correctly.:oval:org.mitre.oval:def:1277, oval:org.mitre.oval:def:2050SUseOnlyMachineSettings-LocalComputer, UseOnlyMachineSettings-LocalComputer-Disabled(use_only_machine_settings_local_computeroval:gov.nist.fdcc.ie7:def:1277 CCE-3924-8CCE-1196Internet Explorer Processes (Restrict ActiveX Install)oval:org.mitre.oval:def:6580IEProcesses-RestrictActiveXInstall-LocalComputer0IEProcesses_RestrictActiveXInstall_LocalComputeroval:gov.nist.fdcc.ie7:def:658 CCE-3929-7CCE-146dThe "Security Zones: Do Not Allow Users to Add/Delete Sites" setting should be configured correctly.oval:org.mitre.oval:def:1400+DoNotAllowUsersAddDeleteSites-LocalComputer+DoNotAllowUsersAddDeleteSites_LocalComputeroval:gov.nist.fdcc.ie7:def:1400 CCE-3576-6CCE-212kThe "Disable Periodic Check For Internet Explorer Software Updates" setting should be configured correctly.J HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\InfoDelivery\Restrictions\NoUpdateCheck Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer, Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions\NoUpdateCheckoval:org.mitre.oval:def:13576DisablePeriodicCheckForIESoftwareUpdates-LocalComputer6DisablePeriodicCheckForIESoftwareUpdates_LocalComputeroval:gov.nist.fdcc.ie7:def:1357 CCE-4043-6CCE-3477Internet Explorer Processes (Zone Elevation Protection)oval:org.mitre.oval:def:6205IEProcesses_ProtectionFromZoneElevation_LocalComputeroval:gov.nist.fdcc.ie7:def:620 CCE-4047-7CCE-382dThe "Internet Explorer Processes (Consistent MIME Handling)" setting should be configured correctly.oval:org.mitre.oval:def:8840IEProcesses-ConsistentMimeHandling-LocalComputer0IEProcesses_ConsistentMimeHandling_LocalComputeroval:gov.nist.fdcc.ie7:def:884 CCE-3941-2CCE-449oThe "Allow Software to Run or Install Even if the Signature is Invalid" setting should be configured correctly.9oval:org.mitre.oval:def:680, oval:org.mitre.oval:def:1392tAllowSoftwareRunInstallSignatureInvalid-LocalComputer, AllowSoftwareToRununOrInstallEvenIfSignatureInvalid-LocalUser5AllowSoftwareRunInstallSignatureInvalid_LocalComputeroval:gov.nist.fdcc.ie7:def:680 CCE-3338-1CCE-591WThe "Internet Explorer Processes (MK Protocol)" setting should be configured correctly.oval:org.mitre.oval:def:6177IEProcesses-MKProtocolSecurityRestriction-LocalComputer7IEProcesses_MKProtocolSecurityRestriction_LocalComputeroval:gov.nist.fdcc.ie7:def:617 CCE-4118-6CCE-622kThe "Disable Software Update Shell Notifications on Program Launch" setting should be configured correctly.oval:org.mitre.oval:def:11885DisableSoftwareUpdateShellNotifications-LocalComputer5DisableSoftwareUpdateShellNotifications_LocalComputeroval:gov.nist.fdcc.ie7:def:1188 CCE-4122-8CCE-668bThe "Internet Explorer Processes (Restrict File Download)" setting should be configured correctly.oval:org.mitre.oval:def:320.IEProcesses-RestrictFileDownload-LocalComputer.IEProcesses_RestrictFileDownload_LocalComputeroval:gov.nist.fdcc.ie7:def:320 CCE-3518-8CCE-684gThe "Disable Automatic Install of Internet Explorer Components" setting should be configured correctly.oval:org.mitre.oval:def:11983DisableAutomaticInstallOfIEComponents-LocalComputer3DisableAutomaticInstallOfIEComponents_LocalComputeroval:gov.nist.fdcc.ie7:def:1198 CCE-3201-1CCE-693dThe "Make Proxy Settings Per-Machine (Rather Then Per-User)" setting should be configured correctly.oval:org.mitre.oval:def:1181)MakeProxySettingsPerMachine-LocalComputer)MakeProxySettingsPerMachine_LocalComputeroval:gov.nist.fdcc.ie7:def:1181 CCE-3744-0CCE-708]The "Do Not Allow Users to enable or Disable Add-Ons" setting should be configured correctly.Xoval:org.mitre.oval:def:1380, oval:org.mitre.oval:def:1358, oval:org.mitre.oval:def:1694^DoNotAllowUsersEnableDisableAddOns-LocalComputer, DoNotAllowUsersEnableDisableAddOns-LocalUser0DoNotAllowUsersEnableDisableAddOns_LocalComputeroval:gov.nist.fdcc.ie7:def:1694 CCE-3894-3CCE-753FThe "Turn Off Crash Detection" setting should be configured correctly.oval:org.mitre.oval:def:487#TurnOffCrashDetection-LocalComputer#TurnOffCrashDetection_LocalComputeroval:gov.nist.fdcc.ie< 7:def:487 CCE-4162-4CCE-827qThe "Internet Explorer Processes (Scripted Window Security Restrictions)" setting should be configured correctly.oval:org.mitre.oval:def:465<IEProcesses-ScriptedWindowSecurityRestrictions-LocalComputer<IEProcesses_ScriptedWindowSecurityRestrictions_LocalComputeroval:gov.nist.fdcc.ie7:def:465 CCE-3933-9CCE-833cThe "Security Zones: Do Not Allow Users to Change Policies" setting should be configured correctly.oval:org.mitre.oval:def:1404+DoNotAllowUsersChangePolicies-LocalComputer+DoNotAllowUsersChangePolicies_LocalComputeroval:gov.nist.fdcc.ie7:def:1404 CCE-4149-1CCE-985YThe "Internet Explorer Processes (MIME Sniffing)" setting should be configured correctly.oval:org.mitre.oval:def:3173IEProcesses-MimeSniffingSafetyFeature-LocalComputer3IEProcesses_MimeSniffingSafetyFeature_LocalComputeroval:gov.nist.fdcc.ie7:def:317 CCE-4026-1CCE-1025XThe "Check for Signature on Downloaded Programs" setting should be configured correctly.oval:org.mitre.oval:def:395.CheckSignatureDownloadedPrograms-LocalComputer.CheckSignatureDownloadedPrograms_LocalComputeroval:gov.nist.fdcc.ie7:def:395 CCE-4171-5CCE-42_The "Do Not Allow Resetting Internet Explorer Settings" setting should be configured correctly.oval:org.mitre.oval:def:583+DoNotAllowResettingIESettings-LocalComputer+DoNotAllowResettingIESettings_LocalComputeroval:gov.nist.fdcc.ie7:def:583 CCE-4109-5CCE-49The "Allow cut, copy, or paste operations from the clipboard via script" setting should be configured correctly for the Internet Zone.8oval:org.mitre.oval:def:506, oval:org.mitre.oval:def:533AllowCutCopyPasteOperationsFromClipboardViaScript-InternetZone-LocalComputer, AllowCutCopyPasteOperationsFromClipboardViaScript-InternetZone-LocalUserVallow_cut_copy_paste_operations_from_clipboard_via_script_internet_zone_local_computeroval:gov.nist.fdcc.ie7:def:506 CCE-3378-7CCE-863^The "Turn Off First- Run Opt-In" setting should be configured correctly for the Internet Zone.oval:org.mitre.oval:def:11191TurnOffFirst-RunOpt-In-InternetZone-LocalComputer/TurnOffFirstRunOptIn_InternetZone_LocalComputeroval:gov.nist.fdcc.ie7:def:1119 CCE-4131-9CCE-286\The "Web Browser Applications" setting should be configured correctly for the Internet Zone.oval:org.mitre.oval:def:2421WebBrowserApplications-InternetZone-LocalComputer1WebBrowserApplications_InternetZone_LocalComputeroval:gov.nist.fdcc.ie7:def:242 CCE-4013-9CCE-1031The "Allow cut, copy, or paste operations from the clipboard via script" setting should be configured correctly for the Restricted Sites Zone.9oval:org.mitre.oval:def:249, oval:org.mitre.oval:def:1393AllowCutCopyPasteOperationsFromClipboardViaScript-RestrictedSitesZone-LocalComputer, AllowCutCopyPasteOperationsFromClipboardViaScript-RestrictedSitesZone-LocalUserSAllowCutCopyPasteOperationsFromClipboardViaScript_RestrictedSitesZone_LocalComputeroval:gov.nist.fdcc.ie7:def:249 CCE-4153-3CCE-200fThe "Turn Off First- Run Opt-In" setting should be configured correctly for the Restricted Sites Zone.oval:org.mitre.oval:def:6218TurnOffFirst-RunOpt-In-RestrictedSitesZone-LocalComputer6TurnOffFirstRunOptIn_RestrictedSitesZone_LocalComputeroval:gov.nist.fdcc.ie7:def:621 CCE-4052-7CCE-51dThe "Web Browser Applications" setting should be configured correctly for the Restricted Sites Zone.oval:org.mitre.oval:def:5808WebBrowserApplications-RestrictedSitesZone-LocalComputer8WebBrowserApplications_RestrictedSitesZone_LocalComputeroval:gov.nist.fdcc.ie7:def:580 CCE-4175-6CCE-876^The "Intranet Sites: Include all network paths (UNCs)" setting should be configured correctly.9oval:org.mitre.oval:def:559, oval:org.mitre.oval:def:1370FIncludeAllNetworkPaths-LocalComputer, IncludeAllNetworkPaths-LocalUser(include_all_network_paths_local_computeroval:gov.nist.fdcc.ie7:def:559 CCE-3695-4CCE-810GThe "Disable the Advanced Page" setting should be configured correctly.8oval:org.mitre.oval:def:934, oval:org.mitre.oval:def:660FDisableTheAdvancedPage-LocalComputer, DisableTheAdvancedPage-LocalUser CCE-3777-0CCE-811FThe "Disable the Privacy Page" setting should be configured correctly.oval:org.mitre.oval:def:1111#DisableThePrivacyPage-LocalComputer CCE-3433-0CCE-595GThe "Disable the Security Page" setting should be configured correctly.8oval:org.mitre.oval:def:672, oval:org.mitre.oval:def:601FDisableTheSecurityPage-LocalComputer, DisableTheSecurityPage-LocalUser CCE-4199-6CCE-938PThe "Prevent Ignoing Certificate Errors" setting should be configured correctly.9oval:org.mitre.oval:def:655, oval:org.mitre.oval:def:1129XPreventIgnoingCertificateErrors-LocalComputer, PreventIgnoingCertificateErrors-LocalUser2prevent_ignoring_certificate_errors_local_computeroval:gov.nist.fdcc.ie7:def:655 CCE-3204-5CCE-946The "Turn Off changing the URL to be displayed for checking updates to Internet Explorer and Internet Tools" setting should be configured correctly.oval:org.mitre.oval:def:715'TurnOffChangingURLDisplay-LocalComputer'TurnOffChangingURLDisplay_LocalComputeroval:gov.nist.fdcc.ie7:def:715 CCE-4098-0CCE-237fThe "Turn Off Configuring the Update Check Interval (In Days)" setting should be configured correctly.oval:org.mitre.oval:def:11873TurnOffConfiguringUpdateCheckInterval-LocalComputer3TurnOffConfiguringUpdateCheckInterval_LocalComputeroval:gov.nist.fdcc.ie7:def:1187 CCE-3741-6CCE-5419The "Add-on List" setting should be configured correctly.oval:org.mitre.oval:def:626AddOnList-LocalComputer CCE-3997-4CCE-911mThe "Deny all add-ons unless specifically allowed in the Add-on List" setting should be configured correctly.oval:org.mitre.oval:def:1278DenyAllAddOns-LocalComputer CCE-4001-4CCE-66KThe "Disable "Configuring History"" setting should be configured correctly.9oval:org.mitre.oval:def:757, oval:org.mitre.oval:def:1365LDisableConfiguringHistory-LocalComputer, DisableConfiguringHistory-LocalUser'DisableConfiguringHistory_LocalComputeroval:gov.nist.fdcc.ie7:def:757 CCE-4147-5CCE-471_The "Disable Changing Automatic Configuration Settings" setting should be configured correctly.9oval:org.mitre.oval:def:1285, oval:org.mitre.oval:def:613tDisableChangingAutomaticConfigurationSettings-LocalComputer, DisableChangingAutomaticConfigurationSettings-LocalUser;DisableChangingAutomaticConfigurationSettings_LocalComputeroval:gov.nist.fdcc.ie7:def:1285 CCE-4059-2CCE-611RThe "Disable Changing Connection Settings" setting should be configured correctly.9oval:org.mitre.oval:def:355, oval:org.mitre.oval:def:1128\DisableChangingConnectionSettings-LocalComputer, DisableChangingConnectionSettings-LocalUser CCE-3935-4CCE-62MThe "Disable Changing Proxy Settings" setting should be configured correctly.8oval:org.mitre.oval:def:398, oval:org.mitre.oval:def:635RDisableChangingProxySettings-LocalComputer, DisableChangingProxySettings-LocalUser CCE-3706-9CCE-556OThe "Disable Showing the Splash Screen" setting should be configured correctly.oval:org.mitre.oval:def:1164(DisableShowingSplashScreen-LocalComputer(DisableShowingSplashScreen_LocalComputeroval:gov.nist.fdcc.ie7:def:1164 CCE-3975-0CCE-948RThe "Prevent "Fix settings" Functionality" setting should be configured correctly.8oval:org.mitre.oval:def:448, oval:org.mitre.oval:def:640XPreventFixSettingsFunctionality-LocalComputer, PreventFixSettingsFunctionality-LocalUser CCE-3993-3CCE-495sThe "Prevent participation in the Customer Experience Improvement Programs" setting should be configured correctly.:oval:org.mitre.oval:def:1171, oval:org.mitre.oval:def:1391PreventParticipationInCustomerExperienceImprovementPrograms-LocalComputer, PreventParticipationInCustomerExperienceImprovementPrograms-LocalUserIPreventParticipationInCustomerExperienceImprovementPrograms_LocalComputeroval:gov.nist.fdcc.ie7:def:1171 CCE-3207-8CCE-1006aThe "Prevent performance of First Run Customize settings" setting should be configured correctly.< oval:org.mitre.oval:def:1322;PreventPerformanceOfFirstRunCustomizeSettings-LocalComputer;PreventPerformanceOfFirstRunCustomizeSettings_LocalComputeroval:gov.nist.fdcc.ie7:def:1322 CCE-4073-3CCE-909lThe "Prevent the deletation of temporary internet files and cookies" setting should be configured correctly.9oval:org.mitre.oval:def:1382, oval:org.mitre.oval:def:703bPerventDeletationOfTempInternetFiles-LocalComputer, PerventDeletationOfTempInternetFiles-LocalUser CCE-3615-2CCE-1010^The "Turn off "Delete Browsing History" functionality" setting should be configured correctly.9oval:org.mitre.oval:def:458, oval:org.mitre.oval:def:1474lTurnOffDeleteBrowsingHistoryFunctionality-LocalComputer, TurnOffDeleteBrowsingHistoryFunctionality-LocalUser7TurnOffDeleteBrowsingHistoryFunctionality_LocalComputeroval:gov.nist.fdcc.ie7:def:458 CCE-3866-1CCE-1032OThe "Turn off Managing Phishing Filter" setting should be configured correctly.oval:org.mitre.oval:def:501+TurnOffManagingPhishingFilter-LocalComputer+TurnOffManagingPhishingFilter_LocalComputeroval:gov.nist.fdcc.ie7:def:501 CCE-3875-2CCE-1054ZThe "Turn off the Security Settings Check feature" setting should be configured correctly.9oval:org.mitre.oval:def:916, oval:org.mitre.oval:def:1034`TurnOffSecuritySettingsCheckFeature-LocalComputer, TurnOffSecuritySettingsCheckFeature-LocalUser1TurnOffSecuritySettingsCheckFeature_LocalComputeroval:gov.nist.fdcc.ie7:def:916 CCE-4174-9CCE-964cThe "Allow Active Content from CD's to Run on User Machine" setting should be configured correctly.oval:org.mitre.oval:def:400&AllowActiveContentFromCD-LocalComputer&AllowActiveContentFromCD_LocalComputeroval:gov.nist.fdcc.ie7:def:400 CCE-4192-1CCE-598SThe "Enable third-party browser extensions" setting should be configured correctly.oval:org.mitre.oval:def:110/AllowThird-PartyBrowserExtensions-LocalComputer/AllowThird-PartyBrowserExtensions_LocalComputeroval:gov.nist.fdcc.ie7:def:110 CCE-3584-0CCE-1008_The "Automatically Check for Internet Explorer Updates" setting should be configured correctly.9oval:org.mitre.oval:def:656, oval:org.mitre.oval:def:1360SAutomaticallyCheckIEUpdates-LocalComputer, AutomaticallyCheckForIEUpdates-LocalUser)AutomaticallyCheckIEUpdates_LocalComputeroval:gov.nist.fdcc.ie7:def:656 CCE-3976-8CCE-690UThe "Check for Server Certificate Revocation" setting should be configured correctly.9oval:org.mitre.oval:def:172, oval:org.mitre.oval:def:1502]CheckServerCertificateRevocation-LocalComputer, CheckForServerCertificateRevocation-LocalUser.CheckServerCertificateRevocation_LocalComputeroval:gov.nist.fdcc.ie7:def:172 CCE-3853-9CCE-47fThe "Access data sources across domains" setting should be configured correctly for the Internet Zone.enabled/disabled/prompt8oval:org.mitre.oval:def:674, oval:org.mitre.oval:def:650pAccessDataSourcesAcrossDomains-InternetZone-LocalComputer, AccessDataSourcesAcrossDomains-InternetZone-LocalUser?access_data_sources_across_domains_internet_zone_local_computeroval:gov.nist.fdcc.ie7:def:674 CCE-3998-2CCE-685iThe "Drag and drop or copy and paste files" setting should be configured correctly for the Internet Zone.9oval:org.mitre.oval:def:1083, oval:org.mitre.oval:def:547nAllowDragDropOrCopyPasteFiles-InternetZone-LocalComputer, AllowDragDropOrCopyPasteFiles-InternetZone-LocalUser8AllowDragDropOrCopyPasteFiles_InternetZone_LocalComputeroval:gov.nist.fdcc.ie7:def:1083 CCE-3888-5CCE-491QThe "Font download" setting should be configured correctly for the Internet Zone.8oval:org.mitre.oval:def:524, oval:org.mitre.oval:def:659XAllowFontDownloads-InternetZone-LocalComputer, AllowFontDownloads-InternetZone-LocalUser-AllowFontDownloads_InternetZone_LocalComputeroval:gov.nist.fdcc.ie7:def:524 CCE-3906-5CCE-355aThe "Installation of desktop items" setting should be configured correctly for the Internet Zone.8oval:org.mitre.oval:def:223, oval:org.mitre.oval:def:541rAllowInstallationOfDesktopItems-InternetZone-LocalComputer, AllowInstallationOfDesktopItems-InternetZone-LocalUser:AllowInstallationOfDesktopItems_InternetZone_LocalComputeroval:gov.nist.fdcc.ie7:def:223 CCE-4099-8CCE-280The "Allow script-initiated windows without size or position constraints" setting should be configured correctly for the Internet Zone.9oval:org.mitre.oval:def:589, oval:org.mitre.oval:def:1476AllowScriptInitiatedWindowsWithoutSizeOrPositionConstraints-InternetZone-LocalComputer, AllowScriptInitiatedWindowsWithoutSizeOrPositionConstraints-InternetZone-LocalUserVAllowScriptInitiatedWindowsWithoutSizeOrPositionConstraints_InternetZone_LocalComputeroval:gov.nist.fdcc.ie7:def:589 CCE-3601-2CCE-439TThe "Allow Scriptlets" setting should be configured correctly for the Internet Zone.oval:org.mitre.oval:def:1043*AllowScriptlets-InternetZone-LocalComputer-allow_scriptlets_internet_zone_local_computeroval:gov.nist.fdcc.ie7:def:1043 CCE-3249-0CCE-914gThe "Allow status bar updates via script" setting should be configured correctly for the Internet Zone.9oval:org.mitre.oval:def:226, oval:org.mitre.oval:def:1208pAllowStatusBarUpdatesViaScript-InternetZone-LocalComputer, AllowStatusBarUpdatesViaScript-InternetZone-LocalUser@allow_status_bar_updates_via_script_internet_zone_local_computeroval:gov.nist.fdcc.ie7:def:226 CCE-4139-2CCE-16jThe "Automatic prompting for file downloads" setting should be configured correctly for the Internet Zone.9oval:org.mitre.oval:def:1113, oval:org.mitre.oval:def:562rAutomaticPromptingFileDownloads-InternetZone-LocalComputer, AutomaticPromptingFileDownloads-InternetZone-LocalUser:AutomaticPromptingFileDownloads_InternetZone_LocalComputeroval:gov.nist.fdcc.ie7:def:1113 CCE-3927-1CCE-1013dThe "Download signed ActiveX controls" setting should be configured correctly for the Internet Zone.9oval:org.mitre.oval:def:1199, oval:org.mitre.oval:def:546nDownloadSignedActiveXControls-InternetZone-LocalComputer, DownloadSignedActiveXControls-InternetZone-LocalUser;download_signed_activex_controls_InternetZone_LocalComputeroval:gov.nist.fdcc.ie7:def:1199 CCE-3945-3CCE-176fThe "Download unsigned ActiveX controls" setting should be configured correctly for the Internet Zone.9oval:org.mitre.oval:def:391, oval:org.mitre.oval:def:1200rDownloadUnsignedActiveXControls-InternetZone-LocalComputer, DownloadUnsignedActiveXControls-InternetZone-LocalUser:DownloadUnsignedActiveXControls_InternetZone_LocalComputeroval:gov.nist.fdcc.ie7:def:391 CCE-4068-3CCE-586The "Initialize and script ActiveX controls not marked as safe for scripting" setting should be configured correctly for the Internet Zone.9oval:org.mitre.oval:def:1040, oval:org.mitre.oval:def:739InitializeScriptActiveXControlsNotMarkedAsSafe-InternetZone-LocalComputer, JavaPermissions-InternetZone-LocalComputer, InitializeScriptActiveXControlsNotMarkedAsSafe-InternetZone-LocalUserIInitializeScriptActiveXControlsNotMarkedAsSafe_InternetZone_LocalComputeroval:gov.nist.fdcc.ie7:def:1040 CCE-3963-6CCE-132TThe "Java permissions" setting should be configured correctly for the Internet Zone.8Custom/Disable Java/High safety/Low safety/Medium safety9oval:org.mitre.oval:def:1174, oval:org.mitre.oval:def:725&JavaPermissions-InternetZone-LocalUser-java_permissions_internet_zone_local_computeroval:gov.nist.fdcc.ie7:def:1174 CCE-4104-6CCE-689mThe "Launching programs and files in an IFRAME" setting should be configured correctly for the Internet Zone.9oval:org.mitre.oval:def:611, oval:org.mitre.oval:def:1487~LaunchingApplicationsAndFilesInIFRAME-InternetZone-LocalComputer, LaunchingApplicationsAndFilesInIFRAME-InternetZone-LocalUser@LaunchingApplicationsAndFilesInIFRAME_InternetZone_LocalComputeroval:gov.nist.fdcc.ie7:def:611 CCE-3623-6CCE-720IThe "Logon" setting should be configured correctly for the Internet Zone.Anonymous logon/Automatic logon only in Intranet zone/Automatic logon with current user name and password/Prompt for user name and password9oval:org.mitr< e.oval:def:691, oval:org.mitre.oval:def:1123LLogonOptions-InternetZone-LocalComputer, LogonOptions-InternetZone-LocalUser'LogonOptions_InternetZone_LocalComputeroval:gov.nist.fdcc.ie7:def:691 CCE-3751-5CCE-126NThe "Loose XAML" setting should be configured correctly for the Internet Zone.oval:org.mitre.oval:def:240)LooseXAMLFiles-InternetZone-LocalComputer)LooseXAMLFiles_InternetZone_LocalComputeroval:gov.nist.fdcc.ie7:def:240 CCE-4143-4CCE-245pThe "Navigate sub-frames across different domains" setting should be configured correctly for the Internet Zone.9oval:org.mitre.oval:def:612, oval:org.mitre.oval:def:1394NavigateSub-framesAcrossDifferentDomains-InternetZone-LocalComputer, NavigateSub-framesAcrossDifferentDomains-InternetZone-LocalUserInavigate_sub_frames_across_different_domains_Internet_zone_local_computeroval:gov.nist.fdcc.ie7:def:612 CCE-4161-6CCE-910sThe "Open files based on content, not file extension" setting should be configured correctly for the Internet Zone.9oval:org.mitre.oval:def:953, oval:org.mitre.oval:def:1300bOpenFilesBasedOnContent-InternetZone-LocalComputer, OpenFilesBasedOnContent-InternetZone-LocalUser2OpenFilesBasedOnContent_InternetZone_LocalComputeroval:gov.nist.fdcc.ie7:def:953 CCE-3553-5CCE-359`The "Software channel permissions" setting should be configured correctly for the Internet Zone.$High safety/low safety/medium safety9oval:org.mitre.oval:def:302, oval:org.mitre.oval:def:1398hSoftwareChannelPermissions-InternetZone-LocalComputer, SoftwareChannelPermissions-InternetZone-LocalUser5SoftwareChannelPermissions_InternetZone_LocalComputeroval:gov.nist.fdcc.ie7:def:302 CCE-3619-4CCE-1002VThe "Use Pop-up Blocker" setting should be configured correctly for the Internet Zone.9oval:org.mitre.oval:def:1179, oval:org.mitre.oval:def:558TUsePop-upBlocker-InternetZone-LocalComputer, UsePop-upBlocker-InternetZone-LocalUser+UsePop-upBlocker_InternetZone_LocalComputeroval:gov.nist.fdcc.ie7:def:1179 CCE-3914-9CCE-425XThe "Userdata persistence" setting should be configured correctly for the Internet Zone.oval:org.mitre.oval:def:1108.UserdataPersistence-InternetZone-LocalComputer.UserdataPersistence_InternetZone_LocalComputeroval:gov.nist.fdcc.ie7:def:1108 CCE-3570-9CCE-724The "Web sites in less privileged Web content zones can navigate into this zone" setting should be configured correctly for the Internet Zone.9oval:org.mitre.oval:def:265, oval:org.mitre.oval:def:1432WebSitesInLessPrivilegedWebContentZonesCanNavigateIntoThisZone-InternetZone-LocalComputer, WebSitesInLessPrivilegedWebContentZonesCanNavigateIntoThisZone-InternetZone-LocalUserYWebSitesInLessPrivilegedWebContentZonesCanNavigateIntoThisZone_InternetZone_LocalComputeroval:gov.nist.fdcc.ie7:def:265 CCE-3843-0CCE-1015QThe "XPS documents" setting should be configured correctly for the Internet Zone.oval:org.mitre.oval:def:628#XPSFiles-InternetZone-LocalComputer CCE-3984-2CCE-878YThe "Display mixed content" setting should be configured correctly for the Internet Zone.oval:org.mitre.oval:def:2458DisplayMixedContent-LockedDownInternetZone-LocalComputer>display_mixed_content_locked_down_internet_zone_local_computeroval:gov.nist.fdcc.ie7:def:245 CCE-3989-1CCE-288YThe "Display mixed content" setting should be configured correctly for the Intranet Zone.oval:org.mitre.oval:def:1166.DisplayMixedContent-IntranetZone-LocalComputer2display_mixed_content_intranet_zone_local_computeroval:gov.nist.fdcc.ie7:def:1166 CCE-4121-0CCE-552eThe "Display mixed content" setting should be configured correctly for the Locked Down Intranet Zone.oval:org.mitre.oval:def:2478DisplayMixedContent-LockedDownIntranetZone-LocalComputer<display_mixed_content-LockedDownintranet_zone_local_computeroval:gov.nist.fdcc.ie7:def:247 CCE-4138-4CCE-473^The "Display mixed content" setting should be configured correctly for the Local Machine Zone.oval:org.mitre.oval:def:3832DisplayMixedContent-LocalMachineZone-LocalComputer7display_mixed_content-local_machine_zone_local_computeroval:gov.nist.fdcc.ie7:def:383 CCE-4028-7CCE-239jThe "Display mixed content" setting should be configured correctly for the Locked Down Local Machine Zone.oval:org.mitre.oval:def:418<DisplayMixedContent-LockedDownLocalMachineZone-LocalComputerAdisplay_mixed_content-LockedDownlocal_machine_zone_local_computeroval:gov.nist.fdcc.ie7:def:418 CCE-3905-7CCE-636nThe "Access data sources across domains" setting should be configured correctly for the Restricted Sites Zone.8oval:org.mitre.oval:def:652, oval:org.mitre.oval:def:750~AccessDataSourcesAcrossDomains-RestrictedSitesZone-LocalComputer, AccessDataSourcesAcrossDomains-RestrictedSitesZone-LocalUser@AccessDataSourcesAcrossDomains_RestrictedSitesZone_LocalComputeroval:gov.nist.fdcc.ie7:def:652 CCE-4050-1CCE-292\The "Active scripting" setting should be configured correctly for the Restricted Sites Zone.8oval:org.mitre.oval:def:293, oval:org.mitre.oval:def:561jAllowActiveScripting-RestrictedSitesZone-LocalComputer, AllowActiveScripting-RestrictedSitesZone-LocalUser6AllowActiveScripting_RestrictedSitesZone_LocalComputeroval:gov.nist.fdcc.ie7:def:293 CCE-4196-2CCE-178gThe "Binary and script behaviors" setting should be configured correctly for the Restricted Sites Zone.'Administrator approved/enabled/disabled9oval:org.mitre.oval:def:365, oval:org.mitre.oval:def:1314|AllowBinaryAndScriptBehaviors-RestrictedSitesZone-LocalComputer, AllowBinaryAndScriptBehaviors-RestrictedSitesZone-LocalUser?AllowBinaryAndScriptBehaviors_RestrictedSitesZone_LocalComputeroval:gov.nist.fdcc.ie7:def:365 CCE-3337-3CCE-41qThe "Drag and drop or copy and paste files" setting should be configured correctly for the Restricted Sites Zone.9oval:org.mitre.oval:def:498, oval:org.mitre.oval:def:1465|AllowDragDropOrCopyPasteFiles-RestrictedSitesZone-LocalComputer, AllowDragDropOrCopyPasteFiles-RestrictedSitesZone-LocalUser?AllowDragDropOrCopyPasteFiles_RestrictedSitesZone_LocalComputeroval:gov.nist.fdcc.ie7:def:498 CCE-4150-9CCE-970YThe "File download" setting should be configured correctly for the Restricted Sites Zone.:oval:org.mitre.oval:def:1184, oval:org.mitre.oval:def:1318fAllowFileDownloads-RestrictedSitesZone-LocalComputer, AllowFileDownloads-RestrictedSitesZone-LocalUser4AllowFileDownloads_RestrictedSitesZone_LocalComputeroval:gov.nist.fdcc.ie7:def:1184 CCE-4062-6CCE-882YThe "Font download" setting should be configured correctly for the Restricted Sites Zone.:oval:org.mitre.oval:def:1109, oval:org.mitre.oval:def:1410fAllowFontDownloads-RestrictedSitesZone-LocalComputer, AllowFontDownloads-RestrictedSitesZone-LocalUser4AllowFontDownloads_RestrictedSitesZone_LocalComputeroval:gov.nist.fdcc.ie7:def:1109 CCE-4079-0CCE-763iThe "Installation of desktop items" setting should be configured correctly for the Restricted Sites Zone.9oval:org.mitre.oval:def:251, oval:org.mitre.oval:def:1257AllowInstallationOfDesktopItems-RestrictedSitesZone-LocalComputer, AllowInstallationOfDesktopItems-RestrictedSitesZone-LocalUserAAllowInstallationOfDesktopItems_RestrictedSitesZone_LocalComputeroval:gov.nist.fdcc.ie7:def:251 CCE-4084-0CCE-680^The "Allow META REFRESH" setting should be configured correctly for the Restricted Sites Zone.:oval:org.mitre.oval:def:1218, oval:org.mitre.oval:def:1270bAllowMETAREFRESH-RestrictedSitesZone-LocalComputer, AllowMETAREFRESH-RestrictedSitesZone-LocalUser2AllowMETAREFRESH_RestrictedSitesZone_LocalComputeroval:gov.nist.fdcc.ie7:def:1218 CCE-4119-4CCE-208The "Allow script-initiated windows without size or position constraints" setting should be configured correctly for the Restricted Sites Zone.9oval:org.mitre.oval:def:1234, oval:org.mitre.oval:def:574AllowScriptInitiatedWindowsWithoutSizeOrPositionConstraints-RestrictedSitesZone-LocalComputer, AllowScriptInitiatedWindowsWithoutSizeOrPositionConstraints-RestrictedSitesZone-LocalUser]AllowScriptInitiatedWindowsWithoutSizeOrPositionCo< nstraints_RestrictedSitesZone_LocalComputeroval:gov.nist.fdcc.ie7:def:1234 CCE-3639-2CCE-838\The "Allow Scriptlets" setting should be configured correctly for the Restricted Sites Zone.oval:org.mitre.oval:def:12171AllowScriptlets-RestrictedSitesZone-LocalComputer CCE-4031-1CCE-129oThe "Allow status bar updates via script" setting should be configured correctly for the Restricted Sites Zone.9oval:org.mitre.oval:def:378, oval:org.mitre.oval:def:1320~AllowStatusBarUpdatesViaScript-RestrictedSitesZone-LocalComputer, AllowStatusBarUpdatesViaScript-RestrictedSitesZone-LocalUser@AllowStatusBarUpdatesViaScript_RestrictedSitesZone_LocalComputeroval:gov.nist.fdcc.ie7:def:378 CCE-4053-5CCE-175rThe "Automatic prompting for file downloads" setting should be configured correctly for the Restricted Sites Zone.9oval:org.mitre.oval:def:252, oval:org.mitre.oval:def:1312AutomaticPromptingFileDownloads-RestrictedSitesZone-LocalComputer, AutomaticPromptingFileDownloads-RestrictedSitesZone-LocalUserAAutomaticPromptingFileDownloads_RestrictedSitesZone_LocalComputeroval:gov.nist.fdcc.ie7:def:252 CCE-4057-6CCE-52lThe "Download signed ActiveX controls" setting should be configured correctly for the Restricted Sites Zone.:oval:org.mitre.oval:def:1019, oval:org.mitre.oval:def:1389|DownloadSignedActiveXControls-RestrictedSitesZone-LocalComputer, DownloadSignedActiveXControls-RestrictedSitesZone-LocalUserBdownload_signed_activex_controls_RestrictedSitesZone_LocalComputeroval:gov.nist.fdcc.ie7:def:1019 CCE-3564-2CCE-1012nThe "Download unsigned ActiveX controls" setting should be configured correctly for the Restricted Sites Zone.8oval:org.mitre.oval:def:949, oval:org.mitre.oval:def:579DownloadUnsignedActiveXControls-RestrictedSitesZone-LocalComputer, DownloadUnsignedActiveXControls-RestrictedSitesZone-LocalUserADownloadUnsignedActiveXControls_RestrictedSitesZone_LocalComputeroval:gov.nist.fdcc.ie7:def:949 CCE-4101-2CCE-26The "Initialize and script ActiveX controls not marked as safe for scripting" setting should be configured correctly for the Restricted Sites Zone.9oval:org.mitre.oval:def:273, oval:org.mitre.oval:def:1342InitializeScriptActiveXControlsNotMarkedAsSafe-RestrictedSitesZone-LocalComputer, InitializeScriptActiveXControlsNotMarkedAsSafe-RestrictedSitesZone-LocalUserPInitializeScriptActiveXControlsNotMarkedAsSafe_RestrictedSitesZone_LocalComputeroval:gov.nist.fdcc.ie7:def:273 CCE-3996-6CCE-925\The "Java permissions" setting should be configured correctly for the Restricted Sites Zone.8oval:org.mitre.oval:def:824, oval:org.mitre.oval:def:732`JavaPermissions-RestrictedSitesZone-LocalComputer, JavaPermissions-RestrictedSitesZone-LocalUser2java_permissions_RestrictedSitesZone_LocalComputeroval:gov.nist.fdcc.ie7:def:824 CCE-4066-7CCE-339uThe "Launching programs and files in an IFRAME" setting should be configured correctly for the Restricted Sites Zone.9oval:org.mitre.oval:def:274, oval:org.mitre.oval:def:1223LaunchingApplicationsAndFilesInIFRAME-RestrictedSitesZone-LocalComputer, LaunchingApplicationsAndFilesInIFRAME-RestrictedSitesZone-LocalUserGLaunchingApplicationsAndFilesInIFRAME_RestrictedSitesZone_LocalComputeroval:gov.nist.fdcc.ie7:def:274 CCE-3696-2CCE-128QThe "Logon" setting should be configured correctly for the Restricted Sites Zone.9oval:org.mitre.oval:def:326, oval:org.mitre.oval:def:1378ZLogonOptions-RestrictedSitesZone-LocalComputer, LogonOptions-RestrictedSitesZone-LocalUser.LogonOptions_RestrictedSitesZone_LocalComputeroval:gov.nist.fdcc.ie7:def:326 CCE-3590-7CCE-639VThe "Loose XAML" setting should be configured correctly for the Restricted Sites Zone.oval:org.mitre.oval:def:2750LooseXAMLFiles-RestrictedSitesZone-LocalComputer0LooseXAMLFiles_RestrictedSitesZone_LocalComputeroval:gov.nist.fdcc.ie7:def:275 CCE-4110-3CCE-995xThe "Navigate sub-frames across different domains" setting should be configured correctly for the Restricted Sites Zone.:oval:org.mitre.oval:def:1229, oval:org.mitre.oval:def:1292NavigateSub-framesAcrossDifferentDomains-RestrictedSitesZone-LocalComputer, NavigateSub-framesAcrossDifferentDomains-RestrictedSitesZone-LocalUserJNavigateSub-framesAcrossDifferentDomains_RestrictedSitesZone_LocalComputeroval:gov.nist.fdcc.ie7:def:1229 CCE-4132-7CCE-409{The "Open files based on content, not file extension" setting should be configured correctly for the Restricted Sites Zone.9oval:org.mitre.oval:def:706, oval:org.mitre.oval:def:1421pOpenFilesBasedOnContent-RestrictedSitesZone-LocalComputer, OpenFilesBasedOnContent-RestrictedSitesZone-LocalUser9OpenFilesBasedOnContent_RestrictedSitesZone_LocalComputeroval:gov.nist.fdcc.ie7:def:706 CCE-3400-9CCE-678wThe "Run components not signed with Authenticode" setting should be configured correctly for the Restricted Sites Zone.8oval:org.mitre.oval:def:329, oval:org.mitre.oval:def:599RunNETFrameworkReliantComponentsNotSignedWithAuthenticode-RestrictedSitesZone-LocalComputer, RunNETFrameworkReliantComponentsNotSignedWithAuthenticode-RestrictedSitesZone-LocalUser[RunNETFrameworkReliantComponentsNotSignedWithAuthenticode_RestrictedSitesZone_LocalComputeroval:gov.nist.fdcc.ie7:def:329 CCE-4158-2CCE-563sThe "Run components signed with Authenticode" setting should be configured correctly for the Restricted Sites Zone.9oval:org.mitre.oval:def:276, oval:org.mitre.oval:def:1428RunNETFrameworkReliantComponentsSignedWithAuthenticode-RestrictedSitesZone-LocalComputer, RunNETFrameworkReliantComponentsSignedWithAuthenticode-RestrictedSitesZone-LocalUserXRunNETFrameworkReliantComponentsSignedWithAuthenticode_RestrictedSitesZone_LocalComputeroval:gov.nist.fdcc.ie7:def:276 CCE-4163-2CCE-841lThe "Run ActiveX controls and plugins" setting should be configured correctly for the Restricted Sites Zone..Administrator approved/enabled/disabled/prompt9oval:org.mitre.oval:def:571, oval:org.mitre.oval:def:1594zRunActiveXControlsAndPlugins-RestrictedSitesZone-LocalComputer, RunActiveXControlsAndPlugins-RestrictedSitesZone-LocalUser>RunActiveXControlsAndPlugins_RestrictedSitesZone_LocalComputeroval:gov.nist.fdcc.ie7:def:571 CCE-4202-8CCE-973}The "Script ActiveX controls marked safe for scripting" setting should be configured correctly for the Restricted Sites Zone.9oval:org.mitre.oval:def:602, oval:org.mitre.oval:def:1274ScriptActiveXControlsMarkedSafeForScripting-RestrictedSitesZone-LocalComputer, ScriptActiveXControlsMarkedSafeForScripting-RestrictedSitesZone-LocalUserMScriptActiveXControlsMarkedSafeForScripting_RestrictedSitesZone_LocalComputeroval:gov.nist.fdcc.ie7:def:602 CCE-3216-9CCE-1000eThe "Scripting of Java applets" setting should be configured correctly for the Restricted Sites Zone.8oval:org.mitre.oval:def:280, oval:org.mitre.oval:def:641nScriptingOfJavaApplets-RestrictedSitesZone-LocalComputer, ScriptingOfJavaApplets-RestrictedSitesZone-LocalUser8ScriptingOfJavaApplets_RestrictedSitesZone_LocalComputeroval:gov.nist.fdcc.ie7:def:280 CCE-3855-4CCE-520hThe "Software channel permissions" setting should be configured correctly for the Restricted Sites Zone.9oval:org.mitre.oval:def:290, oval:org.mitre.oval:def:1214vSoftwareChannelPermissions-RestrictedSitesZone-LocalComputer, SoftwareChannelPermissions-RestrictedSitesZone-LocalUser<SoftwareChannelPermissions_RestrictedSitesZone_LocalComputeroval:gov.nist.fdcc.ie7:def:290 CCE-4018-8CCE-660^The "Use Pop-up Blocker" setting should be configured correctly for the Restricted Sites Zone.:oval:org.mitre.oval:def:1100, oval:org.mitre.oval:def:1286bUsePop-upBlocker-RestrictedSitesZone-LocalComputer, UsePop-upBlocker-RestrictedSitesZone-LocalUser2UsePop-upBlocker_RestrictedSitesZone_LocalComputeroval:gov.nist.fdcc.ie7:def:1100 CCE-4040-2CCE-28`The "Userdata persistence" setting should be configured correctly for the Restricted Sites Zone.oval:org.mitre.oval:def:3005UserdataPersistence-RestrictedSitesZone-LocalComputer5UserdataPersistence_RestrictedSitesZone_LocalComputeroval:gov.nist< .fdcc.ie7:def:300 CCE-4215-0CCE-698The "Web sites in less privileged Web content zones can navigate into this zone" setting should be configured correctly for the Restricted Sites Zone.:oval:org.mitre.oval:def:1219, oval:org.mitre.oval:def:1243WebSitesInLessPrivilegedWebContentZonesCanNavigateIntoThisZone-RestrictedSitesZone-LocalComputer, WebSitesInLessPrivilegedWebContentZonesCanNavigateIntoThisZone-RestrictedSitesZone-LocalUser`WebSitesInLessPrivilegedWebContentZonesCanNavigateIntoThisZone_RestrictedSitesZone_LocalComputeroval:gov.nist.fdcc.ie7:def:1219 CCE-3991-7CCE-460YThe "XPS documents" setting should be configured correctly for the Restricted Sites Zone.oval:org.mitre.oval:def:1176*XPSFiles-RestrictedSitesZone-LocalComputer CCE-3264-9CCE-30aThe "Display mixed content" setting should be configured correctly for the Restricted Sites Zone.oval:org.mitre.oval:def:314?DisplayMixedContent-LockedDownRestrictedSitesZone-LocalComputerAdisplay_mixed_content-LockedDownRestrictedSitesZone_LocalComputeroval:gov.nist.fdcc.ie7:def:314 CCE-4087-3CCE-31^The "Display mixed content" setting should be configured correctly for the Trusted Sites Zone.oval:org.mitre.oval:def:11532DisplayMixedContent-TrustedSitesZone-LocalComputer7display_mixed_content_trusted_sites_zone_local_computeroval:gov.nist.fdcc.ie7:def:1153 CCE-4232-5CCE-666jThe "Display mixed content" setting should be configured correctly for the Locked Down Trusted Sites Zone.oval:org.mitre.oval:def:1183<DisplayMixedContent-LockedDownTrustedSitesZone-LocalComputerAdisplay_mixed_content_LockedDowntrusted_sites_zone_local_computeroval:gov.nist.fdcc.ie7:def:1183 CCE-4259-8CCE-528KThe "Enable Native XMLHttp Support" setting should be configured correctly.oval:org.mitre.oval:def:338(EnableNativeXMLHttpSupport-LocalComputer(EnableNativeXMLHttpSupport_LocalComputeroval:gov.nist.fdcc.ie7:def:338 CCE-3647-5CCE-721uThe "Turn on the auto-complete feature for user names and passwords on form" setting should be configured correctly. oval:org.mitre.oval:def:645,DisableSaveThisProgramToDiskOption-LocalUser;TurnOnAutoCompleteFeatureForUserNamesAndPasswords_LocalUseroval:gov.nist.fdcc.ie7:def:645 CCE-3677-2CCE-69YThe "Allow Install On Demand (Internet Explorer)" setting should be configured correctly.oval:org.mitre.oval:def:523 AllowInstallOnDemandIE-LocalUser)allow_install_on_demand_ie_local_computeroval:gov.nist.fdcc.ie7:def:9999 CCE-4056-8CCE-71GThe "Turn off page transitions" setting should be configured correctly.oval:org.mitre.oval:def:1206 TurnOffPageTransitions-LocalUser TurnOffPageTransitions_LocalUseroval:gov.nist.fdcc.ie7:def:1206 CCE-4246-5CCE-478MThe "Disable AutoComplete for forms" setting should be configured correctly. oval:org.mitre.oval:def:1516%DisableAutoCompleteForForms-LocalUser%DisableAutoCompleteForForms_LocalUseroval:gov.nist.fdcc.ie7:def:1516 CCE-4214-3CCE-412VThe "Disable Save this program to disk option" setting should be configured correctly.oval:org.mitre.oval:def:505 CCE-3606-1CCE-1037SThe "Disable changing certificate settings" setting should be configured correctly.oval:org.mitre.oval:def:1362,DisableChangingCertificateSettings-LocalUser CCE-4237-4CCE-1051\The "Disable external branding of Internet Explorer" setting should be configured correctly.oval:org.mitre.oval:def:1384%DisableExternalBrandingOfIE-LocalUser%DisableExternalBrandingOfIE_LocalUseroval:gov.nist.fdcc.ie7:def:1384 CCE-3275-5CCE-963FThe "Configure Outlook Express" setting should be configured correctlyoval:org.mitre.oval:def:1238!ConfigureOutlookExpress-LocalUser$configure_outlook_express_local_useroval:gov.nist.fdcc.ie7:def:1238 CCE-4036-0CCE-258`The "Turn on the Internet Connection Wizard Auto Detect" setting should be configured correctly.oval:org.mitre.oval:def:604*InternetConnectionWizardSettings-LocalUser2TurnOnInternetConnectionWizardAutoDetect_LocalUseroval:gov.nist.fdcc.ie7:def:604 CCE-3825-7CCE-769PThe "Disable Internet Connection wizard" setting should be configured correctly.oval:org.mitre.oval:def:1355)DisableInternetConnectionWizard-LocalUser)DisableInternetConnectionWizard_LocalUseroval:gov.nist.fdcc.ie7:def:1355 CCE-4226-7CCE-625LThe "Disable the Reset Web Settings feature" should be configured correctly.oval:org.mitre.oval:def:1437(DisableResetWebSettingsFeature-LocalUser(DisableResetWebSettingsFeature_LocalUseroval:gov.nist.fdcc.ie7:def:1437 CCE-4120-2CCE-74^The "Disable Downloading Of Site Subscription Content" setting should be configured correctly.bHKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions\NoSubscriptionContentoval:org.mitre.oval:def:10805DisableDownloadingOfSiteSubscriptionContent-LocalUser CCE-4248-1CCE-122XThe "Disable Adding Schedules For Offline Pages" setting should be configured correctly.bHKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions\NoAddingSubscriptionsoval:org.mitre.oval:def:1293/DisableAddingSchedulesForOfflinePages-LocalUser CCE-3389-4CCE-716EThe "Disable Adding Channels" setting should be configured correctly.]HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions\NoAddingChannelsoval:org.mitre.oval:def:1383DisableAddingChannels-LocalUser CCE-3645-9CCE-610]The "Disable Editing And Creating Of Schedule Groups" setting should be configured correctly.dHKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions\NoEditingScheduleGroupsoval:org.mitre.oval:def:13973DisableEditingAndCreatingOfScheduleGroups-LocalUser CCE-3940-4CCE-619QThe "Disable All Scheduled Offline Pages" setting should be configured correctly._HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions\NoScheduledUpdatesoval:org.mitre.oval:def:1501)DisableAllScheduledOfflinePages-LocalUser CCE-3821-6CCE-373YThe "Disable Editing Schedules For Offline Pages" setting should be configured correctly.cHKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions\NoEditingSubscriptionsoval:org.mitre.oval:def:15650DisableEditingSchedulesForOfflinePages-LocalUser CCE-3742-4CCE-298WThe "Disable Channel User Interface Completely" setting should be configured correctly.XHKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions\NoChannelUIoval:org.mitre.oval:def:1782/DisableChannelUserInterfaceCompletely-LocalUser CCE-4261-4CCE-1069GThe "Disable Removing Channels" setting should be configured correctly._HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions\NoRemovingChannelsoval:org.mitre.oval:def:1801!DisableRemovingChannels-LocalUser CCE-4190-5CCE-615ZThe "Disable Removing Schedules For Offline Pages" setting should be configured correctly.dHKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions\NoRemovingSubscriptionsoval:org.mitre.oval:def:19541DisableRemovingSchedulesForOfflinePages-LocalUser CCE-4208-5CCE-1003NThe "Disable Offline Page Hit Logging" setting should be configured correctly.]HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions\NoChannelLoggingoval:org.mitre.oval:def:2026&DisableOfflinePageHitLogging-LocalUser CCE-3754-9CCE-320`The "Java permissions" setting should be configured correctly for the Locked Down Intranet Zone.oval:org.mitre.oval:def:20394JavaPermissions-LockedDownIntranetZone-LocalComputer7java_permissions_LockedDownintranet_zone_local_computeroval:gov.nist.fdcc.ie7:def:2039 CCE-3891-9CCE-138YThe "Java permissions" setting should be configured correctly for the Local Machine Zone.oval:org.mitre.oval:def:1422.JavaPermissions-LocalMachineZone-LocalComputer2java_permissions_local_machine_zone_local_computeroval:gov.nist.fdcc.ie7:def:1422 CCE-4160-8CCE-1045eThe "Java permissions" setting should be configured correctly for the Locked Down Local Machine Zone.< oval:org.mitre.oval:def:19868JavaPermissions-LockedDownLocalMachineZone-LocalComputer<java_permissions_LockedDownlocal_machine_zone_local_computeroval:gov.nist.fdcc.ie7:def:1986 CCE-4763-9CCE-1005Computer-wide, rather than per-user, assignment of sites to zones for Internet Explorer should be enabled or disabled as appropriate.$enabled, disabled, or not configuredGPO Setting: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Site to Zone Assignment List+site_to_zone_assignment_list_local_computeroval:gov.nist.fdcc.ie7:def:9998 CCE-4643-3CCE-281ZThe "Turn on Protected Mode" setting should be configured correctly for the Internet Zone.GPO Setting: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Turn on Protected Mode.TurnOnProtectedMode_InternetZone_LocalComputer!oval:gov.nist.fdcc.ie7:def:111999 CCE-4652-4CCE-218TThe "Java permissions" setting should be configured correctly for the Intranet Zone.-java_permissions_intranet_zone_local_computeroval:gov.nist.fdcc.ie7:def:1883 CCE-4793-6CCE-308pThe "Download signed ActiveX controls" setting should be configured correctly for the Locked-Down Internet Zone.GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone\Download signed ActiveX controlsIdownload_signed_activex_controls_locked_down_internet_zone_local_computer oval:gov.nist.fdcc.ie7:def:24599 CCE-4692-0CCE-781`The "Java permissions" setting should be configured correctly for the Locked Down Internet Zone.9java_permissions_locked_down_internet_zone_local_computeroval:gov.nist.fdcc.ie7:def:1419 CCE-3902-4CCE-1088hThe "Java permissions" setting should be configured correctly for the Locked Down Restricted Sites Zone.<java_permissions_LockedDownRestrictedSitesZone_LocalComputeroval:gov.nist.fdcc.ie7:def:1753 CCE-4546-8CCE-1147xThe "Allow status bar updates via script" setting should be configured correctly for the Locked-Down Trusted Sites Zone.GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone\Allow status bar updates via scriptJAllowStatusBarUpdatesViaScript_LockedDowntrusted_sites_zone_local_computer!oval:gov.nist.fdcc.ie7:def:118399 CCE-4564-1CCE-140eThe "Java permissions" setting should be configured correctly for the Locked Down Trusted Sites Zone.<java_permissions_LockedDowntrusted_sites_zone_local_computeroval:gov.nist.fdcc.ie7:def:1699 CCE-3909-9CCE-1211bThe "Turn on Protected Mode" setting should be configured correctly for the Restricted Sites Zone.5TurnOnProtectedMode_RestrictedSitesZone_LocalComputer oval:gov.nist.fdcc.ie7:def:62199 CCE-4845-4CCE-675YThe "Java permissions" setting should be configured correctly for the Trusted Sites Zone.2java_permissions_trusted_sites_zone_local_computeroval:gov.nist.fdcc.ie7:def:1379INIST 800-68 Windows XP XCCDF (NIST-800-68-53-WinXPPro_XCCDF_10102006.xml)GNIST 800-68 Windows XP OVAL (NIST-800-68-53-WinXPPro_OVAL_10102006.xml)KFDCC Windows XP XCCDF (fdcc-accepted-content-20080110\fdcc-winxp-xccdf.xml)IFDCC Windows XP OVAL (fdcc-accepted-content-20080110\fdcc-winxp-oval.xml)YFDCC Windows XP Firewall XCCDF (fdcc-accepted-content-20080110\fdcc-xpfirewall-xccdf.xml)WFDCC Windows XP Firewall OVAL (fdcc-accepted-content-20080110\fdcc-xpfirewall-oval.xml) CCE-2682-3CCE-25EThe required auditing for %SystemDrive% directory should be enabled. ?4.4.3.1 %SystemDrive% CCE-2796-1CCE-899ZThe required auditing for the registry key HKEY_LOCAL_MACHINE\SOFTWARE should be enabled. #4.4.3.2 HKEY_LOCAL_MACHINE\Software CCE-1840-8CCE-727XThe required auditing for the registry key HKEY_LOCAL_MACHINE\SYSTEM should be enabled. !4.4.3.3 HKEY_LOCAL_MACHINE\System CCE-2483-6CCE-211FThe required permissions for the directory %ALL% should be assigned. 'File Auditing - Must Have ACE (CID:269) CCE-1849-9CCE-39RThe required permissions for the directory %AllUsersProfile% should be assigned. %AllUsersProfile% CCE-2620-3CCE-83cThe required permissions for the directory %AllUsersProfile%\Application Data should be assigned. "%AllUsersProfile%\Application Data CCE-2787-0CCE-854mThe required permissions for the directory %AllUsersProfile%\Application Data\Microsoft should be assigned. ,%AllUsersProfile%\Application Data\Microsoft CCE-2673-2CCE-783The required permissions for the directory %AllUsersProfile%\Application Data\Microsoft\Crypto\DSSHKLMKeys should be assigned. ?%AllUsersProfile%\Application Data\Microsoft\Crypto\DSSHKLMKeys CCE-2782-1CCE-713The required permissions for the directory %AllUsersProfile%\Application Data\Microsoft\Crypto\RSAHKLMKeys should be assigned. ?%AllUsersProfile%\Application Data\Microsoft\Crypto\RSAHKLMKeys CCE-2676-5CCE-387wThe required permissions for the directory %AllUsersProfile%\Application Data\Microsoft\Dr Watson should be assigned. 6%AllUsersProfile%\Application Data\Microsoft\Dr Watson CCE-1815-0CCE-527The required permissions for the directory %AllUsersProfile%\Application Data\Microsoft\Dr Watson\drwtsn32.log should be assigned. C%AllUsersProfile%\Application Data\Microsoft\Dr Watson\drwtsn32.log CCE-2728-4CCE-686wThe required permissions for the directory %AllUsersProfile%\Application Data\Microsoft\HTML Help should be assigned. 6%AllUsersProfile%\Application Data\Microsoft\HTML Help CCE-2763-1CCE-3xThe required permissions for the directory %AllUsersProfile%\Application Data\Microsoft\MediaIndex should be assigned. 8%AllUsersProfile%\Application Data\Microsoft\Media Index CCE-2768-0CCE-356hThe required permissions for the directory %AllUsersProfile%\Documents\desktop.ini should be assigned. '%AllUsersProfile%\Documents\desktop.ini CCE-2561-9CCE-85VThe required permissions for the directory %AllUsersProfile%\DRM should be assigned. %AllUsersProfile%\DRM CCE-2706-0CCE-24OThe required permissions for the directory %ProgramFiles% should be assigned. %ProgramFiles% CCE-2085-9CCE-411NThe required permissions for the directory %SystemDrive% should be assigned. System Drive ACL (CID:2000) %SystemDrive%4.4.1.1 %SystemDrive% CCE-2702-9CCE-816VThe required permissions for the file %SystemDrive%\AUTOEXEC.BAT should be assigned. %SystemDrive%\autoexec.bat CCE-2623-7CCE-987TThe required permissions for the file %SystemDrive%\CONFIG.SYS should be assigned. %SystemDrive%\config.sys CCE-2565-0CCE-419`The required permissions for the file %SystemDrive%\Documents and Settings should be assigned. $%SystemDrive%\Documents and Settings CCE-2115-4CCE-120sThe required permissions for the directory %SystemDrive%\Documents and Settings\Administrator should be assigned. 2%SystemDrive%\Documents and Settings\Administrator CCE-2741-7CCE-714rThe required permissions for the directory %SystemDrive%\Documents and Settings\Default User should be assigned. 1%SystemDrive%\Documents and Settings\Default User CCE-2745-8CCE-540PThe required permissions for the file %SystemDrive%\IO.SYS should be assigned. %SystemDrive%\io.sys CCE-2287-1CCE-602SThe required permissions for the file %SystemDrive%\MSDOS.SYS should be assigned. %SystemDrive%\msdos.sys CCE-2798-7CCE-399VThe required permissions for the file %SystemDrive%\NTBOOTDD.SYS should be assigned. %SystemDrive%\ntbootdd.sys CCE-2578-3CCE-192VThe required permissions for the file %SystemDrive%\NTDETECT.COM should be assigned. %SystemDrive%\ntdetect.com CCE-2234-3CCE-561OThe required permissions for the file %SystemDrive%\NTLDR should be assigned. %SystemDrive%\ntldr CCE-2750-8CCE-971cThe required permissions for the file %SystemDrive%\System Volume Information should be assigned. '%SystemDrive%\System Volume Infor< mation CCE-2160-0CCE-645MThe required permissions for the directory %SystemRoot% should be assigned. %SystemRoot% CCE-2475-2CCE-579jThe required permissions for the directory %SystemRoot%\Driver Cache\I386\Driver.cab should be assigned. Driver.cab ACL (CID:4083) CCE-2387-9CCE-505fThe required permissions for the directory %SystemRoot%\$NtServicePackUninstall$ should be assigned. %%SystemRoot%\$NtServicePackUninstall$ CCE-2647-6CCE-134QThe required permissions for the directory %SystemRoot%\CSC should be assigned. %SystemRoot%\CSC CCE-2418-2CCE-293SThe required permissions for the directory %SystemRoot%\Debug should be assigned. %SystemRoot%\Debug CCE-2329-1CCE-94\The required permissions for the directory %SystemRoot%\Debug\UserMode should be assigned. %SystemRoot%\Debug\UserMode CCE-2105-5CCE-152hThe required permissions for the directory %SystemRoot%\Debug\UserMode\userenv.log should be assigned. '%SystemRoot%\Debug\UserMode\userenv.log CCE-2752-4CCE-482RThe required permissions for the file %SystemRoot%\Installer should be assigned. %SystemRoot%\Installer CCE-2757-3CCE-147ZThe required permissions for the file %SystemRoot%\Offline Web Pages should be assigned. %SystemRoot%\Offline Web Pages CCE-2264-0CCE-737QThe required permissions for the file %SystemRoot%\Prefetch should be assigned. %SystemRoot%\Prefetch CCE-2175-8CCE-795TThe required permissions for the file %SystemRoot%\regedit.exe should be assigned. regedit.exe ACL (CID:2001)%SystemRoot%\regedit.exe!4.4.1.17 %SystemRoot%\regedit.exeV%SystemRoot%\system32\regedit.exe Table: 9.19 Value: Administrators: Full System: Fullregedit.exePermissionsoval:gov.nist.1:def:146oval:gov.nist.fdcc.xp:def:146 CCE-2325-9CCE-155ZThe required permissions for the directory %SystemRoot%\Registration should be assigned. %SystemRoot%\Registration CCE-1833-3CCE-323aThe required permissions for the directory %SystemRoot%\Registration\CRMLog should be assigned. %SystemRoot%\Registration\CRMLog CCE-2805-0CCE-873TThe required permissions for the directory %SystemRoot%\repair should be assigned. %SystemRoot%\repair CCE-2739-1CCE-67VThe required permissions for the directory %SystemRoot%\security should be assigned. %SystemRoot%\security CCE-2638-5CCE-380RThe required permissions for the directory %SystemRoot%\Temp should be assigned. %SystemRoot%\Temp CCE-2660-9CCE-45VThe required permissions for the directory %SystemRoot%\System32 should be assigned. %SystemRoot%\system32 CCE-2052-9CCE-600^The required permissions for the directory %SystemRoot%\System32\arp.exe should be assigned. arp.exe ACL (CID:2002)%SystemRoot%\system32\arp.exeQ%SystemRoot%\system32\arp.exe Table: 9.1 Value: Administrators: Full System: Fullarp.exePermissionsoval:gov.nist.1:def:128oval:gov.nist.fdcc.xp:def:128 CCE-2184-0CCE-393XThe required permissions for the file %SystemRoot%\System32\at.exe should be assigned. at.exe ACL (CID:2003)%SystemRoot%\system32\at.exe$4.4.1.2 %SystemRoot%\system32\at.exeP%SystemRoot%\system32\at.exe Table: 9.2 Value: Administrators: Full System: Fullat.exePermissionsoval:gov.nist.1:def:129oval:gov.nist.fdcc.xp:def:129 CCE-2312-7CCE-166\The required permissions for the file %SystemRoot%\System32\attrib.exe should be assigned. attrib.exe ACL (CID:2004)(4.4.1.3 %SystemRoot%\system32\attrib.exeT%SystemRoot%\system32\attrib.exe Table: 9.3 Value: Administrators: Full System: Fullattrib.exePermissionsoval:gov.nist.1:def:130oval:gov.nist.fdcc.xp:def:130 CCE-2726-8CCE-977[The required permissions for the file %SystemRoot%\System32\cacls.exe should be assigned. cacls.exe ACL (CID:2005)'4.4.1.4 %SystemRoot%\system32\cacls.exeS%SystemRoot%\System32\cacls.exe Table: 9.4 Value: Administrators: Full System: Fullcacls.exePermissionsoval:gov.nist.1:def:131oval:gov.nist.fdcc.xp:def:131 CCE-2250-9CCE-272[The required permissions for the file %SystemRoot%\System32\ciadv.msc should be assigned. %SystemRoot%\system32\ciadv.msc CCE-1924-0CCE-994`The required permissions for the file %SystemRoot%\System32\Com\comexp.msc should be assigned. $%SystemRoot%\system32\Com\comexp.msc CCE-2598-1CCE-170^The required permissions for the file %SystemRoot%\System32\compmgmt.msc should be assigned. "%SystemRoot%\system32\compmgmt.msc CCE-1842-4CCE-197XThe required permissions for the file %SystemRoot%\System32\CONFIG should be assigned. %SystemRoot%\system32\config CCE-1846-5CCE-765eThe required permissions for the file %SystemRoot%\System32\CONFIG\AppEvent.evt should be assigned. Eventlog ACL (CID:225) CCE-2800-1CCE-334^The required permissions for the file %SystemRoot%\System32\CONFIG\*.evt should be assigned. debug.exe ACL (CID:2006)'4.4.1.5 %SystemRoot%\system32\debug.exe CCE-2699-7CCE-201[The required permissions for the file %SystemRoot%\System32\debug.exe should be assigned. !%SystemRoot%\system32\devmgmt.mscS%SystemRoot%\System32\debug.exe Table: 9.5 Value: Administrators: Full System: Fulloval:gov.nist.1:def:132debug.exePermissionsoval:gov.nist.fdcc.xp:def:132 CCE-2844-9CCE-386]The required permissions for the file %SystemRoot%\System32\devmgmt.msc should be assigned. %SystemRoot%\system32\dfrg.msc CCE-2109-7CCE-941ZThe required permissions for the file %SystemRoot%\System32\dfrg.msc should be assigned. "%SystemRoot%\system32\diskmgmt.msc CCE-2514-8CCE-981^The required permissions for the file %SystemRoot%\System32\diskmgmt.msc should be assigned. %SystemRoot%\system32\dllcache CCE-1863-0CCE-350_The required permissions for the directory %SystemRoot%\System32\dllcache should be assigned. *4.4.1.6 %SystemRoot%\system32\drwatson.exe CCE-2760-7CCE-403^The required permissions for the file %SystemRoot%\System32\drwatson.exe should be assigned. *4.4.1.7 %SystemRoot%\system32\drwtsn32.exe CCE-2425-7CCE-972^The required permissions for the file %SystemRoot%\System32\drwtsn32.exe should be assigned. edlin.exe ACL (CID:2007)'4.4.1.8 %SystemRoot%\system32\edlin.exe CCE-1909-1CCE-20[The required permissions for the file %SystemRoot%\System32\edlin.exe should be assigned. eventcreate.exe ACL (CID:2008)-4.4.1.9 %SystemRoot%\system32\eventcreate.exeS%SystemRoot%\system32\edlin.exe Table: 9.6 Value: Administrators: Full System: Fulledlin.exePermissionsoval:gov.nist.1:def:133oval:gov.nist.fdcc.xp:def:133 CCE-2145-1CCE-489aThe required permissions for the file %SystemRoot%\System32\eventcreate.exe should be assigned. eventtriggers.exe ACL (CID:2009)04.4.1.10 %SystemRoot%\system32\eventtriggers.exeY%SystemRoot%\system32\eventcreate.exe Table: 9.7 Value: Administrators: Full System: Fulleventcreate.exePermissionsoval:gov.nist.1:def:134oval:gov.nist.fdcc.xp:def:134 CCE-2436-4CCE-917cThe required permissions for the file %SystemRoot%\System32\eventtriggers.exe should be assigned. "%SystemRoot%\system32\eventvwr.msc=%SystemRoot%\System32\eventtriggers.exe Table: 9.8 Value: 9.8eventtriggers.exePermissionsoval:gov.nist.1:def:135oval:gov.nist.fdcc.xp:def:135 CCE-2704-5CCE-846^The required permissions for the file %SystemRoot%\System32\eventvwr.msc should be assigned. %SystemRoot%\system32\fsmgmt.msc CCE-2334-1CCE-529\The required permissions for the file %SystemRoot%\System32\fsmgmt.msc should be assigned. ftp.exe ACL (CID:2010)&4.4.1.11 %SystemRoot%\system32\ftp.exe CCE-2229-3CCE-264YThe required permissions for the file %SystemRoot%\System32\ftp.exe should be assigned. %SystemRoot%\system32\gpedit.mscR %SystemRoot%\system32\ftp.exe Table: 9.9 Value: Administrators: Full System: Fullftp.exePermissionsoval:gov.nist.1:def:136 CCE-2621-1CCE-819\The required permissions for the file %SystemRoot%\System32\gpedit.msc should be assigned. "%SystemRoot%\system32\Group Policy CCE-2876-1CCE-789bThe required permissions for the di< rectory %SystemRoot%\System32\GroupPolicy should be assigned. %SystemRoot%\system32\ias CCE-2813-4CCE-894ZThe required permissions for the directory %SystemRoot%\System32\ias should be assigned. !%SystemRoot%\system32\lusrmgr.msg CCE-2597-3CCE-198bThe required permissions for the directory %SystemRoot%\System32\lusrmgr.msg should be assigned. %SystemRoot%\system32\MSDTC CCE-2747-4CCE-634\The required permissions for the directory %SystemRoot%\System32\MSDTC should be assigned. %SystemRoot%\system32\nbstat.exe CCE-2139-4CCE-550\The required permissions for the file %SystemRoot%\System32\nbstat.exe should be assigned. nbtstat.exe ACL (CID:2011)W %SystemRoot%\system32\nbtstat.exe Table: 9.10 Value: Administrators: Full System: Fullnbtstat.exePermissionsoval:gov.nist.1:def:137 CCE-2178-2CCE-731YThe required permissions for the file %SystemRoot%\System32\net.exe should be assigned. net.exe ACL (CID:2012)&4.4.1.12 %SystemRoot%\system32\net.exeS %SystemRoot%\system32\net.exe Table: 9.11 Value: Administrators: Full System: Fullnet.exePermissionsoval:gov.nist.1:def:138oval:gov.nist.fdcc.xp:def:138 CCE-2672-4CCE-607ZThe required permissions for the file %SystemRoot%\System32\net1.exe should be assigned. net1.exe ACL (CID:2013)'4.4.1.13 %SystemRoot%\system32\net1.exeT %SystemRoot%\system32\net1.exe Table: 9.12 Value: Administrators: Full System: Fullnet1.exePermissionsoval:gov.nist.1:def:139oval:gov.nist.fdcc.xp:def:139 CCE-1916-6CCE-158[The required permissions for the file %SystemRoot%\System32\netsh.exe should be assigned. netsh.exe ACL (CID:2014)%SystemRoot%\system32\netsh.exe(4.4.1.14 %SystemRoot%\system32\netsh.exeU %SystemRoot%\system32\netsh.exe Table: 9.13 Value: Administrators: Full System: Fullnetsh.exePermissionsoval:gov.nist.1:def:140oval:gov.nist.fdcc.xp:def:140 CCE-2732-6CCE-220]The required permissions for the file %SystemRoot%\System32\netstat.exe should be assigned. netstat.exe ACL (CID:2015)!%SystemRoot%\system32\netstat.exeW %SystemRoot%\system32\netstat.exe Table: 9.14 Value: Administrators: Full System: Fullnetstat.exePermissionsoval:gov.nist.1:def:141 CCE-2613-8CCE-242^The required permissions for the file %SystemRoot%\System32\nslookup.exe should be assigned. nslookup.exe ACL (CID:2016)"%SystemRoot%\system32\nslookup.exeX %SystemRoot%\system32\nslookup.exe Table: 9.15 Value: Administrators: Full System: Fullnslookup.exePermissionsoval:gov.nist.1:def:142 CCE-2903-3CCE-821^The required permissions for the file %SystemRoot%\System32\Ntbackup.exe should be assigned. ntbackup.exe ACL (CID:2017)"%SystemRoot%\system32\Ntbackup.exeX %SystemRoot%\system32\Ntbackup.exe Table: 9.16 Value: Administrators: Full System: Fullntbackup.exePermissionsoval:gov.nist.1:def:143 CCE-1925-7CCE-486_The required permissions for the directory %SystemRoot%\System32\NTMSData should be assigned. %SystemRoot%\system32\NTMSData CCE-2727-6CCE-548^The required permissions for the file %SystemRoot%\System32\ntmsoprq.msc should be assigned. "%SystemRoot%\system32\ntmsoprq.msc CCE-2749-0CCE-715]The required permissions for the file %SystemRoot%\System32\ntmsmgr.msc should be assigned. !%SystemRoot%\system32\ntmsmgr.msc CCE-2912-4CCE-151]The required permissions for the file %SystemRoot%\System32\perfmon.msc should be assigned. !%SystemRoot%\system32\perfmon.msc CCE-2784-7CCE-997YThe required permissions for the file %SystemRoot%\System32\Rcp.exe should be assigned. rcp.exe ACL (CID:2018)%SystemRoot%\system32\rcp.exe&4.4.1.15 %SystemRoot%\system32\rcp.exeS %SystemRoot%\system32\rcp.exe Table: 9.17 Value: Administrators: Full System: Fullrcp.exePermissionsoval:gov.nist.1:def:144oval:gov.nist.fdcc.xp:def:144 CCE-2220-2CCE-547YThe required permissions for the file %SystemRoot%\System32\reg.exe should be assigned. reg.exe ACL (CID:2019)%SystemRoot%\system32\reg.exe&4.4.1.16 %SystemRoot%\system32\reg.exeS %SystemRoot%\system32\reg.exe Table: 9.18 Value: Administrators: Full System: Fullreg.exePermissionsoval:gov.nist.1:def:145oval:gov.nist.fdcc.xp:def:145 CCE-2833-2CCE-865^The required permissions for the file %SystemRoot%\System32\Regedt32.exe should be assigned. regedt32.exe ACL (CID:2020)"%SystemRoot%\system32\regedt32.exe+4.4.1.18 %SystemRoot%\system32\regedt32.exeW%SystemRoot%\system32\Regedt32.exe Table: 9.20 Value: Administrators: Full System: Fullregedt32.exePermissionsoval:gov.nist.1:def:147oval:gov.nist.fdcc.xp:def:147 CCE-2855-5CCE-543\The required permissions for the file %SystemRoot%\System32\regini.exe should be assigned. regini.exe ACL (CID:2021) %SystemRoot%\system32\regini.exeU%SystemRoot%\system32\regini.exe Table: 9.21 Value: Administrators: Full System: Fullregini.exePermissionsoval:gov.nist.1:def:148oval:gov.nist.fdcc.xp:def:148 CCE-2894-4CCE-657^The required permissions for the file %SystemRoot%\System32\regsvr32.exe should be assigned. regsvr32.exe ACL (CID:2022)+4.4.1.19 %SystemRoot%\system32\regsvr32.exeW%SystemRoot%\system32\regsvr32.exe Table: 9.22 Value: Administrators: Full System: Fullregsvr32.exePermissionsoval:gov.nist.1:def:149oval:gov.nist.fdcc.xp:def:149 CCE-2899-3CCE-274[The required permissions for the file %SystemRoot%\System32\Rexec.exe should be assigned. rexec.exe ACL (CID:2023)%SystemRoot%\system32\rexec.exe(4.4.1.20 %SystemRoot%\system32\rexec.exeT%SystemRoot%\system32\rexec.exe Table: 9.23 Value: Administrators: Full System: Fullrexec.exePermissionsoval:gov.nist.1:def:150oval:gov.nist.fdcc.xp:def:150 CCE-2546-0CCE-168[The required permissions for the file %SystemRoot%\System32\route.exe should be assigned. route.exe ACL (CID:2024)%SystemRoot%\system32\route.exeT%SystemRoot%\system32\route.exe Table: 9.24 Value: Administrators: Full System: Fullroute.exePermissionsoval:gov.nist.1:def:151oval:gov.nist.fdcc.xp:def:151 CCE-2674-0CCE-353YThe required permissions for the file %SystemRoot%\System32\Rsh.exe should be assigned. rsh.exe ACL (CID:2025)%SystemRoot%\system32\rsh.exe&4.4.1.21 %SystemRoot%\system32\rsh.exeR%SystemRoot%\system32\rsh.exe Table: 9.25 Value: Administrators: Full System: Fullrsh.exePermissionsoval:gov.nist.1:def:152oval:gov.nist.fdcc.xp:def:152 CCE-2070-1CCE-27ZThe required permissions for the file %SystemRoot%\System32\RSoP.msc should be assigned. %SystemRoot%\system32\RSoP.msc CCE-2762-3CCE-340[The required permissions for the file %SystemRoot%\System32\runas.exe should be assigned. (4.4.1.22 %SystemRoot%\system32\runas.exe CCE-2176-6CCE-516XThe required permissions for the file %SystemRoot%\System32\sc.exe should be assigned. sc.exe ACL (CID:2026)%4.4.1.23 %SystemRoot%\system32\sc.exeQ%SystemRoot%\system32\sc.exe Table: 9.26 Value: Administrators: Full System: Fullsc.exePermissionsoval:gov.nist.1:def:153oval:gov.nist.fdcc.xp:def:153 CCE-2198-0CCE-922]The required permissions for the file %SystemRoot%\System32\Secedit.exe should be assigned. secedit.exe ACL (CID:2027)!%SystemRoot%\system32\secedit.exeV%SystemRoot%\system32\secedit.exe Table: 9.27 Value: Administrators: Full System: Fullsecedit.exePermissionsoval:gov.nist.1:def:154oval:gov.nist.fdcc.xp:def:154 CCE-2185-7CCE-847\The required permissions for the file %SystemRoot%\System32\secpol.msc should be assigned. %SystemRoot%\system32\secpol.msc CCE-2458-8CCE-904^The required permissions for the file %SystemRoot%\System32\services.msc should be assigned. "%SystemRoot%\system32\services.msc CCE-2872-0CCE-587\The required permissions for the directory %SystemRoot%\System32\Setup should be assigned. %SystemRoot%\system32\Setup CCE-2753-2CCE-692eThe required permissions for the directory %SystemRoot%\System32\spool\Printers should be assigned. $%SystemRoot%\system32\spool\Printers CCE-2788-8CCE-921[The required permissions for the file %Sys< temRoot%\System32\subst.exe should be assigned. subst.exe ACL (CID:2028)(4.4.1.24 %SystemRoot%\system32\subst.exeT%SystemRoot%\system32\subst.exe Table: 9.28 Value: Administrators: Full System: Fullsubst.exePermissionsoval:gov.nist.1:def:155oval:gov.nist.fdcc.xp:def:155 CCE-2797-9CCE-225`The required permissions for the file %SystemRoot%\System32\systeminfo.exe should be assigned. systeminfo.exe ACL (CID:2029)$%SystemRoot%\system32\systeminfo.exeY%SystemRoot%\system32\systeminfo.exe Table: 9.29 Value: Administrators: Full System: Fullsysteminfo.exePermissionsoval:gov.nist.1:def:156oval:gov.nist.fdcc.xp:def:156 CCE-2691-4CCE-159\The required permissions for the file %SystemRoot%\System32\telnet.exe should be assigned. telnet.exe ACL (CID:2030))4.4.1.25 %SystemRoot%\system32\telnet.exeU%SystemRoot%\system32\telnet.exe Table: 9.30 Value: Administrators: Full System: Fulltelnet.exePermissionsoval:gov.nist.1:def:157 CCE-2731-8CCE-348ZThe required permissions for the file %SystemRoot%\System32\tftp.exe should be assigned. tftp.exe ACL (CID:2031)%SystemRoot%\system32\tftp.exe'4.4.1.26 %SystemRoot%\system32\tftp.exeS%SystemRoot%\system32\tftp.exe Table: 9.31 Value: Administrators: Full System: Fulltftp.exePermissionsoval:gov.nist.1:def:158oval:gov.nist.fdcc.xp:def:158 CCE-1937-2CCE-718]The required permissions for the file %SystemRoot%\System32\tlntsvr.exe should be assigned. tlntsvr.exe ACL (CID:2032)*4.4.1.27 %SystemRoot%\system32\tlntsvr.exeV%SystemRoot%\system32\tlntsvr.exe Table: 9.32 Value: Administrators: Full System: Fulltlntsvr.exePermissionsoval:gov.nist.1:def:159oval:gov.nist.fdcc.xp:def:159 CCE-2857-1CCE-154]The required permissions for the file %SystemRoot%\System32\wmimgmt.msc should be assigned. !%SystemRoot%\system32\wmimgmt.msc CCE-2738-3CCE-322SThe required permissions for the directory %SystemRoot%\Tasks should be assigned. %SystemRoot%\Tasks CCE-2619-5CCE-279_The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE should be assigned. HKEY_LOCAL_MACHINE\SOFTWARE4.4.2.1 HKLM\Software CCE-2284-8CCE-59}The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography/Calais should be assigned. 9HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Calais CCE-2809-2CCE-90oThe required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSDTC should be assigned. +HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSDTC%4.4.2.9 HKLM\Software\Microsoft\MSDTC CCE-1943-0CCE-477~The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSDTC\Security\XAKey should be assigned. :HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSDTC\Security\XAKey CCE-2612-0CCE-394pThe required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetDDE should be assigned. ,HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetDDE CCE-2758-1CCE-826zThe required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\UPnP Device Host should be assigned. 6HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\UPnP Device Host CCE-2401-8CCE-618The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Asr\Commands should be assigned. LHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Asr\Commands CCE-2921-5CCE-19The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib should be assigned. GHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib CCE-2392-9CCE-363The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit should be assigned. GHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEditB4.4.2.11 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit CCE-2771-4CCE-790The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy should be assigned. IHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy CCE-2793-8CCE-268The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer should be assigned. FHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer@4.4.2.2 HKLM\Software\Microsoft\Windows\CurrentVersion\Installer CCE-2207-9CCE-321The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies should be assigned. EHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies?4.4.2.3 HKLM\Software\Microsoft\Windows\CurrentVersion\Policies CCE-2625-2CCE-131The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ratings should be assigned. MHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\RatingsG4.4.2.8 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ratings CCE-2736-7CCE-34The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Telephony should be assigned. FHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Telephony CCE-2630-2CCE-135]The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM should be assigned. HKEY_LOCAL_MACHINE\SYSTEM4.4.2.4 HKLM\System CCE-2775-5CCE-558cThe required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\clone should be assigned. HKEY_LOCAL_MACHINE\SYSTEM\clone CCE-2300-2CCE-837}The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class should be assigned. 9HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class CCE-2172-5CCE-9The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network should be assigned. ;HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network CCE-1960-4CCE-934The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg should be assigned. Winreg ACL (CID:237)LHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg CCE-2859-7CCE-53The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Wmi\Security should be assigned. @HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Wmi\Security CCE-2938-9CCE-269tThe required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum should be assigned. 0HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum*4.4.2.5 HKLM\System\CurrentControlSet\Enum CCE-2850-6CCE-960The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles should be assigned. =HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles CCE-2590-8CCE-613The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AppMgmt\Security should be assigned. EHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AppMgmt\Security CCE-2484-4CCE-930The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ClipSrv\Security should be assigned. EHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ClipSrv\Security CCE-2524-7CCE-163The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CryptSvc\Security should be assigned. FHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CryptSvc\Security CCE-2907-4CCE-978The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNSCache should be assigned. =HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNSCache CCE-2911-6CCE-877The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Ersvc\Security should be assigned.< CHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Ersvc\Security CCE-2555-1CCE-683The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security should be assigned. FHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security CCE-2202-0CCE-238The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IRENUM\Security should be assigned. DHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IRENUM\Security CCE-2352-3CCE-101~The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netbt should be assigned. :HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netbt CCE-2634-4CCE-788The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netdd\Security should be assigned. DHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netdde\Security CCE-1973-7CCE-823The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netddedsdm\Security should be assigned. HHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netddedsdm\Security CCE-2603-9CCE-246The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess should be assigned. AHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess CCE-2871-2CCE-902The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Rpcss\Security should be assigned. CHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Rpcss\Security CCE-2396-0CCE-193The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Samss\Security should be assigned. CHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Samss\Security CCE-1966-1CCE-110The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Scarddrv\Security should be assigned. FHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Scarddrv\Security CCE-2696-3CCE-661The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Scardsvr\Security should be assigned. FHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Scardsvr\Security CCE-2595-7CCE-330The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SNMP\Parameters\PermittedManagers should be assigned. $SNMP - Permitted Managers (CID:1033)VHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SNMP\Parameters\PermittedManagersk4.4.2.6 HKLM\System\CurrentControlSet\Services\CurrentControlSet\Services\SNMP\Parameters\PermittedManagers CCE-2238-4CCE-594The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SNMP\Parameters\ValidCommunities should be assigned. SNMP Communities (CID:4046)UHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SNMP\Parameters\ValidCommunitiesj4.4.2.7 HKLM\System\CurrentControlSet\Services\CurrentControlSet\Services\SNMP\Parameters\ValidCommunities CCE-2881-1CCE-35The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Stisvc\Security should be assigned. DHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Stisvc\Security CCE-2780-5CCE-290The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SysmonLog\Log Queries should be assigned. JHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SysmonLog\Log Queries CCE-2428-1CCE-202The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tapisrv\Security should be assigned. EHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tapisrv\Security CCE-2885-2CCE-603~The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip should be assigned. :HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip CCE-2537-9CCE-748The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32time\Security should be assigned. EHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32time\Security CCE-2057-8CCE-907The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Wmi\Security should be assigned. AHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Wmi\Security CCE-2951-2CCE-127XThe required permissions for the registry key HKEY_USERS\.DEFAULT should be assigned. HKEY_USER\.DEFAULT CCE-2845-6CCE-483qThe required permissions for the registry key HKEY_USERS\.DEFAULT\Software\Microsoft\NetDDE should be assigned. ,HKEY_USER\.DEFAULT\Software\Microsoft\NetDDE CCE-2740-9CCE-730The required permissions for the registry key HKEY_USERS\.DEFAULT\Software\Microsoft\SystemCertificates\Root\ProtectedRoots should be assigned. LHKEY_USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\ProtectedRootsU4.4.2.10 HKEY_USER\.Default\Software\Microsoft\SystemCertificates\Root\ProtectedRoots CCE-1978-6CCE-898jThe "deny access to this computer from the network" user right should be assigned to the correct accounts.3User Right Check deny access from network (CID:162):Deny access to this computer from the network: Not Defined44.2.13 Deny access to this computer from the networkPDeny access to this computer from the network Table: 4.15 Value: Guests, SUPPORTDenyAccessFromNetworkoval:gov.nist.1:def:175-DenyAccessFromNetwork-Guests-SUPPORT_388945a0oval:gov.nist.fdcc.xp:def:175 CCE-2379-6CCE-532dThe "access this computer from the network" user right should be assigned to the correct accounts. +User Right Check Logon on network (CID:152):Access this computer from a network: Administrators, Users+4.2.1 Access this computer from the networkSAccess this computer from the network Table: 4.1 Value: Administrators, not defined9AccessComputerFromNetwork, AccessComputerFromNetworkUsers0oval:gov.nist.1:def:161, oval:gov.nist.1:def:231(AccessComputerFromNetwork_Administratorsoval:gov.nist.fdcc.xp:def:161 CCE-2167-5CCE-162bThe "act as part of the operating system" user right should be assigned to the correct accounts. $User Right Check act as OS (CID:153)#Act as part of the operating system)4.2.2 Act as part of the operating system:Act as part of the operating system Table: 4.2 Value: noneActAsPartOfOperatingSystemoval:gov.nist.1:def:162ActAsPartOfOperatingSystem_Noneoval:gov.nist.fdcc.xp:def:162 CCE-2299-6CCE-931\The "back up files and directories" user right should be assigned to the correct accounts. !User Right Check Backup (CID:155)-Back up files and directories: Administrators#4.2.6 Back up files and directoriesKBack up files and directories Table: 4.7 Value: Administrators, not defined=BackUpFilesAndDirectories, BackUpFilesAndDirectoriesOperators0oval:gov.nist.1:def:167, oval:gov.nist.1:def:234(BackUpFilesAndDirectories_Administratorsoval:gov.nist.fdcc.xp:def:167 CCE-2806-8CCE-376WThe "bypass traverse checking" user right should be assigned to the correct accounts. 3User Right Check Bypass Traverse Checking (CID:156)Bypass traverse checking: Users4.2.7 Bypass traverse checkingMBypass traverse checking Table: 4.8 Value: Administrators, Users, not definedBypassTraverseCheckingoval:gov.nist.1:def:168+BypassTraverseChecking_Administrators_Usersoval:gov.nist.fdcc.xp:def:168 CCE-2846-4CCE-799UThe "change the system time" user right should be assigned to the correct accounts. -User Right Check change system time (CID:157)&Change the system time: Administrators4.2.8 Change the system time7Change the system time Table: 4.9 Value: AdministratorsChangeSystemTimeoval:gov.nist.1:def:169ChangeSystemTime_Administratorsoval:gov.nist.fdcc.xp:def:169 CCE-2786-2CCE-895PThe "create a pagefile" user right should be assigned to the correct accounts. *User Righ< t Check create pagefile (CID:158)!Create a pagefile: Administrators4.2.9 Create a pagefile1Create pagefile Table: 4.10 Value: AdministratorsCreatePagefileoval:gov.nist.1:def:170CreatePagefile_Administratorsoval:gov.nist.fdcc.xp:def:170 CCE-2791-2CCE-926TThe "Create a token object" user right should be assigned to the correct accounts. .User Right Check create token object (CID:159)Create a token object: No One4.2.10 Create a token object:Create a token object Table: 4.11 Value: None, not definedCreateTokenObjectoval:gov.nist.1:def:171CreateTokenObject_Noneoval:gov.nist.fdcc.xp:def:171 CCE-1969-5CCE-335^The "create permanent shared objects" user right should be assigned to the correct accounts. :User Right Check create permanent shared objects (CID:160)'Create permanent shared objects: No One&4.2.11 Create permanent shared objectsCCreate permanent share objects Table: 4.13 Value: None, not definedCreatePermanentSharedObjectsoval:gov.nist.1:def:172!CreatePermanentSharedObjects_Noneoval:gov.nist.fdcc.xp:def:172 CCE-2864-7CCE-842MThe "debug programs" user right should be assigned to the correct accounts. )User Right Check debug programs (CID:161)Debug programs: No One4.2.12 Debug Programs7Debug programs Table: 4.14 value: None, Administrators DebugProgramsoval:gov.nist.1:def:173DebugPrograms_Administratorsoval:gov.nist.fdcc.xp:def:174 CCE-2886-0CCE-754bThe "force shutdown from a remote system" user right should be assigned to the correct accounts. *User Right Check remote shutdown (CID:165)3Force shutdown from a remote system: Administrators*4.2.19 Force shutdown from a remote systemEForce shutdown from a remote system Table: 4.21 Value: AdministratorsShutdownFromRemoteSystemoval:gov.nist.1:def:180'ShutdownFromRemoteSystem_Administratorsoval:gov.nist.fdcc.xp:def:180 CCE-2767-2CCE-939WThe "generate security audits" user right should be assigned to the correct accounts. 3User Right Check generate security audits (CID:173)8Generate security audits: LOCAL SERVICE, NETWORK SERVICE4.2.20 Generate security auditsJGenerate security audits Table: 4.22 Value: LOCAL SERVICE, NETWORK SERVICEGenerateSecurityAuditsoval:gov.nist.1:def:1814GenerateSecurityAudits-LOCAL_SERVICE-NETWORK_SERVICEoval:gov.nist.fdcc.xp:def:181 CCE-2547-8CCE-807aThe "adjust memory quotas for a process" user right should be assigned to the correct accounts. *User Right Check increase quotas (CID:166)QAdjust memory quotas for a process: Administrators,NETWORK SERVICE, LOCAL SERVICE(4.2.4 Adjust memory quotas for a processcAdjust memory quotas for a process Table: 4.4 Value: Administrators, LOCAL SERVICE, NETWORK SERVICEAdjustMemoryQuotasoval:gov.nist.1:def:164?AdjustMemoryQuotas_Administrators-LOCAL_SERVICE-NETWORK_SERVICEoval:gov.nist.fdcc.xp:def:164 CCE-2944-7CCE-349[The "increase scheduling priority" user right should be assigned to the correct accounts. 7User Right Check increase scheduling priority (CID:167),Increase scheduling priority: Administrators#4.2.21 Increase scheduling priority>Increase scheduling priority Table: 4.24 Value: AdministratorsIncreaseSchedulingPriorityoval:gov.nist.1:def:182)IncreaseSchedulingPriority_Administratorsoval:gov.nist.fdcc.xp:def:182 CCE-2446-3CCE-860]The "load and unload device drivers" user right should be assigned to the correct accounts. 9User Right Check load and unload device drivers (CID:168).Load and unload device drivers: Administrators%4.2.22 Load and unload device drivers@Load and unload device drivers Table: 4.25 Value: AdministratorsLoadAndUnloadDeviceDriversoval:gov.nist.1:def:183)LoadAndUnloadDeviceDrivers_Administratorsoval:gov.nist.fdcc.xp:def:183 CCE-2609-6CCE-749SThe "lock pages in memory" user right should be assigned to the correct accounts. /User Right Check lock pages in memory (CID:169)Lock pages in memory: No One4.2.23 Lock pages in memory,Lock pages in memory Table: 4.26 Value: noneLockPagesInMemoryoval:gov.nist.1:def:184LockPagesInMemory_Noneoval:gov.nist.fdcc.xp:def:184 CCE-2882-9CCE-177TThe "log on as a batch job" user right should be assigned to the correct accounts. 0User Right Check log on as a batch job (CID:170)Log on as a batch job: No One4.2.24 Log on as a batch job:Log on as a batch job Table: 4.27 Value: none, not definedLogOnAsBatchJoboval:gov.nist.1:def:185LogOnAsBatchJob_Noneoval:gov.nist.fdcc.xp:def:185 CCE-2948-8CCE-216RThe "log on as a service" user right should be assigned to the correct accounts. 2User Right Check log on as a service job (CID:171)$Log on as a service: Network Service4.2.25 Log on as a serviceELog on as a service Table: 4.28 Value: LOCAL SERVICE, NETWORK SERVICELogOnAsServiceoval:gov.nist.1:def:186,LogOnAsService-LOGON_SERVICE-NETWORK_SERVICEoval:gov.nist.fdcc.xp:def:186 CCE-2829-0CCE-965MThe "log on locally" user right should be assigned to the correct accounts. )User Right Check log on locally (CID:172)%Log on locally: Administrators, Users4.2.26 Log on locally<Allow log on locally Table: 4.5 Value: Users, Administrators6AllowLogOnLocally, AllowLogOnLocallyAuthenticatedUsers0oval:gov.nist.1:def:165, oval:gov.nist.1:def:233!LogOnLocally_Administrators_Usersoval:gov.nist.fdcc.xp:def:165 CCE-2247-5CCE-850_The "manage auditing and security log" user right should be assigned to the correct accounts. 0Manage auditing and security log: Administrators'4.2.27 Manage auditing and security logBManage auditing and security log Table: 4.29 Value: Administrators>ManageAuditingAndSecurityLog, ManageAuditingAndSecurityLogNone0oval:gov.nist.1:def:187, oval:gov.nist.1:def:235+ManageAuditingAndSecurityLog_Administratorsoval:gov.nist.fdcc.xp:def:187 CCE-2657-5CCE-17aThe "modify firmware environment values" user right should be assigned to the correct accounts. *User Right Check modify firmware (CID:174)5Modify firmware environment variables: Administrators)4.2.28 Modify firmware environment valuesDModify firmware environment values Table: 4.30 Value: AdministratorsModifyFirmwareEnvironmentValuesoval:gov.nist.1:def:188.ModifyFirmwareEnvironmentValues_Administratorsoval:gov.nist.fdcc.xp:def:188 CCE-2807-6CCE-260UThe "profile single process" user right should be assigned to the correct accounts. 1User Right Check Profile single process (CID:175)&Profile single process: Administrators4.2.30 Profile single process8Profile single process Table: 4.32 Value: AdministratorsProfileSingleProcessoval:gov.nist.1:def:190#ProfileSingleProcess_Administratorsoval:gov.nist.fdcc.xp:def:190 CCE-2675-7CCE-599YThe "profile system performance" user right should be assigned to the correct accounts. 5User Right Check Profile system performance (CID:176)*Profile system performance: Administrators!4.2.31 Profile system performance<Profile system performance Table: 4.33 Value: AdministratorsProfileSystemPerformanceoval:gov.nist.1:def:191'ProfileSystemPerformance_Administratorsoval:gov.nist.fdcc.xp:def:191 CCE-2335-8CCE-656cThe "remove computer from docking station" user right should be assigned to the correct accounts. !User Right Check undock (CID:177);Remove computer from docking station: Administrators, Users+4.2.32 Remove computer from docking stationMRemove computer from docking station Table: 4.34 Value: Users, AdministratorsFRemoveComputerFromDockingStation, RemoveComputerFromDockingStationNone0oval:gov.nist.1:def:192, oval:gov.nist.1:def:2365RemoveComputerFromDockingStation_Administrators_Usersoval:gov.nist.fdcc.xp:def:192 CCE-2860-5CCE-667\The "replace a process-level token" user right should be assigned to the correct accounts. *User Right replace process token (CID:178)=Replace a process level token: LOCAL SERVICE, NETWORK SERVICE$4.2.33 Replace a process level tokenOReplace a process-level token Table: 4.35 Value: LOCAL SERVICE, NETWORK SERVICE< ReplaceProcessLevelTokenoval:gov.nist.1:def:1936ReplaceProcessLevelToken-LOGON_SERVICE-NETWORK_SERVICEoval:gov.nist.fdcc.xp:def:193 CCE-2847-2CCE-553\The "restore files and directories" user right should be assigned to the correct accounts. User Right restore (CID:179)-Restore files and directories: Administrators$4.2.34 Restore files and directories?Restore files and directories Table: 4.36 Value: AdministratorsRestoreFilesAndDirectoriesoval:gov.nist.1:def:194)RestoreFilesAndDirectories_Administratorsoval:gov.nist.fdcc.xp:def:194 CCE-2366-3CCE-839SThe "shut down the system" user right should be assigned to the correct accounts. User Right shut down (CID:180)+Shut down the system: Administrators, Users4.2.35 Shut down the system=Shut down the system Table: 4.37 Value: Users, AdministratorsShutDownSystemoval:gov.nist.1:def:195#ShutDownSystem_Administrators_Usersoval:gov.nist.fdcc.xp:def:195 CCE-2021-4CCE-492gThe "take ownership of files or other objects" user right should be assigned to the correct accounts. #User Right take ownership (CID:182)8Take ownership of files or other objects: Administrators.4.2.37 Take ownership of file or other objectsKTake ownership of files and other objects Table: 4.39 Value: AdministratorsTakeOwnershipOfFilesoval:gov.nist.1:def:196#TakeOwnershipOfFiles_Administratorsoval:gov.nist.fdcc.xp:def:196 CCE-2810-0CCE-381aThe "synchronize directory service data" user right should be assigned to the correct accounts. $User Right synch directory (CID:181)*Synchronize directory service data: No One)4.2.36 Synchronize directory service data@Syncronize directory service data Table: 4.38 Value: not definedSynchronizeDirectoryServiceDataoval:gov.nist.1:def:238$SynchronizeDirectoryServiceData_Noneoval:gov.nist.fdcc.xp:def:238 CCE-2700-3CCE-64QThe "deny logon locally" user right should be assigned to the correct accounts. -User Right Check deny logon locally (CID:163)Deny logon locally: Not Defined4.2.16 Deny logon locallyTDeny logon locally Table: 4.18 Value: Guests, SUPPORT_388945a0, any service accountsDenyLogonLocallyoval:gov.nist.1:def:177(DenyLogonLocally-Guests-SUPPORT_388945a0oval:gov.nist.fdcc.xp:def:177 CCE-2982-7CCE-15}The "enable computer and user accounts to be trusted for delegation" user right should be assigned to the correct accounts. 5User Right Check allow trust for delegation (CID:164)FEnable computer and user accounts to be trusted for delegation: No OneE4.2.18 Enable computer and user accounts to be trusted for delegationcEnable computer and user accounts to be trusted for delegation Table: 4.20 Value: none, not definedAccountsTrustedForDelegationoval:gov.nist.1:def:179 CCE-2374-7CCE-183YThe "add workstations to domain" user right should be assigned to the correct accounts. .User Right Check Add wkstn to domain (CID:154)Add workstations to domain 4.2.3 Add workstations to domain;Add workstations to domain Table: 4.3 Value: Administrators5AddWorkstationsToDomain, AddWorkstationsToDomainNone0oval:gov.nist.1:def:163, oval:gov.nist.1:def:232 CCE-3004-9CCE-883dThe "allow logon through Terminal Services" user right should be assigned to the correct accounts. 1User Right allow logon terminal service (CID:737)-Allow logon through Terminal Services: No One+4.2.5 Allow logon through terminal servicesIAllow logon through Terminal Services Table: 4.6 Value: none, not defined!AllowLogOnThroughTerminalServicesoval:gov.nist.1:def:166CAllowLogOnThroughTerminalServices_Administrators-RemoteDesktopUsersoval:gov.nist.fdcc.xp:def:1662 CCE-2898-5CCE-165XThe "deny logon as a batch job" user right should be assigned to the correct accounts. !Deny logon as a batch job: No One 4.2.14 Deny logon as a batch jobEDeny logon as a batch job Table: 4.16 Value: Guests, SUPPORT_388945a0DenyLogonAsBatchJoboval:gov.nist.1:def:176+DenyLogonAsBatchJob-Guests-SUPPORT_388945a0oval:gov.nist.fdcc.xp:def:176 CCE-2792-0CCE-597VThe "deny logon as a service" user right should be assigned to the correct accounts. Deny logon as a service: No One4.2.15 Deny logon as a service6Deny logon as a service Table: 4.17 Value: not defined***deny_logon_as_service_noneoval:gov.nist.fdcc.xp:def:677 CCE-2814-2CCE-108cThe "deny logon through Terminal Services" user right should be assigned to the correct accounts. 0User Right deny logon terminal service (CID:738).Deny logon through Terminal Services: Everyone*4.2.17 Deny logon through Terminal ServiceMDeny logon through Terminal Services Table: 4.19 Value: Everyone, not defined DenyLogonThroughTerminalServicesoval:gov.nist.1:def:178'DenyLogonThroughTerminalServices-Guestsoval:gov.nist.fdcc.xp:def:1781 CCE-2960-3CCE-314_The "perform volume maintenance tasks" user right should be assigned to the correct accounts. /User Right perform volume maintenance (CID:739)0Perform volume maintenance tasks: Administrators'4.2.29 Perform volume maintenance tasksBProfile volume maintenance tasks Table: 4.31 Value: AdministratorsPerformVolumeMaintenanceTasksoval:gov.nist.1:def:189,PerformVolumeMaintenanceTasks_Administratorsoval:gov.nist.fdcc.xp:def:189 CCE-2466-1CCE-733TThe "reset account lockout counter after" policy should meet minimum requirements. Lockout Reset (CID:45)-Reset account lockout counter after (15 min.)#2.2.3.3 Reset Account Lockout After8Reset account lockout counter after Table: 2.3 value: 15AccountLockoutResetoval:gov.nist.1:def:26account_lockout_resetoval:gov.nist.fdcc.xp:def:26 CCE-2928-0CCE-980IThe "account lockout duration" policy should meet minimum requirements. Lockout Duration (CID:44)%Account lockout duration (15 minutes) 2.2.3.1 Account Lockout Duration-Account lockout duration Table: 2.1 Value: 15AccountLockoutDurationoval:gov.nist.1:def:23account_lockout_durationoval:gov.nist.fdcc.xp:def:23 CCE-2986-8CCE-658Lockout Count (CID:43).Account lockout threshold (3 invalid attempts)!2.2.3.2 Account Lockout Threshold2Account lockout threshold Table: 2.2 Value: 10, 50AccountLockoutThresholdoval:gov.nist.1:def:24account_lockout_thresholdoval:gov.nist.fdcc.xp:def:24 CCE-2867-0CCE-2628\Auditing of "account logon" events on success should be enabled or disabled as appropriate..Account logon auditing (CID:49)-Audit account logon events (Success, Failure)"2.2.1.1 Audit Account Logon EventsJAudit account logon events Table: 3.1 Value: success, success and failure AuditAccountLoginoval:gov.nist.1:def:27AuditAccountLogonEventsoval:gov.nist.fdcc.xp:def:27 CCE-3008-0CCE-2543\Auditing of "account logon" events on failure should be enabled or disabled as appropriate.. CCE-2902-5CCE-2000aAuditing of "account management" events on success should be enabled or disabled as appropriate..$Account management auditing (CID:51)+Audit account management (Success, Failure) 2.2.1.2 Audit Account Management:Audit account management Table: 3.2 Value success, failureAuditAccountManagementoval:gov.nist.1:def:29oval:gov.nist.fdcc.xp:def:29 CCE-2906-6CCE-1646aAuditing of "account management" events on failure should be enabled or disabled as appropriate.. CCE-2933-0CCE-2118gAuditing of "directory service access" events on success should be enabled or disabled as appropriate..,Audit directory service access (No auditing)&2.2.1.3 Audit Directory Service Access;Audit directory service acces Table: 3.3 Value: not definedNot applicableAuditDirectoryServiceAccessoval:gov.nist.fdcc.xp:def:30 CCE-2206-1CCE-2390gAuditing of "directory service access" events on failure should be enabled or disabled as appropriate.. CCE-2100-6CCE-1686TAuditing of "logon" events on success should be enabled or disabled as appropriate..logon auditing (CID:53)%Audit logon events (Success, Failure)2.2.1.4 Audit Logon EventsAAudit logon events Table: 3.4 Value: success, success and failure< AuditLogonEventsoval:gov.nist.1:def:32oval:gov.nist.fdcc.xp:def:32 CCE-2343-2CCE-1744TAuditing of "logon" events on failure should be enabled or disabled as appropriate.. CCE-2259-0CCE-2640\Auditing of "object access" events on success should be enabled or disabled as appropriate..object access auditing (CID:55)Audit object access (Failure)2.2.1.5 Audit Object Access:Audit object access Table: 3.5 Value: failure, no auditingAuditObjectAccessoval:gov.nist.1:def:34oval:gov.nist.fdcc.xp:def:34 CCE-2766-4CCE-1991\Auditing of "object access" events on failure should be enabled or disabled as appropriate.. CCE-2971-0CCE-2412\Auditing of "policy change" events on success should be enabled or disabled as appropriate..policy change auditing (CID:56)&Audit policy change (Success, Failure)2.2.1.6 Audit Policy Change-Audit policy change Table: 3.6 Value: successAuditPolicyChangesSuccessOnlyoval:gov.nist.1:def:35AuditPolicyChangeoval:gov.nist.fdcc.xp:def:35 CCE-2759-9CCE-2347\Auditing of "policy change" events on failure should be enabled or disabled as appropriate.. CCE-2913-2CCE-2431\Auditing of "privilege use" events on success should be enabled or disabled as appropriate..priv use auditing (CID:58)Audit privilege use (Failure)2.2.1.7 Audit Privilege Use:Audit privilege use Table: 3.7 Value: failure, no auditingAuditPrivilegeUseoval:gov.nist.1:def:36oval:gov.nist.fdcc.xp:def:36 CCE-2918-1CCE-2584\Auditing of "privilege use" events on failure should be enabled or disabled as appropriate.. CCE-2816-7CCE-2529_Auditing of "process tracking" events on success should be enabled or disabled as appropriate..$Audit process tracking (No Auditing)2.2.1.8 Audit Process Tracking4Audit process tracking Table: 3.8 Value: no auditingAuditProcessTrackingoval:gov.nist.1:def:40oval:gov.nist.fdcc.xp:def:40 CCE-2939-7CCE-2617_Auditing of "process tracking" events on failure should be enabled or disabled as appropriate.. CCE-2878-7CCE-2420UAuditing of "system" events on success should be enabled or disabled as appropriate..system event auditing (CID:59)&Audit system events (Success, Failure)2.2.1.9 Audit System Events-Audit system events Table: 3.9 Value: successAuditSystemEventsSuccessOnlyoval:gov.nist.1:def:37AuditSystemEventsoval:gov.nist.fdcc.xp:def:37 CCE-2843-1CCE-1680UAuditing of "system" events on failure should be enabled or disabled as appropriate.. CCE-2116-2CCE-299PThe "restrict guest access to application log" policy should be set correctly. :Anonymous Access to the Security Event Log value (CID:479)(Restrict guest access to application Log2.2.4.1.2 Restrict Guest AccessQPrevent local guestsgroup from accessingapplication log Table: 6.4 Value: enabled PreventGuestApplicationLogAccessoval:gov.nist.1:def:200$prevent_guest_application_log_accessoval:gov.nist.fdcc.xp:def:200 CCE-2904-1CCE-185CThe application log maximum size should be configured correctly.. Application log size (CID:82)Maximum application log size 2.2.4.1.1 Maximum Event Log Size>Maximum Application log size Table: 6.1 Value: 16384 kilobytesMaximumApplicationLogSizeoval:gov.nist.1:def:197maximum_application_log_sizeoval:gov.nist.fdcc.xp:def:197 CCE-3014-8CCE-285bThe "when maximum log size is reached" property should be set correctly for the Application log. "Application log retention (CID:85)$Retention method for application Log2.2.4.1.3 Log Retention Method4Retain application log Table: 6.7 Value: not definedretention_application_logoval:gov.nist.fdcc.xp:def:203 CCE-3019-7CCE-951If the Application log's retention method is set to "Overwrite events by days," an appropriate value should be set for the number of days' logs to keep.(1) number of daysRetain application log2.2.4.1.4 Log RetentionARetention method for application log Table: 6.10 Value: as neededApplicationLogRetentionMethodoval:gov.nist.1:def:203 CCE-2794-6CCE-462MThe "restrict guest access to security log" policy should be set correctly. :Anonymous Access to the Security Event Log value (CID:477)%Restrict guest access to security Log2.2.4.2.2 Restrict Guest AccessNPrevent local guestsgroup from accessingsecurity log Table: 6.5 Value: enabledPreventGuestSecurityLogAccessoval:gov.nist.1:def:201!prevent_guest_security_log_accessoval:gov.nist.fdcc.xp:def:201 CCE-2693-0CCE-757@The security log maximum size should be configured correctly.. Security log size (CID:80)Maximum security log size 2.2.4.2.1 Maximum Event Log Size:Maxium security log size Table: 6.2 Value: 81920 kilobytesMaximumSecurityLogSizeoval:gov.nist.1:def:198maximum_security_log_sizeoval:gov.nist.fdcc.xp:def:198 CCE-2336-6CCE-523_The "when maximum log size is reached" property should be set correctly for the Security log. Security log retention (CID:83)!Retention method for security log2.2.4.2.3 Log Retention Method1Retain security log Table: 6.8 Value: not definedretention_security_logoval:gov.nist.fdcc.xp:def:204 CCE-2966-0CCE-682If the Security log's retention method is set to "Overwrite events by days," an appropriate value should be set for the number of days' logs to keep.Retain security log2.2.4.2.4 Log Retention;Retention method forsystem log Table: 6.11 Value: as neededSecurityLogRetentionMethodoval:gov.nist.1:def:204 CCE-2345-7CCE-726KThe "restrict guest access to system log" policy should be set correctly. :Anonymous Access to the Security Event Log value (CID:482)#Restrict guest access to system Log2.2.4.3.2 Restrict Guest AccessLPrevent local guestsgroup from accessingsystem log Table: 6.6 Value: enabledPreventGuestSystemLogAccessoval:gov.nist.1:def:202prevent_guest_system_log_accessoval:gov.nist.fdcc.xp:def:202 CCE-3006-4CCE-735>The system log maximum size should be configured correctly.. System log size (CID:81)Maximum system log size 2.2.4.3.1 Maximum Event Log Size9Maximum system log size Table: 6.3 Value: 16384 kilobytesMaximumSystemLogSizeoval:gov.nist.1:def:199maximum_system_log_sizeoval:gov.nist.fdcc.xp:def:199 CCE-2777-1CCE-664]The "when maximum log size is reached" property should be set correctly for the System log. System log retention (CID:84)Retention method for system log2.2.4.3.3 Log Retention Method/Retain system log Table: 6.9 Value: not definedretention_system_logoval:gov.nist.fdcc.xp:def:205 CCE-2050-3CCE-210If the System log's retention method is set to "Overwrite events by days," an appropriate value should be set for the number of days' logs to keep.Retain system log2.2.4.3.4 Log Retention>Retention method for system log Table: 6.12 Value: not definedSystemLogRetentionMethodoval:gov.nist.1:def:205 CCE-2920-7CCE-871Maximum Password Age (CID:40)Maximum Password Age (90)82.1.2 Maximum Password Age, 2.2.2.2 Maximum Password Age)Maximum password age Table: 1.2 Value: 90MaximumPasswordAgeoval:gov.nist.1:def:17maximum_password_ageoval:gov.nist.fdcc.xp:def:17 CCE-2439-8CCE-324Minimum Password Age (CID:41)Minimum Password Age (1)2.2.2.1 Minimum Password Age(Minimum password age Table: 1.3 Value: 1MinimumPasswordAgeoval:gov.nist.1:def:18minimum_password_ageoval:gov.nist.fdcc.xp:def:18 CCE-2981-9CCE-100HThe "minimum password length" policy should meet minimum requirements. Password Length (CID:39)Minimum Password Length (12)>2.1.1 Minimum Password Length, 2.2.2.3 Minimum Password Length/Minimum password length Table: 1.4 Value: 12, 8MinimumPasswordLengthoval:gov.nist.1:def:19minimum_password_lengthoval:gov.nist.fdcc.xp:def:19 CCE-2735-9CCE-633QThe "password must meet complexity requirments" policy should be set correctly. 5Passwords must meet complexity requirements (Enabled)2.2.2.4 Password ComplexityDPassword must meet complexity requirements Table: 1.5 Value: enabledPasswordComplexi< tyoval:gov.nist.1:def:21password_complexityoval:gov.nist.fdcc.xp:def:21 CCE-2994-2CCE-60IThe "enforce password history" policy should meet minimum requirements. Password History (CID:42)'Enforce password history (24 passwords)2.2.2.5 Password History-Enforce password history Table: 1.1 Value: 24PasswordHistoryEnforcementoval:gov.nist.1:def:16password_history_enforcementoval:gov.nist.fdcc.xp:def:16 CCE-2889-4CCE-479nThe "store password using reversible encryption for all users in the domain" policy should be set correctly. #Reversible Pwd Encryption (CID:232)QStore password using reversible encryption for all users in the domain (Disabled)32.2.2.6 Store Passwords using Reversible Encryption_Store passwrd using reversible encryptin for all users in the domain Table: 1.6 Value: disabled#PasswordStorageReversibleEncryptionoval:gov.nist.1:def:22oval:gov.nist.fdcc.xp:def:22 CCE-3034-6CCE-487<The startup type of the Alerter service should be correct. 4.1.1 Alerter*Alerter Service Table: 8.1 Value: disabledAlerterServiceoval:gov.nist.1:def:209oval:gov.nist.fdcc.xp:def:209 CCE-2937-1CCE-496EThe startup type of the Automatic Update service should be correct. 4.1.2 Automatic Updates6Automatic update service Table: 8.4 Value: not defined CCE-2818-3CCE-148cThe startup type of the Background Intelligent Transfer Service (BITS) service should be correct. -4.1.3 Background Intelligent Transfer ServiceEBackground Intelligent Transfer Service Table: 8.5 Value: not defined BITSServiceoval:gov.nist.fdcc.xp:def:6132 CCE-2713-6CCE-954=The startup type of the ClipBook service should be correct. 4.1.4 Clipbook+ClipBook service Table: 8.6 Value: disabledClipBookServiceoval:gov.nist.1:def:210oval:gov.nist.fdcc.xp:def:210 CCE-2880-3CCE-294EThe startup type of the Computer Browser service should be correct. "Computer Browser Disabled (CID:22)4.1.5 Computer Browser4Computer Browswer Service Table: 8.9 Value: disabledBrowserServiceoval:gov.nist.1:def:211ComputerBrowserServiceoval:gov.nist.fdcc.xp:def:211 CCE-2950-4CCE-800HThe startup type of the Fast User Switching service should be correct. 4Fast User Swithcing Compatibility Disabled (CID:729)4.1.6 Fax Service?Fast User SwitchingCompatibility Table: 8.17 Value: not defined%FastUserSwitchingCompatibilityServiceoval:gov.nist.fdcc.xp:def:2121 CCE-2849-8CCE-788The startup type of the Fax service should be correct. &Fax Servce Table: 8.18 Value: disabled FaxServiceoval:gov.nist.1:def:212oval:gov.nist.fdcc.xp:def:212 CCE-2888-6CCE-712CThe startup type of the FTP Publishing service should be correct. 4.1.7 FTP Publishing Service2FTP Publishing Service Table: 8.19 Value: disabledFTPPublishingServiceoval:gov.nist.1:def:213oval:gov.nist.fdcc.xp:def:213 CCE-3016-3CCE-311>The startup type of the IIS Admin service should be correct. <Internet Information System Installed - IIS Admin (CIS:4066)4.1.8 IIS Admin Service-IIS Admin service Table: 8.22 Value: disabledIISAdminServiceoval:gov.nist.1:def:214 CCE-2910-8CCE-738=The startup type of the Indexing service should be correct. 4.1.9 Indexing Service,Indexing Service Table: 8.24 Value: disabledIndexingServiceoval:gov.nist.1:def:215oval:gov.nist.fdcc.xp:def:215 CCE-2915-7CCE-729>The startup type of the Messenger service should be correct. ,Windows Messenger Internet Access (CIS:4036)4.1.10 Messenger-Messenger service Table: 8.30 Value: disabledMessengerServiceoval:gov.nist.1:def:216(Do-not-allow-Windows-Messenger-to-be-runoval:gov.nist.fdcc.xp:def:6601 CCE-2053-7CCE-650CThe startup type of the .NET Framework service should be correct. !.NET Framework service (CIS:4035) CCE-2071-9CCE-408>The startup type of the Net Logon service should be correct. 4.1.11 Net Logon0Net Logon service Table: 8.32 Value: not defined CCE-2896-9CCE-232VThe startup type of the NetMeeting Remote Desktop Sharing service should be correct. 4NetMeeting Romote Desktop Sharing Disabled (CIS:730)(4.1.12 NetMeeting Remote Desktop Sharing>Net meeting Remote Desktop Sharing Table: 8.33 Value: disabled%NetMeetingRemoteDesktopSharingServiceoval:gov.nist.1:def:217disable_remote_desktop_sharingoval:gov.nist.fdcc.xp:def:6595 CCE-2280-6CCE-857LThe startup type of the Print Services for Unix service should be correct. *Print Services for Unix Service (CIS:4031) CCE-2940-5CCE-267ZThe startup type of the Remote Access Auto connection Manager service should be correct. 8Remote Access Auto Connection Manager Disabled (CIS:731)DRemote Access Auto Connection Manager Table: 8.45 Value: not defined CCE-2255-8CCE-663XThe startup type of the Remote Desktop Help Session Manager service should be correct. 6Remote Desktop Help Session Manager Disabled (CIS:732)*4.1.13 Remote Desktop Help Session Manager?Remote Desktop Help Session Manager Table: 8.47 Value: disabled&RemoteDesktopHelpSessionManagerServiceoval:gov.nist.1:def:218 CCE-3026-2CCE-672PThe startup type of the Internet Connection Sharing service should be correct. `Internet ConnectionFirewall (ICF)/InternetConnection Sharing(ICS) Table: 8.26 Value: not defined$prohibit_internet_connection_sharing!oval:gov.nist.fdcc.xp:def:3366993 CCE-3030-4CCE-73DThe startup type of the Remote Registry service should be correct. 4.1.14 Remote Registry Service7Remote Registery service Table: 8.50 Value: not defined CCE-3035-3CCE-223NThe startup type of the Routing and Remote Access service should be correct. ,Routing and Remote Access Disabled (CIS:733) 4.1.15 Routing and Remote Access=Routing and Remote Access service Table: 8.52 Value: disabledRoutingAndRemoteAccessServiceoval:gov.nist.1:def:219oval:gov.nist.fdcc.xp:def:219 CCE-2427-3CCE-522AThe startup type of the Remote Shell service should be correct. Remote Shell Service (CIS:24) CCE-2449-7CCE-531BThe startup type of the Simple TCP/IP service should be correct. Simple TCP/IP Service (CIS:25) CCE-2233-5CCE-870ZThe startup type of the Simple Mail Transport Protocol (SMTP) service should be correct. +4.1.16 Simple Mail Transfer Protocol (SMTP)?Simple Mail TransferProtocol (SMTP) Table: 8.59 Value: disabled SMTPServiceoval:gov.nist.1:def:220 CCE-2779-7CCE-975AThe startup type of the SNMP Service service should be correct. CManagement and Monitoring Tools Installed - SNMP Service (CIS:4071)84.1.17 Simple Network Management Protocol (SNMP) ServiceKSimple NetworkManagement Protocol(SNMP) Service Table: 8.60 Value: disabled SNMPServiceoval:gov.nist.1:def:221 CCE-2520-5CCE-892FThe startup type of the SNMP Trap Service service should be correct. @Management and Monitoring Tools Installed - SNMP Trap (CIS:4072)54.1.18 Simple Network Management Protocol (SNMP) TrapHSimple NetworkManagement Protocol(SNMP) Trap Table: 8.61 Value: disabledSNMPTrapoval:gov.nist.1:def:222 CCE-2661-7CCE-940CThe startup type of the SSDP Discovery service should be correct. )SSDP Discovery Service Disabled (CIS:734)SSimple ServiceDiscovery Protocol(SSDP) DiscoveryService Table: 8.62 Value: disabled SSDPServiceoval:gov.nist.1:def:223oval:gov.nist.fdcc.xp:def:223 CCE-2934-8CCE-40CThe startup type of the Task Scheduler service should be correct. Task Scheduler Check (CIS:28)4.1.19 Task Scheduler2Task Scheduler service Table: 8.65 Value: disabledTaskSchedulerServiceoval:gov.nist.1:def:224oval:gov.nist.fdcc.xp:def:224 CCE-2326-7CCE-75;The startup type of the Telnet service should be correct. 23 - Telnet Disabled (CIS:23) 4.1.20 Telnet*Telnet service Table: 8.68 Value: disabled TelnetServiceoval:gov.nist.1:def:225oval:gov.nist.fdcc.xp:def:225 CCE-3043-7CCE-974FThe startup type of the Terminal Services service should be correct. $Terminal Services Disabled (CIS:735)4.1.21 Terminal Services5Terminal Services service Table: 8.69 Valu< e: disabledTerminalServicesServiceoval:gov.nist.1:def:226oval:gov.nist.fdcc.xp:def:226 CCE-3048-6CCE-608_The startup type of the Universal Plug and Play Device Host (UPnP) service should be correct. *4.1.22 Universal Plug and Play Device HostKUniversal Plug and Play Device Host Disabled Table: 8.73 Value: Not defined%UniversalPlugAndPlayDeviceHostServiceoval:gov.nist.1:def:227oval:gov.nist.fdcc.xp:def:227 CCE-2942-1CCE-758NThe startup type of the World Wide Web Publishing service should be correct. KInternet Information Sytem Installed - World Wide Web Publishing (CIS:4067))4.1.23 World Wide Web Publishing Services? World Wide Web Publishing Services Table: 8.85 Value: DisabledWWWPublishingServicesServiceoval:gov.nist.1:def:228oval:gov.nist.fdcc.xp:def:228 CCE-2076-8CCE-669MThe correct service permissions for the Alerter service should be assigned. 4.1 Available Services (Permissions on services listed here: Administrators: Full Control; System: Read, Start, Stop, and Pause) CCE-2626-0CCE-889WThe correct service permissions for the Automatic Updates service should be assigned. CCE-3022-1CCE-61eThe correct service permissions for the Background Intelligent Transfer service should be assigned. CCE-2815-9CCE-476NThe correct service permissions for the ClipBook service should be assigned. CCE-2568-4CCE-643VThe correct service permissions for the Computer Browser service should be assigned. CCE-3071-8CCE-87IThe correct service permissions for the Fax service should be assigned. CCE-2969-4CCE-968QThe correct service permissions for the File Shares service should be assigned. File Shares (CIS:230) CCE-3057-7CCE-4TThe correct service permissions for the FTP Publishing service should be assigned. CCE-2563-5CCE-792OThe correct service permissions for the IIS Admin service should be assigned. CCE-2836-5CCE-444NThe correct service permissions for the Indexing service should be assigned. CCE-2480-2CCE-79OThe correct service permissions for the Messenger service should be assigned. CCE-2502-3CCE-497OThe correct service permissions for the Net Logon service should be assigned. CCE-2119-6CCE-21PThe correct service permissions for the NetMeeting service should be assigned. CCE-2976-9CCE-109MThe correct service permissions for the Printer service should be assigned. Printer ACL (CIS:229)4Print Spooler service Table: 8.42 Value: not defined CCE-2990-0CCE-915iThe correct service permissions for the Remote Desktop Help Session Manager service should be assigned. CCE-3021-3CCE-219UThe correct service permissions for the Remote Registry service should be assigned. CCE-2141-0CCE-779_The correct service permissions for the Routing and Remote Access service should be assigned. CCE-2773-0CCE-426JThe correct service permissions for the SMTP service should be assigned. CCE-2941-3CCE-56JThe correct service permissions for the SNMP service should be assigned. CCE-2945-4CCE-521OThe correct service permissions for the SNMP Trap service should be assigned. CCE-3077-5CCE-407TThe correct service permissions for the Task Scheduler service should be assigned. CCE-3108-8CCE-944LThe correct service permissions for the Telnet service should be assigned. CCE-3130-2CCE-605WThe correct service permissions for the Terminal Services service should be assigned. CCE-3029-6CCE-869]The correct service permissions for the Universal Plug and Play service should be assigned. 4Plug and Play service Table: 8.40 Value: not defined CCE-3051-0CCE-143TThe correct service permissions for the WWW Publishing service should be assigned. CCE-2804-3CCE-195sThe behavior surrounding Anonymous users' abiliity to display lists of SAM accounts and shares should be correct. (1) restricted/unrestricted!Restrict Anonymous value (CIS:97)VNetwork access: Do not allow anonymous enumeration of SAM accounts and shares: EnabledS3.1.3 Network Access: Do not allow Anonymous Enumeration of SAM Accounts and ShareseNetwork access: Do notallow anonymousenumeration of SAMaccounts and shares Table: 5.45 Value: enabled'AnonymousEnumerationOfAccountsAndSharesoval:gov.nist.1:def:88oval:gov.nist.fdcc.xp:def:88 CCE-2147-7CCE-318fThe behavior surrounding Anonymous users' abiliity to display lists of SAM accounts should be correct.KNetwork access: Do not allow anonymous enumeration of SAM accounts: EnabledH3.1.2 Network Access: Do not allow Anonymous Enumeration of SAM AccountsZNetwork access: Do notallow anonymousenumeration of SAMaccounts Table: 5.44 Value: enabledAnonymousEnumerationOfAccountsoval:gov.nist.1:def:87oval:gov.nist.fdcc.xp:def:87 CCE-2973-6CCE-953LThe behavior surrounding Anonymous SID/Name translation should be correct. >Network access: Allow anonymous SID/Name translation: Disabled:3.1.1 Network Access: Allow Anonymous SID/Name TranslationNNetwork access: Allowanonymous SID/Nametranslation Table: 5.43 Value: disabledanonymous_sid_name_translationoval:gov.nist.fdcc.xp:def:77 CCE-3119-5CCE-983UThe "Anonymous access to the application event log" policy should be set correctly. 'Anon Access to Application log (CIS:78) CCE-2890-2CCE-142PThe "Anonymous access to the system event log" policy should be set correctly. $Anon Access to Security log (CIS:79) CCE-2643-5CCE-653RThe "Anonymous access to the security event log" policy should be set correctly. "Anon Access to System log (CIS:77) CCE-3040-3CCE-332OUse of the built-in Guest account should be enabled or disabled as appropriate.Guest Account Disabled (CIS:29)(Accounts: Guest account status: Disabled&3.2.1.2 Accounts: Guest Account Status8Accounts: Guestaccount status Table: 5.2 Value: disabledGuestAccountStatusoval:gov.nist.1:def:243oval:gov.nist.fdcc.xp:def:243 CCE-2943-9CCE-499YUse of the built-in Administrator account should be enabled or disabled as appropriate. /Accounts: Administrator account status: Enabled.3.2.1.1 Accounts: Administrator Account Status?Accounts: Administratoraccount status Table: 5.1 Value: enabledAdministratorAccountStatusoval:gov.nist.1:def:242 CCE-2573-4CCE-23TThe "Message title for users attempting to log on" policy should be set correctly. ?Interactive logon: Message title for users attempting to log onH3.2.1.27 Interactive Logon: Message Title for Users Attempting to Log On_Interactive logon: Messagetitle for users attempting tolog on Table: 5.30 Value: LogonMessageTitleoval:gov.nist.1:def:71oval:gov.nist.fdcc.xp:def:71 CCE-2472-9CCE-829SThe "Message text for users attempting to log on" policy should be set correctly. SInteractive logon: Message test for users attempting to log on: G3.2.1.26 Interactive Logon: Message Text for Users Attempting to Log On^Interactive logon: Messagetext for users attempting tolog on Table: 5.29 Value: LogonMessageTextoval:gov.nist.1:def:70oval:gov.nist.fdcc.xp:def:70 CCE-3137-7CCE-512EAdministrative Shares should be enabled or disabled as appropriate. B3.2.2.9 Remove administrative shares on workstation (Professional)MMSS: (AutoShareWks)Enable AdministrativeShares Table: 5.72 Value: not defined CCE-3031-2CCE-243KAutomatic Execution of the System Debugger should be properly configured. ?CIS: Automatic Execution of the System Debugger value (CIS:749):3.2.2.2 Disable Automatic Execution of the System Debugger CCE-2776-3CCE-2830Automatic Logon should be properly configured. Admin Autologon password values not exist: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\DefaultPassword; Admin Autologon Value: HKEY_LOCAL_MACHINE\*\AutoAdminLogon (CIS:188, 189)Interactive logon: Allow Automatic Administator Logon - HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\AutoAdminLogon = 03.2.2.6 Disable Automatic LogonGMSS: (AutoAdminLogon)Enable Auto< matic Logon Table: 5.70 Value: disabledAutomaticLogonDisabledoval:gov.nist.1:def:110oval:gov.nist.fdcc.xp:def:110 CCE-2419-0CCE-137DAutomatic Reboot After System Crash should be properly configured. /CIS: Disable Reboot After Crash value (CID:755)>3.2.2.7 Disable automatic reboots after a Blue Screen of DeathjMSS: (AutoReboot) AllowWindows to automaticallyrestart after a system crash Table: 5.71 Value: not defined CCE-2710-2CCE-44<Autoplay on all Drive Types should be properly configured. Autoplay value (CID:103)F3.2.2.3 Disable autoplay from any disk type, regardless of applicationLMSS:(NoDriveTypeAutoRun)Disable Autorun for alldrives Table: 5.80 Value: 255DisableAutorunForAllDrivesoval:gov.nist.fdcc.xp:def:117 CCE-2154-3CCE-36:Autoplay for Current User should be properly configured. )3.2.2.4 Disable autoplay for current user CCE-2423-2CCE-820:Autoplay for Default User should be properly configured. @Disable Media Autoplay (HKEY_USER-.Default hive) Value (CID:752)03.2.2.5 Disable autoplay for the default profile CCE-2925-6CCE-344/CD-ROM Autorun should be properly configured. \3.2.2.8 Disable CD Autorun: HKLM\System\CurrentControlSet\Services\Cdrom\Autorun (REG_DWORD) CCE-3070-0CCE-282EComputer Browser ResetBrowser Frames should be properly configured. :3.2.2.10 Protect against Computer Browser Spoofing Attacks CCE-2824-1CCE-150/ICMP Redirects should be properly configured. 43.2.2.13 Ensure ICMP Routing via shortest path firsthMSS:(EnableICMPRedirect)Allow ICMP redirects tooverride OSPF generatedroutes Table: 5.76 Value: disabledAllowICMPRedirectsDisabledoval:gov.nist.1:def:113oval:gov.nist.fdcc.xp:def:113 CCE-3132-8CCE-5642IP Source Routing should be properly configured. 03.2.2.11 Protect against source-routing spoofingMSS:(DisableIPSourceRouting)IP source routing protectionlevel Table: 5.73 Value: Highestprotection,source routingis completelydisabledIPSourceRoutingProtectionLeveloval:gov.nist.1:def:111oval:gov.nist.fdcc.xp:def:111 CCE-2652-6CCE-952%IRDP should be properly configured. ,3.2.2.17 Ensure Router Discovery is DisabledpMSS:(PerformRouterDiscovery)Allow IRDP to detect andconfigure DefaultGatewayaddresses Table: 5.83 Value: enabledRouterDiscoveryoval:gov.nist.1:def:121oval:gov.nist.fdcc.xp:def:121 CCE-3044-5CCE-501MKerberos and RSVP Traffic Protected by IPSec should be properly configured. DCIS: Enable IPSec secuiryt for Kerberos RSVP Traffic value (CID:758)63.2.2.21 Enable IPSec to protect Kerberos RSVP Traffic~MSS: (NoDefaultExempt)Enable NoDefaultExemptfor IPSec Filtering Table: 5.79 Value: Multicast, broadcast, and ISAKMP are exempt NoDefaultExemptForIPSecFilteringoval:gov.nist.1:def:116oval:gov.nist.fdcc.xp:def:116 CCE-3066-8CCE-5367Dr. Watson Crash Dumps should be properly configured. 1CIS: Allow Dr. Watson Crash Dumps value (CID:746)'3.2.2.1 Suppress Dr. Watson Crash Dumpsoval:gov.nist.1:def:117 CCE-2930-6CCE-65GDisplay Last User Name in Logon Screen should be properly configured. 9Interactive logon: Do no display last user name - Enabled93.2.1.24 Interactive Logon: Do Not Display Last User NameJInteractive logon: Do notdisplay last user name Table: 5.27 Value: enabled LastUserNameNotDisplayedForLogonoval:gov.nist.1:def:68oval:gov.nist.fdcc.xp:def:68 CCE-2952-0CCE-139FSystem availability to Master Browser should be properly configured. ECIS: Hide computer Name from other domain controllers value (CID:761)3.2.2.22 Hide workstation from Network Browser listing: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Lanmanserver\Parameters\HiddenIMSS: (Hidden) HideComputer From the BrowseList Table: 5.77 Value: enabledHideFromBrowseListoval:gov.nist.1:def:114oval:gov.nist.fdcc.xp:def:114 CCE-2718-5CCE-897>TCP/IP Dead Gateway Detection should be properly configured. 3.2.2.12 Protect the Default Gateway network setting: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\EnableDeadGWDetecteMSS:(EnableDeadGWDetect)Allow automatic detectionof dead network gateways Table: 5.75 Value: disabledAutomaticDetectionOfDeadGWsoval:gov.nist.1:def:112oval:gov.nist.fdcc.xp:def:112 CCE-2559-3CCE-1885The TCP/IP KeepAlive Time should be set correctly . u3.2.2.15 Manage Keep-alive times: HKEY_LOCAL_MACHINE\System\CurrentControlSEt\Services\Tcpip\Parameters\KeepAliveTimepMSS: (KeepAliveTime)How often keep-alivepackets are sent inmilliseconds Table: 5.78 Value: 300,000ms (5 minutes) KeepAliveTimeoval:gov.nist.1:def:115oval:gov.nist.fdcc.xp:def:115 CCE-2453-9CCE-333TThe permitted number of TCP/IP Maximum Half-open Sockets should be set correctly . 3.2.2.19 SYN Attack protection  Manage TCP Maximum half-open sockets: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\TcpMaxHalfOpen CCE-3114-6CCE-751\The permitted number of TCP/IP Maximum Retried Half-open Sockets should be set correctly . 3.2.2.20 SYN Attack protection  Manage TCP Maximum half-open retired sockets: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\TcpMaxHalfOpenRetried CCE-3118-7CCE-817QTCP/IP NetBIOS Name Release on Request Prevented should be properly configured. 3.2.2.16 Protect Against Malicious Name-Release Attacks: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netbt\Parameters\NoNameReleaseOnDemandMSS:(NoNameReleaseOnDemand) Allow the computer toignore NetBIOS namerelease requests exceptfrom WINS servers Table: 5.81 Value: enabledNameReleaseRequestsoval:gov.nist.1:def:118oval:gov.nist.fdcc.xp:def:118 CCE-3017-1CCE-9986TCP/IP PMTU Discovery should be properly configured. 3.2.2.14 Help protect against packet fragmentation: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\EnablePMTUDiscoveryEnablePMTUDiscoveryoval:gov.nist.fdcc.xp:def:407 CCE-2916-5CCE-284CTCP/IP SYN Flood Attack Protection should be properly configured. 3.2.2.18 Protect against SYN Flood attacks: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\SynAttackProtect|MSS: (SynAttackProtect) Syn attact protection level Table: 5.86 Value: Connections time out sooner if attack is detected (1)SynAttackProtectionLeveloval:gov.nist.1:def:124oval:gov.nist.fdcc.xp:def:124 CCE-3061-9CCE-125ASecurity Audit log warning level should be properly configured. MSS: (WarningLevel) Percentage threshold for the security event log at which the system will generate a warning Table: 5.89 Value: 90EventLogThresholdWarningoval:gov.nist.1:def:127oval:gov.nist.fdcc.xp:def:127 CCE-2444-8CCE-156DDisable saving of dial-up passwords should be properly configured. ,Disable saving of dial up password (CID:105)dMSS:(DisableSavePassword)Prevent the dial-uppassword from being saved Table: 5.74 Value: not defined CCE-2841-5CCE-2715Safe DLL Search Mode should be properly configured. $Safe DLL Search Mode value (CID:774)-System objects: Set safe search path for DLLs{3.2.2.23 Enable Safe DLL Search Mode: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\SafeDllSearchModeMMSS: (SafeDllSearchMode)Enable Safe DLL searchmode Table: 5.84 value: enabledSafeDLLSearchModeoval:gov.nist.1:def:122oval:gov.nist.fdcc.xp:def:122 CCE-3092-4CCE-707ZAlways Wait for the Network at Computer Startup and Logon should be properly configured. CAlways Wait for the Network at Computer Startup and Logon (CID:927) CCE-3013-0CCE-213NThe "Delete Cached Copies of Roaming Profiles" policy should be set correctly.Cached Profiles value (CID:93) CCE-3100-5CCE-2312Use Classic Logon should be properly configured. "Always Use Classic Logon (C< ID:924)Always-Use-Classic-Logonoval:gov.nist.fdcc.xp:def:6686 CCE-2893-6CCE-50CBackground Refresh of Group Policy should be properly configured. 5Turn Off Background Refresh of Group Policy (CID:930) CCE-2774-8CCE-81JShow Shared Internet Connection Access UI should be properly configured. %Internet Connection Sharing (CID:942) CCE-2173-3CCE-896kInstallation and Configuration of Network Bridge on the DNS Domain Network should be properly configured. ]Prohibit Installation and Configuration of Network Bridge on the DNS Domain Network (CID:945)$prohibit_installation_network_bridge!oval:gov.nist.fdcc.xp:def:3366991 CCE-3087-4CCE-574\Disallow Installation of Printers Using Kernel-mode Drivers should be properly configured. EDisallow Installation of Printers Using Kernel-mode Drivers (CID:948) CCE-2968-6CCE-257PThe "Allow Server Operators to Schedule Tasks" policy should be set correctly. HDomain controller: Allow server operators to schedule tasks: Not DefinedD3.2.1.15 Domain Controller: Allow Server Operators to Schedule TasksZDomain controller: Allow server operators to schedule tasks Table: 5.17 Value: not defined#AllowServerOperatorsToScheduleTasks oval:gov.nist.fdcc.xp:def:608240 CCE-3135-1CCE-438?The built-in Administrator account should be correctly named. &Administrator Account Renamed (CID:30)5Accounts: Rename administrator account: Administrator.3.2.1.4 Accounts: Rename Administrator AccountDAccounts: Rename administrator account Table: 5.4 Value: not definedRenameAdministratoroval:gov.nist.fdcc.xp:def:6022 CCE-3025-4CCE-8347The built-in Guest account should be correctly named. Guest Account Renamed (CID:31)3Accounts: Rename guest account: &3.2.1.5 Accounts: Rename Guest Account<Accounts: Rename guest account Table: 5.5 Value: not defined RenameGuestoval:gov.nist.fdcc.xp:def:6023 CCE-3157-5CCE-222ZThe amount of idle time required before disconnecting a session should be set correctly. 8Amount of idle time before disconnecting value (CID:213)PMicrosoft network server: Amount of idle time required before suspending session\3.2.1.35 Microsoft Network Server: Amount of Idle Time Required Before Disconnecting SessionkMicrosoft network server:Amount of idle timerequired before suspendingsession Table: 5.39 Value: 15 minutesSessionTimeoutoval:gov.nist.1:def:83session_timeoutoval:gov.nist.fdcc.xp:def:83 CCE-3162-5CCE-2QThe "Audit the access of global system objects" policy should be set correctly. =Audit: Audit the access of global system objects: Not Defined83.2.1.6 Audit: Audit the access of global system objectsKAudit: Audit the access of global system objects Table: 5.6 Value: disabledAuditAccessToGlobalObjectsoval:gov.nist.1:def:45oval:gov.nist.fdcc.xp:def:45 CCE-2955-3CCE-905UThe "Audit the use of backup and restore privilege" policy should be set correctly. AAudit: Audit the use of Backup and Restore privilege: Not Defined<3.2.1.7 Audit: Audit the use of backup and restore privilegeOAudit: Audit the use of backup and restore privilege Table: 5.7 Value: disabled&AuditBackupAndRestorePrivilegeDisabledoval:gov.nist.1:def:52AuditBackupAndRestorePrivilegeoval:gov.nist.fdcc.xp:def:52 CCE-2891-0CCE-133UThe "Disable CTRL+ALT+Delete Requirement for Logon" policy should be set correctly. 8Interactive logon: Do not require CTRL+ALT+DEL: Disabled73.2.1.25 Interactive Logon: Do not require CTRL+ALT+DELHInteractive logon: Do notrequire CTRL+ALT+DEL Table: 5.28 Value: diabledRequireCTRL_ALT_DELoval:gov.nist.1:def:69oval:gov.nist.fdcc.xp:def:69 CCE-2926-4CCE-719HThe "LAN Manager Authentication Level" policy should be set correctly. LMCompatibility Value (CID:123)nNetwork security: LAN Manager authentication level: Send LM & NTLM - use NTLMv2 session security if negotiated;3.2.1.47 Network Security: LAN Manager Authentication LevelNetwork security: LANManager authenticationlevel Table: 5.55 Value: Send NTLMv2responseonly\refuse LM& NTLM or Send NTLMv2 response only\refuse LMGLANManagerAuthenticationRefuseLM, LANManagerAuthenticationRefuseLM_NTLM.oval:gov.nist.1:def:97, oval:gov.nist.1:def:96+LANManagerAuthenticationLevel-RefuseLM_NTLMoval:gov.nist.fdcc.xp:def:96 CCE-2789-6CCE-402UThe "Prevent Users from Installing Printer Drivers" policy should be set correctly. (Print Driver Installation value (CID:99)?Devices: Prevent users from installing printer drivers: Enabled?3.2.1.11 Devices: Prevent users from installing printer drivers\Devices: Prevent users from installing priter drivers Table: 5.13 Value: enabled or disabled(PreventUsersFromInstallingPrinterDriversoval:gov.nist.1:def:56oval:gov.nist.fdcc.xp:def:56 CCE-2935-5CCE-410^The "Recovery Console: Allow Automatic Administrative Logon" policy should be set correctly. *Recovery Console Autologon value (CID:117)@Recovery console: Allow automatic administrative logon: Disabled?3.2.1.51 Recovery Console: Allow Automatic Administrative LogonPRecovery console: Allowautomatic administrativelogon Table: 5.59 Value: disabledRecoveryConsoleAutoLogonoval:gov.nist.1:def:101oval:gov.nist.fdcc.xp:def:101 CCE-2957-9CCE-76tThe "Recovery Console: Allow Floppy Copy and Access to All Drives and All Folders" policy should be set correctly. ,Recovery Console Full Access Value (CID:119)VRecovery console: Allow floppy copy and access to all drives and all folders: DisabledU3.2.1.52 Recovery Console: Allow Floppy Copy and Access to All Drives and All FoldersfRecovery console: Allowfloppy copy and access toall drives and all folders Table: 5.60 Value: disabledRecoveryConsoleFullSystemAccessoval:gov.nist.1:def:102oval:gov.nist.fdcc.xp:def:102 CCE-2974-4CCE-565]The "Restrict CD-ROM Access to Locally Logged-On User Only" policy should be set correctly. GDevices: Restrict CD-ROM access to locally logged-on user only: EnabledG3.2.1.12 Devices: Restrict CD-ROM Access to Locally Logged-On User OnlyZDevices: Restrict CD-ROM access to locally logged-on user only Table: 5.14 Value: disabledRestrictCDROMAccessoval:gov.nist.fdcc.xp:def:58 CCE-2873-8CCE-463]The "Restrict Floppy Access to Locally Logged-On User Only" policy should be set correctly. Floppy Allocation (CID:89)GDevices: Restrict floppy access to locally logged-on user only: EnabledG3.2.1.13 Devices: Restrict Floppy Access to Locally Logged-On User OnlyZDevices: Restrict floppy access to locally logged-on user only Table: 5.15 Value: disabledRestrictFloppyAccessDisabledoval:gov.nist.1:def:59RestrictFloppyAccessoval:gov.nist.fdcc.xp:def:59 CCE-3005-6CCE-508_The "Strengthen Default Permissions of Global System Objects" policy should be set correctly. +Strength permissions on GSO value (CID:204)hSystem objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links): EnabledR3.2.1.58 System objects: Strengthen default permissions of internal system objectswSystem objects: Strengthendefault permissions ofinternal system objects(e.g. Symbolic Links) Table: 5.67 Value: enabled InternalSystemObjectsPermissionsoval:gov.nist.1:def:109oval:gov.nist.fdcc.xp:def:109 CCE-3151-8CCE-417jThe "Secure Channel: Require Strong (Windows 2000 or later) Session Key" policy should be set correctly. QDomain member: Require strong (Windows 2000 or later) session key value (CID:770)JDomain member: Require strong (Windows 2000 or later) session key: EnabledJ3.2.1.23 Domain Member: Require Strong (Windows 2000 or later) Session KeyZDomain member: Requirestrong (Windows 2000 orlater) session key Table: 5.25 Value: enabledRequireStrongSessionKeyoval:gov.nist.1:def:66require_strong_session_keyoval:gov.nist.fdcc.xp:def:66 CCE-3049-4CCE-228gThe "Send Unencrypted Password to Connect to Third-Party SMB Servers" policy should be set correctly. :Send unencrypted password to 3rd party SMB value (CID:207)NMicrosoft network client: Send unencrypted password to third-party SMB servers< a3.2.1.34 Microsoft Network Client: Send Unencrypted Password to Connect to Third-Party SMB ServergMicrosoft network client:Send unencryptedpassword to third-partySMB servers Table: 5.38 Value: disabledUnencryptedSMBPasswordsoval:gov.nist.1:def:82unencrypted_smb_passwordsoval:gov.nist.fdcc.xp:def:82 CCE-3085-8CCE-413MThe "Unsigned Driver Installation Behavior" policy should be set correctly. (Unsigned Driver Behavior Value (CID:127)KDevices: Unsigned driver installation behavior: Warn but allow installation73.2.1.14 Devices: Unsigned Driver Installation Behavior]Devices: Unsigned driver installation behavior Table: 5.16 Value: warn but allow isntallation!UnsignedDriverInstallationWarningoval:gov.nist.1:def:60"UnsignedDriverInstallationBehavioroval:gov.nist.fdcc.xp:def:60 CCE-2701-1CCE-814ZThe "Users Prompted to Change Password Before Expiration" policy should be set correctly. #Password Expiration value (CID:199)LInteractive logon: Prompt user to change password before expiration: 14 daysL3.2.1.29 Interactive Logon: Prompt User to Change Password Before Expiration\Interactive logon: Promptuser to change passwordbefore expiration Table: 5.32 Value: 14 daysPasswordExpirationPromptoval:gov.nist.1:def:74password_expiration_promptoval:gov.nist.fdcc.xp:def:74 CCE-2851-4CCE-92eThe "Shut Down system immediately if unable to log security audits" policy should be set correctly. #Crash on audit fail Value (CID:121)NAudit: Shut down system immediately if unable to log security audits: DisabledL3.2.1.8 Audit: Shut Down system immediately if unable to log security alertsbAudit: Shut down system immediately if unable to log security audits Table: 5.8 Value: not defined#ShutDownIfUnableToLogSecurityAuditsoval:gov.nist.fdcc.xp:def:6027 CCE-2983-5CCE-224]The "Allow System to be Shut Down Without Having to Log On" policy should be set correctly. %Shutdown before logon Check (CID:217)HShutdown: Allow system to be shut down without having to log on: EnabledH3.2.1.53 Shutdown: Allow System to be Shut Down Without Having to Log OnYShutdown: Allow system tobe shut down withouthaving to log on Table: 5.61 Value: disabledShutdownWithoutLogonoval:gov.nist.1:def:103shutdown_without_logonoval:gov.nist.fdcc.xp:def:103 CCE-3128-6CCE-422QThe "Clear Virtual Memory Pagefile at shutdown" policy should be set correctly. Clear Pagefile value (CID:101)1Shutdown: Clear virtual memory pagefile: Disabled03.2.1.54 Shutdown: Clear Virtual Memory PagefileAShutdown: Clear virtualmemory pagefile Table: 5.62 Value: enabledClearPagefileOnShutdownoval:gov.nist.1:def:104oval:gov.nist.fdcc.xp:def:104 CCE-3027-0CCE-576TThe "Digitally Sign Client Communication (Always)" policy should be set correctly. @Microsoft network client: Digitally sign communications (always)I3.2.1.32 Microsoft Network Client: Digitally sign communications (always)YMicrosoft network client:Digitally signcommunications (always) Table: 5.36 Value: enabledClientAlwaysSignCommunicationsoval:gov.nist.1:def:79!client_always_sign_communicationsoval:gov.nist.fdcc.xp:def:79 CCE-2802-7CCE-519[The "Digitally Sign Client Communication (When Possible)" policy should be set correctly. )Enable Security Signature Value (CID:113)JMicrosoft network client: Digitally sign communications (if server agrees)S3.2.1.33 Microsoft Network Client: Digitally sign communications (if server agrees)bMicrosoft network client:Digitally signcommunications (if serveragrees) Table: 5.37 Value: enabled SignCommunicationsIfServerAgreesoval:gov.nist.1:def:81oval:gov.nist.fdcc.xp:def:81 CCE-3053-6CCE-171TThe "Digitally Sign Server Communication (Always)" policy should be set correctly. @Microsoft network server: Digitally sign communications (always)I3.2.1.36 Microsoft Network Server: Digitally sign communications (always)YMicrosoft network server:Digitally signcommunications (always) Table: 5.40 Value: enabledServerAlwaysSignCommunicationsoval:gov.nist.1:def:84!server_always_sign_communicationsoval:gov.nist.fdcc.xp:def:84 CCE-2688-0CCE-104[The "Digitally Sign Server Communication (When Possible)" policy should be set correctly. SMicrosoft network server: Digitally sign communications (if client agrees): EnabledS3.2.1.37 Microsoft Network Server: Digitally sign communications (if client agrees)bMicrosoft network server:Digitally signcommunications (if clientagrees) Table: 5.41 Value: enabled SignCommunicationsIfClientAgreesoval:gov.nist.1:def:85oval:gov.nist.fdcc.xp:def:85 CCE-3106-2CCE-773JThe "Number of Previous Logons to Cache" policy should be set correctly. Logon Caching value (CID:91)lInteractive logon: Number of previous logons to cache (in case domain controller is not available): 0 logons>3.2.1.28 Interactive Logon: Number of Previous Logons to CacheInteractive logon: Numberof previous logons to cache(in case domain controlleris not available) Table: 5.31 Value: 0 logons or 2 logonsPreviousLogonsCachedoval:gov.nist.1:def:72previous_logons_cachedoval:gov.nist.fdcc.xp:def:72 CCE-3111-2CCE-919XThe "Allowed to Format and Eject Removable NTFS Media" policy should be set correctly. $NTFS Media Ejection value (CID:2010)DDevices: Allowed to format and eject removable media: Administrators=3.2.1.10 Devices: Allowed to format and eject removable mediaDevices: Allowed to format and eject removeable media Table: 5.12 Value: Administrators or Administrators and interactive usersiRestrictAccessToFormatAndEjectRemovableMediaAdministrators, RestrictAccessToFormatAndEjectRemovableMedia/oval:gov.nist.1:def:43, oval:gov.nist.1:def:44 CCE-3097-3CCE-549nThe "Secure Channel: Digitally Encrypt or Sign Secure Channel Data (Always)" policy should be set correctly. FDigitally encrypt or sign secure channel data (always) value (CID:743)RDomain member: Digitally encrypt or sign secure channel data (always): Not DefinedN3.2.1.18 Domain Member: Digitally Encrypt or Sign Secure Channel Data (Always)^Domain member: Digitallyencrypt or sign securechannel data (always) Table: 5.20 Value: enabled'AlwaysDigitallyEncryptSecureChannelDataoval:gov.nist.1:def:61,always_digitally_encrypt_secure_channel_dataoval:gov.nist.fdcc.xp:def:61 CCE-2996-7CCE-161mThe "Secure Channel: Digitally Encrypt Secure Channel Data (When Possible)" policy should be set correctly. +Sign Secure Channel Traffic Value (CID:109)MDomain member: Digitally encrypt secure channel data (when possible): EnabledM3.2.1.19 Domain Member: Digitally Encrypt Secure Channel Data (When Possible)]Domain member: Digitallyencrypt secure channeldata (when possible) Table: 5.21 Value: enabled-WhenPossibleDigitallyEncryptSecureChannelDataoval:gov.nist.1:def:62oval:gov.nist.fdcc.xp:def:62 CCE-3000-7CCE-918jThe "Secure Channel: Digitally Sign Secure Channel Data (When Possible)" policy should be set correctly. +Sign Secure Channel Traffic Value (CID:107)JDomain member: Digitally sign secure channel data (when possible): EnabledJ3.2.1.20 Domain Member: Digitally Sign Secure Channel Data (When Possible)ZDomain member: Digitallysign secure channel data(when possible) Table: 5.22 Value: enabled*WhenPossibleDigitallySignSecureChannelDataoval:gov.nist.1:def:63oval:gov.nist.fdcc.xp:def:63 CCE-3133-6CCE-443CThe "Smart Card Removal Behavior" policy should be set correctly. +Smart Card Removal Behavior Value (CID:125)@Interactive logon: Smart card removal behavior: Lock Workstation73.2.1.31 Interactive Logon: Smart Card Removal BehaviorRInteractive logon: Smart card removal behavior Table: 5.35 Value: lock workstationSmartCardRemovaloval:gov.nist.1:def:78smart_card_removaloval:gov.nist.fdcc.xp:def:78 CCE-2313-5CCE-831_The "Prevent System Maintenance of Computer Account Password" policy should be set correctly. 'Disable password change Value (CID:111)@Domain member: Disable machine account password changes:Disabled@3.2.1.21 Domain Member: Disable Machine Account Password Cha< ngesQDomain member: Disablemachine account passwordchanges Table: 5.23 Value: disabledMachineAccountPasswordChangesoval:gov.nist.1:def:64oval:gov.nist.fdcc.xp:def:64 CCE-3084-1CCE-55jThe "Use FIPS compliant algorithms for encryption, hashing, and signing" policy should be set correctly. LUse FIPS compliant algorithms for encryption, hashing, and signing (CID:804)`System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing: Enabled`3.2.1.55 System Cryptography: Use FIPS compliant algorithms for encryption, hashing, and signingnSystem cryptography: UseFIPS compliant algorithmsfor encryption, hashing,and signing Table: 5.64 Value enabledFIPSCompliantEncryptionoval:gov.nist.1:def:105oval:gov.nist.fdcc.xp:def:105 CCE-2842-3CCE-575pThe "Default owner for objects created by members of the Administrators group" policy should be set correctly. RDefault owner for objects created by members of the Administrators group (CID:807)hSystem objects: Default owner for objects created by members of the Administrators group: Object Creatora3.2.1.56 System objects: Default owner for objects created by members of the Administrators groupwSystem objects: Defaultowner for objects createdby members of theAdministrators group Table: 5.65 Value: Object creator%AdministratorsGroupObjectCreatorOwneroval:gov.nist.1:def:106oval:gov.nist.fdcc.xp:def:106 CCE-2987-6CCE-300]The "Require Case Insensitivity for Non-Windows Sybsystems" policy should be set correctly. NSystem Object: Require Case Insensitivity for Non-Windows Subsystems (CID:810)NSystem objects: Require case insensitivity for non-Windows subsystems: EnabledN3.2.1.57 System objects: Require case insensitivity for non-Windows subsystems_System objects: Requirecase insensitivity for non-Windows subsystems Table: 5.66 Value: enabledRequireCaseInsensitivityoval:gov.nist.1:def:107oval:gov.nist.fdcc.xp:def:107 CCE-2344-0CCE-533iThe "Limit local account user of blank passwords to console logon only" policy should be set correctly. %Limit Blank Passwords value (CID:764)TAccounts: Limit local account user of blank passwords to console logon only: EnabledR3.2.1.3 Accounts: Limit local account use of blank passwords to console logon onlydAccounts: Limit local account use of blank passwords to console logon only Table: 5.3 Value: enabledLimitBlankPasswordUseoval:gov.nist.1:def:42LimitBlankPasswordoval:gov.nist.fdcc.xp:def:42 CCE-3009-8CCE-186LThe "Allow undock without having to logon" policy should be set correctly. 8Devices: Allow undock without having to log on: Disabled63.2.1.9 Devices: Allow undock without having to log onIDevices: Allow undock without having to logon Table: 5.11 Value: disabledAllowUndockWithoutLoginDisabledoval:gov.nist.1:def:53AllowUndockWithoutLoginoval:gov.nist.fdcc.xp:def:53 CCE-2551-0CCE-710HThe "LDAP server signing requirements" policy should be set correctly. @Domain controller: LDAP server signing requirements: Not Defined<3.2.1.16 Domain Controller: LDAP Server Signing RequirementsQDomain controller: LDAP server signin requirements Table: 5.18 Value: not definedLDAPServerSigningRequirements oval:gov.nist.fdcc.xp:def:608241 CCE-2991-8CCE-732HThe "LDAP client signing requirements" policy should be set correctly. *LDAP client signing requirements (CID:795)2Network security: LDAP client signing requirements;3.2.1.48 Network Security: LDAP client signing requirementsVNetwork security: LDAPclient signing requirements Table: 5.56 Value: Negotiate signingLDAPClientSigningRequirementsoval:gov.nist.1:def:98oval:gov.nist.fdcc.xp:def:98 CCE-3123-7CCE-490NThe "Refuse machine account password change" policy should be set correctly. GDomain controller: Refuse machine account password changes: Not Defined`3.2.1.19(note: different enumeration) Domain Controller: Refuse machine account password changesYDomain controller: Refuse machine account password changes Table: 5.19 Value: not defined#RefuseMachineAccountPasswordChanges oval:gov.nist.fdcc.xp:def:608242 CCE-3018-9CCE-194LThe "Maximum machine account password age" policy should be set correctly. >Accounts: Maximum machine account password age value (CID:767);Domain member: Maximum machine account password age: 7 Days<3.2.1.22 Domain Member: Maximum Machine Account Password AgeKDomain member: Maximummachine account passwordage Table: 5.24 Value:30 days MaximumMachineAccountPasswordAgeoval:gov.nist.1:def:65$maximum_machine_account_password_ageoval:gov.nist.fdcc.xp:def:65 CCE-3172-4CCE-374fThe "Require Domain Controller authentication to unlock workstation" policy should be set correctly. FDomain Controller Authentication to Unlock Workstation Value (CID:777)ZInteractive logon: Require Domain Controller authentication to unlock workstation: EnabledZ3.2.1.30 Interactive Logon: Require Domain Controller authentication to unlock workstationuInteractive logon: RequireDomain Controllerauthentication to unlockworkstation Table: 5.33 Value: enabled or disabled&DomainControllerAuthenticationRequiredoval:gov.nist.1:def:75)domain_controller_authentication_requiredoval:gov.nist.fdcc.xp:def:75 CCE-2692-2CCE-278RThe "Disconnect clients when logon hours expire" policy should be set correctly. BAutomatically log off user when logon time expires value (CID:210)MMicrosoft network server: Disconnect clients when logon hours expire: EnabledM3.2.1.38 Microsoft Network Server: Disconnect clients when logon hours expire]Microsoft network server:Disconnect clients whenlogon hours expire Table: 5.42 Value: enabledLogonTimeExpirationoval:gov.nist.1:def:86oval:gov.nist.fdcc.xp:def:86 CCE-3088-2CCE-542]The "Do not allow storage of credentials or .NET Passports" policy should be set correctly. `Do not allow storage of credentials or .NET Passports for network authentication value (CID:780)NNetwork access: Do not allow storage of credentials or .NET Passports: Enabledi3.2.1.39 Network Access: Do not allow storage of credentials or .NET passports for network authenticationxNetwork access: Do notallow storage of credentialsor .NET Passports fornetwork authentication Table: 5.46 Value: enabledCredentialsStorageoval:gov.nist.1:def:89oval:gov.nist.fdcc.xp:def:89 CCE-3110-4CCE-18YThe "Let Everyone permissions apply to anonymous users" policy should be set correctly. ALet Everyone permissions apply to anonymous users Value (CID:783)KNetwork access: Let Everyone permissions apply to anonymous users: DisabledJ3.2.1.40 Network Access: Let Everyone permissions apply to anonymous users[Network access: LetEveryone permissionsapply to anonymous users Table: 5.47 Value: disabledAnonymousUsersPermissionsoval:gov.nist.1:def:90oval:gov.nist.fdcc.xp:def:90 CCE-3150-0CCE-136TThe "Named Pipes that can be accessed anonymously" policy should be set correctly. INetwork access: Named Pipes that can be accessed anonymously: Not DefinedE3.2.1.41 Network Access: Named pipes that can be accessed anonymouslyxNetwork access: NamedPipes that can be accessedanonymously Table: 5.48 Value: COMNAPCOMNODESQL\QUERYSPOOLSSLLSRPCbrowserAnonymouslyAccessedNamedPipesoval:gov.nist.1:def:91oval:gov.nist.fdcc.xp:def:91 CCE-3155-9CCE-189JThe "Remotely accessible registry paths" policy should be set correctly. dNetwork access: Remotely accessible registry paths: Classic - local users authenticate as themselves;3.2.1.42 Network Access: Remotely accessible registry paths9Network access: Remotelyaccessible registry paths Table: 5.49 Value: System\CurrentControlSet\Control\ProductOptions, System\CurrentControlSet\Control\Print\Printers,System\CurrentControlSet\Control\Server Applications, System\CurrentControlSet\Services\Eventlog,Software\Microsoft\OLAP Server, Software\Microsoft\Windows NT\CurrentVersion,System\CurrentControlSet\Control\ContentIndex, System\CurrentControlSet\Control\Terminal Server,System\CurrentControlSet\Control\Terminal Server\UserConfig, System\CurrentContr< olSet\Control\TerminalServer\DefaultUserConfigurationRemotelyAccessibleRegistryPathsoval:gov.nist.1:def:92oval:gov.nist.fdcc.xp:def:92 CCE-3036-1CCE-942OThe "Shares that can be accessed anonymously" policy should be set correctly. DNetwork access: Shares that can be accessed anonymously: Not Defined@3.2.1.43 Network Access: Shares that can be accessed anonymouslySNetwork access: Sharesthat can be accessedanonymously Table: 5.51 Value: COMCFGDFS$AnonymouslyAccessedSharesoval:gov.nist.1:def:93oval:gov.nist.fdcc.xp:def:93 CCE-3058-5CCE-343UThe "Sharing and security model for local accounts" policy should be set correctly. (1) Classic/Guest only=Sharing and security model for local accounts Value (CID:786)oNetwork access: Sharing and security model for local accounts: Classic - local users authenticate as themselvesF3.2.1.44 Network Access: Sharing and security model for local accountsNetwork access: Sharingand security model for localaccounts Table: 5.52 Value: Classic - local users authenticate as themselvesLocalAccountsSecurityModeloval:gov.nist.1:def:94oval:gov.nist.fdcc.xp:def:94 CCE-2993-4CCE-233cThe "Do not store LAN Manager hash value on next password change" policy should be set correctly. EDo not store LAN Manager hash value on next password change (CID:789)VNetwork security: Do not store LAN Manager hash value on next password change: Enabled_3.2.1.45 Network Security: Do not store LAN Manager password hash value on next password changefNetwork security: Do notstore LAN Manager hashvalue on next passwordchange Table: 5.53 Value: enabled`LANManagerHashStorageoval:gov.nist.1:def:95oval:gov.nist.fdcc.xp:def:95 CCE-3139-3CCE-775LThe "Force logoff when logon hours expire" policy should be set correctly. Logon Time Enforcement (CID:46)?Network security: Force logoff when logon hours expire: Enabled?3.2.1.46 Network Security: Force logoff when logon hours expireONetwork security: Forcelogoff when logon hoursexpire Table: 5.54 Value: enabled ForceLogoffoval:gov.nist.1:def:244oval:gov.nist.fdcc.xp:def:244 CCE-3156-7CCE-674[The "Minimum session security for NTLM SSP based clients" policy should be set correctly. =Minimum session security for NTLM SSP based clients (CID:798)Network security: Minimum session security for NTLM SSP based (including secure RPC) clients: Require NTLMv2 session security, Require 128-bit encryptione3.2.1.49 Network Security: Minimum session security for NTLM SSP based (including secure RPC) clientsNetwork security: Minimumsession security for NTLMSSP based (includingsecure RPC) clients Table: 5.57 Value: Require message integrityRequire message confidentialityRequire NTLMv2 session securityRequire 128-bit encryption$NTLM_SSP_BasedClientsSessionSecurityoval:gov.nist.1:def:99&ntlm_ssp_based_client_session_securityoval:gov.nist.fdcc.xp:def:99 CCE-2799-5CCE-766[The "Minimum session security for NTLM SSP based servers" policy should be set correctly. =Minimum session security for NTLM SSP based servers (CID:801)Network security: Minimum session security for NTLM SSP based (including secure RPC) servers: Require NTLMv2 session security, Require 128-bit encryptione3.2.1.50 Network Security: Minimum session security for NTLM SSP based (including secure RPC) serversNetwork security: Minimumsession security for NTLMSSP based (includingsecure RPC) servers Table: 5.58 Value: Require message integrityRequire message confidentialityRequire NTLMv2 session securityRequire 128-bit encryption$NTLM_SSP_BasedServersSessionSecurityoval:gov.nist.1:def:100'ntlm_ssp_based_servers_session_securityoval:gov.nist.fdcc.xp:def:100 CCE-2795-3CCE-621.Local volumes should be formatted correctly. Non-NTFS Partition (CID:10)KChapter 10: Modifying File System Security Settings with Security Templates34.3.1 Ensure volumes are using the NTFS file system CCE-2980-1CCE-830WThe "Screen Saver Timeout" setting should be configured correctly for the current user.)Current user screensaver timeout (CID:74)oval:gov.nist.1:def:123Screen-Saver-timeoutoval:gov.nist.fdcc.xp:def:6708 CCE-3099-9CCE-623_The "Screen Saver Executable Name" setting should be configured correctly for the default user."Default user scrnsave.exe (CID:67) CCE-2764-9CCE-517WThe "Screen Saver Timeout" setting should be configured correctly for the default user.-Default user screensaver timeout (CID:68, 71) CCE-3161-7CCE-433dThe "Password protect the screen saver" setting should be configured correctly for the default user.(Default user screensaver secure (CID:69) CCE-2901-7CCE-103UThe screen saver should be enabled or disabled as appropriate for the default user. (Default user screensaver active (CID:70) CCE-3170-8CCE-54_The "Screen Saver Executable Name" setting should be configured correctly for the current user."Current user scrnsave.exe (CID:76) CCE-3064-3CCE-221"DEPRECATED in favor of CCE-2980-1. CCE-2526-2CCE-235"DEPRECATED in favor of CCE-4500-5. CCE-2174-1CCE-287UThe screen saver should be enabled or disabled as appropriate for the current user. (Current user screensaver active (CID:73) CCE-2552-8CCE-736OThe "Always Install with Elevated Privileges" policy should be set correctly. 1Always Install with Elevated Privileges (CID:888) CCE-2830-8CCE-261>The "Set Safe for Scripting" policy should be set correctly. BDisable IE Security Prompt for Windows Installer Scripts (CID:891)4Disable-IE-security-prompt-Windows-Installer-scriptsoval:gov.nist.fdcc.xp:def:6120 CCE-3094-0CCE-415IThe "Enable User Control Over Installs" policy should be set correctly. +Enable User Control Over Installs (CID:894)!Enable-User-Control-over-installsoval:gov.nist.fdcc.xp:def:6121 CCE-3011-4CCE-107VThe "Enable User to Use Media Source While Elevated" policy should be set correctly. 8Enable User to Use Media Source While Elevated (CID:900) CCE-3020-5CCE-256eThe "Allow Administrator to Install from Terminal Services Session" policy should be set correctly. ?Allow Admin to Install from Terminal Services Session (CID:906) CCE-2293-9CCE-662NThe "Enable User to Patch Elevated Products" policy should be set correctly. 0Enable User to Patch Elevated Products (CID:903) CCE-3068-4CCE-424KThe "Cache Transforms in Secure Location" policy should be set correctly. <Cache Transforms in Secure Location on Workstation (CID:908) CCE-2826-6CCE-455RThe "Disable Media Player for automatic updates" policy should be set correctly. 7Disable Media Player for XP automatic Updates (CID:912)prevent_automatic_updates#oval:gov.nist.fdcc.xp:def:612261222 CCE-3117-9CCE-124VThe "Prevent Codec Download" policy should be set correctly for Windows MediaPlayer. 951 - Prevent Codec Download CCE-2684-9CCE-802PThe "Do Not Allow Windows Messenger to be Run" policy should be set correctly. 2Do Not Allow Windows Messenger to be Run (CID:915) CCE-2455-4CCE-309TThe "Do Not Automatically Start Windows Messenger" policy should be set correctly. <918 - Do Not Automatically Start Windows Messenger Initially6do_not_automatically_start_windows_messenger_initially#oval:gov.nist.fdcc.xp:def:612261224 CCE-2711-0CCE-578WThe "Prohibit New Task Creation" policy should be set correctly for the Task Scheduler.$Prohibit New Task Creation (CID:843) CCE-2354-9CCE-507_The "Limit Users to One Remote Session" policy should be set correctly for Terminal Services. +Limit Users to One Remote Session (CID:849)!Limit users to one remote session CCE-3129-4CCE-80WThe "Limit Number of Connections" policy should be set correctly for Terminal Services.%Limit Number of Connections (CID:852)Limit number of connections CCE-3028-8CCE-401_The "Do Not Allow New Client Connections" policy should be set correctly for Terminal Services.-Do Not Allow New Client Connections (CID:855)#Do not allow new client connections CCE-2407-5CCE-824vThe "Do Not Allow Local Administrators to Customiz< e Permissions" policy should be set correctly for Terminal Services.8Do Not Allow Local Administrators to Customize (CID:858)9Do not allow local administrator to customize permissions CCE-2808-4CCE-190SThe "Remote Control Settings" policy should be set correctly for Terminal Services.!Remote Control Settings (CID:861)Remote control settings CCE-2949-6CCE-855mThe "Always Prompt Client for Password upon Connection" policy should be set correctly for Terminal Services.;Always Prompt Client for Password upon Connection (CID:864)1Always prompt client for password upon connection CCE-3116-1CCE-397bThe "Set Client connection Encryption Level" policy should be set correctly for Terminal Services.*Set Client Connection Encryption (CID:867)&Set client connection encryption level&set-client-connection-encryption-leveloval:gov.nist.fdcc.xp:def:6600 CCE-2997-5CCE-670_The "Do not Use Temp folders per Session" policy should be set correctly for Terminal Services.-Do Not Use Temp Folders per Session (CID:870)#Do not use temp folders per session CCE-2892-8CCE-961]The "Do not Delete Temp folder on exit" policy should be set correctly for Terminal Services.-Do Not Delete Temp Folder upon Exit (CID:873)#Do not delete temp folder upon exit CCE-2961-1CCE-920dThe "Set time limit for disconnected sessions" policy should be set correctly for Terminal Services.2Set Time Limit for Disconnected Sessions (CID:876)(Set time limit for disconnected sessions'set-timelimit-for-disconnected-sessionsoval:gov.nist.fdcc.xp:def:6726 CCE-3124-5CCE-123\The "Set time limit for idle sessions" policy should be set correctly for Terminal Services.*Set Time Limit for Idle Sessions (CID:879) Set time limit for idle sessions;set-timelimit-for-active-but-idle-TerminalServices-sessionsoval:gov.nist.fdcc.xp:def:6725 CCE-2210-3CCE-524hThe "Allow Reconnection from Original Client Only" policy should be set correctly for Terminal Services.6Allow Reconnection from Original Client Only (CID:882),Allow reconnection from original client only CCE-2959-5CCE-568jThe "Terminate session when time limits are reached" policy should be set correctly for Terminal Services.8Terminate Session When Time Limits are Reached (CID:885).Terminate session when time limits are reached CCE-3109-6CCE-705VThe "Enable Keep-Alive Messages" policy should be set correctly for Terminal Services.Keep-Alive Messages (CID:846) CCE-3007-2CCE-859]The "Allow Solicited Remote Assistance" policy should be set correctly for Terminal Services.%Solicited Remote Assistance (CID:933)solicited_remote_assistanceoval:gov.nist.fdcc.xp:def:6564 CCE-3012-2CCE-434_The "Allow Unsolicited Remote Assistance" policy should be set correctly for Terminal Services.'Unsolicited Remote Assistance (CID:936)offer_remote_assistanceoval:gov.nist.fdcc.xp:def:6563 CCE-3038-7CCE-592>The "Enable Error Reporting" policy should be set correctly. Report Errors (CID:939) turn_off_windows_error_reportingoval:gov.nist.fdcc.xp:def:6683 CCE-3188-0CCE-227GThe "Enforce user logon restrictions" policy should be set correctly. (1) enabled/disabled)Enforce user logon restrictions (Enabled)(kerberos_enforce_user_logon_restrictions oval:gov.nist.fdcc.xp:def:987651 CCE-2708-6CCE-6HThe "Maximum Service Ticket Litfetime" policy should be set correctly. (1) number of minutes1Maximum lifetime for service ticket (600 minutes)(kerberos_maximum_lifetime_service_ticket oval:gov.nist.fdcc.xp:def:987652 CCE-2803-5CCE-37DThe "Maximum User Ticket Lifetime" policy should be set correctly. (1) number of hours+Maximum lifetime for user ticket (10 hours)%kerberos_maximum_lifetime_user_ticket oval:gov.nist.fdcc.xp:def:987653 CCE-3063-5CCE-33EThe "Maximum User Renewal Lifetime" policy should be set correctly. 1Maximum lifetime for user ticket renewal (7 days)-kerberos_maximum_lifetime_user_ticket_renewal oval:gov.nist.fdcc.xp:def:987654 CCE-3208-6CCE-588\The "Maximum tolerance for computer clock synchronization" policy should be set correctly. @Maximum tolerance for computer clock synchronization (5 minutes)9kerberos_maximum_tolerance_computer_clock_synchronization oval:gov.nist.fdcc.xp:def:987655 CCE-3107-0CCE-383RThe "Create global objects" user right should be assigned to the correct accounts.4Create global objects Table: 4.12 Value: not definedHCreate-Global-Objects_Administrators-SERVICE-LocalService-NetworkServiceoval:gov.nist.fdcc.xp:def:6626 CCE-2737-5CCE-304gThe "Impersonate a client after authentication" user right should be assigned to the correct accounts.HImpersonate a client after authentication Table: 4.23 Value: not defined;ImpersonateClientAfterAuthentication-SERVICE_Administratorsoval:gov.nist.fdcc.xp:def:6640 CCE-3010-6CCE-458The "DCOM: Machine access Restrictions in Security Descriptor Definition Language (SDDL) syntax" setting should be configured correctly.LDCOM: Machine access of the global system objects Table: 5.9 Value: disabledMachineAccessRestrictions oval:gov.nist.fdcc.xp:def:608243 CCE-2662-5CCE-740The "DCOM: Machine Launch Restrictions in the Security Descriptor Definition Language (SDDL) syntax" security option should be set correctly.}DCOM: Machine Launch Restrictions in the Security Descriptor Definition Language (SDDL) syntax Table: 5.10 Value: not definedMachineLaunchRestrictions oval:gov.nist.fdcc.xp:def:608244 CCE-2917-3CCE-22aThe "Display user information when the session is locked" setting should be configured correctly.eInteractive logon: Display user information when the session is locked Table: 5.26 Value: not defined CCE-3186-4CCE-828RThe "Interactive logon: Requre smart card" setting should be configured correctly.P(1) HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\SCForceOptionCInteractive logon: Requre smart card Table: 5.34 Value: not definedRequireSmartCardoval:gov.nist.fdcc.xp:def:6082 CCE-2834-0CCE-638qThe "Network access: Restrict anonymous access to named pipes and shares" setting should be configured correctly.bNetwork access: Restrict anonymous access to named pipes and shares Table: 5.50 Value: not defined CCE-2992-6CCE-647The "System cryptography: Force strong key protection for user keys stored on the computer" setting should be configured correctly.tSystem cryptography: Force strong key protection for user keys stored on the computer Table: 5.63 Value: not defined CCE-2705-2CCE-48.DEPRECATED in favor of CCE-5407-2, CCE-5441-1. CCE-2723-5CCE-572the "System settings: Use Certificate Rules on Windows Executables for Software Restriction Polices" setting should be configured correctly.}System settings: Use Certificate Rules on Windows Executables for Software Restriction Polices Table: 5.69 Value: not defined CCE-2213-7CCE-577nMSS:(TCPMaxConnectResponseRetransmission) SYN-ACK retansmissions when a connection request is not acknowledged(1) number of secondsMSS:(TCPMaxConnectResponseRetransmission) SYN-ACK retansmissions when a connection request is not acknowledged Table: 5.87 Value: 3 and 6 sec, half open connections dropped after 21 secTCPConnectionResponsesoval:gov.nist.1:def:125oval:gov.nist.fdcc.xp:def:125 CCE-2239-2CCE-872SMSS:(TCPMaxDataRetransmissions) How many times unacknowledged data is retransmittedhMSS:(TCPMaxDataRetransmissions) How many times unacknowledged data is retransmitted Table: 5.88 Value: 3TCPMaxDataRetransmissionsoval:gov.nist.1:def:126oval:gov.nist.fdcc.xp:def:126 CCE-2690-6CCE-506XMembership in the Backup Operators group should be assigned to the appropriate accounts.(1) list of accounts'Backup Operators Table: 7.1 Value: noneBackupOperatorsoval:gov.nist.1:def:206 CCE-2862-1CCE-990SMembership in the Power Users group should be assigned to the appropriate accounts."Power Users Table: 7.2 Value: none PowerUsersoval:gov.nist.1:def:207 CCE-3136-9CCE-250\Membership in the Remote Deskt< op Users group should be assigned to the appropriate accounts.+Remote Desktop Users Table: 7.3 Value: noneRemoteDesktopUsersoval:gov.nist.1:def:208 CCE-3171-6CCE-43SThe Application Layer Gateway Service should be enabled or disabled as appropriate.?Application Layer Gateway Service Table: 8.2 Value: not defined CCE-3047-8CCE-167PThe Application Management service should be enabled or disabled as appropriate.4Application Management Table: 8.3 Value: not defined CCE-3113-8CCE-585PThe Cryptographic Services service should be enabled or disabled as appropriate.5Cryptographic Services Table: 8.10 Value: not defined CCE-2756-5CCE-484EThe DHCP Client service should be enabled or disabled as appropriate.*DHCP Client Table: 8.11 Value: not defined CCE-3153-4CCE-651ZThe Distributed Link Tracking Client service should be enabled or disabled as appropriate.?Distributed Link Tracking Client Table: 8.12 Value: not defined CCE-3184-9CCE-303]The Distributed Transaction Coordinator service should be enabled or disabled as appropriate.BDistributed Transaction Coordinator Table: 8.13 Value: not defined CCE-2985-0CCE-436iThe startup type of the client-side Domain Name Service cache (aka DNS Client) service should be correct.)DNS Client Table: 8.14 Value: not defined CCE-3236-7CCE-774IThe Error Reporting Service should be enabled or disabled as appropriate.6Error Reporting Service Table: 8.15 Value: not definedErrorReportingServiceoval:gov.nist.fdcc.xp:def:2111 CCE-3140-1CCE-435CThe Event Log service should be enabled or disabled as appropriate.(Event Log Table: 8.16 Value: not defined CCE-2301-0CCE-950JThe Help and Support service should be enabled or disabled as appropriate./Help and Support Table: 8.20 Value: not defined CCE-3003-1CCE-118WThe Human Interface Device Access service should be enabled or disabled as appropriate.<Human Interface Device Access Table: 8.21 Value: not defined CCE-2716-9CCE-624NThe IMAPI CD-Burning COM Service should be enabled or disabled as appropriate.;IMAPI CD-Burning COM Service Table: 8.23 Value: not defined CCE-3223-5CCE-453JThe Infrared Monitor service should be enabled or disabled as appropriate./Infrared Monitor Table: 8.25 Value: not defined CCE-3245-8CCE-72HThe IPSEC Services service should be enabled or disabled as appropriate.-IPSEC Services Table: 8.27 Value: not defined CCE-3294-6CCE-988NThe Logical Disk Manager service should be enabled or disabled as appropriate.3Logical Disk Manager Table: 8.28 Value: not defined CCE-3073-4CCE-891]The Logical Disk Manager Administrative Service should be enabled or disabled as appropriate.JLogical Disk Manager Administrative Service Table: 8.29 Value: not defined CCE-3065-0CCE-900ZThe MS Software Shadow Copy Provider service should be enabled or disabled as appropriate.?MS Software Shadow Copy Provider Table: 8.31 Value: not defined CCE-2840-7CCE-671MThe Network Connections service should be enabled or disabled as appropriate.2Network Connections Table: 8.34 Value: not defined CCE-3131-0CCE-217]The Network Dynamic Data Exchange (DDE) service should be enabled or disabled as appropriate.BNetwork Dynamic Data Exchange (DDE) Table: 8.35 Value: not defined DDEServiceoval:gov.nist.1:def:245NetworkDDEServiceoval:gov.nist.fdcc.xp:def:245 CCE-3122-9CCE-768gThe Network DDE DDE Share Database Manager (DSDM) service should be enabled or disabled as appropriate.LNetwork DDE DDE Share Database Manager (DSDM) Table: 8.36 Value: not definedDDEdsdmServiceoval:gov.nist.1:def:246NetworkDDEdsdmServiceoval:gov.nist.fdcc.xp:def:246 CCE-3267-2CCE-825ZThe Network Location Awareness (NLA) service should be enabled or disabled as appropriate.@Network Location Awareness (NLA) Table: 8.37 Value: not defined CCE-3056-9CCE-472QThe startup type of the NTLM Security Support Provider service should be correct.>NT LM Security Support Provider Table: 8.38 Value: not defined CCE-3144-3CCE-265UThe Performance Logs and Alerts service should be enabled or disabled as appropriate.:Performance Logs and Alerts Table: 8.39 Value: not defined CCE-3289-6CCE-759^The Portable Media Serial Number Service service should be enabled or disabled as appropriate.CPortable Media Serial Number Service Table: 8.41 Value: not defined CCE-3205-2CCE-697KThe Protected Storage service should be enabled or disabled as appropriate.0Protected Storage Table: 8.43 Value: not defined CCE-3206-0CCE-706BThe QoS RSVP service should be enabled or disabled as appropriate.(QoS RSVP Table: 8.44 Value: not defined CCE-3104-7CCE-750ZThe Remote Access Connection Manager service should be enabled or disabled as appropriate.?Remote Access Connection Manager Table: 8.46 Value: not defined RasManServiceoval:gov.nist.1:def:247oval:gov.nist.fdcc.xp:def:247 CCE-3126-0CCE-993UThe Remote Procedure Call (RPC) service should be enabled or disabled as appropriate.:Remote Procedure Call (RPC) Table: 8.48 Value: not defined CCE-3148-4CCE-164]The Remote Procedure Call (RPC) Locator service should be enabled or disabled as appropriate.BRemote Procedure Call (RPC) Locator Table: 8.49 Value: not defined CCE-2567-6CCE-741KThe Removable Storage service should be enabled or disabled as appropriate.0Removable Storage Table: 8.51 Value: not defined CCE-2823-3CCE-172IThe Secondary Logon service should be enabled or disabled as appropriate..Secondary Logon Table: 8.53 Value: not defined CCE-3074-2CCE-679SThe Security Accounts Manager service should be enabled or disabled as appropriate.8Security Accounts Manager Table: 8.54 Value: not defined CCE-3219-3CCE-102@The Server service should be enabled or disabled as appropriate.%Server Table: 8.55 Value: not defined CCE-3241-7CCE-98DThe Smart Card service should be enabled or disabled as appropriate.)Smart Card Table: 8.57 Value: not defined CCE-2831-6CCE-1001KThe Smart Card Helper service should be enabled or disabled as appropriate.0Smart Card Helper Table: 8.58 Value: not defined CCE-2835-7CCE-772SThe System Event Notification service should be enabled or disabled as appropriate.8System Event Notification Table: 8.63 Value: not defined CCE-2321-8CCE-450HThe System Restore Service should be enabled or disabled as appropriate.5System Restore Service Table: 8.64 Value: not defined CCE-3274-8CCE-665OThe TCP/IP NetBIOS Helper service should be enabled or disabled as appropriate.4TCP/IP NetBIOS Helper Table: 8.66 Value: not defined CCE-2811-8CCE-428CThe Telephony service should be enabled or disabled as appropriate.(Telephony Table: 8.67 Value: not defined CCE-3195-5CCE-956@The Themes service should be enabled or disabled as appropriate.%Themes Table: 8.70 Value: not defined CCE-3221-9CCE-366VThe Uninterruptable Power Supply service should be enabled or disabled as appropriate.;Uninterruptable Power Supply Table: 8.71 Value: not defined CCE-2988-4CCE-652HThe Upload Manager service should be enabled or disabled as appropriate.-Upload Manager Table: 8.72 Value: not defined CCE-3146-8CCE-538LThe Volume Shadow Copy service should be enabled or disabled as appropriate.1Volume Shadow Copy Table: 8.74 Value: not defined CCE-3291-2CCE-305CThe WebClient service should be enabled or disabled as appropriate.(Webclient Table: 8.75 Value: not definedWebClientServiceoval:gov.nist.fdcc.xp:def:2271 CCE-3256-5CCE-851GThe Windows Audio service should be enabled or disabled as appropriate.,Windows Audio Table: 8.76 Value: not defined CCE-2639-3CCE-234YThe Windows Image Acquisition (WIA) service should be enabled or disabled as appropriate.>Windows Image Acquisition (WIA) Table: 8.77 Value: not defined CCE-3159-1CCE-890KThe Windows Installer service should be enabled or disabled as appropriate.0Windows Installer Table: 8.78 Value: not defined CCE-3163-3CCE-912\The Windows Management Instrumentation service shoul< d be enabled or disabled as appropriate.AWindows Management Instrumentation Table: 8.79 Value: not defined CCE-3203-7CCE-815nThe Windows Management Instrumentation Driver Extensions service should be enabled or disabled as appropriate.SWindows Management Instrumentation Driver Extensions Table: 8.80 Value: not defined CCE-2599-9CCE-560FThe Windows Time service should be enabled or disabled as appropriate.+Windows Time Table: 8.81 Value: not defined CCE-2494-3CCE-604UThe Wireless Zero Configuration service should be enabled or disabled as appropriate.:Wireless Zero Configuration Table: 8.82 Value: not definedWireless-Zero-Configurationoval:gov.nist.fdcc.xp:def:2881 CCE-3265-6CCE-745QThe WMI Performance Adapter service should be enabled or disabled as appropriate.6WMI Performance Adapter Table: 8.83 Value: not definedWMIPerformanceAdapteroval:gov.nist.fdcc.xp:def:6719 CCE-2397-8CCE-296EThe Workstation service should be enabled or disabled as appropriate.*Workstation Table: 8.84 Value: not defined CCE-2683-1CCE-511aThe automatic generation of 8.3 file names for NTFS should be enabled or disabled as appropriate.zMSS: (NtfsDisable8dot3NameCreation) Enable the computer to stop generating 8.3 style filenames. Table: 5.82 Value: enabledDisable8Dot3NameCreationoval:gov.nist.1:def:119oval:gov.nist.fdcc.xp:def:119 CCE-2956-1CCE-1454RPC Endpiont Mapper Client Authentication (SP2 only)=5.1.1.1 RPC Endpiont Mapper Client Authentication (SP2 only))rpc_endpoint_mapper_client_authenticationoval:gov.nist.fdcc.xp:def:6566 CCE-3273-0CCE-4237Restrictions for Unauthenticated RPC clients (SP2 only)?5.1.1.2 Restrictions for Unauthenticated RPC clients (SP2 only),Restrictions-for-Unauthenticated-RPC-clientsoval:gov.nist.fdcc.xp:def:6565 CCE-3154-2CCE-806:Domain Profile: Protect all network connections (SP2 only)65.2.1.1.1.1 Protect all network connections (SP2 only).protect_all_network_connections_domain_profile&oval:gov.nist.fdcc.xpfirewall:def:5000 CCE-3194-8CCE-9692Domain Profile: Do not allow exceptions (SP2 only).5.2.1.1.1.2 Do not allow exceptions (SP2 only) CCE-2828-2CCE-502.Domain Profile: Allow local program exceptions*5.2.1.1.1.3 Allow local program exceptions-allow_local_program_exceptions_domain_profile&oval:gov.nist.fdcc.xpfirewall:def:5003 CCE-2476-0CCE-771+Domain Profile: Allow remote administration:(1) enabled/disabled (2) subnets for internal support only'5.2.1.1.1.4 Allow remote administration5allow_remote_administration_exceptions_domain_profile&oval:gov.nist.fdcc.xpfirewall:def:5004 CCE-3247-4CCE-555CDomain Profile: Allow file and printer sharing exception (SP2 only)?5.2.1.1.1.5 Allow file and printer sharing exception (SP2 only)2allow_file_print_sharing_exceptions_domain_profile&oval:gov.nist.fdcc.xpfirewall:def:5005 CCE-3141-9CCE-2770Domain Profile: Allow ICMP exceptions (SP2 only),5.2.1.1.1.6 Allow ICMP exceptions (SP2 only)#allow_icm_exceptions_domain_profile&oval:gov.nist.fdcc.xpfirewall:def:5006 CCE-3304-3CCE-8329Domain Profile: Allow Remote Desktop exception (SP2 only)55.2.1.1.1.7 Allow Remote Desktop exception (SP2 only).allow_remote_desktop_exceptions_domain_profile&oval:gov.nist.fdcc.xpfirewall:def:5007 CCE-3176-5CCE-5909Domain Profile: Allow UPnP framework exception (SP2 only)55.2.1.1.1.8 Allow UPnP framework exception (SP2 only).allow_upnp_framework_exceptions_domain_profile&oval:gov.nist.fdcc.xpfirewall:def:5008 CCE-3198-9CCE-762mThe "Windows Firewall: Prohibit notifications" setting should be configured correctly for the Domain Profile."5.2.1.1.1.9 Prohibit notifications%prohibit_notifications_domain_profile&oval:gov.nist.fdcc.xpfirewall:def:5009 CCE-2965-2CCE-251pThe "Log Dropped Packets" option for the Windows Firewall should be configured correctly for the Domain Profile.+5.2.1.1.1.10 Log dropped packets (SP2 only)0allow_logging_log_dropped_packets_domain_profile&oval:gov.nist.fdcc.xpfirewall:def:5014 CCE-2923-1CCE-793jThe log file path and name for the Windows Firewall should be configured correctly for the Domain Profile. (1) File path.5.2.1.1.1.11 Log file path and name (SP2 only)%allow_logging_log_path_domain_profile&oval:gov.nist.fdcc.xpfirewall:def:5017 CCE-2958-7CCE-57gThe log file size limit for the Windows Firewall should be configured correctly for the Domain Profile.(1) Size limit (KB),5.2.1.1.1.12 Log file size limit (SP2 only)%allow_logging_log_size_domain_profile&oval:gov.nist.fdcc.xpfirewall:def:5016 CCE-3090-8CCE-617wThe "Log Successful Connections" option for the Windows Firewall should be configured correctly for the Domain Profile.35.2.1.1.1.13 Log successful connections (SP2 only)7allow_logging_log_successful_connections_domain_profile&oval:gov.nist.fdcc.xpfirewall:def:5015 CCE-2972-8CCE-696xUnicast response to multicast or broadcast requests should be enabled or disabled as appropriate for the Domain Profile.K5.2.1.1.1.14 Prohibit unicast response to multicast or broadcast (SP2 only)Kprohibit_unicast_response_to_multicast_or_broadcast_requests_domain_profile&oval:gov.nist.fdcc.xpfirewall:def:5011 CCE-2866-2CCE-1141Domain Profile: Define port exceptions (SP2 only).5.2.1.1.1.15 Define port exceptions (SP2 only)%define_port_exceptions_domain_profile&oval:gov.nist.fdcc.xpfirewall:def:6008 CCE-3258-1CCE-3706Domain Profile: Allow local port exceptions (SP2 only)15.2.1.1.16 Allow local port exceptions (SP2 only)*allow_local_port_exceptions_domain_profile&oval:gov.nist.fdcc.xpfirewall:def:5013 CCE-3284-7CCE-273<Standard Profile: Protect all network connections (SP2 only)65.2.1.1.2.1 Protect all network connections (SP2 only)+ProtectAllNetworkConnectionsStandardProfile&oval:gov.nist.fdcc.xpfirewall:def:5100 CCE-3179-9CCE-4404Standard Profile: Do not allow exceptions (SP2 only).5.2.1.1.2.2 Do not allow exceptions (SP2 only)#DoNotAllowExceptionsStandardProfile&oval:gov.nist.fdcc.xpfirewall:def:5101 CCE-3183-1CCE-352;Standard Profile: Allow local program exceptions (SP2 only)55.2.1.1.2.3 Allow local program exceptions (SP2 only)*AllowLocalProgramExceptionsStandardProfile&oval:gov.nist.fdcc.xpfirewall:def:5103 CCE-2954-6CCE-467BStandard Profile: Allow remote administration exception (SP2 only)<5.2.1.1.2.4 Allow remote administration exception (SP2 only)2AllowRemoteAdministrationExceptionsStandardProfile'oval:gov.nist.fdcc.xpfirewall:def:51041 CCE-3262-3CCE-626EStandard Profile: Allow file and printer sharing exception (SP2 only)?5.2.1.1.2.4 Allow file and printer sharing exception (SP2 only).AllowFilePrintSharingExceptionsStandardProfile&oval:gov.nist.fdcc.xpfirewall:def:5105 CCE-3081-7CCE-7972Standard Profile: Allow ICMP exceptions (SP2 only)c(1) enabled/ Allow outboud source quench, Allow inbound echo request, Allow outbound packet too big,5.2.1.1.2.6 Allow ICMP exceptions (SP2 only)"AllowICMPExceptionsStandardProfile&oval:gov.nist.fdcc.xpfirewall:def:5106 CCE-3213-6CCE-354;Standard Profile: Allow Remote Desktop exception (SP2 only)55.2.1.1.2.7 Allow Remote Desktop exception (SP2 only)+AllowRemoteDesktopExceptionsStandardProfile&oval:gov.nist.fdcc.xpfirewall:def:5107 CCE-3235-9CCE-266;Standard Profile: Allow UPnP framework exception (SP2 only)55.2.1.1.2.8 Allow UPnP framework exception (SP2 only)+AllowUPnPframeworkExceptionsStandardProfile&oval:gov.nist.fdcc.xpfirewall:def:5108 CCE-3134-4CCE-901oThe "Windows Firewall: Prohibit notifications" setting should be configured correctly for the Standard Profile.-5.2.1.1.2.9 Prohibit notifications (SP2 only)$ProhibitNotificationsStandardProfile&oval:gov.nist.fdcc.xpfirewall:def:5109 CCE-3280-5CCE-945rThe "Log Dropped Packets" option for the Windows Firewall should be configured correctly for the Standard Profile.+5.2.1.1.2.10 Log Dropped Packets (SP2 only) CCE-3174-0CCE-609lThe log file path and name for the Windows Firewall should be configured correctly fo< r the Standard Profile. (1) file path.5.2.1.1.2.11 Log file path and name (SP2 only) CCE-3055-1CCE-160iThe log file size limit for the Windows Firewall should be configured correctly for the Standard Profile.+5.2.1.1.2.12 Log file size limit (SP2 only) CCE-2707-8CCE-962yThe "Log Successful Connections" option for the Windows Firewall should be configured correctly for the Standard Profile.25.2.1.1.2.13 Log Successful Connections (SP2 only)mm CCE-3103-9CCE-632zUnicast response to multicast or broadcast requests should be enabled or disabled as appropriate for the Standard Profile.K5.2.1.1.2.14 Prohibit unicast response to multicast or broadcast (SP2 only)DProhibitUnicastResponseToMulticastOrBroadcastRequestsStandardProfile&oval:gov.nist.fdcc.xpfirewall:def:5111 CCE-3231-8CCE-1963Standard Profile: Define port exceptions (SP2 only).5.2.1.1.2.15 Define port exceptions (SP2 only) CCE-2989-2CCE-778Standard Profile: Allow local port exceptions (SP2 only)35.2.1.1.2.16 Allow local port exceptions (SP2 only)'AllowLocalPortExceptionsStandardProfile&oval:gov.nist.fdcc.xpfirewall:def:5113 CCE-3037-9CCE-530QThe startup type of the Internet Connection Firewall service should be correct. 5.2.1.1. Windows Firewall OVAL10088 CCE-2856-3CCE-301-Restricted Groups have been set on the system(1) Group enumeration OVAL10219 CCE-4952-8CCE-1225[The required permissions for the file %SystemRoot%\System32\mshta.exe should be assigned. (1) defined by the object's DACLmshta.exe-permissionsoval:gov.nist.fdcc.xp:def:1351 CCE-5194-6CCE-86^The startup type of Microsoft Peer-to-Peer Networking Services should be configured correctly.3turn_off_microsoft_peer_to_peer_networking_servicesoval:gov.nist.fdcc.xp:def:6662 CCE-5022-9CCE-241uThe "Prohibit use of Internet Connection Firewall on your DNS domain network" setting should be configured correctly.%prohibit_internet_connection_firewall!oval:gov.nist.fdcc.xp:def:3366992 CCE-5136-7CCE-259HThe "Display Error Notification" setting should be configured correctly.display_error_notification!oval:gov.nist.fdcc.xp:def:3366994 CCE-4665-6CCE-365The "Internet Explorer Maintenance Policy Processing - Allow processing across a slow network connection" setting should be configured correctly.7internet_explorer_maintenance_policy_processing_enabledoval:gov.nist.fdcc.xp:def:6671 CCE-5053-4CCE-584)Group Policy - Registry policy processingregistry_policy_processingoval:gov.nist.fdcc.xp:def:6672 CCE-5054-2CCE-858YThe "Turn Off Automatic Root Certificates Update" setting should be configured correctly.+Turn-Off-Automatic-Root-Certificates-Updateoval:gov.nist.fdcc.xp:def:6674 CCE-5200-1CCE-887/Turn off downloading of print drivers over HTTP/Turn-off-downloading-of-print-drivers-over-HTTPoval:gov.nist.fdcc.xp:def:6572 CCE-4953-6CCE-263UThe "Turn Off Event Views 'Events.asp' Links" setting should be configured correctly.%Turn-Off-Event-Views-Events.asp-Linksoval:gov.nist.fdcc.xp:def:6675 CCE-4707-6CCE-1055The "Turn Off Internet Connection Wizard if URL Connection is Referring to Microsoft.com" setting should be configured correctly.STurn-Off-Internet-Connection-Wizard-if-URL-Connection-is-Referring-to-Microsoft.comoval:gov.nist.fdcc.xp:def:6679 CCE-5099-7CCE-691ITurn off Internet download for Web publishing and online ordering wizardsITurn-off-Internet-download-for-Web-publishing-and-online-ordering-wizardsoval:gov.nist.fdcc.xp:def:6568 CCE-5121-9CCE-1064XThe "Turn Off Internet File Association Service" setting should be configured correctly.*Turn-Off-Internet-File-Association-Serviceoval:gov.nist.fdcc.xp:def:6680 CCE-4513-8CCE-852Turn off printing over HTTPTurn-off-printing-over-HTTPoval:gov.nist.fdcc.xp:def:6571 CCE-4641-7CCE-88sThe "Turn Off Registration if URL Connection is Referring to Microsoft.com" setting should be configured correctly.ETurn-Off-Registration-if-URL-Connection-is-Referring-to-Microsoft.comoval:gov.nist.fdcc.xp:def:6681 CCE-5055-9CCE-818.Turn off Search Companion content file updates.Turn-off-Search-Companion-content-file-updatesoval:gov.nist.fdcc.xp:def:6570 CCE-5072-4CCE-375VThe "Turn Off the 'Order Prints' Picture Task" setting should be configured correctly.&Turn-Off-the-Order-Prints-Picture-Taskoval:gov.nist.fdcc.xp:def:6682 CCE-4887-6CCE-1009fThe "Turn off the 'Publish to Web' task for files and folders" setting should be configured correctly.6Turn-off-the-Publish-to-Web-task-for-files-and-foldersoval:gov.nist.fdcc.xp:def:6567 CCE-4224-2CCE-722FTurn off the Windows Messenger Customer Experience Improvement ProgramFTurn-off-the-Windows-Messenger-Customer-Experience-Improvement-Programoval:gov.nist.fdcc.xp:def:6569 CCE-4242-4CCE-1040eThe "Turn Off Windows Movies Maker Automatic Codec Downloads" setting should be configured correctly.7Turn-Off-Windows-Movies-Maker-Automatic-Codec-Downloadsoval:gov.nist.fdcc.xp:def:6696 CCE-4732-4CCE-1062[The "Turn Off Windows Movie Maker Online Web Links" setting should be configured correctly.-Turn-Off-Windows-Movie-Maker-Online-Web-Linksoval:gov.nist.fdcc.xp:def:6684 CCE-4997-3CCE-93rThe "Turn Off Windows Movie Maker Saving to Online Video Hosting Provider" setting should be configured correctly.Dturn_off_windows_movie_maker_saving_to_online_video_hosting_provideroval:gov.nist.fdcc.xp:def:6697 CCE-5014-6CCE-927/Turn off Windows Update device driver searching/Turn-off-Windows-Update-device-driver-searchingoval:gov.nist.fdcc.xp:def:6573 CCE-5032-8CCE-583(Logon - Do not process the run once listDo-Not-Process-Run-Once-Listoval:gov.nist.fdcc.xp:def:6561 CCE-5160-7CCE-1020gThe "Don't Display the Getting Started Welcome Screen at Logon" setting should be configured correctly.:Do-Not-Display-the-Getting-Started-Welcome-Screen-at-Logonoval:gov.nist.fdcc.xp:def:6687 CCE-4262-2CCE-474FThe "Prevent IIS Installation" setting should be configured correctly.Prevent-IIS-Installationoval:gov.nist.fdcc.xp:def:6107 CCE-4581-5CCE-767PThe "Turn off downloading of enclosures" setting should be configured correctly.Turn-off-downloading-enclosuresoval:gov.nist.fdcc.xp:def:6110 CCE-4849-6CCE-976fThe "Do not allow passwords to be saved" setting should be configured correctly for Terminal Services."do_not_allow_passwords_to_be_savedoval:gov.nist.fdcc.xp:def:6596 CCE-4270-5CCE-480TThe "Turn off shell protocol protected mode" setting should be configured correctly.&turn_off_shell_protocol_protected_modeoval:gov.nist.fdcc.xp:def:6119 CCE-5025-2CCE-612mThe "Prohibit non-administrators from applying vendor signed updates" setting should be configured correctly.2prohibit_non_administrators_install_signed_updatesoval:gov.nist.fdcc.xp:def:6122 CCE-4791-0CCE-1140iThe "Do Not Show First Use Dialog Boxes" setting for Windows Media Player should be configured correctly."do_not_show_first_use_dialog_boxes#oval:gov.nist.fdcc.xp:def:612261221 CCE-4482-6CCE-313hThe "Prevent Desktop Shortcut Creation" setting for Windows Media Player should be configured correctly.!prevent_desktop_shortcut_creation#oval:gov.nist.fdcc.xp:def:612261223 CCE-4500-5CCE-949dThe "Password protect the screen saver" setting should be configured correctly for the current user.(Current user screensaver secure (CID:72)!password_protect_the_screen_saveroval:gov.nist.fdcc.xp:def:6707 CCE-4390-1CCE-509MPrompt for password on resume from hibernate/suspend should be set correctly.4prompt_for_password_on_resume_from_hibernate_suspendoval:gov.nist.fdcc.xp:def:6714 CCE-4412-3CCE-12LDo not preserve zone information in file attachments should be set correcly.4do_not_preserve_zone_information_in_file_attachmentsoval:gov.nist.fdcc.xp:def:6502 CCE-5042-7CCE-58BHide mechanisms to remove zone information should be set correcly.*hide_mechanisms_to_remove_zone_informationoval:gov.nist.fdcc.xp:def< :6503 CCE-5059-1CCE-372JNotify antivirus programs when opening attachments should be set correcly.2notify_antivirus_programs_when_opening_attachmentsoval:gov.nist.fdcc.xp:def:6504 CCE-4838-9The time in seconds before the screen saver grace period expires (ScreenSaverGracePeriod) setting should be configured correctly.c(1) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\ScreenSaverGracePeriodoMSS:(ScreenSaverGracePeriod)The time in seconds beforethe screen saver graceperiod expires Table: 5.85 Value: 0ScreenSaverGracePeriod CCE-5407-2AThe POSIX subsystem should be enabled or disabled as appropriate.(1) enabled / disabledCSystem settings: optional subsystems Table: 5.68 Value: not defined CCE-5441-1@The OS/2 subsystem should be enabled or disabled as appropriate.'CIS W2K Server Level 2 Benchmark v2.2.1;DISA Gold Disk Check Name for W2K (golddisk.win2k.ecve.txt)>IRS Internal Revenue Manual (IRM) -- (http://www.irs.gov/irm/) CCE-3858-8x4.4.3.1 %System Drive% - Everyone: Failures (this folder, propagate inheritable permissions to all subfolders and files) CCE-3748-1f4.4.3.2 HKLM\Software  Everyone: Failures (this key, propagate inheritable permission to all subkeys)Reg Auditing Local Machine CCE-3770-5d4.4.3.3 HKLM\System  Everyone: Failures (this key, propagate inheritable permission to all subkeys) CCE-3809-1p4.4.1.15 %ProgramFiles% - Administrators: Full; System: Full; Creator Owner: Full; Users: Read and Execute, ListProgram Files ACL CCE-3869-5CCE-570\The required permissions for the directory %ProgramFiles%\Resource Kit should be assigned. J4.4.1.16 %Program Files%\Resource Kit  Administrators: Full; System: Full Resource Kit ACL Servers and DCs CCE-3785-3CCE-204`The required permissions for the directory %ProgramFiles%\Resource Pro Kit should be assigned. N4.4.1.17 %Program Files%\Resource Pro Kit  Administrators: Full; System: FullResource Kit ACL Workstation CCE-3807-5o4.4.1.1 %SystemDrive%\ - Administrators: Full; System: Full; Creator Owner: Full; Users: Read and Execute, ListSystemDrive ACL CCE-2879-5F4.4.1.2 %SystemDrive%\autoexec.bat - Administrator: Full; System: FullAutoexec.bat ACL CCE-3344-9CCE-746RThe required permissions for the file %SystemDrive%\BOOT.INI should be assigned. C4.4.1.3 %SystemDrive%\boot.ini  Administrators: Full; System: Full BOOT.INI ACL CCE-3864-6E4.4.1.4 %SystemDrive%\config.sys - Administrators: Full; System: FullCONFIG.SYS ACL CCE-3080-9q4.4.1.10 %SystemDrive%\Documents and Settings - Administrators: Full; System: Full; Users: Read and Execute, ListDocuments and Settings ACL CCE-3873-7`4.4.1.11 %SystemDrive%\Documents and Settings\Administrator - Administrators: Full; System: Full(Documents and Settings\Administrator ACL CCE-3419-9CCE-181oThe required permissions for the directory %SystemDrive%\Documents and Settings\All Users should be assigned. {4.4.1.12 %SystemDrive%\Documents and Settings\All Users  Administrators: Full; System: Full; Users: Read and Execute, List$Documents and Settings\All Users ACL CCE-3763-0CCE-868The required permissions for the directory %SystemDrive%\Documents and Settings\All Users\Documents\DrWatson should be assigned. 4.4.1.13 %SystemDrive%\Documents and Settings\All Users\Documents\DrWatson  Administrators: Full; System: Full;Creator Owner: Full; Users: Traverse Folder/Execute File, List Folder/Read Data, Read Attributes, Read Extended Attributes, Read Permissions (This folder, subfolders, and files); Users: Traverse Folder/Execute Files, CreateFiles/Write Data, Create Folder/Append Data (Subfolders and files only) DrWatson ACL CCE-3657-4CCE-776The required permissions for the file %SystemDrive%\Documents and Settings\All Users\Documents\DrWatson\drwtsn32.log should be assigned. DrWatson Log ACL CCE-3697-0~4.4.1.14 %SystemDrive%\Documents and Settings\Default User - Administrators: Full; System: Full; Users: Read and Execute, ListDefault User ACL CCE-3789-5A4.4.1.5 %SystemDrive%\io.sys - Administrators: Full; System: Full IO.SYS ACL CCE-3560-0D4.4.1.6 %SystemDrive%\msdos.sys - Administrators: Full; System: Full MSDOS.SYS ACL CCE-3335-7G4.4.1.7 %SystemDrive%\ntbootdd.sys - Administrators: Full; System: FullNTBOOTDD.SYS ACL CCE-3749-9G4.4.1.8 %SystemDrive%\ntdetect.com  Administrators: Full; System: FullNTDETECT.COM ACL CCE-3771-3@4.4.1.9 %SystemDrive%\ntldr - Administrators: Full; System: Full NTLDR ACL CCE-2895-1CCE-755SThe required permissions for the directory %SystemDrive%\Temp should be assigned. Temp ACL CCE-3686-3CCE-341`The required permissions for the directory %SystemDrive%\My Download Files should be assigned. My Download ACL CCE-3083-3k4.4.1.47 %SystemDrive%\System Volume Information  (Do not allow permissions on this folder to be replaced) CCE-3105-4n4.4.1.18 %SystemRoot%  Administrators: Full; System: Full; Creator Onwer: Full; Users: Read and Execute, ListSystem Root ACL CCE-3876-0Driver.cab ACL CCE-3519-6 CCE-3197-1CCE-640S4.4.1.19 %SystemRoot%\$NtServicePackUninstall$  Administrators: Full; System: Full CCE-3342-3CCE-328dThe required permissions for any of the %SystemRoot%\$NtUninstall* directories should be assigned. NT SP Uninstall ACL CCE-3505-5>4.4.1.20 %SystemRoot%\CSC  Administrators: Full; System: FullCSC ACL CCE-3791-1t4.4.1.21 %SystemRoot%\Debug - Administrators: Full; System: Full; Creator Owner: Full; Users: Read and Execute, List Debug ACL CCE-3192-24.4.1.22 %SystemRoot%\Debug\UserMode - Administrators: Full; System: Full; Users: Traverse Folder/Execute File, Listfolder/Read data, Create files/Write data (This folder, only); Create files/Write data, Create folders/Append data(Files only)UserMode Directory ACL CCE-3836-4F4.4.1.31 %SystemRoot%\regedit.exe  Administrators: Full; System: Fullregedit.exe ACL CCE-3091-6CCE-248SThe required permissions for the directory %SystemDrive%\NTDS should be assigned. NTDS ACL CCE-3862-0CCE-398_The required permissions for the directory %SystemRoot%\Offline Web Pages should be assigned. J4.4.1.23 %SystemRoot%\Offline Web Pages  Ignore Parent Permission Changes CCE-3867-9T4.4.1.24 %SystemRoot%\Registration - Administrators: Full; System: Full; Users: ReadRegistration ACL CCE-3404-1A4.4.1.25 %SystemRoot%\repair - Administrators: Full; System: Full Repair ACL CCE-3052-8X4.4.1.26 %SystemRoot%\security - Administrators: Full; System: Full; Creator Owner: Full Security ACL< CCE-3879-4CCE-979UThe required permissions for the directory %SystemRoot%\SYSVOL should be assigned. SYSVOL ACL CCE-3544-4CCE-701dThe required permissions for the directory %SystemRoot%\SYSVOL\domain\Policies should be assigned. #%SystemRoot%\SYSVOL\domain\Policies CCE-3408-2 CCE-3800-0w4.4.1.27 %SystemRoot%\system32 - Administrators: Full; System: Full; Creator Owner: Full; Users: Read and Execute, List System32 ACL CCE-3571-7j4.4.1.36 %SystemRoot%\system32\appmgmt  Administrators: Full; System: Full; Users: Read and Execute, List appmgmt ACL CCE-3712-7J4.4.1.28 %SystemRoot%\system32\at.exe  Administrators: Full; System: Full at.exe ACL CCE-3716-8J4.4.1.37 %SystemRoot%\system32\config  Administrators: Full; System: Full CONFIG ACL CCE-3734-1)%SystemRoot%\System32\CONFIG\AppEvent.evt CCE-3641-8)%SystemRoot%\System32\CONFIG\SecEvent.evt CCE-3540-2a4.4.1.38 %SystemRoot%\system32\dllcache  Administrators: Full; System: Full; Creator Owner: Full dllcache ACL CCE-3831-5CCE-361]The required permissions for the directory %SystemRoot%\System32\DTCLog should be assigned. }4.4.1.39 %SystemRoot%\system32\DTCLog - Administrators: Full; System: Full; Creator Owner: Full; Users: Read andExecute, List CCE-3745-7|4.4.1.40 %SystemRoot%\system32\Group Policy - Administrators: Full; System: Full; Authenticated Users: Read andExecute, ListGroupPolicy ACL CCE-3890-1\4.4.1.41 %SystemRoot%\system32\ias - Administrators: Full; System: Full; Creator Owner: Fullias ACL CCE-3784-6P4.4.1.29 %SystemRoot%\system32\Ntbackup.exe  Administrators: Full; System: FullNTbackup.exe ACL CCE-3793-7L4.4.1.42 %SystemRoot%\system32\NTMSData  Administrators: Full; System: Full NTMSData ACL CCE-3815-8K4.4.1.30 %SystemRoot%\system32\rcp.exe  Administrators: Full; System: Full Rcp.exe ACL CCE-3824-0P4.4.1.32 %SystemRoot%\system32\regedt32.exe  Administrators: Full; System: FullRegedt32.exe ACL CCE-3595-6CCE-89gThe required permissions for the directory %SystemRoot%\system32\ReinstallBackups should be assigned. 4.4.1.43 %SystemRoot%\system32\reinstallbackups  Administrators: Full; System: Full; Creator Owner: Full; PowerUsers: Read and Execute, List CCE-3516-2M4.4.1.33 %SystemRoot%\system32\rexec.exe  Administrators: Full; System: Full Rexec.exe ACL CCE-3520-4K4.4.1.34 %SystemRoot%\system32\rsh.exe  Administrators: Full; System: Full Rsh.exe ACL CCE-3776-2O4.4.1.35 %SystemRoot%\system32\secedit.exe  Administrators: Full; System: Full CCE-3670-7h4.4.1.44 %SystemRoot%\system32\Setup  Administrators: Full; System: Full; Users: Read and Execute, List Setup ACL CCE-3340-7CCE-326[The required permissions for the directory %SystemRoot%\System32\repl should be assigned. repl ACL CCE-3780-4CCE-357bThe required permissions for the directory %SystemRoot%\System32\repl\export should be assigned. Export ACL CCE-3423-1CCE-291bThe required permissions for the directory %SystemRoot%\System32\repl\import should be assigned. Import ACL CCE-3802-64.4.1.45 %SystemRoot%\system32\spool\printers  Administrators: Full; System: Full; Creator Owner: Full; Users:Traverse Folder, Execute File, Read, Read Extended Attributes, Create folders, Append DataSpool\Printers ACL CCE-3079-1V4.4.1.46 %SystemRoot%\Tasks - (Do not allow permissions on this folder to be replaced) CCE-3727-5CCE-864]The required permissions for the directory %ALL%\Program Files\MQSeries should be assigned. MQSeries ACL CCE-3493-4CCE-364cThe required permissions for the directory %ALL%\Program Files\MQSeries\qmggr should be assigned. MQSeries Queue ACL CCE-3872-9CCE-46The required permissions for the directory %SystemDrive%\Documents and Settings\All Users\Application Data\Microsoft\HTML Help ACL should be assigned. CCE-3656-6CCE-447vThe required permissions for the directory %SystemDrive%\WINNT\SECURITY\Database\SECEDIT.SDB ACL should be assigned. SECEDIT.SDB ACL CCE-2929-8CCE-760UThe required permissions for the registry key HKEY_CLASSES_ROOT should be assigned. Registry ACL Check CLASSES_ROOT CCE-3308-4[4.4.2.2 HKLM\Software  Administrators Full; System: Full; Creator Owner: Full; Users: ReadRegistry ACL Check Software CCE-3723-4CCE-843gThe required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes should be assigned. d4.4.2.1 HKLM\Software\Classes - Administrators: Full; System: Full; Creator Owner: Full; Users: Read CCE-3868-7CCE-253The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Regfile\Shell\Open\Command should be assigned. -\SOFTWARE\Classes\Regfile\Shell\Open\Command CCE-3563-4L4.4.2.3 HKLM\Software\Microsoft\Net DDE  Administrators: Full; System: FullReg ACL NetDDE Check test CCE-3691-3CCE-240The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OS/2 Subsystem for NT should be assigned. o4.4.2.4 HKLM\Software\Microsoft\OS/2 Subsystem for NT  Administrators: Full; System: Full; Creator Owner: FullReg ACL OS2 Check test CCE-3735-84.4.2.5 HKLM\Software\Microsoft\Windows NT\CurrentVersion\AsrCommands  Administrators: Full; System: Full;Creator Owner: Full; Users: Read; Backup Operators: Query Value, Set Value, Create Subkey, EnumerateSubkeys, Notify, Delete, Read (this key and subkeys)Reg ACL Check AsrCommands CCE-3242-54.4.2.6 HKLM\Software\Microsoft\Windows NT\CurrentVersion\Perflib  Administrators: Full; System: Full; CreatorOwner: Full; Interactive: Read (this key and subkeys)Registry ACL Check Perflib CCE-3374-64.4.2.7 HKLM\Software\Microsoft\Windows\CurrentVersion\Group Policy - Administrators: Full; System: Full;Authenticated Users: ReadReg ACL Check Group Policy CCE-3167-4q4.4.2.8 HKLM\Software\Microsoft\Windows\CurrentVersion\Installer - Administrators Full; System: Full; Users: ReadReg ACL Check Installer CCE-3533-7~4.4.2.9 HKLM\Software\Microsoft\Windows\CurrentVersion\Policies - Administrators: Full; System: Full; AuthenticatedUsers: < ReadReg ACL Check Policies CCE-2897-7Z4.4.2.10 HKLM\System - Administrators Full; System: Full; Creator Owner: Full; Users: ReadRegistry ACL Check SYSTEM CCE-3839-8V4.4.2.11 HKLM\System\Clone  Allow inheritable permissions to propagate to this object CCE-3865-3CCE-867kThe required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\controlset001 should be assigned. h4.4.2.12 HKLM\System\ControlSet001 - Administrators Full; System: Full; Creator Owner: Full; Users: Read Registry ACL Check controlset001 CCE-3513-9CCE-545kThe required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\controlset002 should be assigned. h4.4.2.13 HKLM\System\ControlSet00x - Administrators Full; System: Full; Creator Owner: Full; Users: Read Registry ACL Check controlset002 CCE-3896-8CCE-289kThe required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\controlset003 should be assigned. Registry ACL Check controlset003 CCE-3838-0CCE-465kThe required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\controlset004 should be assigned. Registry ACL Check controlset004 CCE-3750-7CCE-254kThe required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\controlset005 should be assigned. Registry ACL Check controlset005 CCE-3384-5CCE-606kThe required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\controlset006 should be assigned. Registry ACL Check controlset006 CCE-3680-6CCE-694kThe required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\controlset007 should be assigned. Registry ACL Check controlset007 CCE-3816-6CCE-500kThe required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\controlset008 should be assigned. Registry ACL Check controlset008 CCE-3318-3CCE-809kThe required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\controlset009 should be assigned. Registry ACL Check controlset009 CCE-3882-8CCE-99kThe required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\controlset010 should be assigned. Registry ACL Check controlset010 CCE-3521-2^4.4.2.14 HKLM\System\CurrentControlSet\Control\SecurePipeServers\WinReg  Administrators: Full Winreg ACL CCE-2932-24.4.2.15 HKLM\System\CurrentControlSet\Control\WMI\Security  Administrators: Full; System: Full; Creator Owner: Full(this key and subkeys)Registry ACL Check Security CCE-3651-7c4.4.2.16 HKLM\System\CurrentControlSet\Enum - (Do not allow permissions on this key to be replaced) CCE-3210-2}4.4.2.17 HKLM\System\CurrentControlSet\Hardware Profiles  Administrators Full; System: Full; Creator Owner: Full;Users: Read$Registry ACL Check Hardware Profiles CCE-3466-04.4.2.18 HKLM\System\CurrentControlSet\Services\SNMP\Parameters\PermittedManagers - Administrators Full; System: Full;Creator Owner: Full%Registry ACL Check Permitted Managers CCE-2978-54.4.2.19 HKLM\System\CurrentControlSet\Services\SNMP\Parameters\ValidCommunities - Administrators Full; System: Full;Creator Owner: Full#Registry ACL Check ValidCommunities CCE-3957-8[4.4.2.20 HKU\.Default - Administrators Full; System: Full; Creator Owner: Full; Users: ReadRegistry ACL Check Default CCE-3961-0S4.4.2.21 HKU\.Default\Software\Microsoft\NetDDE - Administrators Full; System: FullRegistry ACL Check NetDDE CCE-3732-5CCE-796The required permissions for the registry key HKEY_USERS\.DEFAULT\Software\Microsoft\Protected Storage System Provider should be assigned. W4.4.2.22 HKU\.Default\Software\Microsoft\Protected Storage System Provider  No entries CCE-3737-4CCE-845 CCE-3503-0<4.2.11 Deny access to this computer from the network: Guests)User Right Check deny access from network CCE-3917-2L4.2.1 Access this computer from the network: Users, Administrators (or none)User Right Check Network Logon CCE-3736-6/4.2.2 Act as part of the operating system: NoneUser Right Check Act as OS CCE-3393-634.2.4 Back up files and directories: AdministratorsUser Right Check Backup CCE-3653-3%4.2.5 Bypass traverse checking: Users)User Right Check Bypass Traverse checking CCE-3296-1,4.2.6 Change the system time: Administrators#User Right Check change system time CCE-3943-8'4.2.7 Create a pagefile: Administrators User Right Check create pagefile CCE-3860-4!4.2.8 Create a token object: None$User Right Check create token object CCE-3767-1+4.2.9 Create permanent shared objects: None0User Right Check create permanent shared objects CCE-3772-14.2.10 Debug Programs: NoneUser Right Check debug programs CCE-3904-0:4.2.16 Force shutdown from a remote system: Administrators User Right Check remote shutdown CCE-3811-7%4.2.17 Generate security audits: None)User Right Check generate security audits CCE-3688-9&4.2.18 Increase quotas: Administrators User Right Check increase quotas CCE-3630-134.2.19 Increase scheduling priority: Administrators-User Right Check increase scheduling priority CCE-3798-654.2.20 Load and unload device drivers: Administrators/User Right Check load and unload device drivers CCE-3317-5!4.2.21 Lock pages in memory: None%User Right Check lock pages in memory CCE-3965-1"4.2.22 Log on as a batch job: None&User Right Check log on as a batch job CCE-3877-8 4.2.23 Log on as a service: None(User Right Check log on as a service job CCE-3238-3L4.2.24 Log on locally: Users, Administrators (further restriction allowable)User Right Check log on locally CCE-3507-174.2.25 Manage auditing and security log: Administrators4Manage Auditing and Security Logs on a Member Server CCE-3903-294.2.26 Modify firmware environment values: Administrators User Right Check modify firmware CCE-3926-3-4.2.27 Profile single process: Administrators'User Right Check Profile single process CCE-3445-414.2.28 Profile system performance: Administrators+User Right Check Profile system performance CCE-3829-9B4.2.29 Remove computer from docking station: Users, AdministratorsUser Right Check undock CCE-3970-1*4.2.30 Replace a process level token: None!User Right replace process token CCE-3912-344.2.31 Restore files and directories: AdministratorsUser Right restore CCE-3934-724.2.32 Shut down the system: Users, AdministratorsUser Right shut down CCE-3471-0>4.2.34 Take ownership of file or other objects: AdministratorsUser Right take ownership CCE-3850-594.2.33 Synchronize directory service data: Not ApplicableUser Right synch directory CCE-3489-2L4.2.14 Deny logon locally: None by default (others allowable as appropriate)#User Right Check deny logon locally CCE-3282-1U4.2.15 Enable computer and user accounts to be trusted for delegation: Not Applicable+User Right Check allow trust for delegation CCE-3542-804.2.3 Add workstations to domain: Not applicable$User Right Check Add wkstn to domain CCE-3687-11Reset Account Lockout After: 15 Minutes (minimum)Lockout Reset (15) CCE-3960-2.Account Lockout Duration: 15 Minutes (minimum)Lockout Duration (15) CCE-3229-29Account Lockout Threshold: 3 Bad Login Attempts (maximum)Lockout Count (3) CCE-3859-6/Audit Account Logon Events: Success and FailureAccount logon auditing CCE-3881-0 CCE-3753-1-Audit Account Management: Success and FailureAccount management auditing CCE-3885-1 CCE-3907-3'Audit Logon Events: Success and Failurelogon auditing CCE-3678-0 CCE-3313-4&Audit Object Access: Failure (minimum)object access auditing CCE-3846-3 CCE-3366-2&Audit Poli< cy Change: Failure (minimum)policy change auditing CCE-2995-9 CCE-3779-6&Audit Privilege Use: Failure (minimum)priv use auditing CCE-3925-5 CCE-3215-1#Audit Process Tracking: Not Defined CCE-3911-5 CCE-3792-9(Audit System Events: Success and FailureSystem Event auditing CCE-3937-0 CCE-3959-4CCE-3965Allow System to be Shut Down Without Having to Log On CCE-3470-2CCE-916HThe "Decoy Admin Account Not Disabled" policy should be set correctly. Decoy Admin, Account Exists CCE-3880-27Application Log: Restrict Guest Access to Logs: Enabled3Anonymous Access to the Application Event Log value CCE-3775-48Application Log: Maximum Event Log Size: 80 Mb (minimum)$Application Event Log size key value CCE-3797-8CApplication Log: Log Retention Method:  Overwrite Events As Needed )Application Event Log retention key value CCE-3444-7 CCE-3964-44Security Log: Restrict Guest Access to Logs: Enabled0Anonymous Access to the Security Event Log value CCE-3096-55Security Log: Maximum Event Log Size: 80 Mb (minimum)!Security Event Log size key value CCE-3589-9@Security Log: Log Retention Method:  Overwrite Events As Needed &Security Event Log retention key value CCE-3968-5 CCE-3990-92System Log: Restrict Guest Access to Logs: Enabled.Anonymous Access to the System Event Log value CCE-3889-33System Log: Maximum Event Log Size: 80 Mb (minimum)System Event Log size key value CCE-3805-9>System Log: Log Retention Method:  Overwrite Events As Needed $System Event Log retention key value CCE-3823-2 CCE-3827-35All passwords are no more than 90 days old (maximum). CCE-3224-3Minimum Password Age: 1 dayMinimum Password Age CCE-3228-47All passwords are at least 8 characters long (minimum).Password Length (8) CCE-3986-7CCE-5149The correct password filtering DLL should be installed. Check for Enpasflt.dll CCE-3042-9Password Complexity: EnabledEnPasFlt Check CCE-3588-1)Password History: 24 Passwords RememberedPassword History (24) CCE-3852-15Store Passwords using Reversible Encryption: DisabledReversible Pwd Encryption CCE-3372-04.1.1 Alerter  Disabled CCE-3892-74.1.2 Clipbook  Disabled CCE-4041-0!4.1.3 Computer Browser  DisabledComputer Browser Disabled CCE-3059-34.1.4 Fax Service  Disabled CCE-3830-7'4.1.5 FTP Publishing Service  Disabled CCE-3835-6"4.1.6 IIS Admin Service  Disabled CCE-3738-24.1.8 Messenger  Disabled CCE-4035-224.1.9 NetMeeting Remote Desktop Sharing  Disabled*NetMeeting Remote Desktop Sharing Disabled CCE-3554-3,4.1.7 Internet Connection Sharing  Disabled CCE-3572-5)4.1.10 Remote Registry Service  Disabled CCE-3973-5+4.1.11 Routing and Remote Access  Disabled.Remote Access Auto Connection Manager Disabled CCE-3995-8Remote Shell Service CCE-3515-4Simple TCP/IP Service CCE-3643-464.1.12 Simple Mail Transfer Protocol (SMTP)  Disabled CCE-3524-6C4.1.13 Simple Network Management Protocol (SNMP) Service  Disabled CCE-3819-0@4.1.14 Simple Network Management Protocol (SNMP) Trap  Disabled CCE-3951-14.1.15 Telnet  DisabledTelnet Disabled CCE-3722-644.1.16 World Wide Web Publishing Services  Disabled CCE-3634-3CCE-559&4.1.17 Automatic Updates  Not Defined CCE-3721-8CCE-445<4.1.18 Background Intelligent Transfer Service  Not Defined CCE-3069-2CCE-115Print Services for UNIX CCE-3898-4Printer Permissions CCE-3418-10"Schedule" service is run as the system account. CCE-3938-8CCE-310YThe "Additional restrictions for anonymous connections" policy should be set correctly. eAdditional Restrictions for Anonymous Connections:  No Access Without Explicit Anonymous Permissions CCE-3837-2Restrict Anonymous value CCE-3982-65Anonymous access to the event logs is not restricted. CCE-4004-8CCE-464HThe "Anonymous access to the registry" policy should be set correctly. 3Anonymous access to the Registry is not restricted. CCE-3766-3Guest Account Disabled CCE-3669-9IMessage Title for Users Attempting to Log On:  Warning: or custom title.?Legal notice is not configured to display before console logon. CCE-4012-1EMessage Text for Users Attempting to Log On: Custom Message or  This CCE-3893-5CAdministrative Shares should be enabled or disabled as appropriate.Remove administrative shares on workstation (Professional): HKLM\System\CurrentControlSet\Services\LanmanServer\Parameters\AutoShareWks (REG_DWORD) 0 CCE-4039-4Disable Automatic Execution of the System Debugger: HKLM\ Software\Microsoft\Windows NT\CurrentVersion\AEDebug\Auto (REG_DWORD) 05CIS: Automatic Execution of the System Debugger value CCE-3559-2pDisable Automatic Logon: HKLM\ Software\Microsoft\Windows NT\CurrentVersion\Winlogon\AutoAdminLogon(REG_DWORD) 0Admin Autologon Value CCE-4061-8Disable automatic reboots after a Blue Screen of Death: HKLM\System\CurrentControlSet\Control\CrashControl\AutoReboot (REG_DWORD) 0%CIS: Disable Reboot After Crash value CCE-3726-7Disable autoplay from any disk type, regardless of application: HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun (REG_DWORD) 255Autoplay value CCE-3871-1Disable autoplay for current user: HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun (REG_DWORD) 255 CCE-3528-7Disable autoplay for new users by default: HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun (REG_DWORD) Not Defined0CIS: Disable Media Autoplay (HKU-.Default hive) CCE-3555-0VDisable CD Autorun: HKLM\System\CurrentControlSet\Services\CDrom\Autorun (REG_DWORD) 0 CCE-3682-2Protect against Computer Browser Spoofing Attacks: HKLM\System\CurrentControlSet\Services\MrxSmb\Parameters\RefuseReset (REG_DWORD) 1!Computer Browser Spoofing Attacks CCE-3704-4Ensure ICMP Routing via shortest path first: HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\EnableICMPRedirect (REG_DWORD) 0Disable ICMP Redirect CCE-3915-6Protect against source-routing spoofing: HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DisableIPSourceRouting (REG_DWORD) 2Disable IP Source Routing CCE-4065-9Ensure Router Discovery is Disabled: HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\PerformRouterDiscovery (REG_DWORD) 0Disable Router Discovery CCE-3942-0yEnable IPSec to protect Kerberos RSVP Traffic: HKLM\System\CurrentControlSet\Services\IPSEC\NoDefaultExempt (REG_DWORD) 1:CIS: Enable IPSec security for Kerberos RSVP Traffic value CCE-3981-8_Suppress Dr. Watson Crash Dumps: HKLM\Software\Microsoft\DrWatson\CreateCrashDump (REG_DWORD) 0'CIS: Allow Dr. Watson Crash Dumps value CCE-3646-7Don t display username of last successful logon at the logon screen: HKLM\Software\Micr< osoft\Windows NT\CurrentVersion\Winlogon\DontDisplayLastUserName (REG_SZ) Not Defined; 3.2.1.15 Do Not Display Last User Name in Logon Screen: Enabled CCE-3920-6CCE-544?File System Checker and Popups should be properly configured. Enable the File System Checker and Disable Popups: HKLM\ Software\Microsoft\Windows NT\CurrentVersion\Winlogon\SFCDisable (REG_DWORD) Not Defined CCE-3095-7CCE-5804System File Checker should be properly configured. Enable the System File Checker to verify all operating system files at boot time: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\SFCScan (REG_DWORD) Not DefinedNote: Due to the processor-intensive nature of the System File Checker, it is no longer required on startup. CCE-3972-7CCE-236CSystem File Checker Progress Meter should be properly configured. Do not show the System File Checker progress meter: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\SFCShowProgress (REG_DWORD) Not Defined CCE-3620-23.2.2.24 Do not announce this computer to domain master browsers: HKLM\System\CurrentControlSet\Services\Lanmanserver\Parameters\Hidden (REG_DWORD) 1;CIS: Hide computer Name from other domain controllers value CCE-3884-4Protect the Default Gateway network setting: HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\EnableDeadGWDetect (REG_DWORD) 0Disable Dead Gateway Detection CCE-3600-4pManage Keep-alive times: HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\KeepAliveTime(REG_DWORD) 300000TCP Connection Keep-Alive Time CCE-3878-6SYN Attack protection  Manage TCP Maximum half-open sockets: HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\TcpMaxHalfOpen (REG_DWORD) 100Half-open TCP Sockets CCE-4027-9SYN Attack protection  Manage TCP Maximum half-open retired sockets: HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\TcpMaxHalfOpenRetired (REG_DWORD) 80Half-open retired TCP Sockets CCE-3922-2Protect Against Malicious Name-Release Attacks: HKLM\System\CurrentControlSet\Services\Netbt\Parameters\NoNameReleaseOnDemand (REG_DWORD) 1Name-Release Attacks CCE-3939-6Help protect against packet fragmentation: HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\EnablePMTUDiscovery (REG_DWORD) 0 CCE-4085-7yProtect against SYN Flood attacks: HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\SynAttackProtect (REG_DWORD) 2SYN Attack Protection CCE-3948-7CCE-112AProtect Kernel object attributes should be properly configured. Protect Kernel object attributes CCE-3966-9Audit Log Warning Level CCE-4010-5"Disable saving of dial up password CCE-3900-8CCE-601$Encrypt Secure Channel Traffic Value CCE-4063-4CCE-614!Sign Secure Channel Traffic Value CCE-4005-58Allow Server Operators to Schedule Tasks: Not Applicable CCE-3899-2BRename Administrator Account: Any value other than  Administrator Administrator Account Renamed CCE-4045-12Rename Guest Account: Any value other than  Guest Guest Account Renamed CCE-3921-4OAmount of Idle Time Required Before Disconnecting Session: 30 Minutes (minimum)6Amount of idle time before disconnecting value (<= 15) CCE-4049-36Audit the access of global system objects: Not Defined CCE-3476-9:Audit the use of backup and restore privilege: Not Defined CCE-3886-97Disable CTRL+ALT+Delete Requirement for Logon: Disabled5Ctrl+Alt+Del security attention sequence is Disabled. CCE-4014-7GLAN Manager Authentication Level:  Send NTLMv2 response only (minimum)LMCompatibility Value CCE-3908-1CCE-275OThe "Send LanMan compatible password" setting should be configured correctly. pThe Send download LanMan compatible password option is not set to "Send LM and NTLM - Use NTLMv2 if Negotiated." CCE-3675-66Prevent Users from Installing Printer Drivers: EnabledPrint Driver Installation value CCE-4067-5@Recovery Console: Allow Automatic Administrative Logon: Disabled Recovery Console Autologon value CCE-3463-7VRecovery Console: Allow Floppy Copy and Access to All Drives and All Folders: Disabled"Recovery Console Full Access Value CCE-3529-5>Restrict CD-ROM Access to Locally Logged-On User Only: Enabled CCE-3185-6>Restrict Floppy Access to Locally Logged-On User Only: EnabledFloppy Allocation CCE-3956-0VStrengthen Default Permissions of Global System Objects (e.g. Symbolic Links): Enabled!Strength permissions on GSO value CCE-3978-4OSecure Channel: Require Strong (Windows 2000 or later) Session Key: Not Defined CCE-3392-8ISend Unencrypted Password to Connect to Third-Party SMB Servers: Disabled0Send unencrypted password to 3rd party SMB value CCE-3648-3oUnsigned Driver Installation Behavior:  Warn, but allow installation (minimum) or  Do Not Allow Installation .Unsigned Driver Behavior Value CCE-3401-7CCE-307QThe "Unsigned Non-Driver Installation Behavior" policy should be set correctly. rUnsigned Non-Driver Installation Behavior:  Warn, but allow installation (minimum) or  Do Not Allow Installation "Unsigned Non-Driver Behavior Value CCE-3098-1CPrompt User to Change Password Before Expiration: 14 Days (minimum)Password Expiration value CCE-4070-9JShut Down system immediately if unable to log security audits: Not DefinedCrash on audit fail Value CCE-3629-3?Allow System to be Shut Down Without Having to Log On: Disabled4The system allows shutdown from the logon dialog box CCE-3813-3CCE-360cThe "Automatically Log Off Users When Logon Time Expires (local)" policy should be set correctly. DAutomatically Log Off Users When Logon Time Expires (local): EnabledLogon Time Enforcement (0) CCE-3333-2=Clear Virtual Memory Pagefile When System Shuts Down: EnabledClear Pagefile value CCE-3747-39Digitally Sign Client Communication (Always): Not Defined CCE-3994-1<Digitally Sign Client Communication (When Possible): EnabledEnable Security Signature Value CCE-3783-89Digitally Sign Server Communication (Always): Not Defined CCE-3928-9<Digitally Sign Server Communication (When Possible): EnabledSMB Server Packet Signing Value CCE-3545-1/Number of Previous Logons to Cache: 1 (maximum)Logon Caching value (<= 2) CCE-4069-15Allowed to Eject Removable NTFS Media: AdministratorsNTFS Media Ejection value CCE-3607-9SSecure Channel: Digitally Encrypt or Sign Secure Channel Data (Always): Not Defined CCE-3849-7NSecure Channel: Digitally Encrypt Secure Channel Data (When Possible): Enabled CCE-4025-3KSecure Channel: Digitally Sign Secure Channel Data (When Possible): Enabled CCE-3596-49Smart Card Removal Behavior:  Lock Workstation (minimum)!Smart Card Removal Behavior Value CCE-3145-0APrevent System Maintenance of Computer Account Password: DisabledDisable password change Value CCE-3947-9<4.3.1 Ensure all disk volumes are using the NTFS file systemNon-NTFS Partition CCE-3863-8CCE-546?Unused USB Ports should be enabled or disabled as appropriate. "Unused USB ports are not disabled. CCE-4008-9CCE-764current user scrnsave.exe CCE-4000-6 Current user screensaver timeout CCE-4145-9Current user screensaver secure CCE-3149-2CCE-742SThe screen saver should be enabled or disabled as appropriate for the current user.Current user screensaver active CCE-3152-6'Always Install with Elev< ated Privileges CCE-4108-78Disable IE Security Prompt for Windows Installer Scripts CCE-3861-2!Enable User Control Over Installs CCE-3931-3CCE-794XThe "Enable User to Browser for Source While Elevated" policy should be set correctly. /Enable User to Browse for Source While Elevated CCE-4094-9.Enable User to Use Media Source While Elevated CCE-4116-05Allow Admin to Install from Terminal Services Session CCE-3980-0&Enable User to Patch Elevated Products CCE-4002-22Cache Transforms in Secure Location on Workstation CCE-4033-7CCE-525GInternet access for Windows Messenger should be configured correctly. !Windows Messenger Internet Access CCE-4055-0CCE-785RThe "Hide Property Pages" policy should be set correctly for the Task Scheduler. Hide Property Pages CCE-3451-2Prohibit New Task Creation CCE-3971-9I HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Use_HKLM_only Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer, Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Security_HKLM_only)Security Zones: Use Only Machine Settings CCE-4117-8X HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Security_Zones_Map_Edit Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer, Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Security_zones_map_edit6Security Zones: Do Not Allow Users to Add/Delete Sites CCE-3874-5=Disable Periodic Check for Internet Explorer Software Updates CCE-3517-0=Disable Software Update Shell Notifications on Program Launch CCE-3962-89Disable Automatic Install of Internet Explorer Components CCE-4125-1Make Proxy Settings Per Machine CCE-4019-65Security Zones: Do Not Allow Users to Change Policies CCE-4812-4CCE-10.DEPRECATED in favor of CCE-5236-5, CCE-4719-1. CCE-5236-5Audit Directory Service Access CCE-4719-1 CCE-4874-4"Smart Card Helper Service Disabled CCE-4777-9CCE-1298IThe License Logging service should be enabled or disabled as appropriate. License Logging Service Disabled CCE-4156-6Denied Logon As A Batch Job CCE-4825-6'Application Management Service Disabled CCE-4720-9CCE-1786aThe Resultant Set of Policy (RSoP) Provider Service should be enabled or disabled as appropriate.1Resultant Set of Policy Provider Service Disabled CCE-4848-8CCE-1984UUse of the Recycle Bin on file deletion should be enabled or disabled as appropriate.R(1) HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket\NukeOnDelete=Recycle Bin Configured to Delete Files (Servers) Requirements CCE-4729-0CCE-2166`The Network News Transport Protocol (NNTP) service should be enabled or disabled as appropriate.0Network News Transport Protocol Service Disabled CCE-4495-84Network Dynamic Data Exchange (DDE) Service Disabled CCE-4768-8MHKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\SCForceOption -CAC logon required (NIPRNet only) Requirement CCE-4253-1CCE-2258ZThe Distributed Link Tracking Server service should be enabled or disabled as appropriate.1Distributed Link Tracking Server Service Disabled CCE-4539-36Remote Access Auto Connection Manager Service Disabled CCE-4786-08Forcibly Disconnect when Logon Hours Expire Requirements CCE-4447-94Distributed Transaction Coordinator Service Disabled CCE-4332-3)Impersonate a Client After Authentication CCE-4830-6DCOM - RunAs Value Requirements CCE-4751-4+Uninterrupted Power Supply Service Disabled CCE-4645-84Kerberos - User Logon Restrictions (DC) Requirements CCE-4750-61Kerberos - User Ticket Lifetime (DC) Requirements CCE-4865-24Kerberos - Service Ticket Lifetime (DC) Requirements CCE-4684-78Kerberos - User Ticket Renewal Lifetime (DC Requirements CCE-4715-9;Kerberos - Computer Clock Synchronization (DC) Requirements CCE-4790-2(1) set of accountsRight To Create Global Objects CCE-4667-2Task Scheduler Service Disabled CCE-4882-7Telephony Service Disabled CCE-4799-3ZDCOM: Machine Access Restrictions in Security Descriptor Definition Language (SDDL) syntax CCE-4195-4EThe DHCP Server service should be enabled or disabled as appropriate.DHCP Server Service Disabled CCE-4235-8Denied Logon As A Service CCE-4244-0Wireless Zero Configuration CCE-4764-7ASP .NET State Service Disabled CCE-4803-31Distributed Link Tracking Client Service Disabled CCE-4794-4Indexing Service Disabled CCE-4689-6ZDCOM: Machine Launch Restrictions in Security Descriptor Definition Language (SDDL) syntax CCE-4779-51Remote Access Connection Manager Service Disabled CCE-4801-7>Network DDE DDE Share Database Manager (DSDM) Service Disabled CCE-4453-7NThe Certificate Services service should be enabled or disabled as appropriate.Certificate Service Disabled CCE-4096-4Smart Card Service Disabled CCE-4003-0Power Users Restricted Group CCE-4890-0 10.8.20-14 CCE-5141-7JThe "AutoBackupLogFiles" policy for security logs should be set correctly.](1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security\AutoBackupLogFiles CCE-4709-2MThe "AutoBackupLogFiles" policy for application logs should be set correctly.`(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\AutoBackupLogFiles CCE-4986-6HThe "AutoBackupLogFiles" policy for system logs should be set correctly.[(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\AutoBackupLogFiles CCE-4929-6a(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\NullSessionPipes 10.8.20-04 CCE-5282-9 CCE-5153-2fThe setting determining the location of the key and password for the Syskey Encryption Key is correct.F(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\SecureBoot CCE-5123-5[(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\optional CCE-5139-1 CCE-5184-7IThe environment variable "Os2LibPath" should exist or not as appropriate.(1) exists / undefined CCE-5176-3SThe path to the Microsoft OS/2 version 1.x library should be defined appropriately.(1) path CCE-4400-8BSafe DLL search mode should be enabled or disabled as appropriate.Y(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SafeDllSearchMode CCE-4999-9e(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers\Winreg\AllowedPaths\Machine CCE-5126-8yThe registry key HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\Os2 should exist or not as appropriate.I(1) HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\Os2 CCE-4772-0<The location of the OS/2 subsystem should be set correctly. CCE-4972-6=The location of the POSIX subsystem should be set correctly.X(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Subsystems\POSIX CCE-5100-3b(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\NullSessionShares CCE-4946-0The registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AEDebug\Debugger should exist or not as appropriate.T(1) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AEDebug\Debugger CCE-5382-7UThe path to the debugger used for Just-In-Time debugging should be set appropriately. CCE-5281-1[The Distributed Component Object Model (DCOM) should be enabled or disabled as appropriate. CCE-5073-2_(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem\NtfsDisable8dot3NameCreation CCE-5148-210.8.20-04, 10.8.20-15 CCE-5045-0EThe encryption algorithm to be used by EFS should be properly chosen.encryption typeS(1) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EFS\AlgorithmID CCE-4736-5?The TCPMaxPortsExhausted setting should be properly configured.^(1) HKEY_LOCAL_MACHINE\SYSTEM\Cu< rrentControlSet\Services\Tcpip\Parameters\TCPMaxPortsExhausted CCE-4961-9DThe TcpMaxDataRetransmissions setting should be properly configured.c(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\TcpMaxDataRetransmissions CCE-4489-1CTcpMaxConnectResponseRetransmissions should be properly configured.n(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\TcpMaxConnectResponseRetransmissions CCE-4555-9LThe startup type of the File Server For Macintosh service should be correct. 10.8.20-23 CCE-4771-2DThe startup type of the ATI hotkey poller service should be correct. CCE-5062-5LThe startup type of the Interix Subsystem Startup service should be correct. CCE-5150-8BThe startup type of the Cluster Service service should be correct. CCE-5149-0MThe startup type of the IPSEC (IPsec Policy Agent) service should be correct. CCE-4749-8JThe startup type of the IAS Jet Database Access service should be correct. CCE-4964-36The startup type of the IAS service should be correct. CCE-4601-1FThe startup type of the IP Version 6 Helper service should be correct. CCE-4782-9BThe startup type of the Message Queuing service should be correct. CCE-4821-5UThe startup type of the Message Queuing Down Level Clients service should be correct. CCE-4685-4KThe startup type of the Message Queuing Triggers service should be correct. CCE-5002-1MThe startup type of the Client Service for Netware service should be correct. CCE-4653-2gThe startup type of the Windows Management Instrumentation Driver Extensions service should be correct. CCE-5103-7HThe startup type of the TCP/IP NetBIOS Helper service should be correct. CCE-5270-4;The startup type of the Terminal service should be correct. CCE-5098-9BThe startup type of the Utility Manager service should be correct. CCE-5173-0BThe startup type of the Secondary Logon service should be correct. CCE-4699-5UThe startup type of the Windows Management Instrumentation service should be correct. CCE-5162-3AThe startup type of the SSDP Discovery service should be correct. CCE-4307-5>The startup type of the Workstation service should be correct. CCE-4762-1PThe startup type of the Remote Administration Service service should be correct. CCE-4974-2IThe startup type of the Microsoft POP3 Service service should be correct. CCE-5251-4DThe startup type of the Windows Installer service should be correct. CCE-4987-4YThe startup type of the Windows System Resource Manager (WSRM) service should be correct. CCE-5299-3SThe startup type of the WinHTTP Web Proxy Auto-Discovery service should be correct. CCE-4524-5^The startup type of the Services for Unix Trivial FTP Daemon (TFTP) service should be correct. CCE-5268-8SThe startup type of the Services for Unix Client for NFS service should be correct. CCE-4894-2UThe startup type of the Services for Unix Server for PCNFS service should be correct. CCE-5220-9PThe startup type of the Services for Unix Perl Socket service should be correct. CCE-5127-6^The startup type of the Services for Unix User Name Mapping service service should be correct. CCE-5429-6QThe startup type of the Services for Unix Windows Cron service should be correct. CCE-4686-2MThe startup type of the Print Server for Macintosh service should be correct. CCE-4316-6The startup type of the Remote Installation Services (aka Boot Information Negotiation Layer or BNLSVC) service should be correct. CCE-5050-0HThe startup type of the Remote Server Manager service should be correct. CCE-5125-0HThe startup type of the Remote Server Monitor service should be correct. CCE-4640-9NThe startup type of the Remote Storage Notification service should be correct. CCE-4326-5HThe startup type of the Remote Storage Server service should be correct. CCE-5218-3IThe startup type of the Windows Media Services service should be correct. CCE-4632-6pThe startup type of the Services for Netware Service Advertising Protocol (SAP) Agent service should be correct. CCE-5209-2FThe startup type of the Web Element Manager service should be correct. CCE-5222-5vThe startup type of the Remote Installation Services Single Instance Storage (SIS) Groveler service should be correct. CCE-4993-2gThe startup type of the TCP/IP Print Server (aka lpd print server or LPDSVC) service should be correct. CCE-5165-6NThe startup type of the Terminal Services Licensing service should be correct. CCE-5013-8 CCE-5105-2DThe startup type of the COM+ Event System service should be correct. CCE-4391-9<The startup type of the Event Log service should be correct. CCE-4735-7KThe startup type of the Infrared Monitor service service should be correct. CCE-5295-1>The startup type of the DHCP Client service should be correct. CCE-4329-9SThe startup type of the Services for Unix Server for NFS service should be correct. CCE-4328-1LThe startup type of the System Event Notification service should be correct. CCE-4943-7 CCE-4340-6NThe startup type of the Performance Logs and Alerts service should be correct. CCE-4506-2@The startup type of the Plug and Play service should be correct. CCE-5033-6DThe startup type of the Protected Storage service should be correct. CCE-5112-8OThe startup type of the QoS Admission Control (RSVP) service should be correct. CCE-5064-1NThe startup type of the Remote Procedure Call (RPC) service should be correct. CCE-5328-0@The startup type of the Print Spooler service should be correct. CCE-5174-8DThe startup type of the Removable Storage service should be correct. CCE-5208-49The startup type of the Server service should be correct. CCE-4343-0LThe startup type of the Security Accounts Manager service should be correct. CCE-4740-7FThe startup type of the Network Connections service should be correct. CCE-4349-7GThe startup type of the Logical Disk Manager service should be correct. CCE-5248-0VThe startup type of the Logical Disk Manager Administrative service should be correct. CCE-5155-7<The startup type of the Net Logon service should be correct. CCE-5124-3CThe startup type of the File Replication service should be correct.10.8.20-23, 10.8.20-16 CCE-5345-4SThe startup type of the Kerberos Key Distribution Center service should be correct. CCE-4613-6FThe startup type of the Intersite Messaging service should be correct. CCE-5186-2VThe startup type of the Remote Procedure Call (RPC) Locator service should be correct. CCE-5331-4JThe startup type of the Distributed File System service should be correct. CCE-5190-4WThe startup type of the Windows Internet Name Service (WINS) service should be correct.10.8.20-23, 10.8.20-26 CCE-5269-6?The startup type of the Windows Time service should be correct.10.8.20-23, 10.8.20-28 CCE-5286-0BThe Terminal Services fDisableCdm setting should be set correctly. 10.8.20-20 CCE-4864-5DThe Terminal Services fDisableClip setting should be set correctly. CCE-4773-8xInheritance of the shadow setting on the terminal server for remote control from another source should be set correctly. CCE-5113-6EThe Terminal Services remote control configuration is set correctly. CCE-5298-5CThe Terminal Services fDisableCam setting should be set correctly. CCE-4733-2CThe Terminal Services fDisableCcm setting should be set correctly. CCE-5183-9CThe Terminal Services fDisableLPT setting should be set correctly. CCE-5258-9UThe required permissions for the directory %SystemDrive%\perflogs should be assigned. 10.8.20-08 CCE-5271-2QThe required permissions for the directory %SystemDrive%\i386 should be assigned. CCE-4357-0lThe required permissions for the directory %ProgramFiles%\Common Files\SpeechEngines\TTS should be assigned. 10.8.20-06 CCE-5031-0SThe required permissions for the file %SystemRoot%\_default.plf should be assigned. 10.8.20-09 CCE-4485-9RThe required permissions for the directory %SystemRoot%\addins should be assigned. CCE-5314-0TThe required permissions for the directory %SystemRoot%\ap< pPatch should be assigned. CCE-5325-6PThe required permissions for the file %SystemRoot%\clock.avi should be assigned. CCE-4937-9]The required permissions for the directory %SystemRoot%\Connection Wizard should be assigned. CCE-4954-4SThe required permissions for the file %SystemRoot%\Driver Cache should be assigned. CCE-4531-0SThe required permissions for the file %SystemRoot%\explorer.scf should be assigned. CCE-5237-3SThe required permissions for the file %SystemRoot%\explorer.exe should be assigned. CCE-5143-3PThe required permissions for the directory %SystemRoot%\Help should be assigned. CCE-4862-9WThe required permissions for the file %SystemRoot%\inf\unregmp2.exe should be assigned. CCE-4989-0PThe required permissions for the directory %SystemRoot%\Java should be assigned. CCE-5227-4NThe required permissions for the file %SystemRoot%\mib.bin should be assigned. CCE-5051-8SThe required permissions for the directory %SystemRoot%\msagent should be assigned. CCE-5207-6RThe required permissions for the file %SystemRoot%\msdfmap.ini should be assigned. CCE-4392-7OThe required permissions for the directory %SystemRoot%\mui should be assigned. CCE-5111-0^The required permissions for the directory %SystemRoot%\security\templates should be assigned. CCE-4520-3RThe required permissions for the directory %SystemRoot%\speech should be assigned. CCE-5225-8QThe required permissions for the file %SystemRoot%\system.ini should be assigned. CCE-4374-5WThe required permissions for the file %SystemRoot%\system\setup.inf should be assigned. CCE-4585-6XThe required permissions for the file %SystemRoot%\system\stdole.tlb should be assigned. CCE-4823-1TThe required permissions for the directory %SystemRoot%\twain_32 should be assigned. CCE-5338-9^The required permissions for the directory %SystemRoot%\System32\cacls.exe should be assigned. CCE-4668-0_The required permissions for the directory %SystemRoot%\System32\attrib.exe should be assigned. CCE-5210-0\The required permissions for the directory %SystemRoot%\System32\CatRoot should be assigned. 10.8.20-07 CCE-4558-3iThe required permissions for the directory %SystemRoot%\System32\config\systemprofile should be assigned. CCE-4381-0YThe required permissions for the file %SystemRoot%\System32\debug.exe should be assigned. CCE-4908-0YThe required permissions for the directory %SystemRoot%\System32\dhcp should be assigned. CCE-5001-3\The required permissions for the directory %SystemRoot%\System32\drivers should be assigned. CCE-4785-2aThe required permissions for the file %SystemRoot%\System32\eventtriggers.exe should be assigned. CCE-5379-3YThe required permissions for the file %SystemRoot%\System32\edlin.exe should be assigned. CCE-5318-1_The required permissions for the file %SystemRoot%\System32\eventcreate.exe should be assigned. CCE-4850-4[The required permissions for the directory %SystemRoot%\System32\Export should be assigned. CCE-4820-7\The required permissions for the file %SystemRoot%\System32\ipconfig.exe should be assigned. CCE-5333-0]The required permissions for the file %SystemRoot%\System32\nslookup.exee should be assigned. CCE-4787-8[The required permissions for the file %SystemRoot%\System32\netstat.exe should be assigned. CCE-4985-8[The required permissions for the file %SystemRoot%\System32\nbtstat.exe should be assigned. CCE-5037-7WThe required permissions for the file %SystemRoot%\System32\ftp.exe should be assigned. CCE-5104-5]The required permissions for the directory %SystemRoot%\System32\LogFiles should be assigned. CCE-5196-1YThe required permissions for the file %SystemRoot%\System32\mshta.exe should be assigned. CCE-4460-2XThe required permissions for the directory %SystemRoot%\System32\mui should be assigned. CCE-4681-3WThe required permissions for the file %SystemRoot%\System32\net.exe should be assigned. CCE-5213-4YThe required permissions for the file %SystemRoot%\System32\netsh.exe should be assigned. CCE-4398-4XThe required permissions for the file %SystemRoot%\System32\net1.exe should be assigned. CCE-4619-3WThe required permissions for the file %SystemRoot%\System32\reg.exe should be assigned. CCE-5118-5ZThe required permissions for the file %SystemRoot%\System32\regini.exe should be assigned. CCE-5211-8\The required permissions for the file %SystemRoot%\System32\regsvr32.exe should be assigned. CCE-5308-2YThe required permissions for the file %SystemRoot%\System32\route.exe should be assigned. CCE-5202-7VThe required permissions for the file %SystemRoot%\System32\sc.exe should be assigned. CCE-4528-6]The required permissions for the directory %SystemRoot%\System32\ShellExt should be assigned. CCE-4545-0YThe required permissions for the file %SystemRoot%\System32\subst.exe should be assigned. CCE-4906-4^The required permissions for the file %SystemRoot%\System32\systeminfo.exe should be assigned. CCE-5232-4ZThe required permissions for the file %SystemRoot%\System32\telnet.exe should be assigned. CCE-5133-4XThe required permissions for the file %SystemRoot%\System32\tftp.exe should be assigned. CCE-4697-9YThe required permissions for the directory %SystemRoot%\System32\wbem should be assigned. CCE-4860-3[The required permissions for the file %SystemRoot%\System32\tlntsvr.exe should be assigned. CCE-4383-6]The required permissions for the directory %SystemRoot%\System32\wbem\mof should be assigned. CCE-5267-0dThe required permissions for the directory %SystemRoot%\System32\wbem\repository should be assigned. CCE-5046-8^The required permissions for the directory %SystemRoot%\System32\wbem\logs should be assigned. CCE-5373-6tThe required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography should be assigned. 10.8.20-13 CCE-4738-1jThe required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.hlp should be assigned. CCE-4394-3nThe required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\helpfile should be assigned. CCE-4590-6oThe required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing should be assigned. CCE-5159-9{The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Calais should be assigned. CCE-4859-5The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell should be assigned. CCE-5313-2The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Telephony should be assigned. CCE-4414-9The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Reliability should be assigned. CCE-4839-7The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell should be assigned. CCE-5354-6~The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion should be assigned. CCE-5306-6nThe required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Speech should be assigned. CCE-5006-2mThe required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSDTC should be assigned. CCE-5041-9sThe required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem should be assigned. CCE-4636-7~The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates should be assigned. CCE-4634-2The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Ports should be assigned. CCE-4977-5vThe required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Driver Signing should be assigned. CCE-5321-5fThe required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Policies should be assigned. CCE-4981-7yThe required permissions for the registry key HKEY_LOCAL< _MACHINE\SOFTWARE\Microsoft\Command Processor should be assigned. CCE-5413-0{The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ads\Providers\WinNT should be assigned. CCE-5383-5~The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ADs\Providers\NWCOMPAT should be assigned. CCE-4430-5yThe required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ADs\Providers\NDS should be assigned. CCE-5262-1The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ADs\Providers\LDAP\Extensions should be assigned. CCE-4776-1The required permissions for the registry key HKEY_USERS\.DEFAULT\Software\Microsoft\SystemCertificates\Root\ProtectedRoots should be assigned. CCE-5230-8The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager should be assigned. CCE-4966-8tThe required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Help should be assigned. CCE-4457-8|The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip should be assigned. CCE-4788-6zThe required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Non-Driver Signing should be assigned. CCE-5179-7uThe required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DeviceManager should be assigned. CCE-4646-6The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ClipSrv\Security should be assigned. CCE-5241-5{The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DHCP should be assigned. CCE-4765-4The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ServiceCurrent should be assigned. CCE-5109-4The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security should be assigned. CCE-4892-6The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WMI\Security should be assigned. CCE-4446-1The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Security should be assigned. CCE-4688-8The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TapiSrv\Security should be assigned. CCE-5201-9The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SCardSvr\Security should be assigned. CCE-5417-1The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Samss\Security should be assigned. CCE-5060-9The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs\Security should be assigned. CCE-4888-4The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetDDEdsdm\Security should be assigned. CCE-5214-2The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility should be assigned. CCE-4637-5The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kdc\Security should be assigned. CCE-5342-1The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AppMgmt\Security should be assigned. CCE-5421-3vThe required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services should be assigned. CCE-4936-1The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers should be assigned. CCE-5029-4}The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network should be assigned. CCE-4853-8~The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Data should be assigned. CCE-4804-1}The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\GBG should be assigned. CCE-5293-6The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Skew1 should be assigned. CCE-4452-9|The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\JD should be assigned. CCE-5405-6uThe required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control should be assigned. CCE-5409-8lThe required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\wbem should be assigned. CCE-5246-4The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetDDE\Security should be assigned. CCE-5096-3The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Font should be assigned. CCE-5360-3The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog should be assigned. CCE-5065-8The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Shares should be assigned. CCE-5305-8zThe required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Windows 3.1 Migration Status should be assigned. CCE-5168-0dThe required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Secure should be assigned. CCE-5371-0lThe required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Program Groups should be assigned. CCE-4886-8The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon should be assigned. CCE-4983-3The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones should be assigned. CCE-5370-2The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping should be assigned. CCE-5093-0zThe required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UPS should be assigned. CCE-4780-3The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontMapper should be assigned. CCE-4463-6The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Compatibility should be assigned. CCE-5416-3The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AEDebug should be assigned. CCE-5385-0The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx should be assigned. CCE-5256-3The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce should be assigned. CCE-5353-8The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run should be assigned. CCE-5387-6oThe required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows should be assigned. CCE-5462-7nThe required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Secure should be assigned. CCE-5167-2kThe required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RPC should be assigned. CCE-5330-6The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options should be assigned. CCE-5422-1The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Setup\RecoveryConsole should be assigned. CCE-5312-4The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ProductOptions should be assigned. CCE-4469-3The require< d permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layout should be assigned. CCE-5095-5The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ContentIndex should be assigned. CCE-4567-4The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ComputerName should be assigned. CCE-4496-6The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy should be assigned. CCE-5219-1The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Schedule should be assigned. CCE-5285-2The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost should be assigned. CCE-4752-2The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SecEdit should be assigned. CCE-5408-0The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList should be assigned. CCE-5364-5The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EFS should be assigned. CCE-5390-0The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32 should be assigned. CCE-4504-7The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Classes should be assigned. CCE-5411-4The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion should be assigned. CCE-4949-4zThe required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates should be assigned. CCE-5151-6The required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows should be assigned. CCE-5501-2OThe required permissions for the directory %SystemRoot%\Web should be assigned. CCE-5294-4kThe required permissions for the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole should be assigned. CCE-5069-0The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Printers should be assigned. CCE-4897-5The required permissions for the registry key HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies should be assigned. CCE-1841-6gAuditing of "Security System Extension" events on success should be enabled or disabled as appropriate.(1) via auditpol#System / Security System Extension CCE-2348-1^Auditing of "System Integrity" events on success should be enabled or disabled as appropriate.System / System Integrity CCE-2608-8ZAuditing of "IPsec Driver" events on success should be enabled or disabled as appropriate.System / IPsec Driver CCE-2022-2aAuditing of "Other System Events" events on success should be enabled or disabled as appropriate.System / Other System Events CCE-2414-1cAuditing of "Security State Change" events on success should be enabled or disabled as appropriate.System / Security State Change CCE-2441-4SAuditing of "Logon" events on success should be enabled or disabled as appropriate.Logon/Logoff / Logon CCE-2569-2TAuditing of "Logoff" events on success should be enabled or disabled as appropriate.Logon/Logoff / Logoff CCE-2110-5]Auditing of "Account Lockout" events on success should be enabled or disabled as appropriate.Logon/Logoff / Account Lockout CCE-2260-8]Auditing of "IPsec Main Mode" events on success should be enabled or disabled as appropriate.Logon/Logoff / IPsec Main Mode CCE-2064-4^Auditing of "IPsec Quick Mode" events on success should be enabled or disabled as appropriate. Logon/Logoff / IPsec Quick Mode CCE-2350-7aAuditing of "IPsec Extended Mode" events on success should be enabled or disabled as appropriate.#Logon/Logoff / IPsec Extended Mode CCE-2610-4[Auditing of "Special Logon" events on success should be enabled or disabled as appropriate.Logon/Logoff / Special Logon CCE-2615-3gAuditing of "Other Logon/Logoff Events" events on success should be enabled or disabled as appropriate.)Logon/Logoff / Other Logon/Logoff Events CCE-2373-9cAuditing of "Network Policy Server" events on success should be enabled or disabled as appropriate.%Logon/Logoff / Network Policy Server CCE-2531-2YAuditing of "File System" events on success should be enabled or disabled as appropriate.Object Access / File System CCE-2553-6VAuditing of "Registry" events on success should be enabled or disabled as appropriate.Object Access / Registry CCE-2417-4[Auditing of "Kernel Object" events on success should be enabled or disabled as appropriate.Object Access / Kernel Object CCE-2465-3QAuditing of "SAM" events on success should be enabled or disabled as appropriate.Object Access / SAM CCE-2095-8dAuditing of "Certification Services" events on success should be enabled or disabled as appropriate.'Object Access / Certification Services CCE-2368-9cAuditing of "Application Generated" events on success should be enabled or disabled as appropriate.&Object Access / Application Generated CCE-2408-3aAuditing of "Handle Manipulation" events on success should be enabled or disabled as appropriate.$Object Access / Handle Manipulation CCE-2601-3XAuditing of "File Share" events on success should be enabled or disabled as appropriate.Object Access / File Share CCE-2482-8lAuditing of "Filtering Platform Packet Drop" events on success should be enabled or disabled as appropriate./Object Access / Filtering Platform Packet Drop CCE-2504-9kAuditing of "Filtering Platform Connection" events on success should be enabled or disabled as appropriate..Object Access / Filtering Platform Connection CCE-2033-9hAuditing of "Other Object Access Events" events on success should be enabled or disabled as appropriate.+Object Access / Other Object Access Events CCE-2205-3eAuditing of "Sensitive Privilege Use" events on success should be enabled or disabled as appropriate.(Privilege Use / Sensitive Privilege Use CCE-2104-8iAuditing of "Non Sensitive Privilege Use" events on success should be enabled or disabled as appropriate.,Privilege Use / Non Sensitive Privilege Use CCE-2386-1hAuditing of "Other Privilege Use Events" events on success should be enabled or disabled as appropriate.+Privilege Use / Other Privilege Use Events CCE-2518-9aAuditing of "Process Termination" events on success should be enabled or disabled as appropriate.(Detailed Tracking / Process Termination CCE-2522-1\Auditing of "DPAPI Activity" events on success should be enabled or disabled as appropriate.#Detailed Tracking / DPAPI Activity CCE-2544-5XAuditing of "RPC Events" events on success should be enabled or disabled as appropriate.Detailed Tracking / RPC Events CCE-2002-4^Auditing of "Process Creation" events on success should be enabled or disabled as appropriate.%Detailed Tracking / Process Creation CCE-2433-1aAuditing of "Audit Policy Change" events on success should be enabled or disabled as appropriate.$Policy Change / Audit Policy Change CCE-2566-8jAuditing of "Authentication Policy Change" events on success should be enabled or disabled as appropriate.-Policy Change / Authentication Policy Change CCE-2570-0iAuditing of "Authorization Policy Change" events on success should be enabled or disabled as appropriate.,Policy Change / Authorization Policy Change CCE-2464-6mAuditing of "MPSSVC Rule-Level Policy Change" events on success should be enabled or disabled as appropriate.0Policy Change / MPSSVC Rule-Level Policy Change CCE-2614-6nAuditing of "Filtering Platform Policy Change" events on success should be enabled or disabled as appropriate.1Policy Change / Filtering Platform Policy Change CCE-2385-3hAuditing of "Other Policy Ch< ange Events" events on success should be enabled or disabled as appropriate.+Policy Change / Other Policy Change Events CCE-2394-5eAuditing of "User Account Management" events on success should be enabled or disabled as appropriate.-Account Management / User Account Management CCE-2288-9iAuditing of "Computer Account Management" events on success should be enabled or disabled as appropriate.1Account Management / Computer Account Management CCE-2443-0gAuditing of "Security Group Management" events on success should be enabled or disabled as appropriate./Account Management / Security Group Management CCE-1642-8kAuditing of "Distribution Group Management" events on success should be enabled or disabled as appropriate.3Account Management / Distribution Group Management CCE-2468-7jAuditing of "Application Group Management" events on success should be enabled or disabled as appropriate.2Account Management / Application Group Management CCE-2485-1mAuditing of "Other Account Management Events" events on success should be enabled or disabled as appropriate.5Account Management / Other Account Management Events CCE-2367-1fAuditing of "Directory Service Access" events on success should be enabled or disabled as appropriate.%DS Access / Directory Service Access CCE-2635-1gAuditing of "Directory Service Changes" events on success should be enabled or disabled as appropriate.&DS Access / Directory Service Changes CCE-2534-6kAuditing of "Directory Service Replication" events on success should be enabled or disabled as appropriate.*DS Access / Directory Service Replication CCE-2556-9tAuditing of "Detailed Directory Service Replication" events on success should be enabled or disabled as appropriate.3DS Access / Detailed Directory Service Replication CCE-2586-6mAuditing of "Kerberos Authentication Service" events on success should be enabled or disabled as appropriate.0Account Logon / Kerberos Authentication Service CCE-2463-8eAuditing of "Credential Validation" events on success should be enabled or disabled as appropriate.&Account Logon /Credential Validation CCE-2405-9pAuditing of "Kerberos Service Ticket Operations" events on success should be enabled or disabled as appropriate.3Account Logon / Kerberos Service Ticket Operations CCE-1678-2hAuditing of "Other Account Logon Events" events on success should be enabled or disabled as appropriate.+Account Logon / Other Account Logon Events CCE-2545-2gAuditing of "Security System Extension" events on failure should be enabled or disabled as appropriate. CCE-2440-6^Auditing of "System Integrity" events on failure should be enabled or disabled as appropriate. CCE-2351-5ZAuditing of "IPsec Driver" events on failure should be enabled or disabled as appropriate. CCE-2193-1aAuditing of "Other System Events" events on failure should be enabled or disabled as appropriate. CCE-2448-9cAuditing of "Security State Change" events on failure should be enabled or disabled as appropriate. CCE-2470-3SAuditing of "Logon" events on failure should be enabled or disabled as appropriate. CCE-2616-1TAuditing of "Logoff" events on failure should be enabled or disabled as appropriate. CCE-1889-5]Auditing of "Account Lockout" events on failure should be enabled or disabled as appropriate. CCE-2409-1]Auditing of "IPsec Main Mode" events on failure should be enabled or disabled as appropriate.^Auditing of "IPsec Quick Mode" events on failure should be enabled or disabled as appropriate. CCE-2267-3aAuditing of "IPsec Extended Mode" events on failure should be enabled or disabled as appropriate. CCE-2558-5[Auditing of "Special Logon" events on failure should be enabled or disabled as appropriate. CCE-1968-7gAuditing of "Other Logon/Logoff Events" events on failure should be enabled or disabled as appropriate. CCE-2575-9cAuditing of "Network Policy Server" events on failure should be enabled or disabled as appropriate. CCE-2488-5YAuditing of "File System" events on failure should be enabled or disabled as appropriate. CCE-2505-6VAuditing of "Registry" events on failure should be enabled or disabled as appropriate. CCE-2195-6[Auditing of "Kernel Object" events on failure should be enabled or disabled as appropriate. CCE-1961-2QAuditing of "SAM" events on failure should be enabled or disabled as appropriate. CCE-2358-0dAuditing of "Certification Services" events on failure should be enabled or disabled as appropriate. CCE-2622-9cAuditing of "Application Generated" events on failure should be enabled or disabled as appropriate. CCE-2503-1aAuditing of "Handle Manipulation" events on failure should be enabled or disabled as appropriate.XAuditing of "File Share" events on failure should be enabled or disabled as appropriate. CCE-2292-1lAuditing of "Filtering Platform Packet Drop" events on failure should be enabled or disabled as appropriate. CCE-2437-2kAuditing of "Filtering Platform Connection" events on failure should be enabled or disabled as appropriate. CCE-2583-3hAuditing of "Other Object Access Events" events on failure should be enabled or disabled as appropriate. CCE-2349-9eAuditing of "Sensitive Privilege Use" events on failure should be enabled or disabled as appropriate. CCE-2605-4iAuditing of "Non Sensitive Privilege Use" events on failure should be enabled or disabled as appropriate. CCE-2371-3hAuditing of "Other Privilege Use Events" events on failure should be enabled or disabled as appropriate. CCE-2389-5aAuditing of "Process Termination" events on failure should be enabled or disabled as appropriate. CCE-2604-7\Auditing of "DPAPI Activity" events on failure should be enabled or disabled as appropriate. CCE-2498-4XAuditing of "RPC Events" events on failure should be enabled or disabled as appropriate. CCE-2375-4^Auditing of "Process Creation" events on failure should be enabled or disabled as appropriate. CCE-2269-9aAuditing of "Audit Policy Change" events on failure should be enabled or disabled as appropriate. CCE-2151-9jAuditing of "Authentication Policy Change" events on failure should be enabled or disabled as appropriate. CCE-2459-6iAuditing of "Authorization Policy Change" events on failure should be enabled or disabled as appropriate. CCE-2353-1mAuditing of "MPSSVC Rule-Level Policy Change" events on failure should be enabled or disabled as appropriate. CCE-2490-1nAuditing of "Filtering Platform Policy Change" events on failure should be enabled or disabled as appropriate. CCE-1759-0hAuditing of "Other Policy Change Events" events on failure should be enabled or disabled as appropriate. CCE-2411-7eAuditing of "User Account Management" events on failure should be enabled or disabled as appropriate. CCE-2415-8iAuditing of "Computer Account Management" events on failure should be enabled or disabled as appropriate. CCE-2560-1gAuditing of "Security Group Management" events on failure should be enabled or disabled as appropriate. CCE-2273-1kAuditing of "Distribution Group Management" events on failure should be enabled or disabled as appropriate. CCE-2542-9jAuditing of "Application Group Management" events on failure should be enabled or disabled as appropriate. CCE-2062-8mAuditing of "Other Account Management Events" events on failure should be enabled or disabled as appropriate. CCE-1926-5fAuditing of "Directory Service Access" events on failure should be enabled or disabled as appropriate. CCE-2445-5gAuditing of "Directory Service Changes" events on failure should be enabled or disabled as appropriate. CCE-1718-6kAuditing of "Directory Service Replication" events on failure should be enabled or disabled as appropriate. CCE-2489-3tAuditing of "Detailed Directory Service Replication" events on failure should be enabled or disabled as appropriate. CCE-2511-4mAuditing of "Kerberos Authentication Service" events on failure should be enabled or disabled as appropriate. CCE-2516-3eAuditing of "Credential Validation" events on failure should be enabled or disabl< ed as appropriate. CCE-2291-3pAuditing of "Kerberos Service Ticket Operations" events on failure should be enabled or disabled as appropriate. CCE-2564-3hAuditing of "Other Account Logon Events" events on failure should be enabled or disabled as appropriate. CCE-2251-7gAuditing of "Audit account logon events" events on sucess should be enabled or disabled as appropriate.pComputer Configuration/Windows Settings/Security Settings/Local Policies/Audit Policy/Audit account logon events CCE-2211-1eAuditing of "Audit account management" events on sucess should be enabled or disabled as appropriate.nComputer Configuration/Windows Settings/Security Settings/Local Policies/Audit Policy/Audit account management CCE-2215-2kAuditing of "Audit directory service access" events on sucess should be enabled or disabled as appropriate.tComputer Configuration/Windows Settings/Security Settings/Local Policies/Audit Policy/Audit directory service access CCE-2242-6_Auditing of "Audit logon events" events on sucess should be enabled or disabled as appropriate.hComputer Configuration/Windows Settings/Security Settings/Local Policies/Audit Policy/Audit logon events CCE-2136-0`Auditing of "Audit object access" events on sucess should be enabled or disabled as appropriate.iComputer Configuration/Windows Settings/Security Settings/Local Policies/Audit Policy/Audit object access CCE-2268-1`Auditing of "Audit policy change" events on sucess should be enabled or disabled as appropriate.iComputer Configuration/Windows Settings/Security Settings/Local Policies/Audit Policy/Audit policy change CCE-2035-4`Auditing of "Audit privilege use" events on sucess should be enabled or disabled as appropriate.iComputer Configuration/Windows Settings/Security Settings/Local Policies/Audit Policy/Audit privilege use CCE-2295-4cAuditing of "Audit process tracking" events on sucess should be enabled or disabled as appropriate.(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Audit Policy/Audit process tracking (2) Audit Policy security settings are not registry keys. lComputer Configuration/Windows Settings/Security Settings/Local Policies/Audit Policy/Audit process tracking CCE-1837-4`Auditing of "Audit system events" events on sucess should be enabled or disabled as appropriate.iComputer Configuration/Windows Settings/Security Settings/Local Policies/Audit Policy/Audit system events CCE-1779-8hAuditing of "Audit account logon events" events on failure should be enabled or disabled as appropriate. CCE-2538-7fAuditing of "Audit account management" events on failure should be enabled or disabled as appropriate. CCE-2582-5lAuditing of "Audit directory service access" events on failure should be enabled or disabled as appropriate. CCE-2574-2`Auditing of "Audit logon events" events on failure should be enabled or disabled as appropriate. CCE-2217-8aAuditing of "Audit object access" events on failure should be enabled or disabled as appropriate. CCE-2512-2aAuditing of "Audit policy change" events on failure should be enabled or disabled as appropriate. CCE-2265-7aAuditing of "Audit privilege use" events on failure should be enabled or disabled as appropriate. CCE-1895-2dAuditing of "Audit process tracking" events on failure should be enabled or disabled as appropriate. CCE-1939-8aAuditing of "Audit system events" events on failure should be enabled or disabled as appropriate. CCE-2026-3[The "Access credential Manager as a trusted caller" setting should be configured correctly.Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Access credential Manager as a trusted caller CCE-2075-0iThe "Access this computer from the network (SeNetworkLogonRight)" setting should be configured correctly.Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Access this computer from the network (SeNetworkLogonRight) CCE-2079-2bThe "Act as part of the operating system (SeTcbPrivilege)" setting should be configured correctly.Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Act as part of the operating system (SeTcbPrivilege) CCE-2246-7HThe "Add workstations to domain" setting should be configured correctly.zComputer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Add workstations to domain CCE-2004-0kThe "Adjust memory quotas for a process (SeIncreaseQuotaPrivilege)" setting should be configured correctly.Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Adjust memory quotas for a process (SeIncreaseQuotaPrivilege) CCE-2286-3BThe "Allow log on locally" setting should be configured correctly.tComputer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Allow log on locally CCE-2308-5tThe "Allow log on through Terminal Services (SeRemoteInteractiveLogonRight)" setting should be configured correctly.Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Allow log on through Terminal Services (SeRemoteInteractiveLogonRight) CCE-1321-9_The "Back up files and directories (SeBackupPrivilege)" setting should be configured correctly.Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Back up files and directories (SeBackupPrivilege) CCE-2285-5`The "Bypass traverse checking (SeChangeNotifyPrivilege)" setting should be configured correctly.Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Bypass traverse checking (SeChangeNotifyPrivilege) CCE-2290-5\The "Change the system time (SeSystemTimePrivilege)" setting should be configured correctly.Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Change the system time (SeSystemTimePrivilege) CCE-2171-7BThe "Change the time zone" setting should be configured correctly.tComputer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Change the time zone CCE-1328-4[The "Create a pagefile (SeCreatePagefilePrivilege)" setting should be configured correctly.Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Create a pagefile (SeCreatePagefilePrivilege) CCE-1491-0\The "Create a token object (SeCreateTokenPrivilege)" setting should be configured correctly.Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Create a token object (SeCreateTokenPrivilege) CCE-2226-9]The "Create global objects (SeCreateGlobalPrivilege)" setting should be configured correctly.Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Create global objects (SeCreateGlobalPrivilege) CCE-1341-7MThe "Create permanent shared objects" setting should be configured correctly.Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Create permanent shared objects CCE-2305-1CThe "Create symbolic links" setting should be configured correctly.uComputer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Create symbolic links CCE-2310-1OThe "Debug programs (SeDebugPrivilege)" setting should be configured correctly.Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Debug programs (SeDebugPrivilege) CCE-2314-3uThe "Deny access to this computer from the network (SeDenyNetworkLogonRight)" setting should be configured correctly.Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Deny access to this computer from the network (SeDenyNetworkLogonRight) CCE-1834-1`The "Deny log on as a batch job (SeDenyBatchLogonRight)" setting should be configured correctly.Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Deny log on as a b< atch job (SeDenyBatchLogonRight) CCE-2296-2_The "Deny log on locally (SeDenyInteractiveLogonRight)" setting should be configured correctly.Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Deny log on locally (SeDenyInteractiveLogonRight) CCE-1944-8`The "Deny log on as a service (SeDenyServiceLogonRight)" setting should be configured correctly.Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Deny log on as a service (SeDenyServiceLogonRight) CCE-2102-2wThe "Deny log on through Terminal Services (SeDenyRemoteInteractiveLogonRight)" setting should be configured correctly.Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Deny log on through Terminal Services (SeDenyRemoteInteractiveLogonRight) CCE-1481-1The "Enable computer and user accounts to be trusted for delegation (SeEnableDelegationPrivilege)" setting should be configured correctly.Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Enable computer and user accounts to be trusted for delegation (SeEnableDelegationPrivilege) CCE-1750-9mThe "Force shutdown from a remote system (SeRemoteShutdownPrivilege)" setting should be configured correctly.Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Force shutdown from a remote system (SeRemoteShutdownPrivilege) CCE-2129-5YThe "Generate security audits (SeAuditPrivilege)" setting should be configured correctly.Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Generate security audits (SeAuditPrivilege) CCE-1346-6WThe "Impersonate a client after authentication" setting should be configured correctly.Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Impersonate a client after authentication CCE-2306-9LThe "Increase a process working set" setting should be configured correctly.~Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Increase a process working set CCE-2328-3lThe "Increase scheduling priority (SeIncreaseBasePriorityPrivilege)" setting should be configured correctly.Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Increase scheduling priority (SeIncreaseBasePriorityPrivilege) CCE-1455-5dThe "Load and unload device drivers (SeLoadDriverPrivilege)" setting should be configured correctly.Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Load and unload device drivers (SeLoadDriverPrivilege) CCE-2332-5ZThe "Lock pages in memory (SeLockMemoryPrivilege)" setting should be configured correctly.Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Lock pages in memory (SeLockMemoryPrivilege) CCE-1975-2WThe "Log on as a batch job (SeBatchLogonRight)" setting should be configured correctly.Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Log on as a batch job (SeBatchLogonRight) CCE-2270-7WThe "Log on as a service (SeServiceLogonRight)" setting should be configured correctly.Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Log on as a service (SeServiceLogonRight) CCE-1843-2dThe "Manage auditing and security log (SeSecurityPrivilege)" setting should be configured correctly.Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Manage auditing and security log (SeSecurityPrivilege) CCE-2142-8DThe "Modify an object label" setting should be configured correctly.vComputer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Modify an object label CCE-2257-4oThe "Modify firmware environment values (SeSystemEnvironmentPrivilege)" setting should be configured correctly.Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Modify firmware environment values (SeSystemEnvironmentPrivilege) CCE-1383-9hThe "Perform volume maintenance tasks (SeManageVolumePrivilege)" setting should be configured correctly.Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Perform volume maintenance tasks (SeManageVolumePrivilege) CCE-2360-6fThe "Profile single process (SeProfileSingleProcessPrivilege)" setting should be configured correctly.Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Profile single process (SeProfileSingleProcessPrivilege) CCE-2113-9cThe "Profile system performance (SeSystemProfilePrivilege)" setting should be configured correctly.Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Profile system performance (SeSystemProfilePrivilege) CCE-2382-0fThe "Remove computer from docking station (SeUndockPrivilege)" setting should be configured correctly.Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Remove computer from docking station (SeUndockPrivilege) CCE-1527-1kThe "Replace a process level token (SeAssignPrimaryTokenPrivilege)" setting should be configured correctly.Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Replace a process level token (SeAssignPrimaryTokenPrivilege) CCE-2294-7`The "Restore files and directories (SeRestorePrivilege)" setting should be configured correctly.Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Restore files and directories (SeRestorePrivilege) CCE-2078-4XThe "Shut down the system (SeShutdownPrivilege)" setting should be configured correctly.Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Shut down the system (SeShutdownPrivilege) CCE-2137-8PThe "Synchronize directory service data" setting should be configured correctly.Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Synchronize directory service data CCE-2506-4qThe "Take ownership of files or other objects (SeTakeOwnershipPrivilege)" setting should be configured correctly.Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Take ownership of files or other objects (SeTakeOwnershipPrivilege) CCE-2337-4TThe "Accounts: Administrator account status" setting should be configured correctly.Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Accounts: Administrator account status CCE-2342-4LThe "Accounts: Guest account status" setting should be configured correctly.xComputer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Accounts: Guest account status CCE-2364-8xThe "Accounts: Limit local account use of blank passwords to console logon only" setting should be configured correctly.Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Accounts: Limit local account use of blank passwords to console logon only CCE-2227-7TThe "Accounts: Rename administrator account" setting should be configured correctly.Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Accounts: Rename administrator account CCE-2372-1LThe "Accounts: Rename guest account" setting should be configured correctly.xComputer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Accounts: Rename guest account CCE-1751-7^The "Audit: Audit the access of global system objects" setting should be configured correctly.Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Audit: Audit the access of global system objects CCE-1773-1bThe "Audit: Audit the use of Backup and Restore privilege" setting should be configured correctly.< Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Audit: Audit the use of Backup and Restore privilege CCE-2276-4The "Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings" setting should be configured correctly.Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings CCE-2315-0rThe "Audit: Shut down system immediately if unable to log security audits" setting should be configured correctly.Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Audit: Shut down system immediately if unable to log security audits CCE-2196-4The "DCOM: Machine access restrictions in Security Descriptor Definition Language (SDDL) syntax" setting should be configured correctly.Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/DCOM: Machine access restrictions in Security Descriptor Definition Language (SDDL) syntax CCE-2201-2The "DCOM: Machine launch restrictions in Security Descriptor Definition Language (SDDL) syntax" setting should be configured correctly.Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/DCOM: Machine launch restrictions in Security Descriptor Definition Language (SDDL) syntax CCE-2249-1\The "Devices: Allow undock without having to log on" setting should be configured correctly.Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Devices: Allow undock without having to log on CCE-2377-0bThe "Devices: Allowed to format and eject removable media" setting should be configured correctly.Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Devices: Allowed to format and eject removable media CCE-2152-7dThe "Devices: Prevent users from installing printer drivers" setting should be configured correctly.Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Devices: Prevent users from installing printer drivers CCE-1390-4lThe "Devices: Restrict CD-ROM access to locally logged-on user only" setting should be configured correctly.Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Devices: Restrict CD-ROM access to locally logged-on user only CCE-2383-8lThe "Devices: Restrict floppy access to locally logged-on user only" setting should be configured correctly.Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Devices: Restrict floppy access to locally logged-on user only CCE-2049-5iThe "Domain Controller: Allow server operators to schedule tasks" setting should be configured correctly.Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Domain Controller: Allow server operators to schedule tasks CCE-2317-6aThe "Domain Controller: LDAP server signing requirements" setting should be configured correctly.Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Domain Controller: LDAP server signing requirements CCE-1934-9hThe "Domain Controller: Refuse machine account password changes" setting should be configured correctly.Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Domain Controller: Refuse machine account password changes CCE-2203-8sThe "Domain member: Digitally encrypt or sign secure channel data (always)" setting should be configured correctly.Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Domain member: Digitally encrypt or sign secure channel data (always) CCE-1868-9rThe "Domain member: Digitally encrypt secure channel data (when possible)" setting should be configured correctly.Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Domain member: Digitally encrypt secure channel data (when possible) CCE-2362-2oThe "Domain member: Digitally sign secure channel data (when possible)" setting should be configured correctly.Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Domain member: Digitally sign secure channel data (when possible) CCE-2256-6eThe "Domain member: Disable machine account password changes" setting should be configured correctly.Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Domain member: Disable machine account password changes CCE-2278-0aThe "Domain member: Maximum machine account password age" setting should be configured correctly.Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Domain member: Maximum machine account password age CCE-1802-8oThe "Domain member: Require strong (Windows 2000 or later) session key" setting should be configured correctly.Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Domain member: Require strong (Windows 2000 or later) session key CCE-2199-8^The "Interactive logon: Do not display last user name" setting should be configured correctly.Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Interactive logon: Do not display last user name CCE-2331-7\The "Interactive logon: Do not require CTRL+ALT+DEL" setting should be configured correctly.Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Interactive logon: Do not require CTRL+ALT+DEL CCE-2225-1lThe "Interactive logon: Message text for users attempting to log on" setting should be configured correctly.Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Interactive logon: Message text for users attempting to log on CCE-2037-0mThe "Interactive logon: Message title for users attempting to log on" setting should be configured correctly.Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Interactive logon: Message title for users attempting to log on CCE-2297-0The "Interactive logon: Number of previous logons to cache (in case domain controller is not available)" setting should be configured correctly.Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Interactive logon: Number of previous logons to cache (in case domain controller is not available) CCE-2324-2qThe "Interactive logon: Prompt user to change password before expiration" setting should be configured correctly.Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Interactive logon: Prompt user to change password before expiration CCE-2346-5The "Interactive logon: Require Domain Controller authentication to unlock workstation" setting should be configured correctly.Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Interactive logon: Require Domain Controller authentication to unlock workstation CCE-2223-6SThe "Interactive logon: Require smart card" setting should be configured correctly.Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Interactive logon: Require smart card CCE-1448-0\The "Interactive logon: Smart card removal behavior" setting should be configured correctly.Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Interactive logon: Smart card removal behavior CCE-2356-4nThe "Microsoft network client: Digitally sign communications (always)" setting should be configured correctly.Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Microsoft network client: Digitally sign communications (always) CCE-2378-8xThe "Microsoft network client: Digitally sign communications (if server agrees)" setting should be configured correctly.Computer Configura< tion/Windows Settings/Security Settings/Local Policies/Security Options/Microsoft network client: Digitally sign communications (if server agrees) CCE-2272-3|The "Microsoft network client: Send unencrypted password to third-party SMB servers" setting should be configured correctly.Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Microsoft network client: Send unencrypted password to third-party SMB servers CCE-2236-8~The "Microsoft network server: Amount of idle time required before suspending session" setting should be configured correctly.Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Microsoft network server: Amount of idle time required before suspending session CCE-2381-2nThe "Microsoft network server: Digitally sign communications (always)" setting should be configured correctly.Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Microsoft network server: Digitally sign communications (always) CCE-2263-2xThe "Microsoft network server: Digitally sign communications (if client agrees)" setting should be configured correctly.Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Microsoft network server: Digitally sign communications (if client agrees) CCE-2029-7rThe "Microsoft network server: Disconnect clients when logon hours expire" setting should be configured correctly.Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Microsoft network server: Disconnect clients when logon hours expire CCE-2307-7lThe "MSS: (AutoAdminLogon) Enable Automatic Logon (not recommended)" setting should be configured correctly.Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/MSS: (AutoAdminLogon) Enable Automatic Logon (not recommended) CCE-1826-7The "MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing)" setting should be configured correctly.Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing) CCE-1967-9The "MSS: (EnableDeadGWDetect) Allow automatic detection of dead network gateways (could lead to DoS)" setting should be configured correctly.Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/MSS: (EnableDeadGWDetect) Allow automatic detection of dead network gateways (could lead to DoS) CCE-1470-4~The "MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes" setting should be configured correctly.Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes CCE-2241-8The "MSS: (Hidden) Hide Computer From the Browse List (not recommended except for highly secure environments)" setting should be configured correctly.Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/MSS: (Hidden) Hide Computer From the Browse List (not recommended except for highly secure environments) CCE-2399-4xThe "MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds" setting should be configured correctly.Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds CCE-2404-2The "MSS: (NoDefaultExempt) Configure IPSec exemptions for various types of network traffic." setting should be configured correctly.Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/MSS: (NoDefaultExempt) Configure IPSec exemptions for various types of network traffic. CCE-2298-8tThe "MSS: (NoDriveTypeAutoRun) Disable Autorun for all drives (recommended)" setting should be configured correctly.Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/MSS: (NoDriveTypeAutoRun) Disable Autorun for all drives (recommended) CCE-2320-0The "MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers" setting should be configured correctly.Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers CCE-2156-8Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/MSS: (NtfsDisable8dot3NameCreation) Enable the computer to stop generating 8.3 style filenames (recommended) CCE-1800-2The "MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS)" setting should be configured correctly.Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS) CCE-2447-1pThe "MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended)" setting should be configured correctly.Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended) CCE-2183-2The "MSS: (ScreenSaverGracePeriod) The time in seconds before the screen saver grace period expires (0 recommended)" setting should be configured correctly.Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/MSS: (ScreenSaverGracePeriod) The time in seconds before the screen saver grace period expires (0 recommended) CCE-1460-5xThe "MSS: (SynAttackProtect) Syn attack protection level (protects against DoS)" setting should be configured correctly.Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/MSS: (SynAttackProtect) Syn attack protection level (protects against DoS) CCE-2384-6The "MSS: (TCPMaxConnectResponseRetransmissions) SYN-ACK retransmissions when a connection request is not acknowledged" setting should be configured correctly.Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/MSS: (TCPMaxConnectResponseRetransmissions) SYN-ACK retransmissions when a connection request is not acknowledged CCE-2424-0The "MSS: (TCPMaxDataRetransmissions) How many times unacknowledged data is retransmitted (3 recommended, 5 is default)" setting should be configured correctly.Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/MSS: (TCPMaxDataRetransmissions) How many times unacknowledged data is retransmitted (3 recommended, 5 is default) CCE-2442-2The "MSS: (WarningLevel) Percentage threshold for the security event log at which the system will generate a warning" setting should be configured correctly.Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/MSS: (WarningLevel) Percentage threshold for the security event log at which the system will generate a warning CCE-2318-4bThe "Network access: Allow anonymous SID/Name translation" setting should be configured correctly.Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Network access: Allow anonymous SID/Name translation CCE-1962-0pThe "Network access: Do not allow anonymous enumeration of SAM accounts" setting should be configured correctly.Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Network access: Do not allow anonymous enumeration of SAM accounts CCE-2340-8{The "Network access: Do not allow anonymous enumeration of SAM accounts and shares" setting should be configured correctly.Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Network access: Do not allow anonymous enumeration of SAM accounts and shares CCE-2111-3The "Network access: Do not allow stora< ge of credentials or .NET Passports for network authentication" setting should be configured correctly.Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Network access: Do not allow storage of credentials or .NET Passports for network authentication CCE-1824-2oThe "Network access: Let Everyone permissions apply to anonymous users" setting should be configured correctly.Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Network access: Let Everyone permissions apply to anonymous users CCE-2089-1jThe "Network access: Named Pipes that can be accessed anonymously" setting should be configured correctly.Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Network access: Named Pipes that can be accessed anonymously CCE-1521-4`The "Network access: Remotely accessible registry paths" setting should be configured correctly.Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Network access: Remotely accessible registry paths CCE-2357-2nThe "Network access: Remotely accessible registry paths and sub paths" setting should be configured correctly.Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Network access: Remotely accessible registry paths and sub paths CCE-2361-4qThe "Network access: Restrict anonymous access to Named Pipes and Shares" setting should be configured correctly.Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Network access: Restrict anonymous access to Named Pipes and Shares CCE-2507-2eThe "Network access: Shares that can be accessed anonymously" setting should be configured correctly.Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Network access: Shares that can be accessed anonymously CCE-2406-7kThe "Network access: Sharing and security model for local accounts" setting should be configured correctly.Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Network access: Sharing and security model for local accounts CCE-2304-4{The "Network security: Do not store LAN Manager hash value on next password change" setting should be configured correctly.Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Network security: Do not store LAN Manager hash value on next password change CCE-2432-3dThe "Network security: Force logoff when logon hours expire" setting should be configured correctly.Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Network security: Force logoff when logon hours expire CCE-2454-7`The "Network security: LAN Manager authentication level" setting should be configured correctly.Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Network security: LAN Manager authentication level CCE-2327-5`The "Network security: LDAP client signing requirements" setting should be configured correctly.Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Network security: LDAP client signing requirements CCE-1767-3The "Network security: Minimum session security for NTLM SSP based (including secure RPC) clients" setting should be configured correctly.Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Network security: Minimum session security for NTLM SSP based (including secure RPC) clients CCE-2410-9The "Network security: Minimum session security for NTLM SSP based (including secure RPC) servers" setting should be configured correctly.Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Network security: Minimum session security for NTLM SSP based (including secure RPC) servers CCE-2309-3dThe "Recovery console: Allow automatic administrative logon" setting should be configured correctly.Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Recovery console: Allow automatic administrative logon CCE-1553-7zThe "Recovery console: Allow floppy copy and access to all drives and all folders" setting should be configured correctly.Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Recovery console: Allow floppy copy and access to all drives and all folders CCE-2403-4mThe "Shutdown: Allow system to be shut down without having to log on" setting should be configured correctly.Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Shutdown: Allow system to be shut down without having to log on CCE-2416-6UThe "Shutdown: Clear virtual memory pagefile" setting should be configured correctly.Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Shutdown: Clear virtual memory pagefile CCE-2319-2Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/System cryptography: Force strong key protection for user keys stored on the computer CCE-2261-6The "System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing" setting should be configured correctly.Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing CCE-2429-9sThe "System objects: Require case insensitivity for non-Windows subsystems" setting should be configured correctly.Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/System objects: Require case insensitivity for non-Windows subsystems CCE-2451-3The "System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links)" setting should be configured correctly.Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links) CCE-1598-2 CCE-2421-6The "System settings: Use Certificate Rules on Windows Executables for Software Restriction Policies" setting should be configured correctly.Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/System settings: Use Certificate Rules on Windows Executables for Software Restriction Policies CCE-2302-8~The "User Account Control: Admin Approval Mode for the Built-in Administrator account" setting should be configured correctly.Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/User Account Control: Admin Approval Mode for the Built-in Administrator account CCE-2434-9The "User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop" setting should be configured correctly.Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop CCE-2474-5The "User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode" setting should be configured correctly.Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode CCE-2355-6wThe "User Account Control: Behavior of the elevation prompt for standard users" setting should be configured correctly.Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/User Account Control: Behavior of the elevation prompt for standard users CCE-2487-7}The "User Account Control: Detect application installations and prompt for elevation" setting should be configured correctly.Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/User Account Control: Detect application installations and prompt for elevatio< n CCE-2509-8zThe "User Account Control: Only elevate executables that are signed and validated" setting should be configured correctly.Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/User Account Control: Only elevate executables that are signed and validated CCE-2473-7The "User Account Control: Only elevate UIAccess applications that are installed in secure locations" setting should be configured correctly.Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/User Account Control: Only elevate UIAccess applications that are installed in secure locations CCE-2478-6qThe "User Account Control: Run all administrators in Admin Approval Mode" setting should be configured correctly.Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/User Account Control: Run all administrators in Admin Approval Mode CCE-2500-7}The "User Account Control: Switch to the secure desktop when prompting for elevation" setting should be configured correctly.Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/User Account Control: Switch to the secure desktop when prompting for elevation CCE-2266-5The "User Account Control: Virtualize file and registry write failures to per-user locations" setting should be configured correctly.Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/User Account Control: Virtualize file and registry write failures to per-user locations CCE-2539-5@The application log maximum size should be configured correctly.rComputer Configuration\Administrative Templates\Windows Components\Event Log Service\Application\Maximum Log Size CCE-2244-2=The security log maximum size should be configured correctly.oComputer Configuration\Administrative Templates\Windows Components\Event Log Service\Security\Maximum Log Size CCE-2262-4;The system log maximum size should be configured correctly.mComputer Configuration\Administrative Templates\Windows Components\Event Log Service\System\Maximum Log Size CCE-1622-0gThe "Prevent local guests group from accessing application log" setting should be configured correctly.~Computer Configuration/Windows Settings/Security Settings/Event Log//Prevent local guests group from accessing application log CCE-2189-9bThe "Prevent local guests group from accessing system log" setting should be configured correctly.yComputer Configuration/Windows Settings/Security Settings/Event Log//Prevent local guests group from accessing system log CCE-2149-3dThe "Prevent local guests group from accessing security log" setting should be configured correctly.{Computer Configuration/Windows Settings/Security Settings/Event Log//Prevent local guests group from accessing security log CCE-2541-1WThe "Retain old events" setting should be configured correctly for the application log.[Computer Configuration/Windows Settings/Security Settings/Event Log//Retain application log CCE-2435-6TThe "Retain old events" setting should be configured correctly for the security log.XComputer Configuration/Windows Settings/Security Settings/Event Log//Retain security log CCE-2581-7RThe "Retain old events" setting should be configured correctly for the system log.VComputer Configuration/Windows Settings/Security Settings/Event Log//Retain system log CCE-1819-2RThe "Retention method for application log" setting should be configured correctly.iComputer Configuration/Windows Settings/Security Settings/Event Log//Retention method for application log CCE-1836-6OThe "Retention method for security log" setting should be configured correctly.fComputer Configuration/Windows Settings/Security Settings/Event Log//Retention method for security log CCE-2607-0MThe "Retention method for system log" setting should be configured correctly.dComputer Configuration/Windows Settings/Security Settings/Event Log//Retention method for system log CCE-2237-6FThe "Enforce password history" setting should be configured correctly.(1) Computer Configuration/Windows Settings/Security Settings/Account Policies/Password Policy (Settings included in Domain Policies)GPO Settings: Computer Configuration/Windows Settings/Security Settings/Account Policies/Password Policy (Settings included in Domain Policies) CCE-2200-4BThe "Maximum password age" setting should be configured correctly. CCE-1861-4BThe "Minimum password age" setting should be configured correctly. CCE-2240-0EThe "Minimum password length" setting should be configured correctly. CCE-2126-1XThe "Password must meet complexity requirements" setting should be configured correctly. CCE-2289-7YThe "Store passwords using reversible encryption" setting should be configured correctly. CCE-1317-7FThe "Account lockout duration" setting should be configured correctly.(1) Computer Configuration/Windows Settings/Security Settings/Account Policies/Account Lockout Policy (Settings included in Domain Policies)GPO Settings: Computer Configuration/Windows Settings/Security Settings/Account Policies/Account Lockout Policy (Settings included in Domain Policies) CCE-1872-1GThe "Account lockout threshold" setting should be configured correctly. CCE-2311-9QThe "Reset account lockout counter after" setting should be configured correctly. CCE-5229-0The "MSS: (DisableIPSourceRouting) IPv6 source routing protection level (protects against packet spoofing)" setting should be configured correctly.(1) 0 = No additional protection, source routed packets are allowed | 1 = Medium, source routed packets ignored when IP forwarding is enabled | 2 = Highest protection, source routing is completely disabledComputer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\MSS: (DisableIPSourceRouting) IPv6 source routing protection level (protects against packet spoofing) CCE-5263-9The "MSS: (TCPMaxDataRetransmissions) IPv6, how many times unacknowledged data is retransmitted (3 recommended, 5 is default)" setting should be configured correctly.(1) Numeric valueComputer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\MSS: (TCPMaxDataRetransmissions) IPv6, how many times unacknowledged data is retransmitted (3 recommended, 5 is default) 0Microsoft Security Guide for Windows Server 20030Center for Internet Security Windows Server 2003DISA Stig for Windows 2003 CCE-3062-7Table 3.28 Deny access to this computer from the network: ANONYMOUS LOGON; Built-in Administrator, Guests; Support_388945a0; Guest; all NON-Operating System service accounts (Legacy Client, Enterprise Client, and High Security)K4.2.15 Deny access to this computer from the network (minimum): Not Defined CCE-3322-5Table 4.2 Access this computer from the network: Administrators, Authenticated Users, Enterprise Domain Controllers (High Security); Legacy Client and Enterprise Client are not defined4.2.1 Access this computer from the network: Not Defined; Administrators, Authenticated Users, Enterprise Domain Controllers (Specialized Security)5.1 User Rights: (4.015: CAT I) Built-in Guest account, Everyone group, guests group, and Domain Guests group DO NOT have the right to "access this computer from the network" CCE-3490-0Table 3.21 Act as part of the operating system: Not defined (Legacy Client and Enterprise Client); revoke all security groups and accounts (High Security)/4.2.2 Act as part of the operating system: none|5.1 User Rights: (4.009: CAT I) Individual and group accounts DO NOT have the right to "act as part of the operating system" CCE-2869-6J4.2.36 Backup files and directories: Administrators (Specialized Security) CCE-3375-3+4.2.8 Bypass traverse checking: Not Defined CCE-3397-7Table 3.26 Change the system time: Administrators and Power Users (default); Administrators (High Security); Legacy client and Enterprise Client are not defined,4.2.9 Change the system time: Administrators CCE-3538-6?4.2.10 Create a pagefile: Administrators (Specialized Security)< CCE-3498-3"4.2.11 Create a token object: None CCE-3269-8,4.2.13 Create permanent shared objects: None CCE-2576-7Table 3.27 Debug programs: Administrators (default); Revoke all security groups and accounts (Legacy Client, Enterprise client and High Security)4.2.14 Debug Programs: None CCE-3359-7Table 3.32 Force shutdown from a remote system: Administrators (High Security): Legacy client and Enterprise Client are not definedQ4.2.21 Force shutdown from a remote system: Administrators (Specialized Security) CCE-3491-8Table 3.33 Generate security audits: Network Service, Local Service (High Security): Legacy Client and Enterprise Client are not definedV4.2.22 Generate security audits: Local Service, Network Service (Specialized Security) CCE-3147-6Table 3.23 Adjust memory quotas for a process: Administrators, Network Service, Local Service (High Security); Legacy client and Enterprise Client are not definedo4.2.4 Adjust memory quotas for a process: Network Service, Local Service, Administrators (Specialized Security) CCE-3539-4|Table 3.35 Increase scheduling priority: Administrators (High Security): Legacy Client and Enterprise Client are not definedJ4.2.24 Increase scheduling priority: Administrators (Specialized Security) CCE-3293-8~Table 3.36 Load and unload device drivers: Administrators (High Security): Legacy Client and Enterprise Client are not defined54.2.25 Load and unload device drivers: Administrators CCE-2936-3tTable 3.37 Lock pages in memory: Administrators (High Security): Legacy Client and Enterprise Client are not definedB4.2.26 Lock pages in memory: Administrators (Specialized Security) CCE-3191-4Table 3.38 Log on as a batch job: Support_388945a0, Local Service (Default); Revoke all security groups and accounts (High Security); Legacy Client and Enterprise Client are not defined"4.2.27 Log on as a batch job: None CCE-3332-4'4.2.28 Log on as a service: Not Defined CCE-3557-6dTable 4.4 Allow log on locally: Administrators (Legacy client, Enterprise Client, and High Security)*4.2.5 Allow log on locally: Administrators5.1 User rights: (4.026: CAT II) Built-in Guest account, guests group, and Domain guests group, HelpAssistant, and Suppor_388945a0 are assigned the right to DENY log on locally CCE-3575-8Table 3.39 Manage auditing and security log: Administrators (High Security); Legacy Client and Enterprise Client are not definedN4.2.29 Manage auditing and security log: Administrators (Specialized Security) CCE-3218-5Table 3.40 Modify firmware environment values: Administrators (High Security); Legacy client and Enterprise Client are not definedP4.2.30 Modify firmware environment values: Administrators (Specialized Security) CCE-2861-3vTable 3.42 Profile single process: Administrators (High Security); Legacy Client and Enterprise Client are not definedD4.2.32 Profile single process: Administrators (Specialized Security) CCE-3002-3zTable 3.43 Profile system performance: Administrators (High Security); Legacy client and Enterprise Client are not definedH4.2.33 Profile system performance: Administrators (Specialized Security) CCE-2663-3Table 3.44 Remove computer from docking station: Administrators, Power Users (Default)/Administrators (High Security); Legacy client and Enterprise Client are not definedR4.2.34 Remove computer from docking station: Administrators (Specialized Security) CCE-3447-0Table 3.45 Replace a process level token: Local Service, Network Service (High Security); Legacy Client and Enterprise Client are not definedD4.2.35 Replace a process level token: Network Service, Local Service CCE-3465-2Table 3.46 Restore files and directories: Administrators and Backup Operators (Default)/Administrators (High Security); Legacy Client and Enterprise Client are not definedK4.2.36 Restore files and directories: Administrators (Specialized Security) CCE-3346-4Table 3.47 Shut down the system: Backup Operators, Power Users and Administrators (Default)/Administrators (High Security); Legacy Client and Enterprise Client are not definedN4.2.37 Shut down the system: Administrators (Enterprise, Specialized Security) CCE-2848-0Table 3.49 Take ownership of files or other objects: Administrators (High Security); Legacy Client and Enterprise Client are not defined>4.2.39 Take ownership of file or other objects: Administrators CCE-3368-8Table 3.48 Synchronize directory service data: Revoke all security groups and accounts (High Security); legacy client and Enterprise Client are not defined/4.2.38 Synchronize directory service data: None CCE-3531-1&4.2.18 Deny logon locally: Not Defined CCE-3473-6Table 4.7 Enable computer and user accounts to be trusted for delegation: Administrators (High Security); Legacy client and Enterprise Client are not definedK4.2.20 enable computer and user accounts to be trusted for delegation: None CCE-3354-8zTable 3.22 Add workstations to domain: Administrators (High Security); Legacy Client and Enterprise Client are not definedJ4.2.3 Add workstations to domain: Not Defined; None (Specialized Security) CCE-3499-1Table 3.25 Allow log on through Terminal Services: Administrators (High Security); Administrators and Remote Desktop Users (Legacy Client and Enterprise Client);4.2.6 Allow logon through terminal services: Administrators5.1 User Rights: (4.040: CAT I) No one has the right to allow logn through Terminal Services unless the machine is performing the role of a Terminal Server CCE-2649-2wTable 4.18 Deny log on as a batch job: Support_388945a0 and Guest (Legacy Client, Enterprise Client, and High Security)-4.2.16 Deny logon as a batch job: Not Defined CCE-3543-6+4.2.17 Deny logon as a service: Not Defined CCE-3438-9Table 4.18 Deny log on through Terminal Services: Built-in Administrator; all NON-operating system service accounts (Legacy Client, Enterprise Client, and High Security)84.2.19 Deny logon through Terminal Services: Not Defined5.1 User Rights: (4.041: CAT II) The Everyone group is assigned the right to deny logon through Terminal Services unless the machine is performing the roale of a Terminal Server, then the Guests group is assigned CCE-3319-1Table 3.41 Perform volume maintenance tasks: Administrators (High Security); Legacy client and Enterprise Client are not definedN4.2.31 Perform volume maintenance tasks: Administrators (Specialized Security)V5.4.5.1 [AP] User Rights Assignments: Perform Volume Maintenance Tasks: Administrators CCE-3574-1Table 2.11 Reset account lockout counter after: 30 minutes; 15 minutes (High Security); 30 minutes (Legacy Client and Enterprise Client)/2.2.3.3 Reset Account Lockout After: 15 minutes/5.4.2.2 [A] Bad Logon Counter Reset: 15 minutes CCE-2627-8pTable 2.9 Account lockout duration: 15 minutes (High Security); 30 minutes (Legacy Client and Enterprise Client),2.2.3.1 Account Lockout Duration: 15 minutes\4.5.3 Password Policy (4.004: CAT II) The Account Lockout duration set to 15 minutes or more CCE-3551-9Table 2.10 Account lockout threshold: 50 invalid login attempts (Legacy Client and Enterprise Client); 10 invalid login attempts (High Security)R2.2.3.2 Account Lockout Threshold: 15 attempts; 10 attempts (Specialized Security)\4.5.3 Password Policy (4.002: CAT II) The Account Lockout Threshold will be set to 3 or less CCE-3321-7kTable 3.2 Audit account logon events: Success/Failure (Legacy Client, Enterprise Client, and High Security)32.2.1.1 Audit Account Logon Events: Success/Failure CCE-3467-8 CCE-3427-2iTable 3.4 Audit account management: Success/Failure (Legacy Client, Enterprise Client, and High Security)12.2.1.2 Audit Account Management: Success/Failure CCE-3449-6 CCE-2827-4oTable 3.6 Audit directory service access: Success/Failure (Legacy Client, Enterprise Client, and High Security)32.2.1.3 Audit Directory Service Access: Not DefinedF6.4 System Audit Settings: Audit directory service access: Not Defined CCE-3101-3 CCE-3603-8cTable 3.8 Audit logon events: Success/Failure (Legacy Client, Enterprise Client, and High Security)/2.2.1.4 Au< dit Logon Events: Success and Failure?6.4 System Audit Settings: Audit logon events: Success, Failure CCE-3391-0 CCE-3286-2eTable 3.10 Audit object access: Success/Failure (Legacy Client, Enterprise Client, and High Security),2.2.1.5 Audit Object Access: Success/Failure CCE-3290-4 CCE-3546-9]Table 3.12 Audit policy change: Success (legacy client, Enterprise Client, and High Security)$2.2.1.6 Audit Policy Change: Success@6.4 System Audit Settings: Audit policy change: Success, Failure CCE-3312-6 CCE-3211-0yTable 3.14 Audit privilege use: Success/Failure (High Security); No Auditing (Legacy Client); Failure (Enterprise Client)(2.2.1.7 Audit Privilege Use: Not Defined76.4 System Audit Settings: Audit privilege use: Failure CCE-3383-7 CCE-3510-5>6.4 System Audit Settings: Audit process tracking: Not Defined CCE-3453-8 CCE-3594-9]Table 3.18 Audit system events: Success (Legacy Client, Enterprise Client, and High Security)$2.2.1.9 Audit System Events: Success@6.4 System Audit Settings: Audit system events: Success, Failure CCE-3611-1 CCE-2884-5Table 3.102 Shutdown: Allow system to be shut down without having to log on: Disabled (Legacy Client, Enterprise Client, and High Security) CCE-3281-3(2.2.4.1.2 Restrict Guest Access: Enabled CCE-3550-1iTable 3.110 Maximum application log size: 16,384 KB (Legacy Client, Enterprise Client, and High Security)&2.2.4.1.1 Maximum Event Log Size: 16MBJ5.4.7.1 [A] Event Log Sizes: Maximum application log size: 16384 kilobytes CCE-3567-5qTable 3.116 Retention method for application log: As needed (Legacy Client, Enterprise Client, and High Security)+2.2.4.1.3 Log Retention Method: Not Defined{5.4.7.3 [AP] Preserving Security Events: Retention method for application log: Do not overwrite events (clear log manually) CCE-2946-2(2.2.4.2.2 Restrict Guest Access: Enabled.3.5 [M] Access to Security Event Log: Auditors CCE-3343-1fTable 3.111 Maximum security log size: 81,920 KB (Legacy Client, Enterprise Client, and High Security)G5.4.7.1 [A] Event Log Sizes: Maximum security log size: 16384 kilobytes CCE-3484-3>6.2 Audit Log Requirements: (5.002: CAT II) minimum of 81920KB CCE-3127-8nTable 3.117 Retention method for security log: As needed (Legacy Client, Enterprise Client, and High Security)+2.2.4.2.3 Log Retention Method: Not Defined CCE-3488-4(2.2.4.3.2 Restrict Guest Access: Enableds5.4.7.2 [A] Restrict Event Log Access Over Network: Prevent local guests group from accessing security log: Enabled CCE-3506-3dTable 3.112 Maximum system log size: 16,384 KB (Legacy Client, Enterprise Client, and High Security)&2.2.4.3.1 Maximum Event Log Size: 16MBD5.4.7.1 [A] Even Log Sizes: Maximum system log size: 16384 kilobytes CCE-3422-3 CCE-3512-1f3.118 Retention method for system log: As needed (Legacy Client, Enterprise Client, and High Security) CCE-3530-3]Table 2.4 Maximum password age: 42 days (Legacy Client, Enterprise Client, and High Security)#2.1.2 Maximum Password Age: 90 DaysU4.5.3 Password Policy: (4.011: CAT II) Maximum password age is set to 90 days or less CCE-3548-5\Table 2.5 Minimum password age: 2 days (Legacy Client, Enterprise Client, and High Security)#2.2.2.1 Minimum Password Age: 1 dayS4.5.3 Password Policy: (4.012: CAT II) Minimum password age is set to 1 day or more CCE-3424-9tTable 2.6 Minimum password length: 12 characters (High Security); 8 characters (Legacy Client and Enterprise Client)S2.2.2.3 Minimum Password Length: 8 characters; 12 characters (Specialized Security)25.4.1.3 [AP] Minimum Password Length: 8 characters CCE-3442-1tTable 2.7 Password must meet complexity requirements: Enabled (Legacy Client, Enterprise Client, and High Security)$2.2.2.4 Password Complexity: Enableda5.4.1.5 [M] Enable strong Password Filtering: Password must meet complexity requirements: Enabled CCE-3446-2qTable 2.3 Enforce password history: 24 passwords remembered (Legacy Client, Enterprise Client, and High Security)12.2.2.5 Password History: 24 passwords rememberedG5.4.1.4 [A] Password Uniqueness: Enforce password history: 24 passwords CCE-2644-3tTable 2.8 Store password using reversible encryption: Disabled (Legacy Client, Enterprise Client, and High Security)=2.2.2.6 Store Passwords Using Reversible Encryption: Disabled<5.4.1.6 [M] Disable Reversible Password Encryption: Disabled CCE-3635-0[Table 3.119 Alerter Service: Disabled (Legacy Client, Enterprise Client, and High Security)4.1.1 Alerter: Disabled CCE-2671-667.6.1 Automatic Updates Service: Disable if not needed CCE-3200-3qTable 3.124 Background Intelligent Transfer Service: Manual (Legacy Client, Enterprise Client, and High Security)K7.6.2 Background Intelligent Transfer Service (BITs): Disable if not needed CCE-3350-6\Table 3.127 Clipbook service: Disabled (Legacy Client, Enterprise Client, and High Security)4.1.3 Clipbook: Disabled CCE-3565-9pTable 3.143 Fax Service: Not installed (default); Disabled (Legacy Client, Enterprise Client, and High Security)4.1.4 Fax Service: Disabled CCE-3582-4{Table 3.146 FTP Publishing Service: Not installed (default); Disabled (Legacy Client, Enterprise Client, and High Security)&4.1.7 FTP Publishing Service: Disabled7.6.3 FTP Service: Disabled CCE-3353-0vTable 3.151 IIS Admin Service: Not installed (default); Disabled (Legacy Client, Enterprise Client, and High Security)"4.1.10 IIS Admin Service: Disabled CCE-3618-6\Table 3.153 Indexing Service: Disabled (Legacy Client, Enterprise Client, and High Security)!4.1.11 Indexing Service: Disabled CCE-3494-2]Table 3.167 Messenger Service: Disabled (Legacy Client, Enterprise Client, and High Security)4.1.13 Messenger: Disabled!8.3.4 Windows Messenger: Disabled CCE-3640-0Table 3.172 .NET Framework Support Service: Not installed (default); Disabled (Legacy Client, Enterprise Client, and High Security)8.4.3 .NET Framework: (5.069: CAT II) the .NET Framwork is not active on the system unless it only supports locally developed .NET applications CCE-2909-0mTable 3.174 NetMeeting Remote Desktop Sharing: Disabled (Legacy Client, Enterprise Client, and High Security)24.1.15 NetMeeting Remote Desktop Sharing: DisabledI7.6.4 NetMeeting Remote Desktop Sharing Service: (5.063: CAT II) Disabled CCE-3552-7E7.6.5 Print Services for Unix: (5.026: CAT II) Remove if not required CCE-3428-0Table 3.187 Remote Access Auto Connection Manager: Manual (default); Disabled (Legacy Client, Enterprise Client, and High Security)64.1.20 Remote Access Auto Connection Manager: DisabledM7.6.7 Remote Access Auto Connection Manager Service: (5.064: CAT II) Disabled CCE-3556-8Table 3.190 Remote Desktop Help Session Manager: Manual (default); Disabled (Legacy Client, Enterprise Client, and High Security)44.1.23 Remote Desktop Help Session Manager: DisabledC7.6.8 Remote Desktop Help Session Manager: (5.065: CAT II) Disabled CCE-2678-18.3.9.1 Internet Connection Sharing: (3.085: CAT II) Prohibit use of Internet Connection Sharing on your DNS domain networks is Enabled CCE-3612-9dTable 3.194 Remote Registry Service: Automatic (Legacy Client, Enterprise Client, and High Security)?4.1.26 Remote Registry Service: Disabled (Specialized Security)'7.6.9 Remote Registry Service: Disabled CCE-3621-0mTable 3.201 Routing and Remote Access Service: Disabled (Legacy Client, Enterprise Client, and High Security)R7.6.11 Routing and Remote Access Service: (5.067: CAT II) Disabled if not required CCE-3602-0u7.6.10 Remote Shell Service: (5.008: CAT II) Service is removed by typing instsrv rshsvc remove at the command prompt CCE-3497-5{Table 3.208 Simple TCP/IP Services: Not installed (default); Disabled (Legacy Client, Enterprise Client, and High Security)J7.6.16 Telnet Servers: (5.010: CAT II) Simple TCP/IP services are disabled CCE-3386-0Table 3.207 Simple Mail Transport Protocol (SMTP): Not installed (default); Disabled (Legacy Client, Enterprise Client, and High Security).4.1.31 Simple Mail Transfer Protocol: Disabled CCE-3532-9qTable 3.211 SNMP Service: Not install< ed (default); Disabled (Legacy Client, Enterprise Client, and High Security);4.1.32 Simple Network Management Protocol Service: DisabledE7.6.13 SNMP Service: (5.026: CAT II) SNMP is disabled if not required CCE-3536-0vTable 3.212 SNMP Trap Service: Not installed (default); Disabled (Legacy Client, Enterprise Client, and High Security)84.1.33 Simple Network Management Protocol Trap: Disabled CCE-3541-0O7.6.14 Simple Service Discovery Protocol (SSDP) Service: 5.019: CAT I) Disabled CCE-3558-4oTable 3.216 Task Scheduler: Automatic (default); Disabled (Legacy Client, Enterprise Client, and High Security)77.6.15 Task Scheduler Service: (5.009: CAT II) Disabled CCE-3078-3ZTable 3.220 Telnet Service: Disabled (Legacy Client, Enterprise Client, and High Security)4.1.35 Telnet: Disabled CCE-2832-4pTable 3.221 Terminal Services: Manual (default); Automatic (Legacy Client, Enterprise Client, and High Security)94.1.36 Terminal Services: Disabled (Specialized Security)i7.6.17 Terminal Services: (5.020: CAT I) Disabled on machines that are not performing as Terminal Servers CCE-3475-1ZTable 3.182 Plug and Play: Automatic (Legacy Client, Enterprise Client, and High Security) CCE-3492-6Table 3.245 World Wide Web Publishing Service: Not installed (default); Disabled (Legacy Client, Enterprise Client, and High Security)34.1.39 World Wide Web Publishing Services: Disabled CCE-3633-5 CCE-3638-4<Table 11.4 Background Intelligent Transfer Service: Disabled CCE-3175-7 CCE-2695-54.1.1. Alerter: Disabled CCE-3637-6gTable 3.123 Automatic Updates Service: Automatic (Legacy Client, Enterprise Client, and High Security) CCE-3642-6 CCE-3664-0 CCE-3435-5 CCE-3580-8 CCE-3474-4 CCE-3496-7 CCE-3483-5 CCE-3254-054.1.19 Print Spooler: Disabled (Specialized Security) CCE-3523-8CCE-157 CCE-3673-1 CCE-3193-0 CCE-3461-1 CCE-3355-5 CCE-2687-2 CCE-3583-2 CCE-3226-8 CCE-3569-1 CCE-3591-53.86 Network Access: Do not allow anonymous enumeration of SAM accounts and shares: Enabled (Legacy Client, Enterprise Client, and High Security)3.1.3 Network Access: Do not allow anonymous enumeration of SAM accounts and shares: Enabled (Enterprise and Specialized Security)|5.4.6.53 [AP] Restrict Anonymous Network Shares: Network Access: Do not allow anonymous enumeration of SAM accounts: Enabled CCE-3631-93.85 Network Access: Do not allow anonymous enumeration of SAM accounts: Enabled (Legacy Client, Enterprise Client, and High Security) CCE-3402-5ITable 2.13 Network Access: Allow anonymous SID/NAME translation: Disabled[3.1.1 Network Access: Allow Anonymous SID/Name Translation: Disabled (Specialized Security)G5/4/6/52 Network Access: Allow anonymous SID/Name translation: Disabled CCE-3525-3 CCE-2908-2C5.2 Windows Server 2003 Built-in Accounts: (4.048: CAT II) Disabled CCE-2790-4Table 3.73 Interactive logon: Message title for users attempting to log on: "It is an offense to continue without proper authorization" (Legacy Client, Enterprise Client, and High Security)a3.2.1.27 Interactive Logon: Message Title for Users Attmpting to Log On: 5.4.6.22 [AP] Display Legal Notice: Interactive Logon: Message title for users attempting to log on: US Deparment of Defense Warning Statement CCE-3672-3eTable 3.72 Interactive logon: Message text for users attempting to log on: "This system is restricted to authorized users. Individuals attempting unauthorized access will be prosecuted. If unauthorized, terminate access now! Clicking on OK indicates your acceptance of the information in the background. (Legacy Client, Enterprise Client, and High Security)a3.2.1.26 Interactive Logon: Message Text for Users Attempting to Log On: G5.4.6.22 Interactive Logon: Message text for users attempting to log on CCE-3690-5<5.4.6.38 [A] Disable Administrator Automatic Logon: Disabled CCE-3597-2l5.4.6.47 [A] Disable Media Autoplay: MSS: Disable Autorun on all drives: 255, disable Autorun for all drives CCE-3725-9w5.4.6.41 [A] ICMP Redirects: MSS: (EnablEICMPRedirect) Allow ICMP redirects to override OSPF generated routes: Disabled CCE-3227-6n3.2.1.69 MSS: IP Source Routing protection level: Highest Protection, source routing is automatically disabled5.4.6.39 MISS: DisableIPSourceRouting, IP source routing packet spoofing: Highest protection, source routing is completely disabled CCE-3509-7S3.2.1.74 MSS: Allow IRDP to detect and configure DefaultGateway addresses: Disabled CCE-3527-9Table 3.70 Interactive logon: Do not display last user name: Disabled (default); Enabled (Legacy Client, Enterprise Client, and High Security)B3.2.1.24 Interactive Logon: Do Not Display Last User Name: Enabled CCE-2919-9Table. 3.246 Security Consideration for Network Attack: EnableDeadGWDetect = 0 (Legacy Client, Enterprise Client, and High Security)J3.2.1.70 MSS: Allow automatic detection of dead network gateways: Disabled5.4.6.40 [A] Detection of Dead Gateways: MSS: (EnableDeadGWDetect) Allow automatic detection of dead network gateways: Disabled CCE-2812-6Table 3.246 Security Consideration for Network Attacks: KeepAliveTime = 300,000 (Legacy Client, Enterprise Client, and High Security)J3.2.1.82 MSS: How often keepalive packets are sent in milliseconds: 300000J5.4.6.49 MSS: How often keepalive packets are sent in milliseconds: 300000 CCE-2817-5Table 3.248 Configure NetBIOS Name Release Security: Allow the computer to ignore NetBIOS name release requests except from WINS server: NoNameReleaseOnDemand = 1 (Legacy Client, Enterprise Client, and High Security)m3.2.1.73 MSS: Allow the computer to ignore NetBIOS name release requestions except from WINS servers: Enabled5.4.6.42 [A] NetBIOS Name Release: MSS: (NoNameReleaseOnDemand) Allow computer to ignore NetBIOS name release requests except from WINS Servers: Enabled CCE-3739-0Table 3.246 Security Consideration for Network Attacks: EnablePMTUDiscovery = 0 (Legacy Client, Enterprise Client, and High Security)h3.2.1.72 MSS: EnablePMTUDiscovery, Allow automatic detection of MTU size: Enabled (Specialized Security) CCE-3616-0Table 3.246 Security Consideration for Network Attacks: SynAttackProtect = 1 (Legacy Client, Enterprise Client, and High Security)t5.4.6.44 MSS (SynAttackProtect) Syn attack protection level: Connections time out sooner if a SYN attack is detected CCE-3757-2E5.4.6.6 ConGp: Prevent the dial-up password from being saved: Enabled CCE-3796-0Table 3.64 Domain member: Digitally encrypt or sign secure channel data (always): Enabled (High Security); Disabled (Legacy Client and Enterprise Client)V3.2.1.19 Domain Member: Digitally Encrypt Secure Channel Data (When Possible): Enabled5.4.6.16 [A] Encryption of Secure Channel Traffic: Domain Member: Digitally encrypt secure channel data (when possible): Enabled CCE-3514-7Table 3.65 Domain member: Digitally encrypt or sign secure channel data (when possible): Enabled (Legacy Client, Enterprise Client, and High Security)S3.2.1.20 Domain Member: Digitally Sign Secure Channel Data (When Possible): Enabled|5.4.6.17: [A] Signing of Secure Channel Traffic: Domain Membore: Digitally sign secure channel data (when possible): Enabled CCE-3778-8Table 3.253 Enable Safe DLL Search Order: Enable Safe DLL search mode (recommended): SafeDllSearchMode = 1 (Legacy Client, Enterprise Client, and High Security)23.2.1.80 MSS: Enable Safe DLL search mode: EnabledL5.4.6.48 [A] Safe DLL Search Mode: MSS: Enable Safe DLL search mode: Enabled CCE-3549-3>8.3.5 Always wait for the network at computer startup: Enabled CCE-3298-7a8.3.6 Group Policy: (3.080: CAT II) Turn off backroung refresh of Group Policy is set to Disabled CCE-3443-98.3.9.2 Network Bridge: (3.086: CAT II) The setting Prohibit installation and configuration of network Bridge on your DNS doman network is set to Enabled CCE-3708-58.3.10 Installation of Printers Using Kernel-mode Drivers: (3.087: CAT II) the setting Disallow installation of printers using kernel-mode drivers is set to Enabled CCE-3479-3Table 3.61 Domain< controller: Allow server operators to schedule tasks: Not Defined (default); Disabled (Legacy Client, Enterprise Client, and High Security)N3.2.1.15 Domain Controller: Allow Server Operators to Schedule Tasks: Disabledt5.4.6.12 [A] Server Operators Scheduling Tasks: Domain Controller: Allo server operators to schedule tasks: Disabled CCE-2853-0K5.4.6.3 Accounts: Rename administrator account: Should not be Administrator CCE-3743-2C5.4.6.4 Account: Rename guest account: Any value other than  Guest CCE-3761-4Table 3.81 Microsoft network server: Amount of idle time required before suspending session: 15 minutes (Legacy Client, Enterprise Client, and High Security)5.4.6.30[A] Idle Time Before Suspending a Session: Microsoft Network Server: Amount of idle time required before suspending a session: 15 minutes CCE-3774-7{Table 3.52 Audit: Audit the access of global system objects: Disabled (Legacy Client, Enterprise Client, and High Security)E3.2.1.6 Audit: Audit the access of global system objects: Not Defined5.4.7.76 [A] Global System Object Permission Strength: System objects: Strengthen default permissions of internal system objects: Enabled CCE-3814-1Table 3.53 Audit: Audit the use of backup and restore privilege: Disabled (Legacy Client, Enterprise Client, and High Security)I3.2.1.7 Audit: Audit the use of backup and restore privilege: Not Defined CCE-3060-1yTable 3.71 Interactive logon: Do not require CRTL+ALT+DEL: Disabled (Legacy Client, Enterprise Client, and High Security)o5.4.6.21 [A] CTRL+ALT+DEL Security Attention Sequence: Interactive Logon: Do not require CTRL+ALT+DEL: Disabled CCE-3703-6Table 3.96 Network security: LAN Manager authentication level: Send NTLM response only (default); Send NTLMv2 response only\refuse LM & NTLM (High Security); Send NTLMv2 responses only (Legacy Client and Enterprise Client)3.2.1.50 Network Security: LAN Manager Authentication Level: Send NTLMv2 (Legacy), Send NTLMv2, refuse LM (Enterprise), Send NTLMv2, refuse LM and NTLM (Specialized Security)5.4.6.64 [AP] LanMan Compatible Password Option Not Properly Set: Network Security: LAN Manager authentication level: Send NTLMv2 response only/refuse LM & NTLM CCE-3769-7Table 3.57 Devices: Prevent users from installing printer drivers: Enabled (Legacy Client, Enterprise Client, and High Security)H3.2.1.11 Devices: Prevent users from installing printer drivers: Enabledm5.4.6.9 [A] Secure Print Driver Installation: Devices: Prevent users from installing printer drivers: Enabled CCE-3659-0Table 3.100 Recovery console: Allow automatic administrative logon: Disabled (Legacy Client, Enterprise Client, and High Security)I3.2.1.54 Recovery Console: Allow Automatic Administrative Logon: Disabled_5.4.6.68 [A] Recovery Console - Automatic Logon: Allow automatic administrative logon: Disabled CCE-3676-4Table 3.101 Recovery console: Allow floppy copy and access to all drives and all folders: Disabled (High Security); Enabled (Legacy Client and Enterprise Client)b3.2.1.55 Recovery Console: Allow Floppy Copy and Access to All Drives and All Folders: Not Defined5.4.6.69 [A] Recovery Console - Set Command: Recovery console: Allow floppy copy and access to all drives and folders: Disabled CCE-3694-7T3.2.1.12 Devices: Restrict CD-ROM Access to Locally Logged-On User Only: Not Defined CCE-2822-5fTable 10.2 Devices: Restrict floppy access to locally logged-on user only: Enabled (Enterprise Client)T3.2.1.13 Devices: Restrict Floppy Access to Locally Logged-On User only: Not Definedl5.4.6.10 [A] Secure Removable Media: Devices: Restrict floppy access to locally logged-on user only: Enabled CCE-2963-7Table 3.108 System ojects: Strengthen default permissions of internal system objects: Enabled (Legacy Client, Enterprise Client, and High Security)[3.2.1.62 System Objects: Strengthen default permissions of internal system objects: Enabled5.4.6.76 [A] Global System Object Permission Strength: System Objects: Strengthen default permissions of internal system objects: Enabled CCE-3478-5Table 3.69 Domain member: Require strong (W2K or later) session key: Disabled (default); Enabled (Legacy Client, Enterprise Client, and High Security)W3.2.1.23 Domain Member: Require Strong (Windows 2000 or later) Session Key: Not Defined5.4.6.20 [AP] Strong Session Key (WIN2K/W2K3 Native Domains): Domain Member: Require Strong (Windows 2000 or later) Session Key: Enabled CCE-2870-4Table 3.80 Microsoft network client: Send unencrypted password to third-party SMB servers: Disabled (Legacy Client, Enterprise Client, and High Security)k3.2.1.35 Microsoft Network Client: Send Unencrypted Password to Connect to Third-Party SMB Server: DisabledE5.4.6.29 [A] Unencrypted Passwords to 3rd party SMB Servers: Disabled CCE-3787-9Q3.2.1.14 Devices: Unsigned driver installation behavior: "Warn, but allow . . . "P5.4.6.11 [AP] Unsigned Driver installation Behavior: Warn but allow installation CCE-3804-2Table 3.75 Interactive logon: Prompt user to change password before expiration: 14 days (Legacy Client, Enterprise Client, and High Security)U3.2.1.29 Interactive Logon: Prompt User to Change Password Before Expiration: 14 daysv5.4.6.24 [A] Password Expiration Warning: Interactive Logon: Prompt user to change password before expiration: 14 days CCE-3430-6Table 3.54 Audit: Shut down system immediately if unable to log security audits: Disabled (Legacy Client and Enterprise Client); Enabled (High Security)l3.2.1.8 Audit: Shut down system immediately if unable to log security alerts: Enabled (Specialized Security)q5.4.6.5 [AP] Halt on Audit Failure: Audit: Shut down system immediately if unable to log security audits: Enabled CCE-3448-8R3.2.1.56 Shutdown: Allow system to be shut down without having to log on: Disabled CCE-3593-1}Table 3.103 Shutdown: Clear virtual memory page file: Disabled (Legacy Client and Enterprise Client); Enabled (High Security)=3.2.1.57 Shutdown: Clear virtual memory pagefule: Not Definedf5.4.6.71 [AP] Clear System Page File During Shutdown: Shutdown: Clear virtual memory pagefile: Enabled CCE-3652-5i3.2.1.33 Microsoft Network Client: Digitally sign communications (always): Enabled (Specialized Security)z5.4.6.27 [A] SMB Client Packet Signing (Always): Microsoft Network Client: Digitally sign communications (always): Enabled CCE-3295-3V3.2.1.37 Microsoft Network Server: Digitally sign communications (always): Not Definedz5.4.6.31 [A] SMB Server Packet Signing (Always): Microsoft Network Server: Digitally sign communications (always): Enabled CCE-3189-8TMicrosoft network server: Digitally sign communications (if client agrees): Disabledc5.4.6.32 Microsoft Network Server: digitally sign server communications (if client agrees): Enabled CCE-3709-3|Table 3.74 Interactive logon: Number of previous logons to cache: 1 (Legacy Client); 0 (Enterprise Client and High Security)K3.2.1.28 Interactive Logon: Number of Previous Logons to Cache: Not Defined~5.4.6.23 Interactive Logon: Number of previous logons to cache (in case Domain Controller is unavailable): 0 logons or 1 logon CCE-3586-5Table 3.56 Devices: Allowed to format and eject removable media: Administrators (Legacy Client, Enterprise Client, and High Security)M3.2.1.10 Devices: Allowed to format and eject removable media: Administratorsr5.4.6.8 [A] Format and Eject Removable Media: Devices: Allowed to Format and Eject Removable Media: Administrators CCE-3731-7Table 3.64 Domain member: Digitally encrypt or sign secure channel data: Enabled (High Security); disabled (Legacy Client and Enterprise Client)[3.2.1.18 Domain Member: Digitally Encrypt or Sign Secure Channel Data (Always): Not Defined5.4.6.15 [A] Encrypting and Signing of Secure Channel Traffic: Domain Member: Digitally encrypt or sign secure channel data (always): Enabled CCE-3370-4Table 3.65 Domain member: Digitally encrypt secure channel data (when possible): Enabled (Legacy Client, Enterprise Client, and High Security) CCE-3511-3Table 3.66 Doma< in member: Digitally sign secure channel data (when possible): Enabled (Legacy Client, Enterprise Client, and High Security)z5.4.6.17 [A] Signing of Secure Channel Traffic: Domain Member: Digitally sign secure channel data (when possible): Enabled CCE-3674-9Table 3.77 Interactive logon: Smart card removal behavior: Lock Workstation (Enterprise Client and High Security); Legacy Client is not definedJ3.2.1.32 Interactive Logon: Smart Card Removale Behavior: Lock Workstationx5.4.6.26 [A] Smart Card Removal Option: interactive Logon: Smart card removal behavior: Lock Workstation or Force Logoff CCE-3441-3Table 3.105 System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing: Disabled (Legacy Client, Enterprise Client, and High Security)m3.2.1.59 System Cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing: Not Defined5.4.6.73 [A] FIPS compliant algorithms: System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing: Enabled CCE-2947-0Table 3.106 System objects: Default owner for objects created by members of the Administrators group: Administrators group (default); Object creator (Legacy Client, Enterprise Client, and High Security)q3.2.1.60 System Objects: Default owner for objects created by members of the Administrators group: Object Creator5.4.6.74 [A] Object Created by members of the Administrators Group: System ojects: Default owner for object created by members of the Administrators groups: Object creator CCE-3714-3Table 3.107 System objects: Require case insensitivity for non-Windows subsystems: Enabled (Legacy Client, Enterprise Client, and High Security)[3.2.1.61 System objects: Require case insensitivity for non-Windows subsystems: Not Defined5.4.6.75 [A] Case Insensitivity for Non-Windows Subsystems: System object: Require Case Insensitivity for non-Windows Subsystems: Enabled CCE-3357-1Table 3.51 Accounts: Limit local account use of blank passwords to console logon only: Enabled (Legacy Client, Enterprise Client, and High Security)[3.2.1.3 Accounts: Limit local account use of blank passwords to console logon only: Enabledv5.4.6.2 [A] Limit Blank Passwords: Accounts: Limit local account use of blank passwords to console logon only: Enabled CCE-3613-7Table 3.55 Devices: Allow undock without having to log on: Enabled (default); Disabled (Legacy Client, Enterprise Client, and High Security)V3.2.1.9 Devices: Allow undock without having to log on: Enabled (Specialized Security)^5.4.6.7 [A] Undock Without Loggon On: Devices: Allow Undock Without Having to Log On: Disabled CCE-3801-8Table 3.62 Domain controller: LDAP server signing requirements: Not Defined (Legacy Client and Enterprise Client); Require signing (High Security)d3.2.1.16 Domain Controller: LDAP Server Signing Requirements: Require Signing (Specialized Security)5.4.6.13 [A] LDA Signing Requirements (Domain Controller): Domain controller: LDAP Server signing requirements: Require signing CCE-2819-1Table 3.97 Network security: LDAP client signing requirements: Negotiate signing (Legacy Client, Enterprise Client, and High Security)a3.2.1.51 Network Security: LDAP client signing requirements: Negotiate Signing or Require Signingg5.4.6.65 [A] LDAP Client Signing: Network security: LDAP client signing requirements: Negotiate signing CCE-3605-3Table 3.63 Domain controller: Refuse machine account password changes: Not Defined (default); Disabled (Legacy Client, Enterprise Client, and High Security)M3.2.1.17 Domain Controller: Refuse machine account password changes: Disabled|5.4.6.14 [A] computer Account Password change Requests: Domain Controller: Refuse machine account password changes: Disabled CCE-2984-3}Table 3.68 Domain member: Maximum machine account password age: 30 days (Legacy Client, Enterprise Client, and High Security)E3.2.1.22 Domain Member: Maximum Machine Account Password Age: 30 daysj5.4.6.19 [A] Maximum Machine Account Password Age: Domain Member: Maximum Machine Account Password Age: 30 CCE-3504-8Table 3.76 Interactive logon: Require domain controller authentication to unlock workstation: Disabled (default); Enabled (Legacy Client, Enterprise Client, and High Security)j3.2.1.30 Interactive Logon: Require Domain Controller authentication to unlock workstation: Not Applicable5.4.6.25 [A] Domain Controller Authentication to Unlock Workstation: Interactive logon: Require domain controller authentication to unlock workstation: Enabled CCE-3773-9Table 3.84 Microsoft network server: Disconnect clients when logon hours expire: Enabled (Legacy Client, Enterprise Client, and High Security)V3.2.1.30 Microsoft Network Server: Disconnect clients when logon hours expire: Enabled5.4.6.33 [A] forcibly disconnect when logon hours expire: Microsoft network Server: Disconnect clients when logon hours expire: Enabled CCE-3420-7Table 3.87 Network access: Do not allow storage of credentials or .NET Passports for network authentications: Disabled (default); Enabled (Legacy Client, Enterprise Client, and High Security)3.2.1.40 Network Access: Do not allow storage of credentials or .NET passports for network authentication: Enabled (Specialized Security)5.4.6.54 [A] Storage of credentials or .NET passports: Network Access: Do not allow storage of credentials or .NET passports for network authentication: Enabled CCE-3817-4Table 3.88 Network access: Let Everyone permissions apply to anonymous users: Disabled (Legacy Client, Enterprise Client, and High Security)T3.2.1.41 Network Access: Let Everyone permissions apply to anonymous users: Disabled5.4.6.55 [AP] Everyone Permissions Apply to Anonymous Users: Network Access: Let everyone permissions apply to anonymous users: Disabled CCE-3711-9Table 3.89 Network access: Named Pipes that can be accessed anonymously: None (Legacy Client, Enterprise Client, and High Security)K3.2.1.42 Network Access: Named pipes that can be accessed anonymously: None5.4.6.56 [MA] Anonymous Access to Named Pipes: Network Access: Named pipes that can be accessed anonymously: COMNAP, COMNODE, SQL\QUERY, SPOOLSS, EPMAPPER, LOCATOR, TrkWks, and TrkSvr CCE-3729-1 Table 3.90 Network access: Remotely accessible registry paths: System\currentControlSet\Control\Products Options; System\CurrentControlSet\Control\server Applications; Software\Microsoft\Windows NT\CurrentVersion (Legacy Client, Enterprise Client, and High Security)3.2.1.43 Network Access: Remotely accessible registry paths: System\CurrentControlSet\Control\Product Options, System\CurrentControlSet\Control\Server Applications, Software\Microsoft\WindowsNT\CurrentVersion5.4.6.57 [MA] Remotely Accessible Registry Paths: Network Access: Remotely accessible registry paths: System\currentControlSet\Control\ProductOptions, System\CurrentControlSet\Control\Server Applications, Software\Microsoft\Windows NT\CurrentVersion CCE-3592-3~Table 3.93 Network Access: Shares that can be accessed anonymously: None (Legacy Client, Enterprise Client, and High Security)F3.2.1.46 Network Access: Shares that can be accessed anonymously: None|5.4.6.60 [MA] Anonymous Access to Network Shares: Network Access: Shares that can be accessed anonymously: CCE-3112-0Table 3.94 Network Access: Sharing and security model for local accounts: Classic - local users authenticate as themselves (Legacy Client, Enterprise Client, and High Security)O3.2.1.47 Network Access: Sharing and security model for local accounts: Classic5.4.6.61 [A] Sharing and Security Model for Local Accounts: Network Access: Sharing and security model for local accounts: "Classis - local users authenticate as themselves" CCE-3632-7Table 3.95 Network Security: Do not store LAN Manager hash value on next password change: Enabled (Legacy Client, Enterprise Client, and High Security) ~3.2.1.48 Network Security:Do not store LAN Manager password hash value on next password change: Enabled (Specialized Security)|5.4.6.62 [AP] LAN Manager Hash Value: network security: Do not store LAN Manager hash value on next password change: Enable< d CCE-3719-2Table 2.14 Network Security: Force Logoff when logon hours expire: Disabled (default); Enabled (Legacy Client, Enterprise Client, and High Security)L3.2.1.49 Network Security: Force logoff when logon hours expire: Not Defined:5.4.6.63 [A] force Logoff when Logon Hours Expire: Enabled CCE-3614-5Table 3.98 Network Security: Minimum session security for NTLM SSP based clients: No minimum (Legacy Client); Enabled all settings (Enterprise Client and High Security)3.2.1.52 Network Security: Minimum session security for NTLM SSP based clients: Require Message Integrity, Message Confidentiality, NTLMv2 Session Security, 128-bit Encryption (Specialized Security)5.4.6.66 [A] Minimum Session Security for NTLM SSP-based Clients: "Require NTLMv2 session security", "Require 128-bit encryption", "Require Message Integrity", and "Require Message Confidentiality" CCE-3759-8Table 3.99 Network Security: Minimum session security for NTLM SSP based servers: No minimum (Legacy Client); Enabled all settings (Enterprise Client and High Security)5.4.6.67 [A] Minimum Session Security for NTLM SSP-based servers: "Require NTLMv2 session security", Require 128-bit encryption", Require Message Integrity", and "Require Message Confidentiality" CCE-3526-1^The "Screensaver Executable Name" setting should be configured correctly for the current user.C5.5.1 [AP] Password Protected Screen Savers: Passwords are required CCE-3764-8PThe "screensaver timeout" policy should be set correctly for the current user. _7.5.1 Configuring Default User Screensaver Options: ScreenSaveTimeout: 900 Seconds (15 minutes) CCE-3781-2"DEPRECATED in favor of CCE-3182-3. CCE-3799-4RThe screensaver should be enabled or disabled as appropriate for the current user.G7.5.1 Configuring Default User Screensaver Options: ScreenSaveActive: 1 CCE-3693-9PThe "screensaver timeout" policy should be set correctly for the default user. CCE-3698-8^The "Password protect the screensaver" setting should be set correctly for the default user. J7.5.1 Configuring Default User Screensaver Options: ScreenSaverIsSecure: 1 CCE-3715-0RThe screensaver should be enabled or disabled as appropriate for the default user. CCE-3609-5"DEPRECATED in favor of CCE-3526-1. CCE-3253-2"DEPRECATED in favor of CCE-3764-8. CCE-2900-9 CCE-3671-5"DEPRECATED in favor of CCE-3799-4. CCE-3182-3CCE-442(1) 7.5.1 Configuring Default User Screensaver Options: ScreenSaverIsSecure: 1 (2) 5.5.1 [AP] Password Protected Screen Savers: Passwords are required CCE-3534-5CCE-481.DEPRECATED in favor of CCE-3764-8, CCE-3693-9. CCE-3794-5I8.3.3.1 Always Install with Elevated Privileges: (4.037: CAT II) Disabled CCE-3547-7C8.3.3.3 Enable User Control Over Installs: (5.051: CAT II) Disabled CCE-3190-6Q8.3.3.4 Enable User to Browse for Source While Elevated: (5.052: CAT II) Disabled CCE-3587-3P8.3.3.5 Enable User to Use Media Source While Elevated: (5.053: CAT II) Disabled CCE-2837-3W8.3.3.7 Allow Admin to Install from Terminal Services Session: (5.055: CAT II) Disabled CCE-3803-4H8.3.3.6 Enable User to Patch Elevated Products: (5.054: CAT II) Disabled CCE-3702-8S8.3.3.8 Cache Transforms in Secure Location on Workstation: (5.056: CAT II) Enabled CCE-3720-0P5.6.4.1 [A] Media Player - Disabling Media Player for Automatic Updates: Enabled CCE-2863-9c8.3.11 Media Player - Automatic Downloads: (5.061: CAT II) Prevent Codec Download is set to Enabled CCE-3636-8:5.6.5.3 [A] Windows Messenger - internet Access Blocked: 1 CCE-3658-2UTable 3.167 Messenger: Disabled (Legacy Client, Enterprise Client, and High Security)H8.3.4.1 Do Not Allow Windows Messenger to be Run: (5.017: CAT I) Enabled CCE-3306-8U8.3.4.2 Do Not Automatically Start Windows Messenger Intially: (5.029: CAT I) Enabled CCE-3728-3M7.6.15 Task Scheduler Service: (5.035: CAT III) Hide Property Page is Enabled CCE-3746-5U7.6.15 Task Scheduler Service: (5.036: CAT III) Prohibit New Task Creation is Enabled CCE-3654-1A8.3.2.2 Limit User to One Remote Session: (5.038: CAT II) Enabled CCE-3786-1<8.3.2.3 Limit Number of Connections: (5.039: CAT II) Enabled CCE-3790-3D8.3.2.4 Do Not Allow New Client Connections: (5.040: CAT II) Enabled CCE-3808-3c5.6.3.3 [A] Terminal Services - Do Not Allow Local Administrators to Customize Permissions: Enabled CCE-3848-95.6.3.4 [A] Terminal Services - Remote Control Settings: "Set rules for remote control of Terminal Services user settings: Enabled CCE-3666-5[5.6.3.5 [A] Terminal Services - Always prompt client for password upon connections: Enabled CCE-3812-5nTable 3.255 Set client connection encryption level: High (Legacy Client, Enterprise Client, and High Security)O5.6.3.6 [A] Terminal Services - Set Client Connection Encryption Level: Enabled CCE-3710-1E8.3.2.5 Do Not Use Temp Folders per Session: (5.044: CAT II) Disabled CCE-3627-7E8.3.2.6 Do Not Delete Temp Folder upon Exit: (5.045: CAT II) Disabled CCE-2875-35.6.3.10 [A] Terminal Services - Set time Limit for Disconnected Sessions: Enabled ("End a disconnected session" is set to "1") CCE-3665-7d8.3.2.7 Set Time Limit for Idle Sessions: (5.047: CAT II) Enabled and set to no more than 15 minutes CCE-3683-0V5.6.3.12 [A] Terminal Services - Allow Reconnection from Original Client Only: Enabled CCE-3577-4O8.3.2.8 Terminate Session When Time Limits are Reached: (5.049: CAT II) Enabled CCE-3828-158.3.2.1 Keep-Alive Messages: (5.037: CAT III) Enabled CCE-3599-8E5.6.8.1 [A] Remote Assistance - Solicited Remote Assistance: Disabled CCE-3617-8A5.6.8.2 [A] Remote Assistance - Offer Remote Assistance: Disabled CCE-3758-0[Table 3.257 Error Reporting: Disabled (Legacy Client, Enterprise Client, and High Security)5.6.9.1 Report Errors: Disabled CCE-3700-2M5.4.3.1 [M] User Logon Restrictions: Enforce user logon restrictions: Enabled CCE-3237-5U5.4.3.2 [M] Service Ticket Lifetime: Maximum lifetime for service ticket: 600 minutes CCE-3625-1L5.4.3.3 [M] User Ticket Lifetime: Maximum lifetime for user ticket: 10 hours CCE-3396-9l5.4.3.5 [M] Computer Clock Synchronization: Maximum tolerance for computer clock synchronizations: 5 minutes CCE-3788-7CCE-420 CCE-3806-7CCE-861&Table 11.3 Automatic Updates: Disabled CCE-3608-7CCE-244 CCE-3740-8CCE-3069The "Configure Automatic Updates" should be set correctly CCE-3277-1CCE-641BThe "No auto-restart for scheduled Automatic Updates installations CCE-3661-6CCE-804RThe "Reschedule Automatic Updates scheduled installations" should be set correctly CCE-3730-9CCE-932f2.2.2 Microsoft Software Updates Services: Specify intranet Microsoft update service location: enabled CCE-3250-8CCE-418ZHKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\TCPMaxPortsExhaustedj3.2.1.78 MSS: TCPMaxPortsExhausted, How many dropped connect requests to initiate SYN attack protection: 5 CCE-3413-2J8.3.1.1 Security Zones: Use Only Machine Settings: (5.028: CAT II) Enabled CCE-3039-5W8.3.1.3 Security Zones: Do Not Allow Users to Add/Delete Sites: (5.030: CAT II) Enabled CCE-3810-9^8.3.1.6 Disable Peridoic Check for Internet Explorer Software Updates: (5.033: CAT II) Enabled CCE-3832-3`8.3.1.7 Disable Software Update Shell Notificiations on Program Launch: (5.034: CAT II) Disabled CCE-3598-0Z8.3.1.5 Disable Automatic Install of Internet Explorer Components: (5.032: CAT II) Enabled CCE-3713-5@8.3.1.4 Make Proxy Settings Per Machine: (5.031: CAT II) Enabled CCE-3480-1V8.3.1.2 Security Zones: Do Not Allow Users to Change Policies: (5.029: CAT II) Enabled CCE-5026-0hMSS: (AutoShareServer) Enable Administrative Shares (recommended except for highly secure environments) Table 3.251 Make screensaver password protection immediate: the time in seconds before the screen saver grace period expires: 0 (Legacy Client, Enterprise Client, and High Security)Q3.2.1.84 MSS: The time in seconds before the screen saver grace period expires: 0FNIST SCAP Windows Vista XCCDF (SCAP-WinVista-XCCDF.xml rev 2007-02-06)DNIST SCAP < Windows Vista OVAL (SCAP-WinVista-OVAL.xml rev 2007-02-06)QFDCC Windows Vista XCCDF (fdcc-accepted-content-20080110\fdcc-winvista-xccdf.xml)OFDCC Windows Vista OVAL (fdcc-accepted-content-20080110\fdcc-winvista-oval.xml)_FDCC Windows Vista Firewall XCCDF (fdcc-accepted-content-20080110\fdcc-vistafirewall-xccdf.xml)]FDCC Windows Vista Firewall OVAL (fdcc-accepted-content-20080110\fdcc-vistafirewall-oval.xml) CCE-2715-1reset-account-lockout-counter&oval:com.secure-elements.oval:def:6009account_lockout_reset_counter!oval:gov.nist.fdcc.vista:def:6009 CCE-2363-0account-lockout-duration&oval:com.secure-elements.oval:def:6007!oval:gov.nist.fdcc.vista:def:6007 CCE-3177-3account-lockout-threshold&oval:com.secure-elements.oval:def:6008!oval:gov.nist.fdcc.vista:def:6008 CCE-2820-9audit-account-logon-events&oval:com.secure-elements.oval:def:6010audit_account_logon_eventsoval:gov.nist.fdcc.vista:def:27 CCE-3089-0 CCE-3234-2audit-account-management&oval:com.secure-elements.oval:def:6011audit_account_managementoval:gov.nist.fdcc.vista:def:29 CCE-3287-0 CCE-3041-1audit-directory-services-access&oval:com.secure-elements.oval:def:6012audit_directory_service_accessoval:gov.nist.fdcc.vista:def:30 CCE-3309-2 CCE-3076-7audit-logon-events&oval:com.secure-elements.oval:def:6013audit_logon_eventsoval:gov.nist.fdcc.vista:def:32 CCE-2970-2 CCE-2724-3audit-object-access&oval:com.secure-elements.oval:def:6014audit_object_accessoval:gov.nist.fdcc.vista:def:34 CCE-3243-3 CCE-2746-6audit-policy-change&oval:com.secure-elements.oval:def:6015audit_policy_changeoval:gov.nist.fdcc.vista:def:35 CCE-2653-4 CCE-2322-6audit-privilege-use&oval:com.secure-elements.oval:def:6016audit_privilege_useoval:gov.nist.fdcc.vista:def:36 CCE-3257-3 CCE-3024-7audit-process-tracking&oval:com.secure-elements.oval:def:6017audit_process_trackingoval:gov.nist.fdcc.vista:def:40 CCE-2927-2 CCE-2953-8audit-system-events&oval:com.secure-elements.oval:def:6018audit_system_eventsoval:gov.nist.fdcc.vista:def:37 CCE-3222-7 CCE-3121-1$Prevent-Guest-Application-Log-Access&oval:com.secure-elements.oval:def:6509 CCE-3015-5Maximum-Application-Log-Size&oval:com.secure-elements.oval:def:6506 oval:gov.nist.fdcc.vista:def:197 CCE-2905-8$Retention-Method-For-Application-Log&oval:com.secure-elements.oval:def:6512 CCE-2659-1!Prevent-Guest-Security-Log-Access&oval:com.secure-elements.oval:def:6511 CCE-3302-7Maximum-Security-Log-Size&oval:com.secure-elements.oval:def:6507 oval:gov.nist.fdcc.vista:def:198 CCE-3196-3!Retention-Method-For-Security-Log&oval:com.secure-elements.oval:def:6513 CCE-2839-9Prevent-Guest-System-Log-Access&oval:com.secure-elements.oval:def:6510 CCE-3165-8Maximum-System-Log-Size&oval:com.secure-elements.oval:def:6508 oval:gov.nist.fdcc.vista:def:199 CCE-2931-4Retention-Method-For-System-Log&oval:com.secure-elements.oval:def:6514 CCE-2967-8maximum-password-age&oval:com.secure-elements.oval:def:6002password-maximum_age!oval:gov.nist.fdcc.vista:def:6002 CCE-3240-9minimum-password-age&oval:com.secure-elements.oval:def:6003password-minimum-age!oval:gov.nist.fdcc.vista:def:6003 CCE-2883-7minimum-password-length&oval:com.secure-elements.oval:def:6006password-minimum-length!oval:gov.nist.fdcc.vista:def:6006 CCE-3033-8password-complexity&oval:com.secure-elements.oval:def:6004!oval:gov.nist.fdcc.vista:def:6004 CCE-2323-4enforce-password-history&oval:com.secure-elements.oval:def:6001password_enforce_history!oval:gov.nist.fdcc.vista:def:6001 CCE-3311-8reversible-password-encryption&oval:com.secure-elements.oval:def:6005password_reversible_encryption!oval:gov.nist.fdcc.vista:def:6005 CCE-3316-7&oval:com.secure-elements.oval:def:6601(do_not_allow_windows_messenger_to_be_run!oval:gov.nist.fdcc.vista:def:6601 CCE-3082-5Disable-remote-Desktop-Sharing&oval:com.secure-elements.oval:def:6595!oval:gov.nist.fdcc.vista:def:6595 CCE-3232-66do-not-allow-anonymous-enumeration-sam-accounts-shares&oval:com.secure-elements.oval:def:6071!oval:gov.nist.fdcc.vista:def:6071 CCE-3272-2&do-not-allow-anonymous-enumeration-sam&oval:com.secure-elements.oval:def:6070!oval:gov.nist.fdcc.vista:def:6070 CCE-2339-0Anonymous-SID-Name-Translation!oval:gov.nist.fdcc.vista:def:6106 CCE-3248-2guest-account-status&oval:com.secure-elements.oval:def:6020!oval:gov.nist.fdcc.vista:def:6020 CCE-3032-0administrator-account-status&oval:com.secure-elements.oval:def:6019 CCE-3314-2$message-title-users-attempting-logon&oval:com.secure-elements.oval:def:6042!oval:gov.nist.fdcc.vista:def:6042 CCE-3336-5#message-text-users-attempting-logon&oval:com.secure-elements.oval:def:6041!oval:gov.nist.fdcc.vista:def:6041 CCE-3072-6enable-automatic-logon&oval:com.secure-elements.oval:def:6054!oval:gov.nist.fdcc.vista:def:6054 CCE-2719-3)Turn-off-Autoplay, no-drive-type-auto-runNoval:com.secure-elements.oval:def:6574, oval:com.secure-elements.oval:def:6060turn_off_autoplay!oval:gov.nist.fdcc.vista:def:6574 CCE-3239-1enable-icmp-redirect&oval:com.secure-elements.oval:def:6057!oval:gov.nist.fdcc.vista:def:6057 CCE-3261-5disable-ip-source-routing&oval:com.secure-elements.oval:def:6055!oval:gov.nist.fdcc.vista:def:6055 CCE-3279-7perform-router-discovery&oval:com.secure-elements.oval:def:6063!oval:gov.nist.fdcc.vista:def:6063 CCE-3173-2do-not-display-last-user-name&oval:com.secure-elements.oval:def:6039!oval:gov.nist.fdcc.vista:def:6039 CCE-3067-6hide-system-from-browse-list&oval:com.secure-elements.oval:def:6058!oval:gov.nist.fdcc.vista:def:6058 CCE-3120-3enable-dead-gw-detect&oval:com.secure-elements.oval:def:6056!oval:gov.nist.fdcc.vista:def:6056 CCE-3142-7keep-alive-time&oval:com.secure-elements.oval:def:6059!oval:gov.nist.fdcc.vista:def:6059 CCE-2785-4no-name-release-on-demand&oval:com.secure-elements.oval:def:6061!oval:gov.nist.fdcc.vista:def:6061 CCE-2679-9syn-attack-protect&oval:com.secure-elements.oval:def:6066!oval:gov.nist.fdcc.vista:def:6066 CCE-3181-5 warning-level&oval:com.secure-elements.oval:def:6069!oval:gov.nist.fdcc.vista:def:6069 CCE-3199-7safe-dll-search-mode&oval:com.secure-elements.oval:def:6064!oval:gov.nist.fdcc.vista:def:6064 CCE-2714-4rename-administrator&oval:com.secure-elements.oval:def:6022!oval:gov.nist.fdcc.vista:def:6022 CCE-2359-8 rename-guest&oval:com.secure-elements.oval:def:6023!oval:gov.nist.fdcc.vista:def:6023 CCE-2519-76amount-of-idle-time-required-before-suspending-session&oval:com.secure-elements.oval:def:6050!oval:gov.nist.fdcc.vista:def:6050 CCE-3285-4"audit-access-global-system-objects&oval:com.secure-elements.oval:def:6024!oval:gov.nist.fdcc.vista:def:6024 CCE-3303-5"audit-use-backup-restore-privilege&oval:com.secure-elements.oval:def:6025!oval:gov.nist.fdcc.vista:def:6025 CCE-3307-6do-not-require-ctrlaltdel&oval:com.secure-elements.oval:def:6040!oval:gov.nist.fdcc.vista:def:6040 CCE-3325-8!prevent-users-installing-printers&oval:com.secure-elements.oval:def:6030!oval:gov.nist.fdcc.vista:def:6030 CCE-2858-9&restrict-cdrom-access-local-users-only&oval:com.secure-elements.oval:def:6031!oval:gov.nist.fdcc.vista:def:6031 CCE-3168-2'restrict-floppy-access-local-users-only&oval:com.secure-elements.oval:def:6032!oval:gov.nist.fdcc.vista:def:6032 CCE-3212-8require-strong-session-key&oval:com.secure-elements.oval:def:6038!oval:gov.nist.fdcc.vista:def:6038 CCE-2838-14send-unencrypted-password-to-third-party-smb-servers&oval:com.secure-elements.oval:def:6049!oval:gov.nist.fdcc.vista:def:6049 CCE-3230-00prompt-user-to-change-password-before-expiration&oval:com.secure-elements.oval:def:6044!oval:gov.nist.fdcc.vista:def:6044 CCE-3001-5!shutdown-system-unable-log-audits&oval:com.secure-elements.oval:def:6027!oval:gov.nist.fdcc.vista:def:6027 CCE-3252-4+digitally-sign-communicati< ons-client-always&oval:com.secure-elements.oval:def:6047!oval:gov.nist.fdcc.vista:def:6047 CCE-2380-42digitally-sign-communications-client-server-agrees&oval:com.secure-elements.oval:def:6048!oval:gov.nist.fdcc.vista:def:6048 CCE-3023-9+digitally-sign-communications-server-always&oval:com.secure-elements.oval:def:6051!oval:gov.nist.fdcc.vista:def:6051 CCE-3164-12digitally-sign-communications-server-client-agrees&oval:com.secure-elements.oval:def:6052!oval:gov.nist.fdcc.vista:def:6052 CCE-2376-2"number-of-previous-logons-to-cache&oval:com.secure-elements.oval:def:6043!oval:gov.nist.fdcc.vista:def:6043 CCE-3225-0"allow-format-eject-removable-media&oval:com.secure-elements.oval:def:6029!oval:gov.nist.fdcc.vista:def:6029 CCE-3330-84digitally-encrypt-or-sign-secure-channel-data-always&oval:com.secure-elements.oval:def:6034!oval:gov.nist.fdcc.vista:def:6034 CCE-2467-93digitally-encrypt-secure-channel-data-when-possible&oval:com.secure-elements.oval:def:6033!oval:gov.nist.fdcc.vista:def:6033 CCE-3233-40digitally-sign-secure-channel-data-when-possible&oval:com.secure-elements.oval:def:6035!oval:gov.nist.fdcc.vista:def:6035 CCE-3251-6smart-card-removal-behaviour&oval:com.secure-elements.oval:def:6046!oval:gov.nist.fdcc.vista:def:6046 CCE-3255-7(disable-machine-account-password-changes&oval:com.secure-elements.oval:def:6036!oval:gov.nist.fdcc.vista:def:6036 CCE-2398-6limit-blank-password-use&oval:com.secure-elements.oval:def:6021!oval:gov.nist.fdcc.vista:def:6021 CCE-3326-6allow-undock-no-logon&oval:com.secure-elements.oval:def:6028!oval:gov.nist.fdcc.vista:def:6028 CCE-3075-9$maximum-machine-account-password-age&oval:com.secure-elements.oval:def:6037$maximum_machine-account-password-age!oval:gov.nist.fdcc.vista:def:6037 CCE-3220-12require-domain-controller-authentication-to-unlock&oval:com.secure-elements.oval:def:6045!oval:gov.nist.fdcc.vista:def:6045 CCE-3361-3)disconnect-client-when-logon-hours-expire&oval:com.secure-elements.oval:def:6053!oval:gov.nist.fdcc.vista:def:6053 CCE-3379-5<do-not-allow-storage-credentials-net-passports-network-authn&oval:com.secure-elements.oval:def:6072!oval:gov.nist.fdcc.vista:def:6072 CCE-2457-01let-everyone-permissions-apply-to-anonymous-users&oval:com.secure-elements.oval:def:6073!oval:gov.nist.fdcc.vista:def:6073 CCE-3380-3 named-pipes-accessed-anonymously&oval:com.secure-elements.oval:def:6074!oval:gov.nist.fdcc.vista:def:6074 CCE-2825-8TRemotely-accessible-registry-paths, Remotely-accessible-registry-paths-and-sub-pathsLoval:com.secure-elements.oval:def:6075oval:com.secure-elements.oval:def:6076"Remotely-accessible-registry-paths!oval:gov.nist.fdcc.vista:def:6075 CCE-3349-8>Shares-that-can-be-accessed-anonymously -- NOTE: COMMENTED OUT'Shares-that-can-be-accessed-anonymously"oval:gov.nist.fdcc.vista:def:60771 CCE-3367-0-Sharing-and-security-model-for-local-accounts&oval:com.secure-elements.oval:def:6079!oval:gov.nist.fdcc.vista:def:6079 CCE-3138-5;Do-not-store-LAN-Manager-hash-value-on-next-password-change&oval:com.secure-elements.oval:def:6080!oval:gov.nist.fdcc.vista:def:6080 CCE-3283-9$Force-logoff-when-logon-hours-expire&oval:com.secure-elements.oval:def:6081!oval:gov.nist.fdcc.vista:def:6081 CCE-3050-2screen_save_timeout!oval:gov.nist.fdcc.vista:def:6708 CCE-3429-81Always-prompt-client-for-password-upon-connection&oval:com.secure-elements.oval:def:6599!oval:gov.nist.fdcc.vista:def:6599 CCE-3323-3Solicited-Remote-Assistance&oval:com.secure-elements.oval:def:6564!oval:gov.nist.fdcc.vista:def:6564 CCE-3217-7Offer-Remote-Assistance&oval:com.secure-elements.oval:def:6563!oval:gov.nist.fdcc.vista:def:6563 CCE-3358-9Configure-Automatic-Updates&oval:com.secure-elements.oval:def:6604 CCE-3345-6CCE-989}The "Do not adjust default option to 'Install Updates and Shut Down' in Shut Down Windows dialog box" should be set correctly=Do-not-adjust-default-option-to-Install-Updates-and-Shut-Down&oval:com.secure-elements.oval:def:6603 CCE-3363-9CCE-1sThe "Do not display 'Install Updates and Shut Down' option in Shut Down Windows dialog box" should be set correctly,Do-not-display-Install-Updates-and-Shut-Down&oval:com.secure-elements.oval:def:6602 CCE-2462-0=No-auto-restart-for-scheduled-Automatic-Updates-installations&oval:com.secure-elements.oval:def:6605 CCE-2852-24Reschedule-Automatic-Updates-scheduled-installations&oval:com.secure-elements.oval:def:6606 CCE-3371-2#oval:gov.nist.fdcc.vista:def:608243 CCE-3266-4#oval:gov.nist.fdcc.vista:def:608244 CCE-3411-6 CCE-2772-2Require-Smart-Card&oval:com.secure-elements.oval:def:6082 CCE-3292-03Restrict-anonymous-access-to-Named-Pipes-and-Shares&oval:com.secure-elements.oval:def:6077!oval:gov.nist.fdcc.vista:def:6077 CCE-3459-5(tcp-max-connect-response-retransmissions&oval:com.secure-elements.oval:def:6067!oval:gov.nist.fdcc.vista:def:6067 CCE-3460-3(1) number of retransmissionstcp-max-data-retransmissions&oval:com.secure-elements.oval:def:6068!oval:gov.nist.fdcc.vista:def:6068 CCE-3244-1 ntfs-disable-8dot3-name-creation&oval:com.secure-elements.oval:def:6062!oval:gov.nist.fdcc.vista:def:6062 CCE-3394-4)RPC-Endpoint-Mapper-Client-Authentication&oval:com.secure-elements.oval:def:6566!oval:gov.nist.fdcc.vista:def:6566 CCE-3160-9&oval:com.secure-elements.oval:def:6565,restrictions_for_unauthenticated_rpc_clients!oval:gov.nist.fdcc.vista:def:6565 CCE-3054-4VDomain-Profile-Firewall-Protect-All-Network-Connections, Domain-Profile-Firewall-StateNoval:com.secure-elements.oval:def:6547, oval:com.secure-elements.oval:def:6515domain_profile_firewall_state)oval:gov.nist.fdcc.vistafirewall:def:6515 CCE-3187-2/Domain-Profile-Firewall-Do-Not-Allow-Exceptions&oval:com.secure-elements.oval:def:6544 CCE-3405-86Domain-Profile-Firewall-Allow-Local-Program-Exceptions&oval:com.secure-elements.oval:def:6541 CCE-3158-3EDomain-Profile-Firewall-Allow-Inbound-Remote-Administration-Exception&oval:com.secure-elements.oval:def:6537 CCE-3431-4HDomain-Profile-Firewall-Allow-Inbound-File-And-Printer-Sharing-Exception&oval:com.secure-elements.oval:def:6536 CCE-3458-7?Domain-Profile-Firewall-Allow-Inbound-Remote-Desktop-Exceptions&oval:com.secure-elements.oval:def:6538 CCE-2964-5?Domain-Profile-Firewall-Allow-Inbound-UPnP-Framework-Exceptions&oval:com.secure-elements.oval:def:6539 CCE-3365-4SDomain-Profile-Firewall-Prohibit-Notifications, Domain-Profile-Display-NotificationNoval:com.secure-elements.oval:def:6545, oval:com.secure-elements.oval:def:6518 CCE-3260-7"domain_profile_log_dropped_packets)oval:gov.nist.fdcc.vistafirewall:def:6401 CCE-2533-8domain_profile_name)oval:gov.nist.fdcc.vistafirewall:def:6403 CCE-3299-5domain_profile_size_limit)oval:gov.nist.fdcc.vistafirewall:def:6404 CCE-3414-0,domain_profile_logged_successful_connections)oval:gov.nist.fdcc.vistafirewall:def:6402 CCE-3436-3XDomain-Profile-Firewall-Prohibit-Unicast-Response, Domain-Profile-Allow-Unicast-ResponseNoval:com.secure-elements.oval:def:6546, oval:com.secure-elements.oval:def:6519%domain_profile_allow_unicast_response)oval:gov.nist.fdcc.vistafirewall:def:6519 CCE-3202-96Domain-Profile-Firewall-Define-Inbound-Port-Exceptions&oval:com.secure-elements.oval:def:6542 CCE-3180-73Domain-Profile-Firewall-Allow-Local-Port-Exceptions&oval:com.secure-elements.oval:def:6540 CCE-3329-09Standard-Profile-Firewall-Protect-All-Network-Connections&oval:com.secure-elements.oval:def:6559 CCE-3347-21Standard-Profile-Firewall-Do-Not-Allow-Exceptions&oval:com.secure-elements.oval:def:6556 CCE-3334-0;Standard-Profile-Firewall-Define-Inbound-Program-Exceptions&oval:com.secure-elements.oval:def:6555 CCE-3352-2GStandard-Profile-Firewall-Allow-Inbound-Remote-Administration-Exception&oval:com.secure-elements.oval:def:6549 CCE-3369-6Standard-Profile-Firewall-Allow-Inbound-File-And-Printer-Sharing-Exception,Standard-Profile-Firewall-Allow-< Inbound-File-And-Printer-Sharing-ExceptionsMoval:com.secure-elements.oval:def:6548,oval:com.secure-elements.oval:def:6553 CCE-3387-8AStandard-Profile-Firewall-Allow-Inbound-Remote-Desktop-Exceptions&oval:com.secure-elements.oval:def:6550 CCE-3268-0AStandard-Profile-Firewall-Allow-Inbound-UPnP-Framework-Exceptions&oval:com.secure-elements.oval:def:6551 CCE-3409-00Standard-Profile-Firewall-Prohibit-Notifications&oval:com.secure-elements.oval:def:6557 CCE-3440-53Standard-Profile-Firewall-Prohibit-Unicast-Response&oval:com.secure-elements.oval:def:6558 CCE-3462-98Standard-Profile-Firewall-Define-Inbound-Port-Exceptions&oval:com.secure-elements.oval:def:6554 CCE-3356-35Standard-Profile-Firewall-Allow-Local-Port-Exceptions&oval:com.secure-elements.oval:def:6552 CCE-2999-1CCE-249$Domain Profile - Inbound Connections"Domain-Profile-Inbound-Connections&oval:com.secure-elements.oval:def:6516"domain_profile_inbound_connections)oval:gov.nist.fdcc.vistafirewall:def:6516 CCE-3439-7CCE-485%Domain Profile - Outbound Connections#Domain-Profile-Outbound-Connections&oval:com.secure-elements.oval:def:6517#domain_profile_outbound_connections)oval:gov.nist.fdcc.vistafirewall:def:6517 CCE-3457-9CCE-400+Domain Profile - Apply Local Firewall Rules)Domain-Profile-Apply-Local-Firewall-Rules&oval:com.secure-elements.oval:def:6520)domain_profile_apply_local_firewall_rules)oval:gov.nist.fdcc.vistafirewall:def:6520 CCE-2977-76Domain Profile - Apply Local Connection Security Rules4Domain-Profile-Apply-Local-Connection-Security-Rules&oval:com.secure-elements.oval:def:6521 CCE-3373-8CCE-7Private Profile- Firewall StatePrivate-Profile-Firewall-State&oval:com.secure-elements.oval:def:6522private_profile_firewall_state)oval:gov.nist.fdcc.vistafirewall:def:6522 CCE-3395-1CCE-29%Private Profile - Inbound Connections#Private-Profile-Inbound-Connections&oval:com.secure-elements.oval:def:6523#private_profile_inbound_connections)oval:gov.nist.fdcc.vistafirewall:def:6523 CCE-3166-6CCE-32&Private Profile - Outbound Connections$Private-Profile-Outbound-Connections&oval:com.secure-elements.oval:def:6524$private_profile_outbound_connections)oval:gov.nist.fdcc.vistafirewall:def:6524 CCE-3417-3CCE-38User notifications when a program is blocked from receiving inbound connections by Windows Firewall should be enabled or disabled as appropriate for the Private Profile.$Private-Profile-Display-Notification&oval:com.secure-elements.oval:def:6525$private_profile_display_notification)oval:gov.nist.fdcc.vistafirewall:def:6525 CCE-2924-9CCE-70yUnicast response to multicast or broadcast requests should be enabled or disabled as appropriate for the Private Profile.&Private-Profile-Allow-Unicast-Response&oval:com.secure-elements.oval:def:6526&private_profile_allow_unicast_response)oval:gov.nist.fdcc.vistafirewall:def:6526 CCE-3360-5CCE-117,Private Profile - Apply Local Firewall Rules*Private-Profile-Apply-Local-Firewall-Rules&oval:com.secure-elements.oval:def:6527*private_profile_apply_local_firewall_rules)oval:gov.nist.fdcc.vistafirewall:def:6527 CCE-2854-8CCE-1997Private Profile - Apply Local Connection Security Rules5Private-Profile-Apply-Local-Connection-Security-Rules&oval:com.secure-elements.oval:def:65285private_profile_apply_local_connection_security_rules)oval:gov.nist.fdcc.vistafirewall:def:6528 CCE-3246-6CCE-295Public Profile- Firewall StatePublic-Profile-Firewall-State&oval:com.secure-elements.oval:def:6529public_profile_firewall_state)oval:gov.nist.fdcc.vistafirewall:def:6529 CCE-3263-1CCE-338$Public Profile - Inbound Connections"Public-Profile-Inbound-Connections&oval:com.secure-elements.oval:def:6530"public_profile_inbound_connections)oval:gov.nist.fdcc.vistafirewall:def:6530 CCE-3351-4CCE-342%Public Profile - Outbound Connections#Public-Profile-Outbound-Connections&oval:com.secure-elements.oval:def:6531#public_profile_outbound_connections)oval:gov.nist.fdcc.vistafirewall:def:6531 CCE-2998-3CCE-390User notifications when a program is blocked from receiving inbound connections by Windows Firewall should be enabled or disabled as appropriate for the Public Profile.#Public-Profile-Display-Notification&oval:com.secure-elements.oval:def:6532#public_profile_display_notification)oval:gov.nist.fdcc.vistafirewall:def:6532 CCE-2641-9CCE-414xUnicast response to multicast or broadcast requests should be enabled or disabled as appropriate for the Public Profile.%Public-Profile-Allow-Unicast-Response&oval:com.secure-elements.oval:def:6533%public_profile_allow_unicast_response)oval:gov.nist.fdcc.vistafirewall:def:6533 CCE-2650-0CCE-421+Public Profile - Apply Local Firewall Rules)Public-Profile-Apply-Local-Firewall-Rules&oval:com.secure-elements.oval:def:6534)public_profile_apply_local_firewall_rules)oval:gov.nist.fdcc.vistafirewall:def:6534 CCE-3426-4CCE-4376Public Profile - Apply Local Connection Security Rules4Public-Profile-Apply-Local-Connection-Security-Rules&oval:com.secure-elements.oval:def:65354public_profile_apply_local_connection_security_rules)oval:gov.nist.fdcc.vistafirewall:def:6535 CCE-3320-9CCE-503*Logon - Do not process the legacy run listDo-Not-Process-Legacy-Run-List&oval:com.secure-elements.oval:def:6560 CCE-3086-6&oval:com.secure-elements.oval:def:6561do_not_process_run_once_list!oval:gov.nist.fdcc.vista:def:6561 CCE-3452-0Registry-Policy-Processing&oval:com.secure-elements.oval:def:6562 CCE-3364-7&oval:com.secure-elements.oval:def:6568!oval:gov.nist.fdcc.vista:def:6568 CCE-3259-9&oval:com.secure-elements.oval:def:6569!oval:gov.nist.fdcc.vista:def:6569 CCE-2778-9&oval:com.secure-elements.oval:def:6570!oval:gov.nist.fdcc.vista:def:6570 CCE-3421-5&oval:com.secure-elements.oval:def:6571!oval:gov.nist.fdcc.vista:def:6571 CCE-2754-0&oval:com.secure-elements.oval:def:6572/turn_off_downloading_of_print_drivers_over_http!oval:gov.nist.fdcc.vista:def:6572 CCE-3278-9&oval:com.secure-elements.oval:def:6573!oval:gov.nist.fdcc.vista:def:6573 CCE-2471-1CCE-935-Enumerate administrator accounts on elevation-Enumerate-administrator-accounts-on-elevation&oval:com.secure-elements.oval:def:6575-enumerate_administrator_accounts_on_elevation!oval:gov.nist.fdcc.vista:def:6575 CCE-3310-0CCE-255)Require trusted path for credential entry)Require-trusted-path-for-credential-entry&oval:com.secure-elements.oval:def:6576 CCE-3327-4CCE-466?Deny all add-ons unless specifically allowed in the Add-on List?Deny-all-add-ons-unless-specifically-allowed-in-the-Add-on-List&oval:com.secure-elements.oval:def:6594 CCE-2975-1"Do-not-allow-passwords-to-be-saved&oval:com.secure-elements.oval:def:6596!oval:gov.nist.fdcc.vista:def:6596 CCE-2874-6CCE-648bThe "Do not allow drive redirection" setting should be configured correctly for Terminal Services.Do-not-allow-drive-redirection&oval:com.secure-elements.oval:def:6598 CCE-3415-7CCE-4052Access to registry editing tools is set correctly.&oval:com.secure-elements.oval:def:6500 CCE-3169-0FPrompt for password on resume from hibernate/suspend is set correctly.4Prompt-for-password-on-resume-from-hibernate-suspend&oval:com.secure-elements.oval:def:6714!oval:gov.nist.fdcc.vista:def:6714 CCE-3437-1EDo not preserve zone information in file attachments is set correcly.4Do-not-preserve-zone-information-in-file-attachments&oval:com.secure-elements.oval:def:6502!oval:gov.nist.fdcc.vista:def:6502 CCE-2979-3;Hide mechanisms to remove zone information is set correcly.*Hide-mechanisms-to-remove-zone-information&oval:com.secure-elements.oval:def:6503!oval:gov.nist.fdcc.vista:def:6503 CCE-3300-1CNotify antivirus programs when opening attachments is set correcly.2Notify-antivirus-programs-when-opening-attachments&oval:com.secure-elements.oval:def:6504!oval:gov.nist.fdcc.vista:def:6504 CCE-3305-0CCE-8866Outlook Express attachment blocking is set co< rrectly. &oval:com.secure-elements.oval:def:6505 CCE-3450-4CCE-111@Audit: Force audit policy subcategory settings are set correcly.override-audit-policy-settings&oval:com.secure-elements.oval:def:6026!oval:gov.nist.fdcc.vista:def:6026 CCE-3102-1CCE-1044FThe "Log Access For Setup Log" setting should be configured correctly.Log-Access-For-Setup-Log&oval:com.secure-elements.oval:def:6701 CCE-3388-6CCE-84NThe startup type of the Windows Search service should be configured correctly.Windows-Search&oval:com.secure-elements.oval:def:6148 CCE-3270-63Turn-Off-Microsoft-Peer-to-Peer-Networking-Services&oval:com.secure-elements.oval:def:6662!oval:gov.nist.fdcc.vista:def:6662 CCE-3045-2CCE-629`The "Prohibit Access of the Windows Connect Now Wizards" setting should be configured correctly.2Prohibit-Access-of-the-Windows-Connect-Now-Wizards&oval:com.secure-elements.oval:def:66652prohibit_access_of_the_windows_connect_now_wizards!oval:gov.nist.fdcc.vista:def:6666 CCE-3331-6CCE-593VThe "Allow remote access to the PnP interface" setting should be configured correctly.(Allow-remote-access-to-the-PnP-interface&oval:com.secure-elements.oval:def:6667(allow_remote_access_to_the_pnp_interface!oval:gov.nist.fdcc.vista:def:6667 CCE-3464-5CCE-849qThe "Do not create system restore point when new device driver installed" setting should be configured correctly.CDo-not-create-system-restore-point-when-new-device-driver-installed&oval:com.secure-elements.oval:def:6668Cdo_not_create_system_restore_point_when_new_device_driver_installed!oval:gov.nist.fdcc.vista:def:6668 CCE-3468-6CCE-571The "Do not send a Windows Error Report when a generic driver is installed on a device" setting should be configured correctly.KDo-not-send-Windows-Error-Report-when-generic-driver-is-installed-on-device&oval:com.secure-elements.oval:def:6669Kdo_not_send_windows_error_report_when_generic_driver_is_installed_on_device!oval:gov.nist.fdcc.vista:def:6669 CCE-3362-1CCE-91[The "Turn Off Access to All Windows Update Feature" setting should be configured correctly.-Turn-Off-Access-to-All-Windows-Update-Feature&oval:com.secure-elements.oval:def:6673 CCE-3454-6&oval:com.secure-elements.oval:def:6674+turn_off_automatic_root_certificates_update!oval:gov.nist.fdcc.vista:def:6674 CCE-3348-0&oval:com.secure-elements.oval:def:6675%turn_off_event_views_events.asp_links!oval:gov.nist.fdcc.vista:def:6675 CCE-2868-8CCE-430]The "Turn Off Handwriting Reconition Error Reporting" setting should be configured correctly./Turn-Off-Handwriting-Reconition-Error-Reporting&oval:com.secure-elements.oval:def:6676/turn_off_handwriting_reconition_error_reporting!oval:gov.nist.fdcc.vista:def:6676 CCE-2877-9CCE-756fThe "Turn Off Help and Support Center "Did You Know?" Content" setting should be configured correctly.5Turn-Off-Help-and-Support-Center-Did-you-Know-Content&oval:com.secure-elements.oval:def:6677 CCE-3406-6CCE-1029nThe "Turn Off Help and Support Center Microsoft Knowledge Base Search" setting should be configured correctly.@Turn-Off-Help-and-Support-Center-Microsoft-Knowledge-Base-Search&oval:com.secure-elements.oval:def:6678 CCE-3432-2&oval:com.secure-elements.oval:def:6679Sturn_off_internet_connection_wizard_if_url_connection_is_referring_to_microsoft.com!oval:gov.nist.fdcc.vista:def:6679 CCE-2697-1&oval:com.secure-elements.oval:def:6680!oval:gov.nist.fdcc.vista:def:6680 CCE-3093-2&oval:com.secure-elements.oval:def:6681!oval:gov.nist.fdcc.vista:def:6681 CCE-3115-3&oval:com.secure-elements.oval:def:6682!oval:gov.nist.fdcc.vista:def:6682 CCE-2477-8&oval:com.secure-elements.oval:def:6567!oval:gov.nist.fdcc.vista:def:6567 CCE-3403-3&oval:com.secure-elements.oval:def:6696!oval:gov.nist.fdcc.vista:def:6696 CCE-3297-9&oval:com.secure-elements.oval:def:6684!oval:gov.nist.fdcc.vista:def:6684 CCE-3385-2DTurn-Off-Windows-Movie-Maker-Saving-to-Online-Video-Hosting-Provider&oval:com.secure-elements.oval:def:6697!oval:gov.nist.fdcc.vista:def:6697 CCE-2781-3&oval:com.secure-elements.oval:def:6687!oval:gov.nist.fdcc.vista:def:6687 CCE-2922-3CCE-681LThe "Turn off Windows Startup Sound" setting should be configured correctly.Turn-off-Windows-Startup-Sound&oval:com.secure-elements.oval:def:6688!oval:gov.nist.fdcc.vista:def:6688 CCE-2821-7CCE-346cThe "Require a Password when a Computer Wakes (On Battery)" setting should be configured correctly.3Require-a-Password-when-a-Computer-Wakes-On-Battery&oval:com.secure-elements.oval:def:6689!oval:gov.nist.fdcc.vista:def:6689 CCE-3469-4CCE-1011`The "Require a Password when a Computer Wakes (Plugged)" setting should be configured correctly.0Require-a-Password-when-a-Computer-Wakes-Plugged&oval:com.secure-elements.oval:def:6690!oval:gov.nist.fdcc.vista:def:6690 CCE-2742-5CCE-1007SThe "Allow only Vista or later connections" setting should be configured correctly.%Allow-only-Vista-or-later-connections&oval:com.secure-elements.oval:def:6691 CCE-2887-8CCE-923LThe "Customization Warning Messages" setting should be configured correctly.Customization-Warning-Messages&oval:com.secure-elements.oval:def:6692 CCE-3407-4CCE-1056LThe "Turn on bandwidth optimization" setting should be configured correctly.Turn-on-bandwidth-optimization&oval:com.secure-elements.oval:def:6693 CCE-3271-4CCE-835EThe "Turn on session logging" setting should be configured correctly.Turn-on-session-logging&oval:com.secure-elements.oval:def:6694turn_on_session_logging!oval:gov.nist.fdcc.vista:def:6694 CCE-3288-8&oval:com.secure-elements.oval:def:6107!oval:gov.nist.fdcc.vista:def:6107 CCE-3434-8CCE-557BThe "Turn off Active Help" setting should be configured correctly.Turn-Off-Active-Help&oval:com.secure-elements.oval:def:6108 CCE-3046-0CCE-95HThe "Turn off Untrusted Content" setting should be configured correctly.Turn-Off-Untrusted-Content&oval:com.secure-elements.oval:def:6109turn_off_untrusted_content!oval:gov.nist.fdcc.vista:def:6109 CCE-3477-7&oval:com.secure-elements.oval:def:6110turn_off_downloading_enclosures!oval:gov.nist.fdcc.vista:def:6110 CCE-3376-1CCE-1049OThe "Allow indexing of encrypted files" setting should be configured correctly.!Allow-indexing-of-encrypted-files&oval:com.secure-elements.oval:def:6704!oval:gov.nist.fdcc.vista:def:6704 CCE-3143-5CCE-1058XThe "Prevent indexing uncached Exchange folders" setting should be configured correctly.*Prevent-indexing-uncached-Exchange-folders&oval:com.secure-elements.oval:def:6705!oval:gov.nist.fdcc.vista:def:6705 CCE-2914-0CCE-441GThe "Turn off Windows Calendar" setting should be configured correctly.Turn-off-Windows-Calendar&oval:com.secure-elements.oval:def:6111 CCE-3178-1CCE-97tThe "Allow Corporate redirection of Customer Experience Improvement uploads" setting should be configured correctly.KAllow-Corporate-Redirection-Customer-Experience-Improvement-Program-Uploads&oval:com.secure-elements.oval:def:6112 CCE-3209-4CCE-728GThe "Turn off Windows Defender" setting should be configured correctly.Turn-off-Windows-Defender&oval:com.secure-elements.oval:def:6113 CCE-2962-9CCE-384UThe "Turn off Heap termination on corruption" setting should be configured correctly.$Turn-off-heap-termination-corruption&oval:com.secure-elements.oval:def:6118$turn_off_heap_termination_corruption!oval:gov.nist.fdcc.vista:def:6118 CCE-3125-2&Turn-off-shell-protocol-protected-mode&oval:com.secure-elements.oval:def:6119!oval:gov.nist.fdcc.vista:def:6119 CCE-3398-52Prohibit-Non-Administrators-applying-vendorpatches&oval:com.secure-elements.oval:def:6122!oval:gov.nist.fdcc.vista:def:6122 CCE-3341-5CCE-392aThe "Report Logon Server Not Available During User logon" setting should be configured correctly.3Report-logon-server-not-available-during-user-logon&oval:com.secure-elements.oval:def:61233report_logon_server_not_available_during_user_logon!oval:gov.nist.fdcc.vista:< def:6123 CCE-2521-3CCE-96SThe "Turn off the communitication features" setting should be configured correctly.Turn-off-communication-features&oval:com.secure-elements.oval:def:6124turn_off_communities_features!oval:gov.nist.fdcc.vista:def:6124 CCE-2525-4CCE-331OThe "Turn off Windows Mail application" setting should be configured correctly.Turn-off-windows-mail-app&oval:com.secure-elements.oval:def:6125turn_off_windows_mail_app!oval:gov.nist.fdcc.vista:def:6125 CCE-3486-8CCE-1089WThe "Prevent Windows Media DRM Internet Access" setting should be configured correctly.)Prevent-Windows-Media-DRM-Internet-Access&oval:com.secure-elements.oval:def:6126)prevent_windows_media_drm_internet_access!oval:gov.nist.fdcc.vista:def:6126 CCE-2557-7CCE-992LThe "Turn off Windows Meeting Space" setting should be configured correctly.Turn-off-windows-meeting-space&oval:com.secure-elements.oval:def:6127turn_off_windows_meeting_space!oval:gov.nist.fdcc.vista:def:6127 CCE-3328-2CCE-105SThe "Turn on Windows Meeting Space audting" setting should be configured correctly.&Turn-on-windows-meeting-space-auditing&oval:com.secure-elements.oval:def:6128 CCE-3456-1CCE-297yThe "Disable unpacking and installation of gadgets that are not digitally signed" setting should be configured correctly.;Disable-unpacking-installation-gadgets-not-digitally-signed&oval:com.secure-elements.oval:def:6129;disable_unpacking_installation_gadgets_not_digitally_signed!oval:gov.nist.fdcc.vista:def:6129 CCE-3214-4CCE-702LThe "Override the More Gadgets Link" setting should be configured correctly.Override-more-gadgets-Lnk&oval:com.secure-elements.oval:def:6130override_more_gadgets_lnk!oval:gov.nist.fdcc.vista:def:6130 CCE-3500-6CCE-644]The "Turn Off User Installed Windows Sidebar Gadgets" setting should be configured correctly./Turn-off-user-installed-windows-sidebar-gidgets&oval:com.secure-elements.oval:def:6131/turn_off_user_installed_windows_sidebar_gidgets!oval:gov.nist.fdcc.vista:def:6131 CCE-3482-7CCE-1747PThe "Do not allow Digital Locker to run" setting should be configured correctly.&do_not_allow_digital_locker_to_run_var!oval:gov.nist.fdcc.vista:def:6698"do_not_allow_digital_locker_to_run CCE-2755-7CCE-1778VThe "Turn Off Downloading of Game Information" setting should be configured correctly.(turn_off_downloading_of_game_information!oval:gov.nist.fdcc.vista:def:6703 CCE-2865-4CCE-1795HThe "IPv6 Block of Protocols 41" setting should be configured correctly.ipv6_block_protocols_41)oval:gov.nist.fdcc.vistafirewall:def:6491 CCE-3508-9CCE-1293DThe "IPv6 Block of UDP 3544" setting should be configured correctly.ipv6_block_udp_3544)oval:gov.nist.fdcc.vistafirewall:def:6492 CCE-4662-3(kerberos-enforce-user-logon-restrictions#oval:gov.nist.fdcc.vista:def:987651 CCE-4666-4#oval:gov.nist.fdcc.vista:def:987652 CCE-3936-2#oval:gov.nist.fdcc.vista:def:987653 CCE-4755-5#oval:gov.nist.fdcc.vista:def:987654 CCE-4702-7#oval:gov.nist.fdcc.vista:def:987655 CCE-3949-5"allow-automatic-detection-mtu-size oval:gov.nist.fdcc.vista:def:407 CCE-4904-9&enable-nodefaultexempt-IPSec-Filtering oval:gov.nist.fdcc.vista:def:116 CCE-4781-1CCE-1185WThe "Remotely accessible registry paths and subpaths" policy should be set correctly. 0Remotely-accessible-registry-paths-and-sub-paths!oval:gov.nist.fdcc.vista:def:6076 CCE-4922-1 Lan-manager-authentication-level!oval:gov.nist.fdcc.vista:def:6094 CCE-4940-3 LDAP-client-signing-requirements!oval:gov.nist.fdcc.vista:def:6095 CCE-4583-1/minimum-session-security-ntlm-ssp-based-clients!oval:gov.nist.fdcc.vista:def:6096 CCE-4213-5/minimum-session-security-ntlm-ssp-based-servers!oval:gov.nist.fdcc.vista:def:6097 CCE-4107-9+recovery-console-allow-administrative-logon!oval:gov.nist.fdcc.vista:def:6098 CCE-3953-7<recovery-console-allow-floppy-copy-access-all-drives-folders!oval:gov.nist.fdcc.vista:def:6099 CCE-3954-53shutdown-allow-system-shutdown-without-having-logon!oval:gov.nist.fdcc.vista:def:6100 CCE-3969-3"shutdown-clear-virtual-memory-page!oval:gov.nist.fdcc.vista:def:6101 CCE-4774-6/system-cryptography-use-fips-compliant-alorithm!oval:gov.nist.fdcc.vista:def:6102 CCE-4841-3(system-objects-require-case-insesitivity!oval:gov.nist.fdcc.vista:def:6104 CCE-4011-3Esystem-objects-strengthen-default-permissions-internal-system-objects!oval:gov.nist.fdcc.vista:def:6105 CCE-4955-1CCE-1078admin_approval_mode!oval:gov.nist.fdcc.vista:def:8081 CCE-4016-2CCE-1063xThe "Behavior of the elevation prompt for administrators in Admin Approval Mode" setting should be configured correctly.(behavior_elevation_prompt_administrators!oval:gov.nist.fdcc.vista:def:8082 CCE-4969-2CCE-1067aThe "Behavior of the elevation prompt for standard users" setting should be configured correctly.(behavior_elevation_prompt_standard_users!oval:gov.nist.fdcc.vista:def:8083 CCE-4612-8CCE-11281detect_application_installations_prompt_elevation!oval:gov.nist.fdcc.vista:def:8084 CCE-5004-7CCE-1104)only_elevate_executables_signed_validated!oval:gov.nist.fdcc.vista:def:8085 CCE-4020-4CCE-986"only_elevate_uiaccess_applications!oval:gov.nist.fdcc.vista:def:8086 CCE-4907-2CCE-1050&run_administrators_admin_approval_mode!oval:gov.nist.fdcc.vista:def:8087 CCE-4925-4CCE-230)switch_secure_desktop_prompting_elevation!oval:gov.nist.fdcc.vista:def:8088 CCE-4194-7CCE-673,virtualize_write_failures_per_user_locations!oval:gov.nist.fdcc.vista:def:8089 CCE-4334-9+Access-Computer-From-Network-Administrators!oval:gov.nist.fdcc.vista:def:6607 CCE-4088-1$Act-As-Part-Of-Operating-System-None!oval:gov.nist.fdcc.vista:def:6609 CCE-4854-6?Adjust-Memory-Quotas-Administrators-LocalService-NetworkService!oval:gov.nist.fdcc.vista:def:6612 CCE-4872-8)Allow-Log-On-Locally-Administrators-Users!oval:gov.nist.fdcc.vista:def:6613 CCE-4264-8HAllow-Log-On-Through-Terminal-Services-Administrators-RemoteDesktopUsers!oval:gov.nist.fdcc.vista:def:6616 CCE-4827-2,Back-Up-Files-And-Directories-Administrators!oval:gov.nist.fdcc.vista:def:6617 CCE-4973-4IBypass-Traverse-Checking-Administrators_Users_LocalService_NetworkService!oval:gov.nist.fdcc.vista:def:6621 CCE-4863-7.Change-System-Time-LocalService-Administrators!oval:gov.nist.fdcc.vista:def:6623 CCE-5008-8CCE-470UThe "Change the time zone" user right should be assigned to the appropriate accounts.2Change-Time-Zone-Administrators_Users_LocalService#oval:gov.nist.fdcc.vista:def:662381 CCE-4757-1Create-Pagefile-Administrators!oval:gov.nist.fdcc.vista:def:6624 CCE-4902-3Create-Token-Object-None!oval:gov.nist.fdcc.vista:def:6625 CCE-4792-8HCreate-Global-Objects-Administrators-SERVICE-LocalService-NetworkService!oval:gov.nist.fdcc.vista:def:6626 CCE-4184-8$Create-Permanent-Shared-Objects-None!oval:gov.nist.fdcc.vista:def:6627 CCE-4687-0Debug-Programs-None!oval:gov.nist.fdcc.vista:def:6628 CCE-4704-3Deny-Access-From-Network-Guests!oval:gov.nist.fdcc.vista:def:6630 CCE-4722-5Deny-Logon-As-Batch-Job-Guests!oval:gov.nist.fdcc.vista:def:6631 CCE-4867-8!oval:gov.nist.fdcc.vista:def:6633 CCE-4889-2Deny-Logon-Locally-Guests!oval:gov.nist.fdcc.vista:def:6634 CCE-4656-5*Deny-Logon-Through-Terminal-Services-Guest!oval:gov.nist.fdcc.vista:def:6636 CCE-4673-00Force-Shutdown-From-Remote-System-Administrators!oval:gov.nist.fdcc.vista:def:6638 CCE-4488-34Generate-Security-Audits-LocalService-NetworkService!oval:gov.nist.fdcc.vista:def:6639 CCE-4382-8ZImpersonate-Client-After-Authentication-Administrators-SERVICE-LocalService-NetworkService!oval:gov.nist.fdcc.vista:def:6640 CCE-4651-6CCE-1027LThe "Increase a Process Working Set" setting should be configured correctly.8Increase-Process-Working-Set-Administrators_LocalService#oval:gov.nist.fdcc.vista:def:662391 CCE-4796-9+Increase-Scheduling-Priority-Administrators!oval:gov.nist.fdcc.vista:def:6641< CCE-4034-5-Load-And-Unload-Device-Drivers-Administrators!oval:gov.nist.fdcc.vista:def:6642 CCE-4317-4Lock-Pages-In-Memory-None!oval:gov.nist.fdcc.vista:def:6643 CCE-4083-2Log-On-As-Batch-Job-None!oval:gov.nist.fdcc.vista:def:6644 CCE-4038-6Log-On-As-Service-None!oval:gov.nist.fdcc.vista:def:6647 CCE-4046-9/Manage-Auditing-And-Security-Log-Administrators!oval:gov.nist.fdcc.vista:def:6648 CCE-4285-3CCE-1023WThe "Modify an object label" user right should be assigned to the appropriate accounts.Modify-Object-Label-None#oval:gov.nist.fdcc.vista:def:662371 CCE-4048-51Modify-Firmware-Environment-Values-Administrators!oval:gov.nist.fdcc.vista:def:6649 CCE-4071-7/Perform-Volume-Maintenance-Tasks-Administrators!oval:gov.nist.fdcc.vista:def:6650 CCE-4962-7%Profile-Single-Process-Administrators!oval:gov.nist.fdcc.vista:def:6651 CCE-4618-5)Profile-System-Performance-Administrators!oval:gov.nist.fdcc.vista:def:6652 CCE-4861-19Remove-Computer-From-Docking-Station-Administrators-Users!oval:gov.nist.fdcc.vista:def:6653 CCE-4372-97Replace-Process-Level-Token-NetworkService-LocalService!oval:gov.nist.fdcc.vista:def:6654 CCE-4948-6,Restore-Files-And-Directories-Administrators!oval:gov.nist.fdcc.vista:def:6655 CCE-4569-0%Shut-Down-System-Administrators-Users!oval:gov.nist.fdcc.vista:def:6657 CCE-4970-0'Synchronize-Directory-Service-Data-None!oval:gov.nist.fdcc.vista:def:6658 CCE-4988-2&Take-Ownership-Of-Files-Administrators!oval:gov.nist.fdcc.vista:def:6659 CCE-4627-6CCE-957NThe required permissions for the WLAN AutoConfig service should be assigned. wlan_autoconfig"oval:gov.nist.fdcc.vista:def:61481 CCE-4992-4turn_on_mapper_io_lltdio_driver!oval:gov.nist.fdcc.vista:def:6660 CCE-4077-4CCE-1134fThe "Turn on Responder (RSPNDR) driver" setting should be configured correctly for the domain profile.turn_on_responder_rspndr_driver!oval:gov.nist.fdcc.vista:def:6661 CCE-4152-5$oval:gov.nist.fdcc.vista:def:3366991 CCE-5020-3$oval:gov.nist.fdcc.vista:def:3366992 CCE-4078-2$oval:gov.nist.fdcc.vista:def:3366993 CCE-5061-7CCE-734The "Configuration of wireless settings using Windows Connect Now" setting should be configured correctly for Wireless Connect Now over Ethernet (UPnP).<configuration_of_wireless_settings_using_windows_connect_now!oval:gov.nist.fdcc.vista:def:6665 CCE-4081-6!oval:gov.nist.fdcc.vista:def:6671 CCE-4694-6!oval:gov.nist.fdcc.vista:def:6683 CCE-4813-2!oval:gov.nist.fdcc.vista:def:6686 CCE-4579-9CCE-836wThe 'Approved Installation Sites for ActiveX Controls' security mechanism should be enabled or disabled as appropriate.0approved_installation_sites_for_activex_controls!oval:gov.nist.fdcc.vista:def:6695 CCE-4086-5CCE-262:The setup log maximum size should be configured correctly.}GPO Setting: Computer Configuration\Administrative Templates\Windows Components\Event Log Service\Setup\Maximum Log Size (KB)maximum_setup_log_size"oval:gov.nist.fdcc.vista:def:19898 CCE-4501-3!oval:gov.nist.fdcc.vista:def:6598 CCE-4866-0&Set-client-connection-encryption-level!oval:gov.nist.fdcc.vista:def:6600 CCE-5007-0'set_timelimit_for_disconnected_sessions!oval:gov.nist.fdcc.vista:def:6726 CCE-4267-1<set_timelimit_for_active_but_idle_terminal_services_sessions!oval:gov.nist.fdcc.vista:def:6725 CCE-4761-3CCE-312Computer-wide, rather than per-user, use of Microsoft Spynet Reporting for Windows Defender should be enabled or disabled as appropriate.configure_ms_spynet_reporting!oval:gov.nist.fdcc.vista:def:6727 CCE-4915-5CCE-959=The "Disable Logging" setting should be configured correctly.disable_logging!oval:gov.nist.fdcc.vista:def:6114 CCE-5034-4CCE-803MThe "Disable Windows Error Reporting" setting should be configured correctly.disable_windows_error_reporting!oval:gov.nist.fdcc.vista:def:6115 CCE-4919-7$oval:gov.nist.fdcc.vista:def:3366994 CCE-4089-9CCE-798IThe "Do not send additional data" setting should be configured correctly.do_not_send_additional_data!oval:gov.nist.fdcc.vista:def:6117 CCE-4991-64disable_ie_security_prompt_windows_installer_scripts!oval:gov.nist.fdcc.vista:def:6120 CCE-4629-2!enable_user_control_over_installs!oval:gov.nist.fdcc.vista:def:6121 CCE-4405-7&oval:gov.nist.fdcc.vista:def:612261221 CCE-4898-3&oval:gov.nist.fdcc.vista:def:612261222 CCE-5052-6&oval:gov.nist.fdcc.vista:def:612261223 CCE-4797-7&oval:gov.nist.fdcc.vista:def:612261224 CCE-4290-3!oval:gov.nist.fdcc.vista:def:6707 CCE-5070-8CCE-1144cThe "Prevent users from sharing files within their profile" setting should be configured correctly.5prevent_users_from_sharing_files_within_their_profile!oval:gov.nist.fdcc.vista:def:6715 CCE-4938-7CCE-801~Auditing of "Account Management: Application Group Management" events on success should be enabled or disabled as appropriate.application-group-management!oval:gov.nist.fdcc.vista:def:8001 CCE-4700-1CCE-1016~Auditing of "Account Management: Application Group Management" events on failure should be enabled or disabled as appropriate. CCE-4093-1CCE-1070}Auditing of "Account Management: Computer Account Management" events on success should be enabled or disabled as appropriate.computer-account-management!oval:gov.nist.fdcc.vista:def:8002 CCE-4228-3CCE-840}Auditing of "Account Management: Computer Account Management" events on failure should be enabled or disabled as appropriate. CCE-4115-2CCE-515Auditing of "Account Management: Distribution Group Management" events on success should be enabled or disabled as appropriate.distribution-group-management!oval:gov.nist.fdcc.vista:def:8003 CCE-4140-0CCE-1048Auditing of "Account Management: Distribution Group Management" events on failure should be enabled or disabled as appropriate. CCE-4916-3CCE-206Auditing of "Account Management: Other Account Management Events" events on success should be enabled or disabled as appropriate.other-account-management-events!oval:gov.nist.fdcc.vista:def:8004 CCE-4783-7CCE-1202Auditing of "Account Management: Other Account Management Events" events on failure should be enabled or disabled as appropriate. CCE-5048-4CCE-1118{Auditing of "Account Management: Security Group Management" events on success should be enabled or disabled as appropriate.security-group-management!oval:gov.nist.fdcc.vista:def:8005 CCE-4142-6CCE-369{Auditing of "Account Management: Security Group Management" events on failure should be enabled or disabled as appropriate. CCE-4833-0CCE-1043yAuditing of "Account Management: User Account Management" events on success should be enabled or disabled as appropriate.user-account-management!oval:gov.nist.fdcc.vista:def:8006 CCE-5097-1CCE-924yAuditing of "Account Management: User Account Management" events on failure should be enabled or disabled as appropriate. CCE-5000-5CCE-1413oAuditing of "Detailed Tracking: DPAPI Activity" events on success should be enabled or disabled as appropriate.dpapi-activity!oval:gov.nist.fdcc.vista:def:8007 CCE-4493-3CCE-699oAuditing of "Detailed Tracking: DPAPI Activity" events on failure should be enabled or disabled as appropriate. CCE-4166-5CCE-913qAuditing of "Detailed Tracking: Process Creation" events on success should be enabled or disabled as appropriate.process-creation!oval:gov.nist.fdcc.vista:def:8008 CCE-5094-8CCE-1079qAuditing of "Detailed Tracking: Process Creation" events on failure should be enabled or disabled as appropriate. CCE-4869-4CCE-416tAuditing of "Detailed Tracking: Process Termination" events on success should be enabled or disabled as appropriate.process-termination!oval:gov.nist.fdcc.vista:def:8009 CCE-4363-8CCE-1250tAuditing of "Detailed Tracking: Process Termination" events on failure should be enabled or disabled as appropriate. CCE-4891-8CCE-1219kAuditing of "Detailed Tracking: RPC Events" events on success should be enabled or disabled as appropriate< . rpc-events!oval:gov.nist.fdcc.vista:def:8010 CCE-4759-7CCE-1365kAuditing of "Detailed Tracking: RPC Events" events on failure should be enabled or disabled as appropriate. CCE-5023-7CCE-207Auditing of "DS Access: Detailed Directory Service Replication" events on success should be enabled or disabled as appropriate.&detailed-directory-service-replication!oval:gov.nist.fdcc.vista:def:8011 CCE-4658-1CCE-1186Auditing of "DS Access: Detailed Directory Service Replication" events on failure should be enabled or disabled as appropriate. CCE-5028-6CCE-1199qAuditing of "DS Access: Directory Service Access" events on success should be enabled or disabled as appropriate.directory-service-access!oval:gov.nist.fdcc.vista:def:8012 CCE-4931-2CCE-459qAuditing of "DS Access: Directory Service Access" events on failure should be enabled or disabled as appropriate. CCE-5067-4CCE-317rAuditing of "DS Access: Directory Service Changes" events on success should be enabled or disabled as appropriate.directory-service-changes!oval:gov.nist.fdcc.vista:def:8013 CCE-4808-2CCE-982rAuditing of "DS Access: Directory Service Changes" events on failure should be enabled or disabled as appropriate. CCE-5089-8CCE-881vAuditing of "DS Access: Directory Service Replication" events on success should be enabled or disabled as appropriate.directory-service-replication!oval:gov.nist.fdcc.vista:def:8014 CCE-4176-4CCE-247vAuditing of "DS Access: Directory Service Replication" events on failure should be enabled or disabled as appropriate. CCE-4342-2CCE-1264kAuditing of "Logon/Logoff: Account Lockout" events on success should be enabled or disabled as appropriate.account-lockout!oval:gov.nist.fdcc.vista:def:8015 CCE-4857-9CCE-1282kAuditing of "Logon/Logoff: Account Lockout" events on failure should be enabled or disabled as appropriate. CCE-5011-2CCE-1028oAuditing of "Logon/Logoff: IPsec Extended Mode" events on success should be enabled or disabled as appropriate.ipsec-extended-mode!oval:gov.nist.fdcc.vista:def:8016 CCE-4505-4CCE-362oAuditing of "Logon/Logoff: IPsec Extended Mode" events on failure should be enabled or disabled as appropriate. CCE-5016-1CCE-1207kAuditing of "Logon/Logoff: IPsec Main Mode" events on success should be enabled or disabled as appropriate.ipsec-main-mode!oval:gov.nist.fdcc.vista:def:8017 CCE-4650-8CCE-351kAuditing of "Logon/Logoff: IPsec Main Mode" events on failure should be enabled or disabled as appropriate. CCE-5038-5CCE-1257lAuditing of "Logon/Logoff: IPsec Quick Mode" events on success should be enabled or disabled as appropriate.ipsec-quick-mode!oval:gov.nist.fdcc.vista:def:8018 CCE-4928-8CCE-1274lAuditing of "Logon/Logoff: IPsec Quick Mode" events on failure should be enabled or disabled as appropriate. CCE-4703-5CCE-493bAuditing of "Logon/Logoff: Logoff" events on success should be enabled or disabled as appropriate.logoff!oval:gov.nist.fdcc.vista:def:8019 CCE-4183-0CCE-996bAuditing of "Logon/Logoff: Logoff" events on failure should be enabled or disabled as appropriate. CCE-5018-7CCE-1284aAuditing of "Logon/Logoff: Logon" events on success should be enabled or disabled as appropriate.logon!oval:gov.nist.fdcc.vista:def:8020 CCE-4423-0CCE-1097aAuditing of "Logon/Logoff: Logon" events on failure should be enabled or disabled as appropriate. CCE-5163-1CCE-378uAuditing of "Logon/Logoff: Other Logon/Logoff Events" events on success should be enabled or disabled as appropriate.other-logon-logoff-events!oval:gov.nist.fdcc.vista:def:8021 CCE-5066-6CCE-1208uAuditing of "Logon/Logoff: Other Logon/Logoff Events" events on failure should be enabled or disabled as appropriate. CCE-4956-9CCE-371iAuditing of "Logon/Logoff: Special Logon" events on success should be enabled or disabled as appropriate. special-logon!oval:gov.nist.fdcc.vista:def:8022 CCE-4824-9CCE-1038iAuditing of "Logon/Logoff: Special Logon" events on failure should be enabled or disabled as appropriate. CCE-5084-9CCE-1322rAuditing of "Object Access: Application Generated" events on success should be enabled or disabled as appropriate.application-generated!oval:gov.nist.fdcc.vista:def:8023 CCE-4829-8CCE-379rAuditing of "Object Access: Application Generated" events on failure should be enabled or disabled as appropriate. CCE-4714-2CCE-1345sAuditing of "Object Access: Certification Services" events on success should be enabled or disabled as appropriate.certification-services!oval:gov.nist.fdcc.vista:def:8024 CCE-4868-6CCE-1261sAuditing of "Object Access: Certification Services" events on failure should be enabled or disabled as appropriate. CCE-4200-2CCE-1372gAuditing of "Object Access: File Share" events on success should be enabled or disabled as appropriate. file-share!oval:gov.nist.fdcc.vista:def:8025 CCE-5145-8CCE-1033gAuditing of "Object Access: File Share" events on failure should be enabled or disabled as appropriate. CCE-4921-3CCE-1085hAuditing of "Object Access: File System" events on success should be enabled or disabled as appropriate. file-system!oval:gov.nist.fdcc.vista:def:8026 CCE-5039-3CCE-1340hAuditing of "Object Access: File System" events on failure should be enabled or disabled as appropriate. CCE-4568-2CCE-717zAuditing of "Object Access: Filtering Platform Connection" events on success should be enabled or disabled as appropriate.filtering-platform-connection!oval:gov.nist.fdcc.vista:def:8027 CCE-5079-9CCE-744zAuditing of "Object Access: Filtering Platform Connection" events on failure should be enabled or disabled as appropriate. CCE-4947-8CCE-385{Auditing of "Object Access: Filtering Platform Packet Drop" events on success should be enabled or disabled as appropriate.filtering-platform-packet-drop!oval:gov.nist.fdcc.vista:def:8028 CCE-4335-6CCE-589{Auditing of "Object Access: Filtering Platform Packet Drop" events on failure should be enabled or disabled as appropriate. CCE-4828-0CCE-1363pAuditing of "Object Access: Handle Manipulation" events on success should be enabled or disabled as appropriate.handle-manipulation!oval:gov.nist.fdcc.vista:def:8029 CCE-4965-0CCE-1244pAuditing of "Object Access: Handle Manipulation" events on failure should be enabled or disabled as appropriate. CCE-4996-5CCE-1288jAuditing of "Object Access: Kernel Object" events on success should be enabled or disabled as appropriate. kernel-object!oval:gov.nist.fdcc.vista:def:8030 CCE-4885-0CCE-1305jAuditing of "Object Access: Kernel Object" events on failure should be enabled or disabled as appropriate. CCE-5132-6CCE-642wAuditing of "Object Access: Other Object Access Events" events on success should be enabled or disabled as appropriate.other-object-access-events!oval:gov.nist.fdcc.vista:def:8031 CCE-4691-2CCE-1026wAuditing of "Object Access: Other Object Access Events" events on failure should be enabled or disabled as appropriate. CCE-4594-8CCE-1138eAuditing of "Object Access: Registry" events on success should be enabled or disabled as appropriate.registry!oval:gov.nist.fdcc.vista:def:8032 CCE-5087-2CCE-1283eAuditing of "Object Access: Registry" events on failure should be enabled or disabled as appropriate. CCE-4616-9CCE-446`Auditing of "Object Access: SAM" events on success should be enabled or disabled as appropriate.sam!oval:gov.nist.fdcc.vista:def:8033 CCE-4982-5CCE-451`Auditing of "Object Access: SAM" events on failure should be enabled or disabled as appropriate. CCE-4201-0CCE-1110pAuditing of "Policy Change: Audit Policy Change" events on success should be enabled or disabled as appropriate.policy_change_audit!oval:gov.nist.fdcc.vista:def:8034 CCE-5137-5CCE-991pAuditing of "Policy Change: Audit Policy Change" events on failure should be enabled or disabled as appropriate. CCE-4877-7CCE-388yAuditing of "Policy Change: Authentication Policy Change" event< s on success should be enabled or disabled as appropriate.authentication-policy-change!oval:gov.nist.fdcc.vista:def:8035 CCE-4516-1CCE-180yAuditing of "Policy Change: Authentication Policy Change" events on failure should be enabled or disabled as appropriate. CCE-5172-2CCE-187xAuditing of "Policy Change: Authorization Policy Change" events on success should be enabled or disabled as appropriate.authorization-policy-change!oval:gov.nist.fdcc.vista:def:8036 CCE-5058-3CCE-448xAuditing of "Policy Change: Authorization Policy Change" events on failure should be enabled or disabled as appropriate. CCE-5177-1CCE-1042}Auditing of "Policy Change: Filtering Platform Policy Change" events on success should be enabled or disabled as appropriate. filtering-platform-policy-change!oval:gov.nist.fdcc.vista:def:8037 CCE-4939-5CCE-1112}Auditing of "Policy Change: Filtering Platform Policy Change" events on failure should be enabled or disabled as appropriate. CCE-5181-3CCE-203|Auditing of "Policy Change: MPSSVC Rule-Level Policy Change" events on success should be enabled or disabled as appropriate.mpssvc-rule-level-policy-change!oval:gov.nist.fdcc.vista:def:8038 CCE-4204-4CCE-879|Auditing of "Policy Change: MPSSVC Rule-Level Policy Change" events on failure should be enabled or disabled as appropriate. CCE-4479-2CCE-205wAuditing of "Policy Change: Other Policy Change Events" events on success should be enabled or disabled as appropriate.other-policy-change-events!oval:gov.nist.fdcc.vista:def:8039 CCE-4995-7CCE-787wAuditing of "Policy Change: Other Policy Change Events" events on failure should be enabled or disabled as appropriate. CCE-5114-4CCE-391xAuditing of "Privilege Use: Non Sensitive Privilege Use" events on success should be enabled or disabled as appropriate.non-sensitive-privilege-use!oval:gov.nist.fdcc.vista:def:8040 CCE-4990-8CCE-404xAuditing of "Privilege Use: Non Sensitive Privilege Use" events on failure should be enabled or disabled as appropriate. CCE-5131-8CCE-1203wAuditing of "Privilege Use: Other Privilege Use Events" events on success should be enabled or disabled as appropriate.other-privilege-use-events!oval:gov.nist.fdcc.vista:def:8041 CCE-4205-1CCE-406Auditing of "Privilege Use: Privilege Use: Other Privilege Use Events" events on failure should be enabled or disabled as appropriate. CCE-4300-0CCE-488tAuditing of "Privilege Use: Sensitive Privilege Use" events on success should be enabled or disabled as appropriate.sensitive-privilege-use!oval:gov.nist.fdcc.vista:def:8042 CCE-4734-0CCE-1258tAuditing of "Privilege Use: Sensitive Privilege Use" events on failure should be enabled or disabled as appropriate. CCE-4976-7CCE-1177bAuditing of "System: Ipsec Driver" events on success should be enabled or disabled as appropriate. ipsec-driver!oval:gov.nist.fdcc.vista:def:8043 CCE-4879-3CCE-1314bAuditing of "System: Ipsec Driver" events on failure should be enabled or disabled as appropriate. CCE-4998-1CCE-1332iAuditing of "System: Other System Events" events on success should be enabled or disabled as appropriate.other-system-events!oval:gov.nist.fdcc.vista:def:8044 CCE-4883-5CCE-337iAuditing of "System: Other System Events" events on failure should be enabled or disabled as appropriate. CCE-4535-1CCE-1121kAuditing of "System: Security State Change" events on success should be enabled or disabled as appropriate.security-state-change!oval:gov.nist.fdcc.vista:def:8045 CCE-5157-3CCE-1139kAuditing of "System: Security State Change" events on failure should be enabled or disabled as appropriate. CCE-5170-6CCE-1270oAuditing of "System: Security System Extension" events on success should be enabled or disabled as appropriate.security-system-extension!oval:gov.nist.fdcc.vista:def:8046 CCE-4910-6CCE-1102oAuditing of "System: Security System Extension" events on failure should be enabled or disabled as appropriate. CCE-5047-6CCE-856fAuditing of "System: System Integrity" events on success should be enabled or disabled as appropriate.system-integrity!oval:gov.nist.fdcc.vista:def:8047 CCE-4822-3CCE-336fAuditing of "System: System Integrity" events on failure should be enabled or disabled as appropriate. CCE-4941-1CCE-1047User notifications when a program is blocked from receiving inbound connections by Windows Firewall should be enabled or disabled as appropriate for the Domain Profile.#domain_profile_display_notification)oval:gov.nist.fdcc.vistafirewall:def:6518 CCE-4597-1CCE-325qThe "Log Dropped Packets" option for the Windows Firewall should be configured correctly for the Private Profile.#private_profile_log_dropped_packets)oval:gov.nist.fdcc.vistafirewall:def:6411 CCE-4963-5CCE-327xThe "Log Successful Connections" option for the Windows Firewall should be configured correctly for the Private Profile.-private_profile_logged_successful_connections)oval:gov.nist.fdcc.vistafirewall:def:6412 CCE-4206-9CCE-999kThe log file path and name for the Windows Firewall should be configured correctly for the Private Profile.private_profile_name)oval:gov.nist.fdcc.vistafirewall:def:6413 CCE-4207-7CCE-1091hThe log file size limit for the Windows Firewall should be configured correctly for the Private Profile.private_profile_size_limit)oval:gov.nist.fdcc.vistafirewall:def:6414 CCE-4507-0CCE-1165pThe "Log Dropped Packets" option for the Windows Firewall should be configured correctly for the Public Profile."public_profile_log_dropped_packets)oval:gov.nist.fdcc.vistafirewall:def:6421 CCE-5128-4CCE-534wThe "Log Successful Connections" option for the Windows Firewall should be configured correctly for the Public Profile.,public_profile_logged_successful_connections)oval:gov.nist.fdcc.vistafirewall:def:6422 CCE-4639-1CCE-1263jThe log file path and name for the Windows Firewall should be configured correctly for the Public Profile.public_profile_name)oval:gov.nist.fdcc.vistafirewall:def:6423 CCE-4278-8CCE-1313gThe log file size limit for the Windows Firewall should be configured correctly for the Public Profile.public_profile_size_limit)oval:gov.nist.fdcc.vistafirewall:def:6424 CCE-5146-6CCE-1227TThe ISATAP tunneling protocol for IPv6 should be enabled or disabled as appropriate.\(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tcpip6\Parameters\DisableComponents.disable_isatap_teredo_6to4_tunneling_protocols$oval:gov.nist.fdcc.vista:def:6566666 CCE-5036-9CCE-1036RThe 6to4 tunneling protocol for IPv6 should be enabled or disabled as appropriate. CCE-4811-6CCE-1148TThe Teredo tunneling protocol for IPv6 should be enabled or disabled as appropriate. CCE-5239-9CCE-174ZThe "Turn off Help Experience Improvement Program" setting should be configured correctly.,turn_off_help_experience_improvement_program!oval:gov.nist.fdcc.vista:def:8091 CCE-4851-2CCE-1109CThe "Turn off Help Ratings" setting should be configured correctly.turn_off_help_ratings!oval:gov.nist.fdcc.vista:def:8090 CCE-4294-5CCE-1176VThe "Create Symbolic Links" user right should be assigned to the appropriate accounts.TBD CCE-5043-5 CCE-5264-7 CCE-5101-19IP Source Routing should be properly configured for IPv6. CCE-4271-3 CCE-4467-7wThe "User Account Control: Allow UIAccess applications to prompt for elevation" setting should be configured correctly.screen-saver-grace-period&oval:com.secure-elements.oval:def:6065 DEPRECATED. CCE-7636-4 CCE-8478-0WThe "Configure Automatic Updates" setting should be enabled or disabled as appropriate. CCE-7639-8?The default behavior for AutoRun should be properly configured. CCE-8125-7N(1) Silently succeed | Warn but allow installation | Do not allow installation CCE-8178-6ZThe "Disable remote Desktop Sharing" setting should be enabled or disabled as appropriate. CCE-8504-3 CCE-8596-9 CCE-8594-4 CCE-8568-8iThe "Enumerate administrator accounts on elevation" s< etting should be enabled or disabled as appropriate. CCE-8585-2NThe maximum lifetime for Kerberos service tickets should be set appropriately. CCE-8409-5KThe maximum lifetime for Kerberos user tickets should be set appropriately. CCE-8000-2RThe maximum lifetime for Kerberos user ticket renewal should be set appropriately. CCE-8268-5bThe maximum tolerance for computer clock synchronization for Kerberos should be set appropriately. CCE-8378-2SAutomatic Reboot After System Crash should be enabled or disabled as appropriate. CCE-7893-1 CCE-8598-5cThe "No auto-restart for scheduled Automatic Updates installations" policy should be set correctly. CCE-7643-0 CCE-8492-1UThe "Registry policy processing" policy should be enabled or disabled as appropriate. CCE-7646-3pThe "Reschedule Automatic Updates scheduled installations" setting should be enabled or disabled as appropriate. CCE-7658-8OAuthentication requirements for RPC clients should be configured appropriately.9(1) Authenticated, Authenticated without exceptions, None CCE-8572-0WRPC Endpoint Mapper Client Authentication should be enabled or disabled as appropriate. CCE-7667-9 CCE-8634-8LThe "Turn off Autoplay" policy should be enabled or disabled as appropriate. CCE-7716-4 CCE-8458-2CCE-389jThe "Access credential Manager as a trusted caller" user right should be assigned to the correct accounts. CCE-7615-8 CCE-8404-6 CCE-8387-3 CCE-8501-9 CCE-8342-8 CCE-8095-2[The Autoplay policy "Don't set the always do this checkbox" should be configured correctly. CCE-8034-1 CCE-8250-3 CCE-8547-2 CCE-8389-9 CCE-8608-2CCE-113UCD Burning features in Windows Explorer should be enabled or disabled as appropriate. CCE-7952-5CCE-1022AThe "Remove Security tab" setting should be configured correctly. CCE-7624-0The "System cryptography: Force strong key protection for user keys stored on the computer" policy should be enabled or disabled as appropriate. CCE-7621-6The "System settings: Use Certificate Rules on Windows Executables for Software Restriction Policies" setting should be configured properly. CCE-8470-7xThe Windows Firewall "Allow ICMP exceptions" policy should be enabled or disabled as appropriate for the Domain Profile. CCE-7629-9The Windows Firewall "Define inbound program exceptions" policy should be enabled or disabled as appropriate for the Domain Profile. CCE-8516-7hThe Windows Firewall inbound program exceptions list should be set appropriately for the Domain Profile. CCE-8188-5zThe Windows Firewall "Allow ICMP exceptions" policy should be enabled or disabled as appropriate for the Standard Profile. CCE-8544-9 CCE-8049-9 CCE-7604-2(1) Set of accounts CCE-7773-5(1) SDDL string CCE-8561-3 CCE-8592-8 CCE-8013-5 CCE-8542-3 CCE-7606-7 CCE-8534-0 CCE-7611-7 CCE-8380-8 CCE-8601-7 CCE-8508-4 CCE-8472-3vThe number of SYN-ACK retransmissions sent when attempting to respond to a SYN request should be configured correctly. CCE-7613-3qThe number of retransmissions sent of TCP data segments before the connection is dropped should be set correctly. CCE-8479-8CThe Security Audit log warning level should be properly configured. CCE-8325-3 CCE-8091-1hAnonymous access to Named Pipes and Shares via the network should be enabled or disabled as appropriate. CCE-8043-2 CCE-8527-4 CCE-8151-3 CCE-8462-4 CCE-7936-8 CCE-7528-3IThe "Configure Automatic Updates" setting should be configured correctly. CCE-8574-6The "Do not adjust default option to 'Install Updates and Shut Down' in Shut Down Windows dialog box" setting should be configured correctly. CCE-8261-0 CCE-8400-4The "Do not display 'Install Updates and Shut Down' option in the Shut Down Windows dialog box" setting should be configured correctly. CCE-8364-2XProcessing of the legacy run list on logon should be enabled or disabled as appropriate. CCE-7598-6 CCE-8375-8 CCE-8445-99Access to registry editing tools should be set correctly. CCE-8374-1 CCE-8326-1 CCE-8406-1 CCE-8440-0pThe "Windows Firewall: Apply local firewall rules" policy should be configured correctly for the Domain profile. CCE-8515-9oThe "Windows Firewall: Define program exceptions" policy should be configured correctly for the Domain Profile. CCE-8147-1jThe "Windows Firewall: Inbound connections" policy should be configured correctly for the Domain Profile. CCE-7583-8jThe "Windows Firewall: Outbound connections" policy should be configured correctly for the Domain profile. Old v4 CCE IDTable 3.123 Automatic updates service: Automatic (Legacy Client, Enterprise Client, and High Security), Table 11.3 Automatic Update Service: Disabled"DEPRECATED in favor of CCE-2671-6./via sysctl -w net.ipv6.conf.default.accept_ra=1+via IPV6_AUTOCONF in /etc/sysconfig/network6via sysctl -w net.ipv6.conf.default.accept_redirects=1EThe xinetd package should be installed or uninstalled as appropriate.BThe rsh package should be installed or uninstalled as appropriate."DEPRECTATED in favor of CCE-4448-7Version: 5.20090506Last modified: 2009-04-30oInternal Revenue Service Basic UNIX Security Requirements (IRS BUSR) http://www.irs.gov/irm/part10/ch03s08.html CCE-7173-8H/export/home should be configured on an appropriate filesystem partition partition via fstab10.8.10.4.2.1 (5) CCE-6194-5@/var should be configured on an appropriate filesystem partition CCE-6995-5@/opt should be configured on an appropriate filesystem partition CCE-6632-4NThe shell for the root account should be located on the appropriate filesystem filesystem10.8.10.4.2.1 (6) CCE-6196-01Core dump size limits should be set appropriatelySize (0 to disable core dumps)#via /etc/security/limits via ulimit10.8.10.4.4 (3) CCE-6981-5via /etc/snmp/conf/snmpd.conf10.8.10.5.1 (1) c) CCE-6951-8AThe read/write SNMP community string should be set appropriately. CCE-7167-0 CCE-6919-5OPassword policy should ban or allow words found in a dictionary as appropriate. ban/allowvia /etc/default/passwd10.8.10.5.1 (2) a) CCE-6198-6GPassword policy should enforce the correct amount of special charactersnumber of special characters CCE-7049-0jPassword policy should enforce or not enforce the requirement to have mixed case passwords as appropriate.enforce/not enforce CCE-7146-45The minimum password age should be set as appropriate10.8.10.5.1 (2) b) CCE-7080-5AThe minimum required password length should be set as appropriatenumber of characters10.8.10.5.1 (2) c) CCE-7086-2NPassword history should be saved for an appropriate number of password changesnumber of password changes10.8.10.5.1 (2) d) CCE-6434-5jThe number of consecutive failed login attempts required to trigger a lockout should be set as appropriate+number of consecutive failed login attempts10.8.10.5.1 (2) e) CCE-7196-9via passwd via /etc/shadow10.8.10.5.1 (2) f) CCE-7024-3cNew users should be required or not required to change their password on first login as appropriaterequired/not requiredvia /etc/security/passwd10.8.10.5.1 (2) g) CCE-7104-3eAccess to single-user mode (maintainence mode) should require the root password or not as appropriate10.8.10.5.1 (3) CCE-7028-4<The delay between failed logins should be set as appropriate10.8.10.5.1 (5) CCE-7108-4GAll files should be owned by an existing account or not as appropriate.9existing account required / existing account not required10.8.10.5.2 (3) CCE-6323-0EAll files should be owned by an existing group or not as appropriate.5existing group required / existing group not requiredvia chgrp via chown CCE-6218-25The console login banner should be set appropriately.banner text or null)via /etc/security/login.cfg via /etc/motd10.8.10.5.2 (5) a) CCE-7066-41The SSH login banner should be set appropriately.via sshd_config10.8.10.5.2 (5) b) CCE-6903-94The telnet login banner should be set appropriately.via /etc/default/telnetd10.8.10.5.2 (5) c) CCE-6837-< 91The ftp login banner should be set appropriately.10.8.10.5.2 (5) d) CCE-6683-77The graphical login banner should be set appropriately. via Xwindows10.8.10.5.2 (5) e) CCE-6841-1RAccounts other than root should be allowed to have the UID 0 or not as appropriateallowed/not allowedvia passwd via /etc/passwd10.8.10.5.2.1 (2) a) CCE-7185-2nAccounts other than root and locked system accounts should be allowed to have a GID of 0 or not as appropriate)via passwd via /etc/passwd via /etc/group10.8.10.5.2.1 (2) b) CCE-6255-4BEach account should be assigned a unique UID or not as appropriateunique/not unique10.8.10.5.2.4 (3) CCE-6688-62The ftp account should exist or not as appropriateexist/not exist10.8.10.5.2.4 (9) CCE-7164-7TLogin accounts should include an appropriate GECOS identifier or no GECOS identifierGECOS value, null10.8.10.5.2.4.1 (1) CCE-6926-0IThe screen lock should activate after an appropriate period of inactivityvia Xscreensaver via dtsession10.8.10.5.2.5 (1) CCE-6895-7GFile permissions should be set appropriately for all shell executables.10.8.10.5.2.6 (1) CCE-7245-4FRemote (serial) consoles should be enabled or disabled as appropriate.10.8.10.5.2.6 (3) CCE-7232-2FRoot logins should be restricted to the console or not as appropriate.restricted/not restrictedvia /etc/default/login10.8.10.5.2.6 (4) CCE-6311-5>.netrc files should exist or not as appropriate for all users.via filesystem10.8.10.5.2.6 (6) CCE-6976-5?.rhosts files should exist or not as appropriate for all users. CCE-7157-1?.shosts files should exist or not as appropriate for all users. CCE-6712-4=The /etc/hosts.equiv file should exist or not as appropriate. CCE-7183-7The use of NIS special characters (+ or -) in the first field of the /etc/passwd file should be allowed or disallowed as appropriate.set of allowed valuesvia Text editor10.8.10.5.2.6 (7) CCE-7117-5The use of NIS special characters (+ or -) in the first field of the /etc/shadow file should be allowed or disallowed as appropriate. CCE-7152-2The use of NIS special characters (+ or -) in the first field of the /etc/group file should be allowed or disallowed as appropriate. CCE-7214-07The /etc/shells file should exist or not as appropriatevia /etc/shells10.8.10.5.2.6 (11) CCE-6258-8XShells referenced in /etc/passwd should be included in /etc/shells or not as appropriateincluded/not included10.8.10.5.2.6 (12) CCE-6536-7XGroups referenced in /etc/passwd should be included in /etc/group or not as appropriate.via /etc/group10.8.10.5.2.6 (15) CCE-6324-8DThe home directory for the root account should be set appropriately.10.8.10.5.2.6 (16) CCE-7258-7EThe home directory for each user account should be set appropriately.10.8.10.5.2.6 (17) CCE-6260-4MHome directories referenced in /etc/passwd should exist or not as appropriate10.8.10.5.2.6 (18) CCE-7119-1=All device files should be located inside an appropriate path10.8.10.5.2.6 (24) CCE-7105-0via RC scripts10.8.10.5.3 (3) CCE-6264-6SThe Network Time Protocol (ntp) synchronization server should be set appropriately. timeserver via ntpd.conf CCE-7201-7@All logon attempts should be logged or not logged as appropriatelogged/not logged10.8.10.5.3 (4) CCE-6902-1DAll su (switch user) activity should be logged or not as appropriate10.8.10.5.3 (5) CCE-7186-0GFilesystem logging/journaling should be performed or not as appropriateperformed/not performed10.8.10.5.3 (6) CCE-6267-96Automount should be enabled or disabled as appropriate10.8.10.5.4.1 (12) CCE-6276-0DSource-routed packets should be accepted or rejected as appropriate.accepted/rejected10.8.10.5.4.1 (2) a) CCE-6885-8PResponse to ICMP timestamp requests should be enabled or disabled as appropriate10.8.10.5.4.1 (2) c) CCE-6485-7ZResponse to ICMP timestamp broadcast requests should be enabled or disabled as appropriate10.8.10.5.4.1 (2) d) CCE-7017-7RResponse to ICMP echo (ping) requests should be enabled or disabled as appropriate10.8.10.5.4.1 (2) e) CCE-6285-1=Executable stack should be enabled or disabled as appropriate10.8.10.5.4.1 (3) CCE-7053-20The default gateway should be set appropriately.IP address/disabledvia /etc/default/route.conf10.8.10.5.4.1 (4) CCE-6713-210.8.10.5.4.1 (5) CCE-6541-79echo service should be enabled or disabled as appropriatevia inetd via inetd.conf10.8.10.5.4.1 (11) #1 CCE-6585-4<netstat service should be enabled or disabled as appropriate10.8.10.5.4.1 (11) #2 CCE-6287-78rcp service should be enabled or disabled as appropriate10.8.10.5.4.1 (11) #3 CCE-7156-3<chargen service should be enabled or disabled as appropriate10.8.10.5.4.1 (11) #4 CCE-7045-8;finger service should be enabled or disabled as appropriate10.8.10.5.4.1 (11) #5 CCE-6746-2:tftpd service should be enabled or disabled as appropriate10.8.10.5.4.1 (11) #6 CCE-7137-3:walld service should be enabled or disabled as appropriate10.8.10.5.4.1 (11) #7 CCE-7234-8;rstatd service should be enabled or disabled as appropriate10.8.10.5.4.1 (11) #8 CCE-6299-2;sprayd service should be enabled or disabled as appropriate10.8.10.5.4.1 (11) #9 CCE-6307-3<rusersd service should be enabled or disabled as appropriate10.8.10.5.4.1 (11) #10 CCE-6567-2;rlogin service should be enabled or disabled as appropriate10.8.10.5.4.1 (11) #11 CCE-7098-78rsh service should be enabled or disabled as appropriate10.8.10.5.4.1 (11) #12 CCE-7067-28ftp service should be enabled or disabled as appropriate10.8.10.5.4.1 (11) #13 CCE-7005-2;telnet service should be enabled or disabled as appropriate10.8.10.5.4.1 (11) #14 CCE-4909-8 CCE-6630-88inn service should be enabled or disabled as appropriate10.8.10.5.4.1 (11) #16 CCE-7145-69uucp service should be enabled or disabled as appropriate10.8.10.5.4.1 (11) #17 CCE-6308-1:rexec service should be enabled or disabled as appropriate10.8.10.5.4.1 (11) #18 CCE-6803-1:inetd logging should be enabled or disabled as appropriate10.8.10.5.4.1 (11) #19 CCE-6604-39font-service should be enabled or disabled as appropriate10.8.10.5.4.1 (11) #20 CCE-7058-1:imap2 service should be enabled or disabled as appropriate10.8.10.5.4.1 (11) #21 CCE-7274-49pop3 service should be enabled or disabled as appropriate10.8.10.5.4.1 (11) #22 CCE-7149-8:ident service should be enabled or disabled as appropriate10.8.10.5.4.1 (11) #23 CCE-7118-39rexd service should be enabled or disabled as appropriate10.8.10.5.4.1 (11) #24 CCE-6650-6;sadmin service should be enabled or disabled as appropriate10.8.10.5.4.1 (11) #25 CCE-7153-0<daytime service should be enabled or disabled as appropriate10.8.10.5.4.1 (11) #26 CCE-7307-2Ddtspc (cde-spc) service should be enabled or disabled as appropriate10.8.10.5.4.1 (11) #27 CCE-6945-0<rquotad service should be enabled or disabled as appropriate10.8.10.5.4.1 (11) #28 CCE-6685-29cmsd service should be enabled or disabled as appropriate10.8.10.5.4.1 (11) #29 CCE-7059-9=tooltalk service should be enabled or disabled as appropriate10.8.10.5.4.1 (11) #30 CCE-7275-1:xdmcp service should be enabled or disabled as appropriate10.8.10.5.4.1 (11) #31 CCE-7249-6<discard service should be enabled or disabled as appropriate10.8.10.5.4.1 (11) #32 CCE-4923-9 CCE-7089-6@vino-server service should be enabled or disabled as appropriate10.8.10.5.4.1 (11) #34 CCE-6603-5>The bind service should be enabled or disabled as appropriate.10.8.10.5.4.1.1 (2) CCE-6947-6SThe version string reported by the bind service should be configured appropriately.10.8.10.5.4.1.1 (5) CCE-7172-0<SSH Protocol v1 should be enabled or disabled as appropriate10.8.10.5.4.1.2 (2) CCE-6321-49TCP_WRAPPERS should be enabled or disabled as appropriate10.8.10.5.4.1.3 (1) CCE-6322-2;SNMP version 1 should be enabled or disabled as appropriate< 10.8.10.5.4.1.4 (1) CCE-7189-4=The nfsd service should be enabled or disabled as appropriate10.8.10.5.4.1.5 (1) CCE-7154-8?The mountd service should be enabled or disabled as appropriate CCE-6595-3>The statd service should be enabled or disabled as appropriate CCE-7031-8>The lockd service should be enabled or disabled as appropriate CCE-8602-5lNFS should be configured to respond or not as appropriate to client requests that do not include a user id .respond/not respond10.8.10.5.4.1.5 (1) a) CCE-6877-5yNFS should be configured to respond or not as appropriate to client requests that do not originate from a privileged port CCE-7097-9@NFS should be configured with appropriate authentication methodslist of auth methods via NFS via /etc/exports10.8.10.5.4.1.5 (1) f) CCE-7220-7[The read-only (ro) option should be enabled or disabled as appropriate for all NFS exports.10.8.10.5.4.1.5 (1) g) CCE-7062-310.8.10.5.4.1.5 (1) i) CCE-6453-55Sendmail should be enabled or disabled as appropriate10.8.10.5.4.2.2 (1) CCE-7299-10The sendmail banner should be set appropriately.via /etc/mail/sendmail.cf10.8.10.5.4.2.2 (3) CCE-6643-1GThe decode sendmail alias should be enabled or disabled as appropriate.%via /etc/aliases via /usr/lib/aliases10.8.10.5.4.2.2 (4) c) CCE-6328-9K.forward files should be allowed or disallowed as appropriate for all usersallow/disallowvia rm10.8.10.5.4.2.2 (4) e) CCE-6338-8QPrograms executed through the aliases file should be owned by an appropriate user10.8.10.5.4.2.2 (4) f) CCE-7158-9cPrograms executed through the aliases file should reside a directory with an appropriate user owner CCE-6489-9=Sendmail vrfy command should be allowed or not as appropriate10.8.10.5.4.2.2 (4) g) CCE-7317-1=Sendmail expn command should be allowed or not as appropriate10.8.10.5.4.2.2 (4) h) CCE-7096-1?Sendmail should be configured with an appropriate logging level logging level10.8.10.5.4.2.2 (4) i) CCE-6696-9=Sendmail help command should be allowed or not as appropriate&via sendmail via /etc/mail/sendmail.cf10.8.10.5.4.2.2 (4) k) CCE-7193-61DEPRECTATED in favor of CCE-8421-0 and CCE-8330-3 CCE-8421-08NIS clinent should be enabled or disabled as appropriate10.8.10.5.4.2.3 (1) CCE-8330-37NIS server should be enabled or disabled as appropriate CCE-7290-0;NIS+ server should operate at an appropriate security levelsecurity levelvia NIS+10.8.10.5.4.2.3 (1) b) CCE-7259-56X-Windows should be enabled or disabled as appropriate10.8.10.5.4.2.4 (1) CCE-7038-3PAuthorized X-clients should be listed or not in the X*.hosts file as appropriatelisted/not listedvia /etc/X*.hosts10.8.10.5.4.2.4 (2) b) CCE-7228-0YX-Windows should write .Xauthority files to users' home directories or not as appropriatewrite/not writevia xdm via gdm via kdm10.8.10.5.4.2.4 (2) d) CCE-7197-7DX11 forwarding via SSH should be enabled or disabled as appropriate.10.8.10.5.4.2.4 (2) f) CCE-7230-62Samba should be enabled or disabled as appropriatevia smbd via RC scripts10.8.10.5.4.2.6 (1) CCE-6557-3SSamba 'hosts allow' option should be configured with an appropriate set of networkslist of networksvia smbd via smb.conf10.8.10.5.4.2.6 (3) a) CCE-6961-7;Samba 'security option' option should be set as appropriate10.8.10.5.4.2.6 (3) b) CCE-6341-2=Samba 'encrypt' passwords option should be set as appropriate10.8.10.5.4.2.6 (3) c) CCE-7264-5`Samba 'smb passwd file' option should be set to an appropriate password file or no password file file/nothing10.8.10.5.4.2.6 (3) d) CCE-6783-51IPv6 should be enabled or disabled as appropriate10.8.10.5.4.3 (1) CCE-6342-0CThe "at" utility directory permissions should be set as appropriate10.8.10-1 A.1 1) #1 CCE-7251-25at.allow file permissions should be set appropriately10.8.10-1 A.1 1) #2 CCE-6367-74at.deny file permissions should be set appropriately CCE-7215-76Cron directory permissions should be set appropriately10.8.10-1 A.1 1) #5 CCE-7336-19Crontab directory permissions should be set appropriately CCE-6428-710.8.10-1 A.1 1) #6 CCE-7194-47cron.allow file permissions should be set appropriately10.8.10-1 A.1 1) #7 CCE-7181-16cron.deny file permissions should be set appropriately CCE-7120-94Crontab file permissions should be set appropriately10.8.10-1 A.1 1) #8 CCE-7150-66/dev/kmem file permissions should be set appropriately10.8.10-1 A.1 1) #9 CCE-6378-45/dev/mem file permissions should be set appropriately10.8.10-1 A.1 1) #10 CCE-7029-26/dev/null file permissions should be set appropriately10.8.10-1 A.1 1) #11 CCE-7231-48resolv.conf file permissions should be set appropriately10.8.10-1 A.1 1) #13 CCE-7179-5</etc/named.conf file permissions should be set appropriately10.8.10-1 A.1 1) #14 CCE-6491-5KFile permissions should be set appropriately for all user home directories.10.8.10-1 A.1 1) #21 CCE-7337-99/etc/exports file permissions should be set appropriately10.8.10-1 A.1 1) #23 CCE-6668-88/usr/bin/at file permissions should be set appropriately10.8.10-1 A.1 1) #25 CCE-6936-9;/usr/bin/rdist file permissions should be set appropriately10.8.10-1 A.1 1) #26 CCE-7174-6;/usr/sbin/sync file permissions should be set appropriately10.8.10-1 A.1 1) #27 CCE-7063-1KSuperuser account home directories' permissions should be set appropriately10.8.10-1 A.1 1) #29 CCE-7248-8@/etc/samba/smb.conf file permissions should be set appropriately10.8.10-1 A.1 1) #31 CCE-7218-1>smbpassword executable permissions should be set appropriately10.8.10-1 A.1 1) #32 CCE-7376-74Aliases file permissions should be set appropriately10.8.10-1 A.1 1) #34 CCE-7217-3pFile permissions should be set as appropriate for the log file configured to capture critical sendmail messages.10.8.10-1 A.1 1) #35 CCE-7109-2cAll files executed through /etc/aliases file entries should have file permissions set appropriately10.8.10-1 A.1 1) #36 CCE-6933-65/bin/csh file permissions should be set appropriately10.8.10-1 A.1 1) #37 CCE-7136-55/bin/jsh file permissions should be set appropriately10.8.10-1 A.1 1) #38 CCE-7171-25/bin/ksh file permissions should be set appropriately10.8.10-1 A.1 1) #39 CCE-7250-44The /bin/rsh file should exist or not as appropriate10.8.10-1 A.1 1) #40 CCE-7267-84/bin/sh file permissions should be set appropriately10.8.10-1 A.1 1) #41 CCE-7003-76/bin/bash file permissions should be set appropriately10.8.10-1 A.1 1) #42 CCE-7329-66/sbin/csh file permissions should be set appropriately10.8.10-1 A.1 1) #43 CCE-6721-56/sbin/jsh file permissions should be set appropriately10.8.10-1 A.1 1) #44 CCE-6672-06/sbin/ksh file permissions should be set appropriately10.8.10-1 A.1 1) #45 CCE-7309-85The /sbin/rsh file should exist or not as appropriate10.8.10-1 A.1 1) #46 CCE-7278-55/sbin/sh file permissions should be set appropriately10.8.10-1 A.1 1) #47 CCE-7353-67/sbin/bash file permissions should be set appropriately10.8.10-1 A.1 1) #48 CCE-7269-49/usr/bin/csh file permissions should be set appropriately10.8.10-1 A.1 1) #49 CCE-6490-79/usr/bin/jsh file permissions should be set appropriately10.8.10-1 A.1 1) #50 CCE-7286-89/usr/bin/ksh file permissions should be set appropriately10.8.10-1 A.1 1) #51 CCE-7348-68The /usr/bin/rsh file should exist or not as appropriate10.8.10-1 A.1 1) #52 CCE-7176-18/usr/bin/sh file permissions should be set appropriately10.8.10-1 A.1 1) #53 CCE-6379-2:/usr/bin/bash file permissions should be set appropriately10.8.10-1 A.1 1) #54 CCE-7292-67snmpd.conf file permissions should be set appropriately10.8.10-1 A.1 1) #56 CCE-7243-91/tmp file permissions should be set appropriately10.8.10-1 A.1 1) #57 CCE-7355-15/usr/tmp file permissions should be set appropriately10.8.10-1 A.1 1) #58 CCE-7095-3Btraceroute executable file permissions should be set appr< opriately10.8.10-1 A.1 1) #59 CCE-7113-4G.Xauthority file permissions should be set appropriately for all users.10.8.10-1 A.1 1) #60 CCE-6439-49/etc/aliases file permissions should be set appropriately10.8.10-1 A.1 1) #61 CCE-7144-9A/etc/cron.d/at.allow file permissions should be set appropriately10.8.10-1 A.1 1) #62 CCE-6927-8C/etc/cron.d/cron.allow file permissions should be set appropriately10.8.10-1 A.1 1) #63 CCE-6645-65/etc/csh file permissions should be set appropriately10.8.10-1 A.1 1) #64 CCE-6768-6;/etc/default/* file permissions should be set appropriately10.8.10-1 A.1 1) #65 CCE-6861-9?/etc/default/login file permissions should be set appropriately10.8.10-1 A.1 1) #66 CCE-6835-35/etc/dfs file permissions should be set appropriately10.8.10-1 A.1 1) #67 CCE-7293-44/etc/fs file permissions should be set appropriately10.8.10-1 A.1 1) #68 CCE-6624-19The /etc/ftpusers file should exist or not as appropriate10.8.10-1 A.1 1) #69 CCE-6950-0:/etc/host.lpd file permissions should be set appropriately10.8.10-1 A.1 1) #70 CCE-6610-0;/etc/hostname* file permissions should be set appropriately10.8.10-1 A.1 1) #71 CCE-7187-87/etc/hosts file permissions should be set appropriately10.8.10-1 A.1 1) #72 CCE-6953-4</etc/inetd.conf file permissions should be set appropriately10.8.10-1 A.1 1) #73 CCE-6390-97/etc/issue file permissions should be set appropriately10.8.10-1 A.1 1) #75 CCE-7008-65/etc/jsh file permissions should be set appropriately10.8.10-1 A.1 1) #76 CCE-7184-55/etc/ksh file permissions should be set appropriately10.8.10-1 A.1 1) #77 CCE-6392-5>/etc/mail/aliases file permissions should be set appropriately10.8.10-1 A.1 1) #78 CCE-6615-96/etc/motd file permissions should be set appropriately10.8.10-1 A.1 1) #79 CCE-7087-0;/etc/netconfig file permissions should be set appropriately10.8.10-1 A.1 1) #80 CCE-6805-6;/etc/notrouter file permissions should be set appropriately10.8.10-1 A.1 1) #81 CCE-7069-8:/etc/pam.conf file permissions should be set appropriately10.8.10-1 A.1 1) #82 CCE-6399-08/etc/passwd file permissions should be set appropriately10.8.10-1 A.1 1) #83 CCE-7289-24The /etc/rsh file should exist or not as appropriate10.8.10-1 A.1 1) #84 CCE-6778-5:/etc/security file permissions should be set appropriately10.8.10-1 A.1 1) #85 CCE-6394-1:/etc/services file permissions should be set appropriately10.8.10-1 A.1 1) #86 CCE-7022-74/etc/sh file permissions should be set appropriately10.8.10-1 A.1 1) #87 CCE-6991-48/etc/shadow file permissions should be set appropriately10.8.10-1 A.1 1) #88 CCE-6733-0=/etc/syslog.conf file permissions should be set appropriately10.8.10-1 A.1 1) #89 CCE-6562-35/etc/ufs file permissions should be set appropriately10.8.10-1 A.1 1) #90 CCE-7011-08/etc/vfstab file permissions should be set appropriately10.8.10-1 A.1 1) #91 CCE-6400-6;/etc/vold.conf file permissions should be set appropriately10.8.10-1 A.1 1) #92 CCE-7272-8>/var/adm/loginlog file permissions should be set appropriately10.8.10-1 A.1 1) #93 CCE-7347-8>/var/adm/messages file permissions should be set appropriately10.8.10-1 A.1 1) #94 CCE-6990-6;/var/adm/sulog file permissions should be set appropriately10.8.10-1 A.1 1) #95 CCE-7210-8:/var/adm/utmp file permissions should be set appropriately10.8.10-1 A.1 1) #96 CCE-7240-5:/var/adm/wtmp file permissions should be set appropriately10.8.10-1 A.1 1) #97 CCE-6928-6=/var/adm/authlog file permissions should be set appropriately10.8.10-1 A.1 1) #98 CCE-7020-1</var/adm/syslog file permissions should be set appropriately10.8.10-1 A.1 1) #99 CCE-7159-76/var/mail file permissions should be set appropriately10.8.10-1 A.1 1) #100 CCE-7397-35/var/tmp file permissions should be set appropriately10.8.10-1 A.1 1) #101 CCE-7273-6>/usr/lib/pt_chmod file permissions should be set appropriately10.8.10-1 A.1 1) #103 CCE-7366-8A/usr/lib/embedded_us file permissions should be set appropriately10.8.10-1 A.1 1) #104 CCE-7340-3>/usr/lib/sendmail file permissions should be set appropriately10.8.10-1 A.1 1) #105 CCE-7101-9B/usr/kerberos/bin/rsh file permissions should be set appropriately10.8.10-1 A.1 1) #107 CCE-7207-4</var/spool/mail file permissions should be set appropriately10.8.10-1 A.1 1) #108 CCE-7326-28smbpassword file permissions should be set appropriately10.8.10-1 A.1 1) #109 CCE-6405-53At directory should be owned by an appropriate user list of users10.8.10-1 A.1 2) #1 CCE-7393-24At directory should be owned by an appropriate grouplist of groups CCE-7203-34at.allow file should be owned by an appropriate user10.8.10-1 A.1 2) #2 CCE-6767-85at.allow file should be owned by an appropriate group CCE-6860-13at.deny file should be owned by an appropriate user CCE-6452-74at.deny file should be owned by an appropriate group CCE-7378-37Cron directories should be owned by an appropriate user10.8.10-1 A.1 2) #4 CCE-7161-38Cron directories should be owned by an appropriate group CCE-7236-3:Crontab directories should be owned by an appropriate user CCE-7351-0;Crontab directories should be owned by an appropriate group CCE-6601-96cron.allow file should be owned by an appropriate user10.8.10-1 A.1 2) #5 CCE-6580-57cron.allow file should be owned by an appropriate group CCE-7225-60cron.deny should be owned by an appropriate user CCE-7305-66cron.deny data should be owned by an appropriate group CCE-7283-54crontab files should be owned by an appropriate user10.8.10-1 A.1 2) #6 CCE-6670-45crontab files should be owned by an appropriate group CCE-7115-9</etc/resolv.conf file should be owned by an appropriate user10.8.10-1 A.1 2) #7 CCE-7400-5=/etc/resolv.conf file should be owned by an appropriate group CCE-7242-1;/etc/named.boot file should be owned by an appropriate user CCE-7304-9</etc/named.boot file should be owned by an appropriate group CCE-7092-0;/etc/named.conf file should be owned by an appropriate user CCE-7308-0</etc/named.conf file should be owned by an appropriate group CCE-7306-4 CCE-7398-1 CCE-6459-2 CCE-7035-9 CCE-7110-0 CCE-7440-1 CCE-7453-4 CCE-7052-4 CCE-7457-5@Each user home directory should be owned by an appropriate user.10.8.10-1 A.1 2) #11 CCE-7268-6AEach user home directory should be owned by an appropriate group. CCE-7237-16inetd.conf file should be owned by an appropriate user10.8.10-1 A.1 2) #12 CCE-7147-27inetd.conf file should be owned by an appropriate group CCE-7363-53/etc/exports should be owned by an appropriate user10.8.10-1 A.1 2) #13 CCE-6737-15/etc/exports should be owned by an appropriate group CCE-7459-1FExported files and directories should be owned by an appropriate user 10.8.10-1 A.1 2) #14 CCE-8359-2FExported files and directories should be owned by an appropriate group CCE-7434-4 CCE-7276-9 CCE-7064-9 CCE-7407-0 CCE-7359-3 CCE-7280-1 CCE-6469-19/etc/services file should be owned by an appropriate user10.8.10-1 A.1 2) #16 CCE-6474-1:/etc/services file should be owned by an appropriate group CCE-6729-8 CCE-7430-2 CCE-7358-5:/etc/notrouter file should be owned by an appropriate user10.8.10-1 A.1 2) #18 CCE-7438-5;/etc/notrouter file should be owned by an appropriate group CCE-7262-9 CCE-6479-0 CCE-7125-8?/etc/samba/smb.conf file should be owned by an appropriate user10.8.10-1 A.1 2) #21 CCE-7282-7@/etc/samba/smb.conf file should be owned by an appropriate group CCE-7471-6;smbpasswd executable should be owned by an appropriate user10.8.10-1 A.1 2) #22 CCE-7441-9<smbpasswd executable should be owned by an appropriate group CCE-6850-2 CCE-6480-8 CCE-7071-4 CCE-7296-7 CCE-6886-6UPrograms executed through aliases file entries should be owned by an appropriate user10.8.10-1 A.1 2) #26 CCE-7401-3VPrograms executed through aliases file entries shoul< d be owned by an appropriate group CCE-7368-4 CCE-7352-8 CCE-7056-5 CCE-7460-96snmpd.conf file should be owned by an appropriate user10.8.10-1 A.1 2) #29 CCE-6481-67snmpd.conf file should be owned by an appropriate group CCE-7241-3</etc/syslog.conf file should be owned by an appropriate user10.8.10-1 A.1 2) #30 CCE-7404-7=/etc/syslog.conf file should be owned by an appropriate group CCE-6495-6<traceroute executable should be owned by an appropriate user10.8.10-1 A.1 2) #31 CCE-6633-2=traceroute executable should be owned by an appropriate group CCE-7461-7=/usr/lib/sendmail file should be owned by an appropriate user10.8.10-1 A.1 2) #32 CCE-7078-9>/usr/lib/sendmail file should be owned by an appropriate groupvia chgrp via chown CCE-7300-77/etc/passwd file should be owned by an appropriate user10.8.10-1 A.1 2) #35 CCE-7270-28/etc/passwd file should be owned by an appropriate group CCE-7076-37/etc/shadow file should be owned by an appropriate user10.8.10-1 A.1 2) #36 CCE-6904-78/etc/shadow file should be owned by an appropriate group CCE-6983-15smbpasswd file should be owned by an appropriate user10.8.10-1 A.1 2) #37 CCE-7247-06smbpasswd file should be owned by an appropriate group CCE-7238-9sEnvironmental variable PATH for superuser accounts should or should not contain world-writable files as appropriateshould/should notvia chmod via profile10.8.10-1 A.2 1) #1 CCE-7375-9vEnvironmental variable PATH for superuser accounts should not contain the current directory as the first or last entryvia local init files10.8.10-1 A.2 1) #2 CCE-7458-3The current wokring directory should or should not be added to the environmental variable PATH by global initialization files as appropriate10.8.10-1 A.2 1) #3 CCE-7155-5The current working directory should or should not be added to the environmental variable PATH by local initialization files as appropriate10.8.10-1 A.2 1) #4 CCE-7481-5 CCE-7331-2|The current directory should or should not be added to the environmental variable PATH by run control scripts as appropriate10.8.10-1 A.2 1) #7 CCE-7361-9,The system umask should be set appropriatelyvia global init files10.8.10-1 A.2 1) #8 CCE-6921-1*The user umask should be set appropriately CCE-6503-7"DEPRECATED in favor of CCE-7736-2. CCE-7060-7"DEPRECATED in favor of CCE-8221-4. CCE-7497-1 CCE-6787-6 CCE-7736-2qThe cron.allow file should be configured with the set of users permitted to use the cron facility as appropriate. CCE-8221-4tThe cron.deny file should be configured with the set of users not permitted to use the cron facility as appropriate. CCE-6998-99Cron logging should be enabled or disabled as appropriate10.8.10-1 A.3 4) CCE-7206-6"DEPRECATED in favor of CCE-8171-1. CCE-7345-2"DEPRECATED in favor of CCE-7839-4. CCE-8171-1mThe at.allow file should be configured with the set of users permitted to use the at facility as appropriate. CCE-7839-4pThe at.deny file should be configured with the set of users not permitted to use the at facility as appropriate. CCE-6697-78/etc/init.d file permissions should be set appropriately10.8.10-1 A.1 1) #74 CCE-7010-2?/usr/aset/userlist file permissions should be set appropriately10.8.10-2 B.1 1) #1 CCE-7424-5>/etc/rmmount.conf file permissions should be set appropriately10.8.10-2 B.1 1) #3 CCE-6511-0</var/log/pamlog file permissions should be set appropriately10.8.10-2 B.1 1) #4 CCE-6517-7H/etc/security/audit_control file permissions should be set appropriately10.8.10-2 B.1 1) #5 CCE-6549-0F/etc/security/audit_class file permissions should be set appropriately10.8.10-2 B.1 1) #6 CCE-6550-8F/etc/security/audit_event file permissions should be set appropriately10.8.10-2 B.1 1) #7 CCE-6880-910.8.10-2 B.1 1) #8 CCE-7470-8<DEPRECATED in favor of CE-8488-9, CCE-8494-7 and CCE-8314-7. CCE-8488-9</etc/auto.master file should be owned by an appropriate user10.8.10-3 C.1 1) #9 CCE-8494-7:/etc/auto.misc file should be owned by an appropriate user CCE-8314-79/etc/auto.net file should be owned by an appropriate user CCE-7380-9=/etc/rmmount.conf file should be owned by an appropriate user CCE-6582-1;/var/log/pamlog file should be owned by an appropriate user CCE-7406-2G/etc/security/audit_control file should be owned by an appropriate user CCE-7190-2E/etc/security/audit_class file should be owned by an appropriate user CCE-7265-2E/etc/security/audit_event file should be owned by an appropriate user CCE-6563-1 CCE-6565-6?/usr/aset/userlist file should be owned by an appropriate group CCE-7223-1>/etc/rmmount.conf file should be owned by an appropriate group CCE-7394-0</var/log/pamlog file should be owned by an appropriate group CCE-7222-3H/etc/security/audit_control file should be owned by an appropriate group CCE-7553-1F/etc/security/audit_class file should be owned by an appropriate group CCE-7444-3F/etc/security/audit_event file should be owned by an appropriate group CCE-6568-0:DEPRECATED in favor of CCE-8665-2, CCE-7766-9, CCE-8264-4. CCE-8665-2=/etc/auto.master file should be owned by an appropriate group CCE-7766-9;/etc/auto.misc file should be owned by an appropriate group CCE-8264-4:/etc/auto.net file should be owned by an appropriate group CCE-6575-5 CCE-7025-0 CCE-7126-6GGeneric PAM authentication should be enabled or disabled as appropriate10.8.10-2 B.2.1 1) CCE-7491-4>rsh auth should be allowed or disallowed by PAM as appropriatevia /etc/pam.conf10.8.10-2 B.2.1 2) a) CCE-7482-3<rlogin auth should be allowed by pam.d or not as appropriatevia /etc/pam.d10.8.10-2 B.2.1 2) b) CCE-7244-7`PAM access to /dev/console should be logged at an appropriate level or not logged as appropriate10.8.10-2 B.2.1 3) CCE-7323-9,PAM should be logged at an appropriate level CCE-7420-3N/usr/aset/masters/uid_aliases should contain an appropriate listing of aliaseslist of aliases!via /usr/aset/masters/uid_aliases10.8.10-2 B.2.2 1) CCE-7341-1gThe Solaris Automated Security Enhancement Tool (ASET) tune.low file should exist or not as appropriate10.8.10-2 B.2.2 2) CCE-7169-6gThe Solaris Automated Security Enhancement Tool (ASET) tune.med file should exist or not as appropriate CCE-6935-1hThe Solaris Automated Security Enhancement Tool (ASET) tune.high file should exist or not as appropriate CCE-7548-17The uid_aliases file should exist or not as appropriate CCE-7486-4;The low security directory list should be set appropriatelydirectory list via asetenv10.8.10-2 B.2.2 3) CCE-6891-6>The medium security directory list should be set appropriately CCE-7468-2<The high security directory list should be set appropriately CCE-7310-6>The ASET periodic schedule setting should be set appropriatelyschedule stanza CCE-7344-53The UID aliases pointer should be set appropriatelyfile CCE-7547-3FUsers should be listed in the ASET userlist file or not as appropriatevia /usr/aset/userlist10.8.10-2 B.2.2 4) CCE-7563-03ASET should check NIS+ tables or not as appropriate10.8.10-2 B.2.2 5) CCE-7514-30EEPROM security mode should be set appropriately security mode via EEPROM10.8.10-2 B.3 2) CCE-7127-41EEPROM warning banner should be set appropriately10.8.10-2 B.3 3) CCE-7016-9QThe noexec_user_stack flag should be set on the user stack or not as appropriate set/not setvia /etc/system10.8.10-2 B.4 1) CCE-6579-7KAttempted stack eploit logging should be enabled or disabled as appropriate CCE-7141-55The default login console should be set appropriatelypath to console10.8.10-2 B.4 2) CCE-6581-3-Default sleeptime should be set appropriately CCE-7188-6=Default number of allowed retries should be set appropriately CCE-7315-5NThe default number of syslog failed logins retried should be set appropriately CCE-7302-3.Default su console should be set appropriatelyvia /etc/default/su10.8.10-2 B.4 3) CCE-7542-4< 5auditing should be logged to an appropriate directory path to log-via "dir" flag in /etc/security/audit_control10.8.10-2 B.5 1) a) CCE-7009-4Jlogin and logout events (lo class) should be audited or not as appropriateaudited/not audited,via "lo" flag in /etc/security/audit_control10.8.10-2 B.5 1) b) CCE-7445-0 CCE-6977-3JNon attributable events (na class) should be audited or not as appropriate,via "na" flag in /etc/security/audit_control10.8.10-2 B.5 1) c) CCE-7577-0?The free space threshold to warn at should be set appropriatelypercentage of filesystem1via "minfree" flag in /etc/security/audit_control10.8.10-2 B.5 1) d) CCE-6600-1 CCE-7437-7"DEPRECATED in favor of CCE-7009-4. CCE-7388-2 CCE-7586-18Password changes should be audited or not as appropriatevia /etc/security/audit_event10.8.10-2 B.5 4) #3 CCE-6899-90su usage should be audited or not as appropriatevia /etc/security/audit_event10.8.10-2 B.5 4) #4 CCE-6868-4QCreation/modification of superuser groups should be audited or not as appropriate10.8.10-2 B.5 4) #5 CCE-7483-1FClearing of the audit log file should be audited or not as appropriate10.8.10-2 B.5 4) #8 CCE-7580-4VUse of identification/authorization mechanisms should be audited or not as appropriate10.8.10-2 B.5 4) #10 CCE-6606-85chmod command should be audited or not as appropriate10.8.10-2 B.5 4) #13 CCE-6929-4JThe user audit file should contain an appropriate set of never-audit flagsset of allowed flagsvia /etc/security/audit_user10.8.10-2 B.5 5) CCE-6793-4EThe /var/log/authlog log should be enabled or disabled as appropriate10.8.10-2 B.5 6) CCE-7559-8DThe /var/log/syslog log should be enabled or disabled as appropriate CCE-7510-1FThe /var/adm/messages log should be enabled or disabled as appropriate CCE-7399-9CThe /var/adm/sulog log should be enabled or disabled as appropriate CCE-7501-0EThe /var/adm/utmp[x] log should be enabled or disabled as appropriate CCE-6609-2EThe /var/adm/wtmp[x] log should be enabled or disabled as appropriate CCE-6619-1DThe /var/adm/sshlog log should be enabled or disabled as appropriate CCE-6730-6DThe /var/log/pamlog log should be enabled or disabled as appropriate CCE-6910-4 CCE-7254-610.8.10-2 B.5 8) CCE-6690-22auth usage should be audited or not as appropriate10.8.10-2 B.5 9) CCE-7474-05/var directory should be owned by an appropriate user10.8.10-2 B.5 11) CCE-7320-59/var/log directory should be owned by an appropriate user CCE-7584-69/var/adm directory should be owned by an appropriate user CCE-7412-0 CCE-7492-29BSM auditing should be enabled or disabled as appropriate10.8.10-2 B.5.2 2) CCE-7515-0 CCE-7216-5 CCE-7436-9 CCE-7312-2 CCE-7533-38The TCP max connection limit should be set appropriatelymax number of connections7via the tcp_conn_req_max value set with the ndd utility10.8.10-2 B.6 3) CCE-6620-92The TCP abort interval should be set appropriatelylimit<via the tcp_ip_abort_interval value set with the ndd utility CCE-7503-6NForwarding of directed broadcasts should be enabled or disabled as appropriateEvia the ip_forward_directed_broadcasts value set with the ndd utility CCE-6640-7WResponse to echo (ping) request broadcasts should be enabled or disabled as appropriateCvia the ip_respond_to_echo_broadcast value set with the ndd utility CCE-7130-8>via the ip_respond_to_timestamp value set with the ndd utility CCE-7496-3Hvia the ip_respond_to_timestamp_broadcast value set with the ndd utility CCE-6741-3GResponse to mask addresses should be enabled or disabled as appropriateKvia the ip_respond_to_address_mask_broadcast value set with the ndd utility CCE-7335-30ARP cleanup interval should be set appropriatelyinterval9via the arp_cleanup_interval value value set with the ndd CCE-7432-8,ARP IRE interval should be set appropriately:via the ip_ire_arp_interval value set with the ndd utility CCE-7449-29IP redirects should be followed or ignored as appropriate follow/ignoreRvia the ip_ignore_redirect and ip6_ignore_redirect values set with the ndd utility CCE-7414-6DSending of IP redirects should be enabled or disabled as appropriate8via the ip_send_redirects value set with the ndd utility CCE-6641-5PForwarding of source routed packets should be enabled or disabled as appropriate6via the ip_forward_src_routed set with the ndd utility CCE-6646-4:IP forwarding should be enabled or disabled as appropriate4via the ip_forwarding value set with the ndd utility CCE-6865-0KStrict destination multihoming should be enabled or disabled as appropriate@via the ip_strict_dst_multihoming value set with the ndd utility CCE-7626-5UForwarding of source routed IPv6 packets should be enabled or disabled as appropriate=via the ip6_forward_src_routed value set with the ndd utility CCE-7107-6<IPv6 forwarding should be enabled or disabled as appropriate5via the ip6_forwarding value set with the ndd utility CCE-7488-0FTCP reverse source routes should be enabled or disabled as appropriate9via the tcp_rev_src_routes value set with the ndd utility CCE-6656-34Routing should be enabled or disabled as appropriatevia /etc/notrouter10.8.10-2 B.6 4) CCE-7653-9JCaching of the RBAC prof_attr should be enabled or disabled as appropriatevia /etc/nscd.conf10.8.10-2 B.6 6) CCE-7057-3GMulticast route assignment should be enabled or disabled as appropriatevia /etc/init.d/inetsvc10.8.10-2 B.6 7) CCE-7405-4IPrint services through inetd should be enabled or disabled as appropriatevia /etc/inetd.conf10.8.10-2 B.6.1 1) CCE-7000-3?NFS server logging should be enabled or disabled as appropriatevia /etc/dfs/dfstab10.8.10-2 B.6.3 1) CCE-6876-7\Global initialization files should allow or deny write access to the terminal as appropriate allow/deny10.8.10-2 B.8 1) #1 CCE-7343-7 CCE-7607-5 CCE-7581-2JCaching of the RBAC exec_attr should be enabled or disabled as appropriate CCE-6673-8JCaching of the RBAC user_attr should be enabled or disabled as appropriate CCE-8236-2=The chmod system call should be audited or not as appropriate CCE-6659-7=The chown system call should be audited or not as appropriate CCE-6661-3>The fchmod system call should be audited or not as appropriate CCE-7590-3>The fchown system call should be audited or not as appropriate CCE-6665-4>The lchown system call should be audited or not as appropriate CCE-7493-0AThe setgroups system call should be audited or not as appropriate CCE-7277-7?The setpgrp system call should be audited or not as appropriate CCE-6677-9@The setreuid system call should be audited or not as appropriate CCE-7526-7@The setregid system call should be audited or not as appropriate CCE-7253-8?The setegid system call should be audited or not as appropriate CCE-6702-5?The seteuid system call should be audited or not as appropriate CCE-7603-4:System ftp logoffs should be audited or not as appropriate10.8.10-2 B.5 4) #2 CCE-6684-5<System telnet logons should be audited or not as appropriate10.8.10-2 B.5 4) #1 CCE-7390-89System ssh logons should be audited or not as appropriate CCE-7178-7<System rlogin logons should be audited or not as appropriate CCE-7381-7:System rshd logons should be audited or not as appropriate CCE-7521-8<System rexecd logons should be audited or not as appropriate CCE-7350-2:System rexd logons should be audited or not as appropriate CCE-7588-79System ftp logons should be audited or not as appropriate CCE-7103-5Arlogin auth should be allowed or disallowed by PAM as appropriate CCE-6944-3 CCE-7568-96Hard core dump size limits should be set appropriately/etc/security/limits ulimit CCE-7665-3ERoot logins should be allowed or not as appropriate from SSH consoles CCE-5943-6 CCE-6771-0 CCE-6723-1 CCE-6505-2 CCE-6725-6 CCE-5779-4 CCE-6193-7 CCE-6162-2 CCE-6074-9 CCE-6382-6 CCE-6228-1 CCE-6386-7 CCE-5781-0 CCE-6529-2 CCE-6106-9< CCE-5787-7 CCE-5989-9 CCE-6694-4 CCE-6711-6 CCE-6178-8 CCE-6015-2 CCE-6398-2 CCE-5869-3 CCE-6774-4 CCE-6616-7 CCE-5792-7 CCE-6590-4 CCE-6436-0 CCE-5827-1 CCE-6779-3 CCE-6735-5 CCE-6532-6 CCE-6739-7 CCE-6316-4 CCE-5793-5 CCE-6676-1 CCE-6707-4 CCE-6266-1 CCE-6487-3 CCE-6521-9 CCE-5865-1 CCE-6239-8 CCE-6556-5 CCE-5795-0 CCE-6772-8 CCE-6662-1 CCE-5814-9 CCE-6496-4 CCE-6716-5 CCE-6627-4 CCE-5971-7via D64ntpd.conf CCE-6808-0 CCE-5966-7 CCE-6812-2 CCE-6160-6 CCE-6781-9 CCE-5818-0 CCE-6164-8 CCE-5823-0 CCE-6574-8 CCE-6340-4 CCE-5826-3 CCE-6720-7 CCE-6795-9 CCE-6623-3 CCE-6288-5 CCE-6755-3 CCE-5831-3 CCE-6478-2 CCE-6821-3 CCE-6482-4 CCE-6543-3 CCE-6636-5 CCE-6418-8 CCE-6119-2 CCE-6634-0 CCE-6339-6 CCE-6823-9 CCE-5845-3 CCE-6806-4 CCE-6325-5 CCE-5920-4 CCE-6766-0 CCE-6614-2 CCE-6728-0 CCE-6494-9 CCE-6834-6 CCE-6777-7 CCE-6305-7 CCE-6776-9 CCE-5857-8 CCE-6154-9 CCE-6334-7 CCE-6810-6 CCE-6639-9 CCE-5965-9 CCE-6484-0 CCE-6704-1 CCE-5866-9 CCE-6682-9via inetadm via svccfg CCE-6651-4 CCE-6686-0 CCE-6655-5 CCE-6754-6 CCE-6345-3 CCE-6816-3 CCE-6842-9zNFS should be configured to respond or not as appropriate to client requests that do not originate from a privileged port. CCE-6807-2via NFS via /etc/exports CCE-6573-0 CCE-5874-3 CCE-6775-1via inetd via RC scripts CCE-6537-5 CCE-6740-5 CCE-6874-2 CCE-6843-7 CCE-6654-8 CCE-6063-2 CCE-6526-8 CCE-5880-0 CCE-6756-1 CCE-6853-6 CCE-6513-6 CCE-6588-8 CCE-5914-7 CCE-5881-8 CCE-6169-7 CCE-6811-4 CCE-6763-7 CCE-6605-0 CCE-6749-6 CCE-6216-6 CCE-6467-5 CCE-6687-8 CCE-6657-1 CCE-6097-0 CCE-6784-3 CCE-6498-0 CCE-6533-4 CCE-6736-3 CCE-6652-2 CCE-6832-0 CCE-6445-1 CCE-6356-0 CCE-5892-5 CCE-5895-8 CCE-6033-5 CCE-6377-6 CCE-6751-2 CCE-6848-6 CCE-6883-3 CCE-6724-9 CCE-6663-9 CCE-6570-6 CCE-6667-0 CCE-5897-4 CCE-6380-0 CCE-5901-4 CCE-6142-4 CCE-5902-2 CCE-6544-1 CCE-6830-4 CCE-6407-1 CCE-6693-6 CCE-6750-4 CCE-6719-9 CCE-6506-0 CCE-6598-7 CCE-6593-8 CCE-6188-7 CCE-6034-3 CCE-6664-7 CCE-6131-7 CCE-6897-3 CCE-6884-1 CCE-6584-7 CCE-6879-1 CCE-6461-8 CCE-6742-1 CCE-6839-5 CCE-6773-6 CCE-6429-5 CCE-6901-3 CCE-5908-9 CCE-6875-9 CCE-6347-9 CCE-5916-2 CCE-6714-0 CCE-5924-6 CCE-6814-8 CCE-6801-5 CCE-6695-1 CCE-6893-2 CCE-6722-3 CCE-5928-7 CCE-6857-7 CCE-5935-2 CCE-6849-4 CCE-5948-5 CCE-5958-4 CCE-6788-4 CCE-6757-9 CCE-6669-6 CCE-6872-6 CCE-6889-0 CCE-6717-3 CCE-6827-0 CCE-6464-2 CCE-5960-0 CCE-6809-8 CCE-5967-5 CCE-6385-9 CCE-6005-3 CCE-6226-5 CCE-6137-4 CCE-6732-2 CCE-6789-2 CCE-6855-1 CCE-6824-7 CCE-6965-8 CCE-6916-1 CCE-6745-4 CCE-6295-0 CCE-6123-4 CCE-6449-3 CCE-6718-1 CCE-6815-5 CCE-6967-4 CCE-6403-0 CCE-6747-0 CCE-6909-6 CCE-6125-9 CCE-6878-3 CCE-5998-0 CCE-6971-6 CCE-6613-4 CCE-6006-1 CCE-6589-6 CCE-6201-8 CCE-6866-8 CCE-6791-8 CCE-6008-7 CCE-6907-0 CCE-6374-3 CCE-6938-5 CCE-6019-4 CCE-6825-4 CCE-6922-9 CCE-6770-2 CCE-6863-5 CCE-6036-8 CCE-6994-8 CCE-6946-8 CCE-6963-3 CCE-6822-1 CCE-6962-5 CCE-6416-2 CCE-6244-8 CCE-6958-3 CCE-6038-4 CCE-6804-9 CCE-6518-54/etc/exports should be owned by an appropriate user CCE-6989-8 CCE-6896-5EExported files and directories should be owned by an appropriate user CCE-6209-1 CCE-6997-1 CCE-6838-7 CCE-6790-0 CCE-6982-3 CCE-6968-2 CCE-6986-4 CCE-6942-7 CCE-6726-4 CCE-6924-5 CCE-6769-4 CCE-6796-7 CCE-6637-3 CCE-7018-5 CCE-6987-2 CCE-6798-3 CCE-6705-8 CCE-6930-2 CCE-6819-7 CCE-6647-2 CCE-6974-0 CCE-6898-1 CCE-6854-4 CCE-6678-710.8.10-1 A.1 2) #27 CCE-6914-6 CCE-6446-9 CCE-7006-0 CCE-6350-3 CCE-6261-2 CCE-6040-0 CCE-6859-3 CCE-6701-7 CCE-6802-3 CCE-6098-8 CCE-6053-3 CCE-6700-9 CCE-6943-5 CCE-6890-8 CCE-6660-5 CCE-6059-0 CCE-6648-0 CCE-6060-8 CCE-6681-1 CCE-6709-0 CCE-6934-4 CCE-6762-9 CCE-6064-0 CCE-6748-8 CCE-6906-2 CCE-6611-8 CCE-7061-5 CCE-6831-2 CCE-6818-9 CCE-8393-1 Text editor CCE-7925-1 CCE-7771-9 CCE-7961-6 CCE-7674-5 CCE-6071-5 CCE-6246-3 CCE-6072-3 CCE-6964-1 CCE-6073-1 CCE-6846-0 CCE-6155-6 CCE-6873-4 CCE-6404-87/etc/auto_* file should be owned by an appropriate user CCE-8457-4 CCE-7984-8 CCE-7800-6 CCE-6858-5 CCE-7002-9 CCE-6329-7 CCE-6941-9 CCE-6954-2 CCE-6782-7>DEPRECATED in favor of CCE-8338-6, CCE-8428-5, and CCE-8539-9. CCE-8338-6 CCE-8428-5 CCE-8539-9 CCE-7050-8 CCE-7019-3 CCE-6112-7 CCE-6786-8 CCE-6381-8 CCE-6411-3 CCE-6882-5>DEPRECATED in favor of CCE-8399-8, CCE-8304-8, and CCE-8642-1. CCE-8399-8 CCE-8304-8 CCE-8642-1 CCE-7068-0 CCE-6851-0 CCE-7072-2 CCE-6077-2 CCE-6917-9 CCE-6090-5 CCE-7055-7 CCE-6871-8 CCE-6412-1 CCE-6092-1 CCE-6828-8 CCE-6361-0 CCE-7044-1via /usr/aset/asetenv CCE-6409-7 CCE-6797-5 CCE-6391-7 CCE-7015-1 CCE-6359-4 CCE-6456-8 CCE-6101-0 CCE-6931-0 CCE-6199-4CThe noexec_user_stack parameter should be set or not as appropriate CCE-6433-7HThe no_exec_user_stack_log parameter should be set or not as appropriate CCE-6887-4 CCE-6111-9 CCE-6368-5 CCE-6273-7 CCE-6126-7 CCE-6127-5 CCE-6351-1 CCE-6699-3 CCE-6915-3 CCE-6132-5 CCE-6888-2 CCE-6923-7 CCE-6500-3 CCE-6703-3 CCE-6752-0 CCE-6862-7 CCE-6139-0 CCE-7088-8 CCE-7040-9 CCE-6577-1 CCE-6419-6 CCE-6167-1 CCE-6638-1 CCE-6145-7 CCE-6894-0 CCE-7079-7 CCE-6674-6 CCE-6457-6 CCE-7039-1AUnsuccessful login attemps should be logged or not as appropriatevia /var/adm/loginlog10.8.10-2 B.5 7) CCE-7051-6 CCE-6629-0 CCE-6497-2 CCE-7135-7 CCE-6840-3 CCE-6996-3 CCE-6948-4 CCE-6900-5 CCE-6542-5 CCE-6278-6 CCE-6546-6EThe serial port listener should be enabled or disabled as appropriate10.8.10-2 B.6 1) CCE-6626-68via the tcp_conn_req_max value set with the ndd utility CCE-7075-5 CCE-6612-6 CCE-6330-5 CCE-6826-2 CCE-7042-5 CCE-6993-0 CCE-6918-7Avia the arp_cleanup_interval value value set with the ndd utility CCE-7121-7Vvia the ip_ire_arp_interval value set with the ndd utility /etc/rc2.d/S70ndd-security CCE-7077-1 CCE-7090-4 CCE-6561-5 CCE-6970-8 CCE-6279-4 CCE-7001-1 CCE-6940-1 CCE-7032-6 CCE-6534-2 CCE-6148-1 CCE-6978-1 CCE-6744-7 CCE-7070-6 CCE-6836-1 CCE-7074-8 CCE-7012-8 CCE-7041-7 CCE-7116-7 CCE-8477-2EThe chmod command system call should be audited or not as appropriate CCE-7027-6 CCE-6618-3 CCE-6680-3 CCE-6152-3 CCE-6153-1 CCE-6658-9 CCE-6908-8 CCE-7124-1 CCE-6761-1 CCE-6176-2 CCE-6181-2 CCE-6183-8 CCE-6447-7 CCE-7099-5 CCE-6187-9 CCE-6622-5 CCE-7182-9 CCE-7151-4 CCE-7122-5 CCE-7091-2 CCE-6937-7/etc/security/limits ulimit CCE-6844-5 CCE-5658-0 CCE-6235-6 CCE-6315-6 CCE-5947-7 CCE-5546-7 CCE-6294-3+via /etc/snmp.conf via /etc/snmp/snmpd.conf CCE-6136-6via /etc/snmp/snmpd.conf CCE-6105-1QPassword policy should ban or allow usernames or UIDs in passwords as appropriate CCE-6263-8 CCE-6448-5 CCE-6417-0 CCE-6078-0 CCE-5906-3 CCE-6045-9 CCE-5997-2 CCE-6358-6 CCE-6375-0 CCE-6080-6 via grub CCE-6366-9 CCE-6441-0 CCE-5644-0 via /etc/motd CCE-5784-4&via /etc/ssh/sshd_config via /etc/motd CCE-6502-9 CCE-6440-2 CCE-6286-9 CCE-6472-5 CCE-6387-5 CCE-6224-0 CCE-6515-1 CCE-6343-8 CCE-5527-7:via xscreensaver via dtsession via /etc/pam.d/xscreensaver CCE-5855-2 CCE-6058-2via inittab via /sbin/agetty CCE-8432-7 CCE-6430-3 CCE-6522-7 CCE-6346-1 CCE-6504-5 CCE-8667-8 CCE-8543-1 CCE-8658-7 CCE-6184-6 CCE-6413-9 CCE-6284-4>via /etc/passwd via /usr/sbin/useradd via /etc/default/useradd CCE-5628-3 CCE-5730-7 CCE-6476-6 CCE-6318-0via /etc/sysconfig/ntpd CCE-6335-4GATEWAY=/disabled6via /etc/default/route.conf < via /etc/sysconfig/network CCE-6450-1 CCE-6150-7 via xinetd CCE-6414-7 CCE-6493-1 CCE-6277-8 CCE-5545-9 CCE-6202-6 CCE-6354-5 CCE-6200-0 CCE-6028-5 CCE-6415-4 CCE-6393-3 CCE-6296-8 CCE-6499-8 CCE-6204-2 CCE-6238-0 CCE-5562-4 CCE-6520-1 CCE-6220-8 CCE-6049-1 CCE-6458-4 CCE-6427-9 CCE-6554-0 CCE-6422-0 CCE-6369-3 CCE-6523-5 CCE-5836-2 CCE-6426-1 CCE-5567-3 CCE-6293-5 CCE-5575-6 CCE-6270-3 CCE-6508-6 CCE-6507-8 CCE-5576-4 CCE-6243-0 CCE-6468-3 CCE-5918-8 CCE-6303-2 CCE-5669-7 CCE-5809-9 CCE-6514-4 CCE-6462-6QThe nosgid option should be enabled or disabled for all NFS mounts as appropriate CCE-6250-5 CCE-6466-7 CCE-6483-2 CCE-6408-9 CCE-6560-7 CCE-6247-1 CCE-5714-1 CCE-6357-8 CCE-5584-8 CCE-6118-4%via sendmailvia /etc/mail/sendmail.cf CCE-6431-1 CCE-6524-3 CCE-6435-2 CCE-6510-2 CCE-6558-1 CCE-6025-1 CCE-5748-9 CCE-6373-5 CCE-5620-0 CCE-6268-7 CCE-6501-1 CCE-6206-7 CCE-6602-7 CCE-6571-4 CCE-6583-9 CCE-6552-4 CCE-6363-6 CCE-5623-4 CCE-5995-6 CCE-6572-2 CCE-5964-2 CCE-6559-9 CCE-5968-3 CCE-6527-6 CCE-6245-5 CCE-6384-2 CCE-6371-9 CCE-6252-1 CCE-6463-4 CCE-6437-8 CCE-5952-7 CCE-5921-2 CCE-6564-9 CCE-6388-3 CCE-5636-6 CCE-6130-9 CCE-6443-6 CCE-6535-9 CCE-5944-4 CCE-5650-7 CCE-6548-2 CCE-6253-9 CCE-6240-6 CCE-6531-8 CCE-6460-0 CCE-5905-5 CCE-6002-0 CCE-6333-9 CCE-6099-6 CCE-6332-1 CCE-6473-3 CCE-6442-8 CCE-6129-1 CCE-6539-1 CCE-6257-0 CCE-6607-6 CCE-6576-3 CCE-5651-5=/etc/xinetd.conf file permissions should be set appropriately CCE-6475-8 CCE-6281-0 CCE-6355-2 CCE-6540-9 CCE-6241-4 CCE-6509-4 CCE-5835-4 CCE-6553-2 CCE-6190-3 CCE-6269-5 CCE-6410-5 CCE-6625-8 CCE-6599-5 CCE-5735-6 CCE-5652-3 CCE-6477-4 CCE-6569-87/etc/fstab file permissions should be set appropriately CCE-6649-8 CCE-5911-3 CCE-6488-1 CCE-6395-8 CCE-6492-3 CCE-5654-9 CCE-6586-2 CCE-6309-9 CCE-6402-2 CCE-6401-4 CCE-6370-1 CCE-5811-5 CCE-6265-3 CCE-6591-2 CCE-6608-4 CCE-6344-6 CCE-6471-73System files should be owned by an appropriate user10.8.10-1 A.1 2) #8 CCE-6061-64System files should be owned by an appropriate group CCE-5890-9ADefault/skeleton dot files should be owned by an appropriate user10.8.10-1 A.1 2) #9 CCE-5657-2BDefault/skeleton dot files should be owned by an appropriate group CCE-6545-8BGlobal initialization files should be owned by an appropriate user10.8.10-1 A.1 2) #10 CCE-6516-9CGlobal initialization files should be owned by an appropriate group CCE-6362-87Home directories should be owned by an appropriate user CCE-6587-08Home directories should be owned by an appropriate group CCE-5850-3 CCE-6551-68xinetd.conf file should be owned by an appropriate group CCE-6397-4 CCE-6555-7 CCE-6621-7 CCE-6396-6 CCE-6352-9 CCE-5969-1 CCE-5673-9 CCE-5824-8 CCE-5685-3 CCE-5946-9 CCE-5694-5 CCE-6421-2 CCE-6642-3The current directory should or should not be added to the environmental variable PATH by global initialization files as appropriate CCE-6425-3The current directory should or should not be added to the environmental variable PATH by local initialization files as appropriate CCE-5699-4ULocal initialization files should allow or deny access to the terminal as appropriate10.8.10-1 A.2 1) #6 CCE-5959-2 CCE-6116-8 CCE-6336-2GLogin to privileged accounts should be allowed or denied as appropriate10.8.10.5.2.4 (2) CCE-6102-8 CCE-6679-5A/boot/grub/grub.conf file permissions should be set appropriately10.8.10-3 C.1 1) #1 CCE-6653-0@/boot/grub/grub.conf file should be owned by an appropriate user CCE-6432-9A/boot/grub/grub.conf file should be owned by an appropriate group CCE-6512-8;/etc/lilo.conf file permissions should be set appropriately10.8.10-3 C.1 1) #2 CCE-6212-5>/etc/login.access file permissions should be set appropriately10.8.10-3 C.1 1) #3 CCE-6229-9F/etc/security/access.conf file permissions should be set appropriately CCE-5700-0=/etc/sysctl.conf file permissions should be set appropriately10.8.10-3 C.1 1) #4 CCE-6389-1;/etc/securetty file permissions should be set appropriately10.8.10-3 C.1 1) #5 CCE-6698-5C/etc/audit/auditd.conf file permissions should be set appropriately10.8.10-3 C.1 1) #6 CCE-6420-48audit.rules file permissions should be set appropriately10.8.10-3 C.1 1) #7 CCE-5953-5>DEPRECATED in favor of CCE-8569-6, CCE-7990-5, and CCE-8624-9. CCE-8569-6 CCE-7990-5 CCE-8624-9 CCE-6547-4:/etc/lilo.conf file should be owned by an appropriate user CCE-5704-2=/etc/login.access file should be owned by an appropriate user CCE-6525-0E/etc/security/access.conf file should be owned by an appropriate user CCE-6115-0</etc/sysctl.conf file should be owned by an appropriate user CCE-6383-4:/etc/securetty file should be owned by an appropriate user CCE-5716-6B/etc/audit/auditd.conf file should be owned by an appropriate user CCE-6631-67audit.rules file should be owned by an appropriate user CCE-6596-1>DEPRECATED in favor of CCE-8335-2, CCE-8498-8, and CCE-8383-2. CCE-8335-2 CCE-8498-8 CCE-8383-2 CCE-6675-3;/etc/lilo.conf file should be owned by an appropriate group CCE-6195-2>/etc/login.access file should be owned by an appropriate group CCE-5900-6F/etc/security/access.conf file should be owned by an appropriate group CCE-6304-0=/etc/sysctl.conf file should be owned by an appropriate group CCE-5720-8;/etc/securetty file should be owned by an appropriate group CCE-5726-5C/etc/audit/auditd.conf file should be owned by an appropriate group CCE-6376-88audit.rules file should be owned by an appropriate group CCE-6222-4=DEPRECATED in favor of CCE-8347-7 CCE-8526-6, and CCE-8369-1. CCE-8347-7 CCE-8526-6 CCE-8369-1 CCE-6424-6kAccess controls through login.access and access.conf should be set for non-superusers or not as appropriate4via /etc/login.access via /etc/security/acccess.conf10.8.10-3 C.1.1 1) CCE-6312-310.8.10-3 C.2 1) #1 CCE-6528-4<Ctrl-Alt-Delete should be enabled or disabled as appropriate10.8.10-3 C.3 1) CCE-6691-0(An appropriate bootloader should be usedlist of bootloadersvia bootloader10.8.10-3 C.3.2 2) CCE-6519-3?GRUB should be configured with a password or not as appropriate password/no passworvia /boot/grub/menu.lst10.8.10-3 C.3.2 3) CCE-6594-6?LILO should be configured with a password or not as appropriatepassword/no password10.8.10-3 C.3.2 4) CCE-8118-2LSystem should be configured to boot and appropriate set of operating systemslist of operating systems10.8.10-3 C.3.2 5) CCE-5972-5JThe primary filesystem partition should be using an appropriate filesystemlist of filesystems10.8.10-3 C.4 1) CCE-6364-4=The ugidd daemon should be enabled or disabled as appropriate via rpc.ugidd10.8.10-3 C.4.1 1) CCE-5813-1?NFS insecure locks should be enabled or disabled as appropriate10.8.10-3 C.4.1 3) CCE-5752-10X server audit level should be set appropriately audit levelvia 10.8.10-3 C.5.1 1) CCE-5753-9,X server timeout should be set appropriatelyvia RC 5 scripts CCE-6297-68X server ac should be enabled or disabled as appropriate10.8.10-3 C.5.1 2) CCE-6671-2:X server core should be enabled or disabled as appropriate CCE-6538-3<X server nolock should be enabled or disabled as appropriate CCE-6486-58PAM console should be enabled or disabled as appropriate10.8.10-3 C.5.2 1) CCE-6644-98shutdown account should be present or not as appropriatepresent/absent10.8.10-3 C.6 1) CCE-6706-64halt account should be present or not as appropriate CCE-6617-55games account should be present or not as appropriate10.8.10-3 C.6 2) CCE-5758-88operator account should be present or not as appropriate CCE-6041-8BAuditing should be enabled or disabled at boot time as appropriatevia init files10.8.10-3 C.7 1) CCE-6715-75System logons s< hould be audited or not as appropriate via syslog10.8.10-3 C.7 2) #1 CCE-6666-26System logoffs should be audited or not as appropriate10.8.10-3 C.7 2) #2 CCE-6530-010.8.10-3 C.7 2) #3 CCE-5772-910.8.10-3 C.7 2) #4 CCE-6759-5DCreation of superuser groups should be audited or not as appropriate10.8.10-3 C.7 2) #5 CCE-5778-610.8.10-3 C.7 2) #8 CCE-6628-2KStartup/shutdown of audit functions should be audited or not as appropriate10.8.10-3 C.7 2) #9 CCE-6470-910.8.10-3 C.7 2) #10 CCE-6597-9XRemote access from outside the corporate network should be audited or not as appropriate10.8.10-3 C.7 2) #11 CCE-6566-4HChange of permissions/privileges should be audited or not as appropriate10.8.10-3 C.7 2) #13 CCE-6727-2HModification of superuser groups should be audited or not as appropriate CCE-6692-82Sudo usage should be audited or not as appropriate CCE-6124-2 CCE-5435-3M/export/home should be configured on an appropriate filesystem logical volumelogical volume CCE-6030-1E/var should be configured on an appropriate filesystem logical volume CCE-5936-0E/opt should be configured on an appropriate filesystem logical volume CCE-6122-6 CCE-6091-3 CCE-6249-7via /etc/snmp.conf CCE-6095-4 CCE-6108-510.8.10.5.1 a) CCE-5812-3via /etc/security/user CCE-6161-4 CCE-6172-1 CCE-5639-0 CCE-6163-0 CCE-5982-4 CCE-5956-8 CCE-6219-0 CCE-5925-3 CCE-6140-8 CCE-6180-4 CCE-6114-3 CCE-6120-0 CCE-6094-7 CCE-5561-6 via sshd.conf CCE-5583-0 via telnetd CCE-5552-5 CCE-5255-5 CCE-6043-4 CCE-6117-6 CCE-5883-4 CCE-5261-3 CCE-5495-7 CCE-5949-3 CCE-6147-3 CCE-6182-0 via inittab CCE-5764-6 CCE-6151-5 CCE-5516-0 CCE-6089-7 CCE-5873-5 CCE-6186-1 CCE-6191-1 CCE-8640-5 CCE-8240-4 CCE-8631-4 CCE-6208-3 CCE-5265-4 CCE-6133-3 CCE-5797-6 CCE-5886-7 CCE-5762-0 CCE-5987-3 CCE-5828-9/via /etc/default/route.conf via /etc/gated.conf CCE-5927-9 CCE-6143-2 CCE-6054-1 CCE-6010-3 CCE-5460-1 CCE-5618-4 CCE-5838-8 CCE-5878-4 CCE-5266-2 CCE-6138-2 CCE-6057-4 CCE-5885-9 CCE-5978-2 CCE-5607-7 CCE-6075-6 CCE-6232-3 CCE-6171-3 CCE-5638-2 CCE-6175-4 CCE-6144-0 CCE-5763-8 CCE-5856-0 CCE-6081-4 CCE-6093-9 CCE-6173-9 CCE-5287-8 CCE-6070-7 CCE-6026-9 CCE-6166-3 CCE-5867-7 CCE-5810-7 CCE-5898-2 CCE-5713-3 CCE-5994-9 CCE-6215-8 CCE-5937-8 CCE-5303-3 CCE-6223-2 CCE-6069-9 CCE-5320-7via NFSvia via /etc/exports CCE-5593-9 CCE-6256-2 CCE-5596-2 CCE-6234-9 CCE-6185-3 CCE-6000-4 CCE-5551-7 CCE-6018-6 CCE-6141-6 CCE-6233-1 CCE-5288-6 CCE-6113-5 CCE-6047-5 CCE-6214-1 CCE-6051-7 CCE-5756-2 CCE-5769-5 CCE-5976-6 CCE-5438-7 CCE-6227-3 CCE-5290-2 CCE-6192-9 CCE-6165-5 CCE-6262-0 CCE-6134-1 CCE-5315-7 CCE-5912-1 CCE-6128-3 CCE-5322-3 CCE-6231-5 CCE-6082-2 CCE-6121-8 CCE-5452-8 CCE-6280-2 CCE-5332-2 CCE-5782-8 CCE-5861-0 CCE-6248-9 CCE-5592-1 CCE-5336-3 CCE-6205-9 CCE-6298-4 CCE-6331-3 CCE-6300-8 CCE-5938-6 CCE-6027-7 CCE-5864-4 CCE-5757-0 CCE-6207-5 CCE-5973-3 CCE-5341-3 CCE-6291-9 CCE-6306-5 CCE-5358-7 CCE-6310-7 CCE-5904-8 CCE-6217-4 CCE-5494-0 CCE-6221-6 CCE-6314-9 CCE-6327-1 CCE-6032-7 CCE-5915-4 CCE-5990-7 CCE-6320-6 CCE-6236-4 CCE-5950-1 CCE-5362-9 CCE-6068-1 CCE-6271-1 CCE-6301-6 CCE-6275-2 CCE-6319-8 CCE-5649-9 CCE-5870-1 CCE-6274-5 CCE-5372-8 CCE-5439-5 CCE-5601-0 CCE-6302-4 CCE-5570-7 CCE-6020-2 CCE-5760-4 CCE-5899-0 CCE-6225-7 CCE-6242-2 CCE-6083-0 CCE-5683-8 CCE-5933-7 CCE-6149-9 CCE-6039-2 CCE-5655-6 CCE-5854-5 CCE-6349-5 CCE-6067-3 CCE-5388-4 CCE-5691-1 CCE-5502-0 CCE-5682-0 CCE-6259-6 CCE-6210-9 CCE-5871-9 CCE-5840-4 CCE-6353-7 CCE-5393-4 CCE-5399-1 CCE-6179-6 CCE-6272-9 CCE-5403-1 CCE-5746-3 CCE-5465-0 CCE-5729-9 CCE-5433-8 CCE-5879-2 CCE-5447-8 CCE-6046-7 CCE-5473-4 CCE-5404-9 CCE-6254-7 CCE-5425-4 CCE-6372-7 CCE-6283-6 CCE-6001-2 CCE-5451-0 CCE-5467-6 CCE-6455-0 CCE-5486-6 CCE-6337-0 CCE-6289-3 CCE-6451-9 CCE-6042-6 CCE-5556-6E/etc/rc.config.d/auditing file should be owned by an appropriate user10.8.10-4 D.1 1) #2 CCE-5887-5 CCE-5962-67/etc/init.d file should be owned by an appropriate user10.8.10-4 D.1 1) #5 CCE-6365-1:/etc/hosts.lpd file should be owned by an appropriate user10.8.10-4 D.1 1) #6 CCE-6211-7 CCE-5491-6F/etc/rc.config.d/auditing file should be owned by an appropriate group CCE-6313-1 CCE-6159-88/etc/init.d file should be owned by an appropriate group CCE-6065-7;/etc/hosts.lpd file should be owned by an appropriate group CCE-6251-3 CCE-6290-1F/etc/rc.config.d/auditing file permissions should be set appropriately CCE-6360-2>DEPRECATED in favor of CCE-8638-9, CCE-8647-0, and CCE-8187-7. CCE-8638-9 CCE-8647-0 CCE-8187-7 CCE-5504-6 CCE-5517-8;/etc/hosts.lpd file permissions should be set appropriately CCE-6076-4 CCE-6292-7GAuditing should be enabled or disabled for user accounts as appropriatevia /tcb/files/auth/*10.8.10-4 D.3 1) CCE-6203-4via /etc/rc.config.d/auditing10.8.10-4 D.3 2) CCE-5794-310.8.10-4 D.3 3) #1 CCE-6168-910.8.10-4 D.3 3) #2 CCE-6014-510.8.10-4 D.3 3) #3 CCE-5983-210.8.10-4 D.3 3) #4 CCE-5859-410.8.10-4 D.3 3) #5 CCE-6326-310.8.10-4 D.3 3) #8 CCE-5894-110.8.10-4 D.3 3) #9 CCE-6110-110.8.10-4 D.3 3) #10 CCE-6423-810.8.10-4 D.3 3) #11 CCE-6454-310.8.10-4 D.3 3) #13 CCE-6282-810.8.10-4 D.4 1) #1 CCE-6317-20PRI audit file should be specified appropriately file and path CCE-5660-60SEC audit file should be specified appropriately CCE-6348-75FileSpaceSwitch should be set to an appropriate valuepercentage of free space CCE-5774-5JWakeup switchpoint frequency should be set to an appropriate time interval CCE-5731-5KWarning messages switchpoint distance should be set to an appropriate valueswitchpoint distance integer CCE-6444-4 CCE-5940-2 CCE-5847-9 CCE-5424-7 CCE-5710-9 CCE-5662-2via /etc/passwd CCE-5317-3 CCE-5384-3 CCE-5723-2 CCE-5634-1 CCE-5352-0 CCE-5848-7 CCE-5443-7 CCE-5664-8 CCE-5804-0 CCE-4858-7 CCE-5775-2 CCE-5761-2 CCE-5841-2 CCE-5858-6 CCE-5078-1 CCE-5715-8 CCE-5684-6 CCE-5244-9 CCE-5402-3 CCE-5622-6 CCE-5843-8 CCE-5842-0 CCE-5560-8 CCE-4873-6 CCE-5187-0 CCE-5765-3 CCE-4884-3 CCE-5381-9 CCE-5645-7 CCE-5597-0 CCE-5676-2 CCE-5733-1 CCE-5702-6 CCE-5076-5 CCE-5442-9 CCE-5640-8 CCE-4893-4 CCE-5024-510.8.10.5.2.6 (10) CCE-5742-2 CCE-5777-8 /etc/shells CCE-5605-1 /etc/group CCE-5750-5 /etc/passwd CCE-5199-5 CCE-5310-8 CCE-5327-2BAll device files should be located inside an appropriate directory CCE-4900-7 CCE-5675-4 ntpd.conf CCE-5147-4Audit subsystem CCE-5724-0 CCE-5614-3 CCE-5834-7 CCE-5745-5 CCE-5587-1 CCE-5525-1 CCE-4930-4 CCE-4901-5 CCE-5017-9 CCE-5347-0 CCE-5193-8 CCE-5725-7 CCE-5801-6 CCE-5506-1 CCE-5791-9 CCE-5743-0 CCE-5773-7 CCE-5461-9 CCE-4905-6 CCE-5463-5 CCE-5542-6 CCE-5431-2 CCE-5780-2 CCE-5872-7 CCE-5343-9 CCE-5611-9 CCE-5598-8 CCE-5550-9 CCE-4911-4 CCE-4926-2 CCE-4913-0 CCE-5681-2 CCE-5368-6 CCE-5549-1 CCE-5144-1 CCE-5223-3 CCE-5738-0 CCE-5456-9 CCE-4918-9 CCE-5798-4 CCE-5917-0 CCE-4934-6 CCE-5535-0 CCE-5117-7/etc/ssh/ssh_config CCE-5690-3via inetd.conf CCE-5852-9 CCE-5068-2 CCE-5569-9 CCE-5806-5 CCE-5882-6 CCE-5414-8 CCE-5348-8 CCE-5511-1kNFS server support for the AUTH_NONE authentication mechanism should be enabled or disabled as appropriate. CCE-5480-9kNFS server support for the AUTH_UNIX authentication mechanism should be enabled or disabled as appropriate. CCE-4957-7jNFS server support for the AUTH_DES authentication mechanism should be enabled or disabled as appropriate. CCE-4958-5kNFS server support for the AUTH_KERB authentication mechanism shou< ld be enabled or disabled as appropriate. CCE-5922-0 CCE-5790-1 CCE-5189-6 CCE-5876-8 CCE-4959-3 CCE-5115-1 CCE-5445-2 CCE-4960-1 CCE-5802-4 CCE-5212-6 CCE-5291-0 CCE-5741-4 CCE-4967-6AThe sendmail help command should be allowed or not as appropriate CCE-5783-60NIS should be enabled or disabled as appropriate CCE-4975-9via NIS+ via RC scripts CCE-5138-3+via Xwindows via /etc/inittab vi RC scripts CCE-5711-7 CCE-4984-1 CCE-5975-8 CCE-5931-1 CCE-4994-0 CCE-5923-8 CCE-5939-4 CCE-5891-7 CCE-5234-0via SMIT CCE-5767-9 CCE-5846-1 CCE-5991-5 CCE-5705-9 CCE-5678-8 CCE-5942-8 CCE-5770-3 CCE-5280-3 CCE-5896-6 CCE-5474-2 CCE-5363-7 CCE-5566-5 CCE-5851-1 CCE-5821-4 CCE-5755-4 CCE-5807-3 CCE-5759-6 CCE-5979-0 CCE-5228-2 CCE-5951-9 CCE-5981-6 CCE-5668-9 CCE-5010-4 CCE-5666-3 CCE-5012-0 CCE-5796-8 CCE-5747-1 CCE-5849-5 CCE-5893-3 CCE-5734-9 CCE-5862-8 CCE-5954-3 CCE-5027-8 CCE-5206-8 CCE-5907-1 CCE-5040-1 CCE-5049-2 CCE-5056-7 CCE-6031-9 CCE-6004-6 CCE-5974-1 CCE-5863-6 CCE-5815-6 CCE-5955-0 CCE-6052-5 CCE-6021-0 CCE-5272-0 CCE-5884-2 CCE-6023-6 CCE-5349-6 CCE-6050-9 CCE-5833-9 CCE-5803-2 CCE-5820-6 CCE-5397-5 CCE-5226-6 CCE-5903-0 CCE-5970-9 CCE-5930-3 CCE-5698-6 CCE-5641-6 CCE-5909-7 CCE-5985-7 CCE-5350-4 CCE-5988-1 CCE-5817-2 CCE-5231-6 CCE-5323-1 CCE-5526-9 CCE-5631-7 CCE-5728-1 CCE-5512-9 CCE-5074-0 CCE-5808-1 CCE-5075-7 CCE-5932-9 CCE-5825-5 CCE-5279-5 CCE-5984-0 CCE-5656-4 CCE-5736-4 CCE-6062-4 CCE-5453-6 CCE-6048-3 CCE-5832-1 CCE-6017-8 CCE-5986-5 CCE-5875-0 CCE-5977-4 CCE-5627-5 CCE-5455-1 CCE-5077-3 CCE-5695-2 CCE-5646-5 CCE-5161-5 CCE-5254-8 CCE-5853-7 CCE-5632-5 CCE-5319-9 CCE-5412-2 CCE-5082-3 CCE-5754-7 CCE-6022-8 CCE-5868-5 CCE-5961-8 CCE-5837-0 CCE-5929-5 CCE-5085-6 CCE-5919-6 CCE-5888-3 CCE-5941-0 CCE-5910-5 CCE-5822-2 CCE-5663-0 CCE-5086-4 CCE-6007-9 CCE-5088-0 CCE-5732-3 CCE-5326-4 CCE-5296-94/etc/exports should be owned by an appropriate group CCE-5283-7 CCE-5428-8 CCE-5626-7 CCE-5957-6 CCE-5740-6 CCE-5090-6 CCE-6086-3 CCE-6055-8 CCE-6024-4 CCE-5839-6 CCE-5091-43aliases file should be owned by an appropriate user10.8.10-1 A.1 2) #24 CCE-5497-34aliases file should be owned by an appropriate group CCE-6029-3fThe log file configured to capture critical sendmail messages should be owned by the appropriate user.10.8.10-1 A.1 2) #25 CCE-5116-9gThe log file configured to capture critical sendmail messages should be owned by the appropriate group. CCE-5154-0 CCE-6013-7 CCE-5999-82Shell files should be owned by an appropriate user CCE-6003-83Shell files should be owned by an appropriate group CCE-6096-2 CCE-6107-7 CCE-5171-4 CCE-5688-7 CCE-5185-4 CCE-5671-3 CCE-5706-7 CCE-6177-0 CCE-5860-2 CCE-6146-5 CCE-5992-3 CCE-5615-0 CCE-5580-6 CCE-5191-2 CCE-6088-9 CCE-6044-2 CCE-5195-3The current working directory should or should not be added to the environmental variable PATH by global initialization files as appropriatevia local init files CCE-6012-9 CCE-5361-1 CCE-5204-3The current working directory should or should not be added to the environmental variable PATH by run control scripts as appropriate CCE-6087-1 CCE-6056-6 CCE-5816-4 CCE-5785-1 CCE-5661-4 CCE-5877-6 CCE-5600-2 CCE-5489-0G/etc/security/audit/config file permissions should be set appropriately10.8.10-5 E.1 1) #1 CCE-6066-5G/etc/security/audit/events file permissions should be set appropriately10.8.10-5 E.1 1) #2 CCE-6084-8H/etc/security/audit/objects file permissions should be set appropriately10.8.10-5 E.1 1) #3 CCE-5819-8=/usr/lib/trcload file permissions should be set appropriately10.8.10-5 E.1 1) #5 CCE-5648-1=/usr/lib/semutil file permissions should be set appropriately10.8.10-5 E.1 1) #6 CCE-5205-0F/etc/security/audit/config file should be owned by an appropriate user CCE-5548-3F/etc/security/audit/events file should be owned by an appropriate user CCE-6085-5G/etc/security/audit/objects file should be owned by an appropriate user CCE-5926-1</usr/lib/trcload file should be owned by an appropriate user CCE-5224-1</usr/lib/semutil file should be owned by an appropriate user CCE-6037-6G/etc/security/audit/config file should be owned by an appropriate group CCE-6011-1G/etc/security/audit/events file should be owned by an appropriate group CCE-5980-8H/etc/security/audit/objects file should be owned by an appropriate group CCE-6103-6=/usr/lib/trcload file should be owned by an appropriate group CCE-5945-1=/usr/lib/semutil file should be owned by an appropriate group CCE-6079-8YThe authentication mechanism (SYSTEM attribute) should be set appropriately for each userauthentication system10.8.10-5 E.1 2) CCE-6158-0@Trusted Computing Base should be installed or not as appropriateinstalled/not installed10.8.10-5 E.2 1) CCE-5484-1KAuditing should be enabled or disabled as appropriate in runcontrol scriptsvia /etc/inittab via RC scripts10.8.10-5 E.3 1) CCE-5378-5>BIN mode auditing should be enabled or disabled as appropriatevia /etc/security/audit/config10.8.10-5 E.3 2) CCE-5235-7NAccounts should be present or absent from the audit config file as appropriate10.8.10-5 E.3 3) CCE-5913-910.8.10-5 E.3 4) #1 CCE-5993-110.8.10-5 E.3 4) #2 CCE-5693-710.8.10-5 E.3 4) #3 CCE-6230-710.8.10-5 E.3 4) #4 CCE-5697-810.8.10-5 E.3 4) #5 CCE-6197-810.8.10-5 E.3 4) #9 CCE-5889-1>Certificate revocation should be audited or not as appropriate10.8.10-5 E.3 4) #10 CCE-6109-310.8.10-5 E.3 4) #11 CCE-5242-3<Use of chown command should be audited or not as appropriate10.8.10-5 E.3 4) #13 CCE-6213-3:File permissions of the rcp binary should be set correctly10.8.10-5 E.4 1) CCE-5680-4=File permissions of the rlogin binary should be set correctly CCE-5591-3>File permissions of the rlogind binary should be set correctly CCE-5543-4:File permissions of the rsh binary should be set correctly CCE-5934-5;File permissions of the rshd binary should be set correctly CCE-6009-5;File permissions of the tftp binary should be set correctly CCE-5996-4<File permissions of the tftpd binary should be set correctly CCE-6135-810.8.10-5 E.5 1) #1 CCE-5963-4>Netrc should be configured with an appropriate set of serviceslist of servicesvia /etc/security/sysck.cfg CCE-6104-4@Change of file ownership should be audited or not as appropriate CCE-5324-9<Use of chmod command should be audited or not as appropriate CCE-6170-5<Certificate creation should be audited or not as appropriate CCE-5243-1<Certificate deletion should be audited or not as appropriate CCE-6016-0=Certificate retrieval should be audited or not as appropriate CCE-6174-7PStartup or shutdown of the audit process should be audited or not as appropriate CCE-5245-64Use of chgrp should be audited or not as appropriate CCE-5253-06Use of mkgroup should be audited or not as appropriate CCE-6189-56Use of rmgroup should be audited or not as appropriate CCE-6035-0DUse of change user functions should be audited or not as appropriate CCE-6100-28Terminal logoffs should be audited or not as appropriate CCE-6157-2;Exit function usage should be audited or not as appropriate CCE-6156-4via /etc/security/limits ulimit CCE-5751-3CRemote root logins via SSH should be allowed or not as appropriate.Section: 2.2.1,Value:disabledSection: 2.2.2,Value:disabledSection: 2.2.3,Value:disabledSection: 2.2.4,Value:disabledSection: 2.2.5,Value:disabledSection: 2.2.6,Value:disabledSection: 2.2.7,Value:disabledSection: 2.3.1,Value:disabledSection: 2.3.2,Value:disabledSection: 2.3.3,Value:disabledSection: 2.3.4,Value:disabledSection: 2.3.5,Value:disabledSection: 2.3.6,Value:disabledSection: 2.3.7,Value:disabledSection: 2< .3.8,Value:disabledtSolaris 10 <= 11/06 /etc/init.d/samba stop, mv /etc/sfw/smb.conf /etc/sfw/smb.conf.CIS Solaris 10 >= 8/07 via svcadmSection: 2.3.9,Value:disabledSection: 2.3.10,Value:disabledSection: 2.3.11,Value:disabledSection: 2.3.12,Value:disabledSection: 2.3.13,Value:disabledSection: 2.3.14,Value:disabledSection: 2.4.1,Value:disabledSection: 2.4.2,Value:disabledSection: 2.4.3,Value:disabledSection: 2.4.4,Value:disabledSection: 2.4.5,Value:disabledSection: 2.4.6,Value:disabledSection: 2.4.7,Value:disabledSection: 2.4.8,Value:disabledSection: 2.4.9,Value:disabledSection: 2.4.10,Value:disabledSection: 2.4.11,Value:disabledSection: 2.4.12,Value:disabledSection: 2.5,Value:enabledSection: 3.1,Value:rootSection: 3.1,Value:700Section: 3.1,Value:disabledSection: 3.2,Value:enabledSection: 3.3,Value:2Section: 3.4,Value:disabledSection: 3.4,Value:4096Section: 3.4,Value:1024Section: 3.4,Value:60000Section: 3.4,Value:enabledSection: 3.4,Value:6112Section: 3.5,Value:disabledSection: 4.1,Value:enabledSection: 4.2,Value:enabledSection: 4.3,Value:rootSection: 4.3,Value:600Section: 4.3,Value:enabledSection: 4.4,Value:enabledSection: 4.5,Value:rootSection: 4.5,Value:600Section: 4.5,Value:sysSection: 4.5,Value:enabledSection: 4.6,Value:0Section: 4.7,Value:enabledSection: 4.7,Value:rootSection: 4.7,Value:600Section: 4.8,Value:enabledSection: 4.8,Value:sysSection: 4.8,Value:600Section: 4.9,Value:enabledSection: 4.9,Value:rootSection: 4.9,Value:600Section: 5.1,Value:at least 022Section: 5.2,Value:disabledSection: 5.3,Value:all packagesSection: 5.3,Value:Section: 5.4,Value:enabledSection: 5.5,Value:Section: 5.6.1,Value:Section: 5.6.2,Value:Section: 5.7,Value:Section: 5.8,Value:Section: 6.1,Value:disabledSection: 6.2,Value:disabledSection: 6.3,Value:enabledSection: 6.3,Value:disabledSection: 6.3,Value:5Section: 6.3,Value:0Section: 6.3,Value:yesSection: 6.3,Value:noSection: 6.4,Value:disabledSection: 6.5,Value:disabledSection: 6.6,Value:4Section: 6.7,Value:10Section: 6.8,Value:10Section: 6.8,Value:TRUESection: 6.9,Value:rootSection: 6.9,Value:nullSection: 6.9,Value:400Section: 6.11,Value:3Section: 6.11,Value:yes6via eeprom at OS command line via setenv at ok> promptSection: 6.12,Value:commandSection: 6.13,Value:enabledSection: 7.1,Value:Locked!Section: 7.1,Value:/usr/bin/falseSection: 7.1,Value:Non-loginSection: 7.2,Value:LockedSection: 7.3,Value:7 daysSection: 7.3,Value:91 daysSection: 7.3,Value:28 daysSection: 7.4,Value:8Section: 7.4,Value:yesSection: 7.4,Value:10Section: 7.4,Value:3Section: 7.4,Value:2Section: 7.4,Value:1Section: 7.4,Value:0Section: 7.4,Value:/var/passwd-Section: 7.4,Value:=/usr/share/lib/dict/wordsSection: 7.5,Value:NoneSection: 7,6,Value:NoneSection: 7.7,Value:GID 0Section: 7.8,Value:/root<Section: 7.9,Value:Exclude '.' and any writeable directories"Section: 7.1,Value:IAW site policy#Section: 7.11,Value:IAW site policy#Section: 7.12,Value:IAW site policy&Section: 7.13,Value:dependent upon 6.4Section: 7.14,Value:77Section: 7.15,Value:77Section: 7.16,Value:enabledSection: 8.1,Value:Section: 8.1.1,Value:Section: 8.2,Value:Section: 8.3,Value:Section: 8.4,Value:#Section: 8.5,Value:empty string, ""Section: 8.6,Value:(Section: 8.7,Value:mailer ready (string);(1) set of accounts (2) events to audit (3) applicability!(1) defined by the object's SACL <(1) set of accounts (2) events to audit (3) applicability?(1) set of accounts (2) list of permissions (3) applicability"(1) defined by the object's DACL M(1) defined by the SeDenyNetworkLogonRight setting in Local or Group Policy I(1) defined by the SeNetworkLogonRight setting in Local or Group Policy D(1) defined the SeTcbPrivilege setting in by Local or Group Policy G(1) defined the SeBackupPrivilege setting in by Local or Group Policy M(1) defined the SeChangeNotifyPrivilege setting in by Local or Group Policy K(1) defined the SeSystemTimePrivilege setting in by Local or Group Policy O(1) defined the SeCreatePagefilePrivilege setting in by Local or Group Policy L(1) defined the SeCreateTokenPrivilege setting in by Local or Group Policy P(1) defined the SeCreatePermanentPrivilege setting in by Local or Group Policy F(1) defined the SeDebugPrivilege setting in by Local or Group Policy O(1) defined the SeRemoteShutdownPrivilege setting in by Local or Group Policy F(1) defined the SeAuditPrivilege setting in by Local or Group Policy N(1) defined the SeIncreaseQuotaPrivilege setting in by Local or Group Policy U(1) defined the SeIncreaseBasePriorityPrivilege setting in by Local or Group Policy K(1) defined the SeLoadDriverPrivilege setting in by Local or Group Policy K(1) defined the SeLockMemoryPrivilege setting in by Local or Group Policy G(1) defined the SeBatchLogonRight setting in by Local or Group Policy I(1) defined the SeServiceLogonRight setting in by Local or Group Policy M(1) defined the SeInteractiveLogonRight setting in by Local or Group Policy I(1) defined the SeSecurityPrivilege setting in by Local or Group Policy R(1) defined the SeSystemEnvironmentPrivilege setting in by Local or Group Policy U(1) defined the SeProfileSingleProcessPrivilege setting in by Local or Group Policy N(1) defined the SeSystemProfilePrivilege setting in by Local or Group Policy G(1) defined the SeUndockPrivilege setting in by Local or Group Policy S(1) defined the SeAssignPrimaryTokenPrivilege setting in by Local or Group Policy H(1) defined the SeRestorePrivilege setting in by Local or Group Policy I(1) defined the SeShutdownPrivilege setting in by Local or Group Policy N(1) defined the SeTakeOwnershipPrivilege setting in by Local or Group Policy K(1) defined the SeSynchAgentPrivilege setting in by Local or Group Policy Q(1) defined the SeDenyInteractiveLogonRight setting in by Local or Group Policy Q(1) defined the SeEnableDelegationPrivilege setting in by Local or Group Policy O(1) defined the SeMachineAccountPrivilege setting in by Local or Group Policy &(1) defined by Local or Group Policy (1) number of attempts%(1) defined by Local or Group Policy (1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\RestrictGuestAccess (2) defined by Group Policy (1) size of file(1) defined by the Windows Event Log (2) defined by Group Policy (3) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\MaxSize (1) type of retentionv(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Retention (2) defined by Group Policy }(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security\RestrictGuestAccess (2) defined by Group Policy (1) defined by the Windows Event Log (2) defined by Group Policy (3) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security\MaxSize (1) type of retention{(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\RestrictGuestAccess (2) defined by Group Policy (1) defined by the Windows Event Log (2) defined by Group Policy (3) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\MaxSize 8(1) file name (2) version (3) file size (4) file hash((1) determined by the local filesystem "(1) number of passwords remembered(1) disabled/manual/automatic(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Alerter\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy (1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ClipSrv\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy (1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Browser\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy (1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Fax\Start (2) defined by< the Services Administrative Tool (3) definied by Group Policy (1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSFTPSVC\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy (1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IISADMIN\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy (1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Messenger\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy (1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mnmsrvc\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy (1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy (1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy (1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy (1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RshSvc\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy (1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SIMPTCP\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy (1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SMTPSVC\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy (1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SNMP\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy (1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SNMPTRAP\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy (1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy (1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W3SVC\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy (1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv (2) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU\NoAutoUpdate (3) defined by the Services Administrative Tool (4) definied by Group Policy (1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy O(1) defined by the Services Administrative Tool (2) definied by Group Policy ,(1) set of accounts (2) list of permissions>(1) set via Security Templates (2) definied by Group Policy v(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\RestrictAnonymous (2) defined by Local or Group Policy *(1) exist/not exist (2) enabled/disabledL(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security R(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers\Winreg (1) Local Users and Groups MMC (1) text caption(1) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\LegalNoticeCaption (2) defined by Local or Group Policy (1) text statement(1) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\LegalNoticeText (2) defined by Local or Group Policy _(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\AutoShareWks R(1) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AEDebug\Auto ](1) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AutoAdminLogon Q(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl\AutoReboot g(1) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun f(1) HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun g(1) HKEY_USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun H(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CDrom\Autorun (1) enabled/ignoredX(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MrxSmb\Parameters\RefuseReset ](1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ServicesTcpip\Parameters\EnableICMPRedirect b(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DisableIPSourceRouting b(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PerformRouterDiscovery P(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IPSEC\NoDefaultExempt D(1) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DrWatson\CreateCrashDump f(1) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\DontDisplayLastUserName Y(1) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SFCDisable V(1) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SFCScan (1) visible/invisible^(1) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SFCShowProgress (1) available/hiddenY(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Lanmanserver\Parameters\Hidden ^(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\EnableDeadGWDetect (1) number of millisecondsY(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\KeepAliveTime (1) number of socketsZ(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\TcpMaxHalfOpen a(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\TcpMaxHalfOpenRetried a(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netbt\Parameters\NoNameReleaseOnDemand _(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\EnablePMTUDiscovery \(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\SynAttackProtect (1) security level_(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\EnhancedSecurityLevel (1) warning levelY(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Security\WarningLevel `(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Rasman\Parameters\DisableSavePassword (1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\SealSecureChannel (2) defined by Local or Group Policy (1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\SignSecureChannel (2) defined by Local or Group Policy (1) valid names(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\AutoDisconnect (2) defined by Local or Group Policy t(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\AuditBaseObjects (2) defined by Local or Group Policy y(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\FullPrivilegeAuditing (2) defined by Local or Group Policy (1) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableCAD (2) defined by Local or Group Policy (1) authentication levelx(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\LMCompatibilityLevel (2) defined by Local or Group Policy h(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\LMCompatibilityLevel Paramenters:(1) level(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\Providers\LanMan Print Services\Servers\AddPrinterDrivers (2) defined by Local or Group Policy (1) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Setup\RecoveryConsole\SecurityLevel (2) defined by Local or Group Policy (1) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Setup\RecoveryConsole\SetCommand (2) defined by Local or Group Policy (1) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\AllocateCDRoms (2) defined by Local or Group Policy (1) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\AllocateFloppies (2) defined by Local or Group Policy ~(1) HKEY_LOCAL_MACHINE\Syste< m\CurrentControlSet\Control\Session Manager\ProtectionMode (2) defined by Local or Group Policy (1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\RequireStrongKey (2) defined by Local or Group Policy (1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanWorkstation\Parameters\EnablePlainTextPassword (2) defined by Local or Group Policy (1) behaviorg(1) HKEY_LOCAL_MACHINE\Software\Microsoft\Driver Signing\Policy (2) defined by Local or Group Policy &(1) number of days prior to expiration(1) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\PasswordExpiryWarning (2) defined by Local or Group Policy t(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\CrashOnAuditFail (2) defined by Local or Group Policy (1) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\ShutdownWithoutLogon (2) defined by Local or Group Policy (1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Memory Management\ClearPageFileAtShutdown (2) defined by Local or Group Policy (1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanWorkstation\Parameters\RequireSecuritySignature (2) defined by Local or Group Policy (1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanWorkstation\Parameters\EnableSecuritySignature (2) defined by Local or Group Policy (1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\RequireSecuritySignature (2) defined by Local or Group Policy (1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\EnableSecuritySignature (2) defined by Local or Group Policy (1) number of logons(1) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\CachedLogonsCount (2) defined by Local or Group Policy (1) Group(s)(1) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\AllocateDASD (2) defined by Local or Group Policy (1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\RequireSignOrSeal (2) defined by Local or Group Policy (1) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ScRemoveOption (2) defined by Local or Group Policy (1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\DisablePasswordChange (2) defined by Local or Group Policy (1) type of formatting(1) Disk Management MMC (1) ? :(1) HKEY_CURRENT_USER\Control Panel\Desktop\SCRNSAVE.EXE (1) time in seconds?(1) HKEY_CURRENT_USER\Control Panel\Desktop\ScreenSaveTimeOut (1) HKEY_CURRENT_USER\Control Panel\Desktop\ScreenSaverIsSecure (2) HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Control Panel\Desktop\ScreenSaverIsSecure (3) User Configuration\Administrative Templates\Control Panel\Display\Password protect the screen saver>(1) HKEY_CURRENT_USER\Control Panel\Desktop\ScreenSaveActive \(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer\AlwaysInstallElevated X(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer\SafeForScripting\ X(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer\EnableUserControl Z(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer\AllowLockDownBrowse Y(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer\AllowLockDownMedia Z(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer\EnableAdminTSRemote Y(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer\AllowLockDownPatch V(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer\TransformSecure (1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Messenger\Client\{9b017612-c9f1-11d2-8d9f-0000f875c541}\Disabled (2) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\MessengerService ](1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Task Scheduler5.0\Property Pages \(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Task Scheduler5.0\Task Creation Y(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Use_HKLM_only (2) Local Internet Options: (3) GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer (4) Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Security_HKLM_onlyh(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Security_Zones_Map_Edit (2) Local Internet Options: (3) GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer (4) Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Security_zones_map_editZ(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\InfoDelivery\Restrictions\NoUpdateCheck (2) Local Internet Options: (3) GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer (4) Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions\NoUpdateCheck(1) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoMSAppLogo5ChannelNotify (2) Local Internet Options: (3) GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Features/Restrict File Download (4) Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD\(Reserved) (5) [HKLM | HKCU]\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD\explorer.exe (6) [HKLM | HKCU]\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD\iexplore.exeR(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\InfoDelivery\Restrictions\NoJITSetup (2) Local Internet Options: (3) GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer (4) Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions\NoJITSetup(1) number of proxy settings`(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ProxySettingsPerUser (2) Local Internet Options: (3) GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer (4) Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ProxySettingsPerUserd(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Security_options_edit (2) Local Internet Options: (3) GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer (4) Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Security_options_edit N(1) defined by the SeDenyBatchLogonRight setting in by Local or Group Policy (1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RSoPProv\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\EnableForcedLogoff (2) defined by Local or Group Policy (1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Schedule\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy M(1) defined the SeDenyServiceLogonRight setting in by Local or Group Policy (1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CiSvc\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy (1) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\DeleteRoamingCache (2) defined by Local or Group Policy(1) list of named pipes(1) locally/startup/floppy(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\Os2LibPath (2) Control Panel: System\Advanced\Environment Variables(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\Os2LibPath (2) Control Panel: System\Advanced\Environment Variables\Os2LibPath(1) list of regist< ry keys(1) list of sharesN(1) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\EnableDCOM (2) via dcomcnfg.exe(1) accept/reject(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\RefusePasswordChange (2) defined by Local or Group Policy)(1) number of dropped connection requests(1) automatic/manual/disabled(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MacFile\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Ati HotKey Poller\Start (2) defined by the Services Administrative Tool (3) definied by Group PolicyM(1) defined by the Services Administrative Tool (2) definied by Group Policy(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ClusSvc\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IASJet\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IAS\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\6to4\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSMQ\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mqds\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSMQTriggers\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NWCWorkstation\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WMI\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LmHosts\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TermService\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UtilMan\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\seclogon\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinMgmt\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SSDPSRV\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrvcSurg\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\POP3svc\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSIServer\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WindowsSystemResourceManager\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinHttpAutoProxySvc\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TFTPD\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Client for NFS\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\KePcnfsd\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Mapsvc\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MacPrint\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BINLSVC\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AppMgr\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Appmon\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Remote_Storage_User_Link\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Remote_Storage_Server\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WMServer\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NwSapAgent\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\elementmgr\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Groveler\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LPDSVC\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TermServLicensing\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNSCache\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventSystem\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Irmon\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nfssrvr\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SENS\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NtLmSsp\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SysmonLog\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PlugPLay\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ProtectedStorage\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RSVP\Start (2) < defined by the Services Administrative Tool (3) definied by Group Policy(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Spooler\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NtmsSvc\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Lanmanserver\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SamSs\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netman\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dmserver\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dmadmin\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WNtFrs\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Kdc\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IsmServ\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Rpclocator\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dfs\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WINS\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy(1) Terminal Service Configuration Tool (2) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp\fDisableCdm(1) Terminal Service Configuration Tool (2) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp\fDisableClip(1) Terminal Service Configuration Tool (2) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp\fInheritShadowN(1) deny/obtain-interact/not-obtain-interact/obtain-display/not-obtain-display(1) Terminal Service Configuration Tool (2) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp\Shadow(1) Terminal Service Configuration Tool (2) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp\fDisableCam(1) Terminal Service Configuration Tool (2) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp\fDisableCcm(1) Terminal Service Configuration Tool (2) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp\fDisableLPTLast modified: 2009-05-15A(1) set of accounts (2) list of permissions (3) applicabilityS(1) defined the SeRemoteInteractiveLogonRight setting in by Local or Group Policy K(1) defined the SeDenyBatchLogonRight setting in by Local or Group Policy W(1) defined the SeDenyRemoteInteractiveLogonRight setting in by Local or Group Policy M(1) defined the SeManageVolumePrivilege setting in by Local or Group Policy (1) defined by the Windows Event Log (2) defined by Group Policy (3) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\MaxSize (1) defined by the Windows Event Log (2) defined by Group Policy (3) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security\MaxSize (1) defined by the Windows Event Log (2) defined by Group Policy (3) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\MaxSize (1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv (2) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU\NoAutoUpdate (3) defined by the Services Administrative Tool (4) definied by Group Policy (1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FastUserSwitchingCompatibility\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy (1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy (1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RDSessMgr\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy (1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TermService\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy (1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\upnphost\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy -(1) set of accounts (2) list of permissionsy(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\RestrictAnonymousSAM (2) defined by Local or Group Policy p(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AnonymousNameLookup (2) defined by Local or Group +(1) exist/not exist (2) enabled/disabledO(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application J(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System (1) allowed/removedS(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Session Manager\SafeDllSearchMode l(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\CurrentVersion\Winlogon\SyncForegroundPolicy I(1) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\DeleteRoamingCache (1) logon type\(1) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\system\LogonType s(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Policies\system\DisableBkGndGroupPolicy f(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Network Connections\NC_ShowSharedAccessUI f(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Network Connections\NC_AllowNetBridge_NLA ](1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Printers\KMPrintersAreBlocked w(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\FIPSAlgorithmPolicy (2) defined by Local or Group Policy w(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\NoDefaultAdminOwner (2) defined by Local or Group Policy (1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Kernel\ObCaseInsensitive (2) defined by Local or Group Policy y(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\LimitBlankPasswordUse (2) defined by Local or Group Policy (1) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\UndockWithoutLogon (2) defined by Local or Group Policy '(1) defined by Local or Group Policy y(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LDAP\LDAPClientIntegrity (2) defined by Local or Group Policy (1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\MaximumPasswordAge (2) defined by Local or Group Policy (1) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ForceUnlockLogon (2) defined by Local or Group Policy v(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\DisableDomainCreds (2) defined by Local or Group Policy }(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\EveryoneIncludesAnonymous (2) defined by Local or Group Policy (1) HKEY_LOCAL_MA< CHINE\System\CurrentControlSet\Services\LanManServer\Parameters\NullSessionPipes (2) defined by Local or Group Policy (1) set of paths(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurePipeServers\Winreg\AllowedPathsHKLM (2) defined by Local or Group Policy (1) set of shares(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\NullSessionShares (2) defined by Local or Group Policy n(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\ForceGuest (2) defined by Local or Group Policy l(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\NoLMHash (2) defined by Local or Group Policy {(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0\NTLMMinClientSec (2) defined by Local or Group Policy {(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0\NTLMMinServerSec (2) defined by Local or Group Policy (1) User Configuration\Administrative Templates\Control Panel\Display\Screen Saver Timeout (2) HKCU\Software\Policies\Microsoft\Windows\Control Panel\Desktop\ScreenSaveTimeOut (3) HKEY_CURRENT_USER\Control Panel\Desktop\ScreenSaveTimeOut *(1) filename of the screensaver executable:(1) HKEY_USER\.DEFAULT\Control Panel\Desktop\SCRNSAVE.EXE @(1) HKEY_USER\.DEFAULT\Control Panel\Desktop\ScreenSaveTimeOut B(1) HKEY_USER\.DEFAULT\Control Panel\Desktop\ScreenSaverIsSecure ?(1) HKEY_USER\.DEFAULT\Control Panel\Desktop\ScreenSaveActive (1) User Configuration\Administrative Templates\Control Panel\Display\Screen Saver Executable Name (2) HKCU\Software\Policies\Microsoft\Windows\Control Panel\Desktop\SCRNSAVE.EXE (3) HKEY_CURRENT_USER\Control Panel\Desktop\SCRNSAVE.EXE (1) User Configuration\Administrative Templates\Control Panel\Display\Screen Saver (2) HKCU\Software\Policies\Microsoft\Windows\Control Panel\Desktop\ScreenSaverActive (3) HKEY_CURRENT_USER\Control Panel\Desktop\ScreenSaveActive Y(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsMediaPlayer\DisableAutoupdate [(1) HKEY_CURRENT_USER\Software\Policies\Microsoft\WindowsMediaPlayer\PreventCodecDownload P(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Messenger\Client\PreventRun T(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Messenger\Client\PreventAutoRun h(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\fSingleSessionPerUser )(1) Maximum number of connections allowedc(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\MaxInstanceCount e(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\fDenyTSConnections g(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\fWritableTSCCPermTab Y(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\Shadow e(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\fPromptForPassword (1) encryption leveld(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\MinEncryptionLevel c(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\PerSessionTempDir f(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\DeleteTempDirsOnExit (1) Time Limit (minutes)f(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\MaxDisconnectionTime (1) Time limit (minutes)](1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\MaxIdleTime a(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\fReconnectSame ^(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\fResetBroken b(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\KeepAliveEnable b(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\fAllowToGetHelp c(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\fAllowUnsolicited V(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\PCHealth\ErrorReporting\DoReport n(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\TcpMaxConnectResponseRetransmissions_(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\FileSystem\NtfsDisable8dot3NameCreationX(1) HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\RPC\EnableAuthEpResolutionW(1) HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\RPC\RestrictRemoteClients|(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\EnableFirewall(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\DoNotAllowExceptions(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\AllowUserPrefMerge<(1) enabled/disabled (2) subnets for internal support onlyu(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Enabled(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Services\FileAndPrint\Enabled(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Services\RemoteDesktop\Enabled(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Services\UPnPFramework\Enabled(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\DisableNotifications.(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging\LogDroppedPackets (2) Computer Configuration\Administrative Templates\Network\Network Connections\Windows Firewall\Domain Profile\Windows Firewall: Allow Logging - Log Dropped Packets(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging\LogFilePath (2) Computer Configuration\Administrative Templates\Network\Network Connections\Windows Firewall\Domain Profile\Windows Firewall: Allow Logging - Log file path and name (3) Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall Properties\Domain Profile Tab\Logging\Name$(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging\LogFileSize (2) Computer Configuration\Administrative Templates\Network\Network Connections\Windows Firewall\Domain Profile\Windows Firewall: Allow Logging - Size limit (KB)<(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging\LogSuccessfulConnections (2) Computer Configuration\Administrative Templates\Network\Network Connections\Windows Firewall\Domain Profile\Windows Firewall: Allow Logging - Log successful connections(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\DisableUnicastResponsesToMulticastBroadcast(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\AllowUserPrefMerge~(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\EnableFirewall(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\DoNotAllowExceptions(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\AllowUserPrefMerge(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Services\RemoteDesktop(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Service< s\RemoteDesktop\Enabled~(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ICMPSettings\*(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Services\UPnPFramework\Enabled(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\DisableNotifications3(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging\LogDroppedPackets (2) Computer Configuration\Administrative Templates\Network\Network Connections\Windows Firewall\Standard Profile\Windows Firewall: Allow Logging - Log Dropped Packets(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging\LogFilePath(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging\LogFileSize(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging\LogSuccessfulConnections(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\DisableUnicastResponsesToMulticastBroadcast(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\AllowUserPrefMerge_(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicyC(1) HKEY_LOCAL_MACHINE\Software\policies\Microsoft\Peernet\Disabled(1) GPO Setting: Computer Configuration\Administrative Templates\Network\Network Connections\Prohibit use of Internet Connection Firewall on your DNS domain network(1) GPO Settings: Computer Configuration\Administrative Templates\System\Error Reporting\Display Error Notification (2) Computer Configuration\Administrative Templates\Windows Components\Windows Error Reporting\Display Error Notification(1) GPO Setting: Computer Configuration\Administrative Templates\System\Group Policy\Internet Explorer Maintenance Policy Processingd(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\AuthRoot\DisableRootAutoUpdate(1) Computer Configuration\Administrative Templates\System\Internet Communication Settings (2) HKLM\Software\Policies\Microsoft\Windows NT\Printers!DisableWebPnPDownload\(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\EventViewer\MicrosoftEventVwrDisableLinksa(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Internet Connection Wizard\ExitOnMSICW(1) Computer Configuration\Administrative Templates\System\Internet Communication Settings (2) HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoWebServicese(1) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoInternetOpenWith(1) Computer Configuration\Administrative Templates\System\Internet Communication Settings (2) HKLM\Software\Policies\Microsoft\Windows NT\Printers!DisableHTTPPrintinge(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Registration Wizard Control\NoRegistration(1) Computer Configuration\Administrative Templates\System\Internet Communication Settings (2) HKLM\Software\Policies\Microsoft\SearchCompanion!DisableContentFileUpdatesg(1) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoOnlinePrintsWizard|(1) [HKEY_LOCAL_MACHINE | HKEY_CURRENT_USER] \SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPublishingWizard(1) Computer Configuration\Administrative Templates\System\Internet Communication Settings (2) HKLM\Software\Policies\Microsoft\Messenger\Client!CEIPR(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsMovieMaker\CodecDownloadL(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsMovieMaker\WebHelpO(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsMovieMaker\WebPublish(1) Computer Configuration\Administrative Templates\System\Internet Communication Settings (2) HKLM\Software\Policies\Microsoft\Windows\DriverSearching!DontSearchWindowsUpdate(1) Computer Configuration\Administrative Templates\System\Logon (2) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisableLocalMachineRunOnceb(1) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoWelcomeScreenS(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\IIS\PreventIISInstallc(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Feeds\DisableEnclosureDownload(1) Computer Configuration\Administrative Templates\Windows Components\Terminal Services\Remote Desktop Connection (2) HKLM\SOFTWARE\Policies\Microsoft\Windows NT\DisablePasswordSavingp(1) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\PreXPSP2ShellProtocolBehaviorW(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer\DisableLUAPatching(1) GPO Setting: Computer Configuration\Administrative Templates\Windows Components\Windows Media Player\Do Not Show First Use Dialog Boxes(1) GPO Setting: Computer Configuration\Administrative Templates\Windows Components\Windows Media Player\Prevent Desktop Shortcut Creation(1) User Configuration\Administrative Templates\Control Panel\Display\Password protect the screen saver (2) HKCU\Software\Policies\Microsoft\Windows\Control Panel\Desktop\ScreenSaverIsSecure (3) HKEY_CURRENT_USER\Control Panel\Desktop\ScreenSaverIsSecure (1) User Configuration\Administrative Templates\System\Power Mangement (2) HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System\Power\PromptPasswordOnResume(1) User Configuration\Administrative Templates\System\Attachment Manager (2) HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments\SaveZoneInformation(1) User Configuration\Administrative Templates\System\Attachment Manager (2) HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments\HideZoneInfoOnProperties(1) User Configuration\Administrative Templates\System\Attachment Manager (2) HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments\ScanWithAntiVirus(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\optional (2) Computer Configuration\Windows Settings\Local Policies\Security Options\System settings: Optional subsystems(1) 0 = Enabled | 1 = Disabled(1) HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU\AUOptions (2) Computer Configuration\Administrative Templates\Windows Components\Windows Update\Configure Automatic Updates(1) HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU\NoAUAsDefaultShutdownOption (2) Computer Configuration\Administrative Templates\Windows Components\Windows Update\"Do not adjust default option to 'Install Updates and Shut Down' in Shut Down Windows dialog box (1)HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\fDisableCdm (2) Local Computer Policy\Computer Configuration\Administrative Templates\Windows Components\Terminal Services\Terminal Server\Device and Resource Redirection\Do not allow drive redirection(1) HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU\NoAUShutdownOption (2) Computer Configuration\Administrative Templates\Windows Components\Windows Update\Do not display 'Install Updates and Shut Down' option in the Shut Down Windows dialog box(1) HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisableLocalMachineRun (2) Computer Configuration\Administrative Templates\System\Logon\Do not process the legacy run list(1) HKLM\System\CurrentControlSet\Services\Netlogon\Parameters\sealsecurechannel (2) Computer Configuration\Windows Settings\Local Policies\Security Options\Secure Channel: Digitally Encrypt Secure Channel Data (When Possible)(1) HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU\NoAutoRebootWithLoggedOnUsers (2) Computer Configuration\< Administrative Templates\Windows Components\Windows Update\No auto-restart for scheduled Automatic Updates installations(1) HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (2) User Configuration\Administrative Templates\System\Prevent access to registry editing tools(1) HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Network\NoCDBurning (2) User Configuration\Administrative Templates\Windows Components\Windows Explorer\Remove CD Burning featurest(2) GPO Setting: User Configuration\Administrative Templates\Windows Components\Windows Explorer\Remove Security tab(1) HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU\RescheduleWaitTimeEnabled (2) Computer Configuration\Administrative Templates\Windows Components\Windows Update\Reschedule Automatic Updates scheduled installations(1) HKLM\Software\Policies\Microsoft\WindowsFirewall\DomainProfile\AllowLocalPolicyMerge (2) Computer Configuration\Administrative Templates\Network\Network Connections\Windows Firewall\Domain Profile\Apply local firewall rules(1) List of programs(1) HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\Enabled (2) Computer Configuration\Administrative Templates\Network\Network Connections\Windows Firewall\Domain Profile\Define program exceptions(1) HKLM\Software\Policies\Microsoft\WindowsFirewall\DomainProfile\DefaultInboundAction (2) Computer Configuration\Administrative Templates\Network\Network Connections\Windows Firewall \Domain Profile\Inbound connections(1) HKLM\Software\Policies\Microsoft\WindowsFirewall\DomainProfile\DefaultOutboundAction (2) Computer Configuration\Administrative Templates\Network\Network Connections\Windows Firewall \Domain Profile\Outbound connections enabled/disabledHHKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Use_HKLM_only Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Security_HKLM_onlyVHKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Security_Zones_Map_Edit Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Security_zones_map_editI HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\InfoDelivery\Restrictions\NoUpdateCheck Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions\NoUpdateCheck HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoMSAppLogo5ChannelNotify Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Features/Restrict File Download Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD\(Reserved) [HKLM | HKCU]\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD\explorer.exe [HKLM | HKCU]\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD\iexplore.exeD HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\InfoDelivery\Restrictions\NoJITSetup Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions\NoJITSetup number of proxy settingsR HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ProxySettingsPerUser Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ProxySettingsPerUserLocal Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Internet Explorer\Restrictions\NoExtensionManagementW HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Security_options_edit Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Security_options_edit Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Advanced Page Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Internet Explorer\Download\CheckExeSignaturesLocal Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Advanced Page Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Internet Explorer\Control Panel\DisableRIEDLocal Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Page/Internet Zone Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1407Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Page/Internet Zone Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Page/Internet Zone Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2400Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1407Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1208Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2400 Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Page Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranetLocal Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Internet Explorer\Control Panel\AdvancedTabLocal Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Internet Explorer\Control Panel\PrivacyTabLocal Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Internet Explorer\Control Panel\SecurityTabLocal Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\PreventIgnoreCertErrorsMLocal Internet Options: GPO Settings:[Computer Configuration | User < Configuration]/Network/Internet Explorer/Internet Control Panel/Internet Settings/Component Updates/Periodic Check for Updates to Internet Explorer and Internet Tools Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Internet Explorer\Main\Update_Check_PageQLocal Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Internet Settings/Component Updates/Periodic Check for Updates to Internet Explorer and Internet Tools Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Internet Explorer\Main\Update_Check_IntervalLocal Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Features/Add-on Management Registry Keys:[HKLM | HKCU]\Software\Microsoft\Windows\CurrentVersion\Policies\Ext\ListBox_Support_CLSID Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Features/Add-on Management Registry Keys:[HKLM | HKCU]\Software\Microsoft\Windows\CurrentVersion\Policies\Ext\RestrictToList9Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Internet Explorer\Control Panel\History [HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Url History\DaysToKeepLocal Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Internet Explorer\Control Panel\Autoconfig8Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Internet Explorer\Control Panel\Connection Settings [HKLM | HKCU]\Software\Policies\Microsoft\Internet Explorer\Control Panel\Connwiz Admin LockLocal Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Internet Explorer\Control Panel\ProxyLocal Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions\NoSplashLocal Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Internet Explorer\Security\DisableFixSecuritySettingsLocal Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Internet Explorer\SQM\DisableCustomerImprovementProgramLocal Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Internet Explorer\Main\DisableFirstRunCustomizeLocal Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Internet Explorer\Control Panel\SettingsLocal Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Internet Explorer\Control Panel\DisableDeleteBrowsingHistoryLocal Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Internet Explorer\PhishingFilter\EnabledLocal Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Internet Explorer\Security\DisableSecuritySettingsCheckLocal Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Advanced Page Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALLocal Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Advanced Page Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Internet Explorer\Main\Enable Browser ExtensionsLocal Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Advanced Page Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Internet Explorer\Main\NoUpdateCheck Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Advanced Page Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\CertificateRevocationLocal Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Page/Internet Zone Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1406Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Page/Internet Zone Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1802Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Page/Internet Zone Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1604Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Page/Internet Zone Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1800Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Page/Internet Zone Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2102Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Page/Internet Zone Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1209Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Page/Internet Zone Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2103Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Page/Internet Zone Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2200Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Page/Internet Zone Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1001Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Page/Internet Zone Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1004Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Page/Internet Zone Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\12013Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Administrative Templates/Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone Registry Keys:[H< KLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1C00Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Page/Internet Zone Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1804Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Page/Internet Zone Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1A00Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Page/Internet Zone Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2402Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Page/Internet Zone Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1607Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Page/Internet Zone Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2100Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Page/Internet Zone Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1E05Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Page/Internet Zone Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1809Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Page/Internet Zone Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1606Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Page/Internet Zone Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2101Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Page/Internet Zone Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2401Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1609Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\1609$Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet Zone Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1\1609Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1609)Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0\1609Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1406Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1400Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2000Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1802Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1803Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1604Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1800Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1608Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2102Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1209Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1001Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2200Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1004Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1201< ;Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Administrative Templates/Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1C00Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1804Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1A00Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2402Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1607Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2100Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2004Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2001Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1200Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1405Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1402Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1E05Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1809Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1606Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2101Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2401,Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4\1609Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\1609)Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2\1609Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Features Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Internet Explorer\Main\XMLHTTPYLocal Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Administrative Templates/Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet Zone/Java permissions Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1\1C00ILocal Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Administrative Templates/Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone/Java permissions Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1C00^Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Administrative Templates/Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone/Java permissions Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0\1C00DLocal Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Administrative Templates/Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone/Java permissions Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\1C00YLocal Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Administrative Templates/Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone/Java permissions Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3\1C00aLocal Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Administrative Templates/Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone/Java permissions Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4\1C00^Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Administrative Templates/Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone/Java permissions Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2\1C00 GPO Setting: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Pag< e\Restricted Sites Zone\Turn on Protected Mode Registry Keys:[HKLM|HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500ILocal Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Administrative Templates/Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone/Java permissions Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\1C00(1) HKEY_CURRENT_USER\Control Panel\Desktop\ScreenSaverIsSecure (2) GPO path: User Configuration\Administrative Templates\Control Panel\Display\Password protect the screen saverr(1) Computer Configuration\Windows Settings\Local Policies\Security Options\Accounts: Administrator account statusy(1) Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Create global objects(1) HKLM\Software\policies\Microsoft\windows NT\DCOM\MachineLaunchRestriction (2) Computer Configuration\Windows Settings\Local Policies\Security Options\DCOM: Machine Access Restrictions in Security Descriptor Definition Language (SDDL) syntax(1) HKLM\Software\policies\Microsoft\windows NT\DCOM\MachineLaunchRestriction (2) Computer Configuration\Windows Settings\Local Policies\Security Options\DCOM: Machine Launch Restrictions in Security Descriptor Definition Language (SDDL) syntax(1) HKLM\System\CurrentControlSet\Services\Netlogon\Parameters\disablepasswordchange (2) Computer Configuration\Windows Settings\Local Policies\Security Options\Domain member: Disable machine account password changes(1) Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Impersonate a client after authentication(1) Number of days(1) Computer Configuration\Windows Settings\Security Settings\Account Policies\Kerberos Policy\Maximum lifetime for user ticket renewal(1) HKLM\SYSTEM\CurrentControlSet\Control\CrashControl\AutoReboot (2) Computer Configuration\Windows Settings\Local Policies\Security Options\MSS: (AutoReboot) Allow Windows to automatically restart after a system crash (recommended except for highly secure environments)(1) HKLM\System\CurrentControlSet\Services\Lanmanserver\Parameters\Hidden (2) Computer Configuration\Windows Settings\Local Policies\Security Options\MSS: (Hidden) Hide Computer From the Browse List (not recommended except for highly secure environments)(1) HKLM\System\CurrentControlSet\Services\IPSEC\NoDefaultExempt (2) Computer Configuration\Windows Settings\Local Policies\Security Options\MSS: (NoDefaultExempt) Configure IPSec exemptions for various types of network traffic (1) HKLM\System\CurrentControlSet\Control\FileSystem\NtfsDisable8dot3NameCreation (2) Computer Configuration\Windows Settings\Local Policies\Security Options\MSS: (NtfsDisable8dot3NameCreation) Enable the computer to stop generating 8.3 style filenames (recommended)(1) Number of retransmissions (1) HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\TcpMaxConnectResponseRetransmissions (2) Computer Configuration\Windows Settings\Local Policies\Security Options\MSS: (TCPMaxConnectResponseRetransmissions) SYN-ACK retransmissions when a connection request is not acknowledged(1) HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\TcpMaxDataRetransmissions (2) Computer Configuration\Windows Settings\Local Policies\Security Options\MSS: (TCPMaxDataRetransmissions) How many times unacknowledged data is retransmitted (3 recommended, 5 is default)(1) Percentage(1) HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\WarningLevel (2) Computer Configuration\Windows Settings\Local Policies\Security Options\MSS: (WarningLevel) Percentage threshold for the security event log at which the system will generate a warning(1) HKLM\System\CurrentControlSet\Control\SecurePipeServers\Winreg\AllowedPaths\Machine (2) Computer Configuration\Windows Settings\Local Policies\Security Options\Network access: Remotely accessible registry paths and subpaths(1) HKLM\System\CurrentControlSet\Services\LanManServer\Parameters\restrictnullsessaccess (2) Computer Configuration\Windows Settings\Local Policies\Security Options\Network access: Restrict anonymous access to Named Pipes and Shares(1) HKLM\Software\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}\ NoBackgroundPolicy (2) Computer Configuration\Administrataive Templates\System\Group Policy\Registry policy processing(1) HKLM\Software\Policies\Microsoft\Windows NT\Rpc\RestrictRemoteClients (2) Computer Configuration\Administrative Templates\System\Remote Procedure Call\Restrictions for Unauthenticated RPC clients(1) HKLM\Software\Policies\Microsoft\Windows NT\Rpc\EnableAuthEpResolution (2) Computer Configuration\Administrative Templates\System\Remote Procedure Call\RPC Endpoint Mapper Client Authentication(1) HKLM\Software\Policies\Microsoft\Cryptography\ForceKeyProtection (2) Computer Configuration\Windows Settings\Local Policies\Security Options\System cryptography: Force strong key protection for user keys stored on the computer(1) HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\AuthenticodeEnabled (2) Computer Configuration\Windows Settings\Local Policies\Security Options\System settings: Use Certificate Rules on Windows Executables for Software Restriction Policies(1) Computer Configuration\Administrative Templates\Windows Components\Event Log Service\Application\Maximum Log Size (2) HKLM\Software\Policies\Microsoft\Windows\EventLog\Application!MaxSize(1) Computer Configuration\Administrative Templates\Windows Components\Event Log Service\Application\Retain old events (2) HKLM\Software\Policies\Microsoft\Windows\EventLog\Application\Retention (3) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Retention(1) Computer Configuration\Administrative Templates\Windows Components\Event Log Service\Security\Maximum Log Size (2) HKLM\Software\Policies\Microsoft\Windows\EventLog\Security!MaxSize(1) Computer Configuration\Administrative Templates\Windows Components\Event Log Service\Security\Retain old events (2) HKLM\Software\Policies\Microsoft\Windows\EventLog\Security\Retention (3) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Retention(1) Computer Configuration\Administrative Templates\Windows Components\Event Log Service\System\Maximum Log Size (2) HKLM\Software\Policies\Microsoft\Windows\EventLog\System!MaxSize(1) Computer Configuration\Administrative Templates\Windows Components\Event Log Service\System\Retain old events (2) HKLM\Software\Policies\Microsoft\Windows\EventLog\System\Retention (3) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Retentionz(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\FullPrivilegeAuditing (2) defined by Local or Group Policy (1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanWorkstation\Parameters\EnablePlainTextPassword (2) defined by Local or Group Policy (1) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\PasswordExpiryWarning (2) defined by Local or Group Policy (1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanWorkstation\Parameters\RequireSecuritySignature (2) defined by Local or Group Policy (1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanWorkstation\Parameters\EnableSecuritySignature (2) defined by Local or Group Policy (1) User Configuration\Administrative Templates\Control Panel\Display\Screen Saver Timeout (2) HKCU\Software\Policies\Microsoft\Windows\Control Panel\Desktop\ScreenSaveTimeOut (3) HKEY_CURRENT_USER\Control Panel\Desktop\ScreenSaveTimeOut (1)Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall Properties\Domain Profile\Inbound Connections Tab\ (2) HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\DefaultInboundAction(1)Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Wind< ows Firewall Properties\Domain Profile (2) HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\DefaultOutboundAction (1)Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall Properties\Domain Profile\Customized Settings (2) HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AllowLocalPolicyMerge(1)Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall Properties\Domain Profile\Customized Settings (2) HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AllowLocalIPsecPolicyMerge(1)Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall Properties\Private Profile (2) HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile\EnableFirewall(1)Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall Properties\Private Profile (2) HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile\DefaultInboundAction(1)Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall Properties\Private Profile (2) HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile\DefaultOutboundAction(1) yes/no/not configured (1)Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall Properties\Private Profile\Customized Settings (2) HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile\DisableNotifications#(1)Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall Properties\Private Profile\Customized Settings (2) HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile\DisableUnicastResponsesToMulticastBroadcast (1)Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall Properties\Private Profile\Customized Settings (2) HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile\AllowLocalPolicyMerge(1)Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall Properties\Private Profile\Customized Settings (2) HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile\AllowLocalIPsecPolicyMerge(1)Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall Properties\Public Profile (2) HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\EnableFirewall(1)Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall Properties\Public Profile (2) HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\DefaultInboundAction (1)Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall Properties\Public Profile\Customized Settings (2) HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\DefaultOutboundAction (1)Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall Properties\Public Profile\Customized Settings (2) HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\DisableNotifications!(1)Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall Properties\Public Profile\Customized Settings (2) HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\DisableUnicastResponsesToMulticastBroadcast (1)Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall Properties\Public Profile\Customized Settings (2) HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\AllowLocalPolicyMerge(1)Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall Properties\Public Profile\Customized Settings (2) HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\AllowLocalIPsecPolicyMerge(1) Computer Configuration\Administrative Templates\System\Logon (2) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisableLocalMachineRun+(1) Computer Configuration\Administrative Templates\System\Group Policy (2) HKLM\Software\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}!NoBackgroundPolicy, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}!NoGPOListChanges(1) Computer Configuration\Administrative Templates\System\Credential User Interface (2) HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\CredUI\EnumerateAdministrators(1) Computer Configuration\Administrative Templates\System\Credential User Interface (2) HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\CredUI\EnableSecureCredentialPrompting(1) Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Add-on Management (2) HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Ext!RestrictToList(1) Computer Configuration\Administrative Templates\Windows Components\Terminal Services\Terminal Server\Device and Resource Redirection (2) HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fDisableCdm(1) User Configuration\Administrative Templates\System (2) HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools(1) User Configuration\Administrative Templates\Windows Components\Internet Explorer (2) HKEY_CURRENT_USER\Software\Microsoft\Outlook Express\BlockExeAttachments(1) Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options (2) HKEY_LOCAL_MACHINE\System\Currentcontrolset\Control\Lsa\SCENoApplyLegacyAuditPolicyf(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\DeviceInstall\Settings\DisableSystemRestore{ (1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Power\PowerSettings\0e796bdb-100d-47d6-a2d5-f7d2daa51f51\DCSettingIndex{ (1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Power\PowerSettings\0e796bdb-100d-47d6-a2d5-f7d2daa51f51\ACSettingIndexk (1) HKEY_LOCAL_MACHINE\Software\policies\Microsoft\Windows NT\Terminal Services\CreateEncryptedOnlyTicketsb (1) HKEY_LOCAL_MACHINE\Software\policies\Microsoft\Windows NT\Terminal Services\UseCustomMessagesi (1) HKEY_LOCAL_MACHINE\Software\policies\Microsoft\Windows NT\Terminal Services\UseBandwidthOptimization_ (1) HKEY_LOCAL_MACHINE\Software\policies\Microsoft\Windows NT\Terminal Services\LoggingEnabledT (1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\IIS\PreventIISInstallV (1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Assistance\Client\1.0\NoActiveHelp\ (1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Assistance\Client\1.0\NoUntrustedContentd (1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Feeds\DisableEnclosureDownloadn (1) HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Search\AllowIndexingEncryptedStoresOrItemsq (1) HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Search\PreventIndexingUncachedExchangeFolders` (1) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Windows\TurnOffWinCalM (1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SQMClient\CorporateSQMURLW (1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows Defender\DisableAntiSpywareb (1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Explorer\NoHeapTerminationOnCorruptionq (1) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\PreXPSP2ShellProtocolBehaviorX (1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer\DisableLUAPatchingi (1) HKEY_LOCAL_MACHINE\Software\Microsoft\Wi< ndows\CurrentVersion\Policies\System\ReportControllerMissingS (1) HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Mail\DisableCommunitiesT (1) HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Mail\ManualLaunchAllowedG (1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WMDRM\DisableOnlinem (1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Windows Collaboration\TurnOffWindowsCollaborationt (1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Windows Collaboration\TurnOnWindowsCollaborationAuditingq (1) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Windows\Sidebar\TurnOffUnsignedGadgetsr (1) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Windows\Sidebar\OverrideMoreGadgetsLinkv (1) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Windows\Sidebar\TurnOffUserInstalledGadgetsU(1) Computer Configuration\Administrative Templates\Windows Components\Digital Locker(1) Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Components\Game Explorer(1) Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Outbound Rules(1) GPO Setting: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Network access: Remotely accessible registry paths and subpaths(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Memory Management\ClearPageFileAtShutdown (2) defined by Local or Group Policy (1) GPO Setting: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\User Account Control: Admin Approval Mode for the Built-in Administrator account@(1) Prompt for consent/Prompt for credentials/Automatically deny(1) GPO Setting: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode-(1) Prompt for credentials/Automatically deny(1) GPO Setting: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\User Account Control: Behavior of the elevation prompt for standard users(1) GPO Setting: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\User Account Control: Detect application installations and prompt for elevation(1) GPO Setting: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\User Account Control: Only elevate executables that are signed and validated(1) GPO Setting: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\User Account Control: Only elevate UIAccess applications that are installed in secure locations(1) GPO Setting: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\User Account Control: Run all administrators in Admin Approval Mode(1) GPO Setting: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\User Account Control: Switch to the secure desktop when prompting for elevation(1) GPO Setting: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\User Account Control: Virtualize file and registry write failures to per-user locations(1) GPO Setting: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Change the time zone(1) Set of users or groups(1) GPO Setting: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Increase a process working set(1) GPO Setting: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Modify an object label>(1) set of accounts (2) list of permissions (3) applicabilityB(1) defined by the object's DACL (2) defined through group policy;(1) HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION!(Reserved) (2) HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION!explorer.exe (3) HKLM\Software\Policies\Microsoft\Internet (4) Local Internet Options: (5) GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Features/Protection From Zone Elevation (6) Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION\(Reserved) (7) [HKLM | HKCU]\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION\explorer.exe (8) [HKLM | HKCU]\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION\iexplore.exe(1) GPO Setting: Computer Configuration\Administrative Templates\Network\Link-Layer Topology Discovery\Turn on Responder (RSPNDR) driver(1) GPO Setting: Computer Configuration\Administrative Templates\Network\Windows Connect Now\Configuration of wireless settings using Windows Connect Now(1) GPO Setting: Computer Configuration\Administrative Templates\Windows Components\ActiveX Installer Service\Approved Installation Sites for ActiveX Controls(1) Computer Configuration\Administrative Templates\Windows Components\Terminal Services\Terminal Server\Device and Resource Redirection (2) HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fDisableCdmf 1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\MaxDisconnectionTime ((1) enabled, disabled, or not configured(1) GPO Setting: Computer Configuration\Administrative Templates\Windows Components\Windows Defender\Configure Microsoft Spynet Reporting{(1) GPO Setting: Computer Configuration\Administrative Templates\Windows Components\Windows Error Reporting\Disable Logging(1) GPO Setting: Computer Configuration\Administrative Templates\Windows Components\Windows Error Reporting\Disable Windows Error Reporting(1) GPO Setting: Computer Configuration\Administrative Templates\Windows Components\Windows Error Reporting\Do not send additional data(1) User Configuration\Administrative Templates\Control Panel\Display\Password protect the screen saver (2) HKCU\Software\Policies\Microsoft\Windows\Control Panel\Desktop\ScreenSaverIsSecure(1) GPO Setting: User Configuration\Administrative Templates\Windows Components\Network Sharing\Prevent users from sharing files within their profiles(1) GPO Setting: Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall Properties\Domain Profile Tab\Settings\Firewall settings\Display a notification0(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PrivateProfile\Logging\LogDroppedPackets (2) Computer Configuration\Administrative Templates\Network\Network Connections\Windows Firewall\Private Profile\Windows Firewall: Allow Logging - Log Dropped Packets(1) enable/disabled$(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PrivateProfile\Logging\LogSuccessfulConnections (2) Computer Configuration\Administrative Templates\Network\Network Connections\Windows Firewall\Private Profile\Windows Firewall: Allow Logging - Log successful connections (3) Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall Properties\Private Profile Tab\Logging\Logged successful connections(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PrivateProfile\Logging\LogFilePath (2) Computer Configuration\Administrative Templates\Network\Network Connections\Windows Firewall\Private Profile\Windows Firewall: Allow Logging - Log file path and name (3) Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall Properties\Private Profile Tab\Logging\NameZ(1) HKEY_< LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PrivateProfile\Logging\LogFileSize (2) Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall Properties\Private Profile Tab\Logging\Size limit (KB)/(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging\LogDroppedPackets (2) Computer Configuration\Administrative Templates\Network\Network Connections\Windows Firewall\Public Profile\Windows Firewall: Allow Logging - Log Dropped Packets!(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging\LogSuccessfulConnections (2) Computer Configuration\Administrative Templates\Network\Network Connections\Windows Firewall\Public Profile\Windows Firewall: Allow Logging - Log successful connections (3) Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall Properties\Public Profile Tab\Logging\Logged successful connections(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging\LogFilePath (2) Computer Configuration\Administrative Templates\Network\Network Connections\Windows Firewall\Public Profile\Windows Firewall: Allow Logging - Log file path and name (3) Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall Properties\Public Profile Tab\Logging\NameW(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging\LogFileSize (2) Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall Properties\Public Profile Tab\Logging\Size limit (KB)(1) GPO Setting: User Configuration\Administrative Templates\System\Internet Communication Management\Internet Communication settings\Turn off Help Experience Improvement Program(1) GPO Setting: User Configuration\Administrative Templates\System\Internet Communication Management\Internet Communication settings\Turn off Help Ratings(1) GPO Setting: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Create Symbolic Links(1) Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\MSS: (DisableIPSourceRouting) IPv6 source routing protection level (protects against packet spoofing) (2) HKLM\System\CurrentControlSet\Services\Tcpip6\Parameters\DisableIPSourceRouting0(1) Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\MSS: (TCPMaxDataRetransmissions) IPv6, how many times unacknowledged data is retransmitted (3 recommended, 5 is default) (2) HKLM\System\CurrentControlSet\Services\Tcpip6\Parameters\TcpMaxDataRetransmissions(1) Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\User Account Control: Allow UIAccess applications to prompt for elevation (2) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableUIADesktopToggle(1) Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Access credential Manager as a trusted caller~(1) Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Add workstations to domaini(1) Enabled: Do not execute any autorun commands Enabled: Automatically execute autorun commands Disabled(1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoAutoRun (2) Computer Configuration\Administrative Templates\Windows Components\Autoplay Policies\Default behavior for AutoRun(1) HKLM\Software\Microsoft\Driver Signing\Policy (2) Computer Configuration\Windows Settings\Local Policies\Security Options\Devices: Unsigned driver installation behavior(1) HKLM\Software\Policies\Microsoft\Messenger\Client\PreventRun (2) Computer Configuration\Administrative Templates\Windows Components\Windows Messenger\Do not allow Windows Messenger to be run(1) HKLM\System\CurrentControlSet\Services\Netlogon\Parameters\sealsecurechannel (2)Computer Configuration\Windows Settings\Local Policies\Security Options\Secure Channel: Digitally Encrypt Secure Channel Data (When Possible)(1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DontSetAutoplayCheckbox (2) Computer Configuration\Adminsitrative Templates\Windows Components\Autoplay Policies\Don't set the always do this checkbox(1) Computer Configuration\Windows Settings\Local Policies\User Rights Assignment\Enable computer and user accounts to be trusted for delegation(1) HKLM\SYSTEM\CurrentControlSet\Control\CrashControl\AutoReboot (2) Computer Configuration\Windows Settings\Local Policies\Security Options\MSS: (AutoReboot) Allow Windows to automatically restart after a system crash (recommended except for highly secure environments)(1) HKLM\System\CurrentControlSet\Services\LanmanServer\Parameters\AutoShareWks (2) Computer Configuration\Windows Settings\Local Policies\Security Options\MSS: (AutoShareWks) Enable Administrative Shares (recommended except for highly secure environments)(1) HKLM\SYSTEM\CurrentControlSet\Services\RasMan\Parameters\DisableSavePassword (2)Computer Configuration\Windows Settings\Local Policies\Security Options\MSS: (DisableSavePassword) Prevent the dial-up passsword from being saved (recommended)(1) HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Network\NoCDBurning (2) User Configuration\Administrative Templates\Windows Components\Windows Explorer\Remove CD Burning featurest(1) GPO Setting: User Configuration\Administrative Templates\Windows Components\Windows Explorer\Remove Security tab(1) HKLM\Software\Policies\Microsoft\Cryptography\ForceKeyProtection (2) Computer Configuration\Windows Settings\Local Policies\Security Options\System cryptography: Force strong key protection for user keys stored on the computer(1) HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\AuthenticodeEnabled (2) Computer Configuration\Windows Settings\Local Policies\Security Options\System settings: Use Certificate Rules on Windows Executables for Software Restriction Policies(1) Computer Configuration\Administrative Templates\Network\Network Connections\Windows Firewall \Domain Profile\Allow ICMP exceptions(1) HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\Enabled (2) Computer Configuration\Administrative Templates\Network\Network Connections\Windows Firewall\Domain Profile\Define inbound program exceptions(1) Computer Configuration\Administrative Templates\Network\Network Connections\Windows Firewall \Standard Profile\Allow ICMP exceptions CCE-2536-1 CCE-2402-6v(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Audit Policy/Audit account logon events t(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Audit Policy/Audit account management z(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Audit Policy/Audit directory service access n(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Audit Policy/Audit logon events o(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Audit Policy/Audit object access o(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Audit Policy/Audit policy change o(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Audit Policy/Audit privilege use o(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Audit Policy/Audit system events q(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Audit Policy/Audit process tracking (1) Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Ac< cess credential Manager as a trusted caller(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Access this computer from the network (SeNetworkLogonRight)(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Act as part of the operating system (SeTcbPrivilege) (1) Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Add workstations to domain (1) Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Adjust memory quotas for a process (SeIncreaseQuotaPrivilege) y(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Allow log on locally (1) Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Allow log on through Terminal Services (SeRemoteInteractiveLogonRight) (1) Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Back up files and directories (SeBackupPrivilege) (1) Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Bypass traverse checking (SeChangeNotifyPrivilege) (1) Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Change the system time (SeSystemTimePrivilege) y(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Change the time zone (1) Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Create a pagefile (SeCreatePagefilePrivilege) (1) Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Create a token object (SeCreateTokenPrivilege) (1) Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Create global objects (SeCreateGlobalPrivilege) (1) Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Create permanent shared objects z(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Create symbolic links (1) Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Debug programs (SeDebugPrivilege) (1) Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Deny access to this computer from the network (SeDenyNetworkLogonRight) (1) Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Deny log on as a batch job (SeDenyBatchLogonRight) (1) Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Deny log on locally (SeDenyInteractiveLogonRight) (1) Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Deny log on as a service (SeDenyServiceLogonRight) (1) Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Deny log on through Terminal Services (SeDenyRemoteInteractiveLogonRight) (1) Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Enable computer and user accounts to be trusted for delegation (SeEnableDelegationPrivilege) (1) Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Force shutdown from a remote system (SeRemoteShutdownPrivilege) (1) Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Generate security audits (SeAuditPrivilege) (1) Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Impersonate a client after authentication (1) Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Increase a process working set (1) Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Increase scheduling priority (SeIncreaseBasePriorityPrivilege) (1) Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Load and unload device drivers (SeLoadDriverPrivilege) (1) Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Lock pages in memory (SeLockMemoryPrivilege) (1) Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Log on as a batch job (SeBatchLogonRight) (1) Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Log on as a service (SeServiceLogonRight) (1) Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Manage auditing and security log (SeSecurityPrivilege) {(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Modify an object label (1) Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Modify firmware environment values (SeSystemEnvironmentPrivilege) (1) Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Perform volume maintenance tasks (SeManageVolumePrivilege) (1) Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Profile single process (SeProfileSingleProcessPrivilege) (1) Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Profile system performance (SeSystemProfilePrivilege) (1) Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Remove computer from docking station (SeUndockPrivilege) (1) Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Replace a process level token (SeAssignPrimaryTokenPrivilege) (1) Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Restore files and directories (SeRestorePrivilege) (1) Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Shut down the system (SeShutdownPrivilege) (1) Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Synchronize directory service data (1) Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/Take ownership of files or other objects (SeTakeOwnershipPrivilege) (1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Accounts: Administrator account status |(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Accounts: Guest account status(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Accounts: Limit local account use of blank passwords to console logon only (2) MACHINE\System\CurrentControlSet\Control\Lsa\LimitBlankPasswordUse(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Accounts: Rename administrator account}(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Accounts: Rename guest account (1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Audit: Audit the access of global system objects (2) MACHINE\System\CurrentControlSet\Control\Lsa\AuditBaseObjects(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Audit: Audit the use of Backup and Restore privilege (2) MACHINE\System\CurrentControlSet\Control\Lsa\FullPrivilegeAuditing(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings (2) MACHINE\System\CurrentControlSet\Control\Lsa\SCENoApplyLegacyAuditPolicy(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Audit: Shut down sy< stem immediately if unable to log security audits (2) MACHINE\System\CurrentControlSet\Control\Lsa\CrashOnAuditFail(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/DCOM: Machine access restrictions in Security Descriptor Definition Language (SDDL) syntax (1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/DCOM: Machine launch restrictions in Security Descriptor Definition Language (SDDL) syntax (1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Devices: Allow undock without having to log on (2) MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\UndockWithoutLogon(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Devices: Allowed to format and eject removable media (2) MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\AllocateDASD(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Devices: Prevent users from installing printer drivers (2) MACHINE\System\CurrentControlSet\Control\Print\Providers\LanMan Print Services\Servers\AddPrinterDrivers(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Devices: Restrict CD-ROM access to locally logged-on user only (2) MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\AllocateCDRoms(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Devices: Restrict floppy access to locally logged-on user only (2) MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\AllocateFloppies(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Domain Controller: Allow server operators to schedule tasks (1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Domain Controller: LDAP server signing requirements (1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Domain Controller: Refuse machine account password changes (1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Domain member: Digitally encrypt or sign secure channel data (always) (2) MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\RequireSignOrSeal(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Domain member: Digitally encrypt secure channel data (when possible) (2) MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\SealSecureChannel(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Domain member: Digitally sign secure channel data (when possible) (2) MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\SignSecureChannel(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Domain member: Disable machine account password changes (2) MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\DisablePasswordChange(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Domain member: Maximum machine account password age (2) MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\MaximumPasswordAge(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Domain member: Require strong (Windows 2000 or later) session key (2) MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\RequireStrongKey(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Interactive logon: Do not display last user name (2) MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\DontDisplayLastUserName(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Interactive logon: Do not require CTRL+ALT+DEL (2) MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableCAD(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Interactive logon: Message text for users attempting to log on (2) MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\LegalNoticeText(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Interactive logon: Message title for users attempting to log on (2) MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\LegalNoticeCaption(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Interactive logon: Number of previous logons to cache (in case domain controller is not available) (2) MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\CachedLogonsCount (1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Interactive logon: Prompt user to change password before expiration (2) MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\PasswordExpiryWarning(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Interactive logon: Require Domain Controller authentication to unlock workstation (2) MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ForceUnlockLogon(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Interactive logon: Require smart card(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Interactive logon: Smart card removal behavior (2) MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ScRemoveOption(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Microsoft network client: Digitally sign communications (always) (2) MACHINE\System\CurrentControlSet\Services\LanmanWorkstation\Parameters\RequireSecuritySignature (1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Microsoft network client: Digitally sign communications (if server agrees) (2) MACHINE\System\CurrentControlSet\Services\LanmanWorkstation\Parameters\EnableSecuritySignature(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Microsoft network client: Send unencrypted password to third-party SMB servers (2) MACHINE\System\CurrentControlSet\Services\LanmanWorkstation\Parameters\EnablePlainTextPassword(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Microsoft network server: Amount of idle time required before suspending session (2) MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\AutoDisconnect(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Microsoft network server: Digitally sign communications (always) (2) MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\RequireSecuritySignature(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Microsoft network server: Digitally sign communications (if client agrees) (2) MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\EnableSecuritySignature(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Microsoft network server: Disconnect clients when logon hours expire (2) MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\EnableForcedLogOff(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/MSS: (AutoAdminLogon) Enable Automatic Logon (not recommended) (2) MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\AutoAdminLogon(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing) (2) MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\DisableIPSourceRouting(1) Computer Configuration/Windows Settings/Security Settings/Local Poli< cies/Security Options/MSS: (EnableDeadGWDetect) Allow automatic detection of dead network gateways (could lead to DoS) (2) MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\EnableDeadGWDetect(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes (2) MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\EnableICMPRedirect(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/MSS: (Hidden) Hide Computer From the Browse List (not recommended except for highly secure environments) (2) MACHINE\System\CurrentControlSet\Services\Lanmanserver\Parameters\Hidden(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds (2) MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\KeepAliveTime(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/MSS: (NoDefaultExempt) Configure IPSec exemptions for various types of network traffic. (2) MACHINE\System\CurrentControlSet\Services\IPSEC\NoDefaultExempt(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/MSS: (NoDriveTypeAutoRun) Disable Autorun for all drives (recommended) (2) MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun%(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers (2) MACHINE\System\CurrentControlSet\Services\Netbt\Parameters\NoNameReleaseOnDemand"(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/MSS: (NtfsDisable8dot3NameCreation) Enable the computer to stop generating 8.3 style filenames (recommended) (2) MACHINE\System\CurrentControlSet\Control\FileSystem\NtfsDisable8dot3NameCreation$(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS) (2) MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\PerformRouterDiscovery(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended) (2) MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SafeDllSearchMode.(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/MSS: (ScreenSaverGracePeriod) The time in seconds before the screen saver grace period expires (0 recommended) (2) MACHINE\SYSTEM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ScreenSaverGracePeriod(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/MSS: (SynAttackProtect) Syn attack protection level (protects against DoS) (2) MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\SynAttackProtect5(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/MSS: (TCPMaxConnectResponseRetransmissions) SYN-ACK retransmissions when a connection request is not acknowledged (2) MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\TcpMaxConnectResponseRetransmissions+(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/MSS: (TCPMaxDataRetransmissions) How many times unacknowledged data is retransmitted (3 recommended, 5 is default) (2) MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\TcpMaxDataRetransmissions(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/MSS: (WarningLevel) Percentage threshold for the security event log at which the system will generate a warning (2) MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\WarningLevel(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Network access: Allow anonymous SID/Name translation (1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Network access: Do not allow anonymous enumeration of SAM accounts (2) MACHINE\System\CurrentControlSet\Control\Lsa\RestrictAnonymousSAM(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Network access: Do not allow anonymous enumeration of SAM accounts and shares (2) MACHINE\System\CurrentControlSet\Control\Lsa\RestrictAnonymous(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Network access: Do not allow storage of credentials or .NET Passports for network authentication (2) MACHINE\System\CurrentControlSet\Control\Lsa\DisableDomainCreds(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Network access: Let Everyone permissions apply to anonymous users (2) MACHINE\System\CurrentControlSet\Control\Lsa\EveryoneIncludesAnonymous(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Network access: Named Pipes that can be accessed anonymously (2) MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\NullSessionPipes(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Network access: Remotely accessible registry paths (2) MACHINE\System\CurrentControlSet\Control\SecurePipeServers\Winreg\AllowedPaths\Machine(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Network access: Remotely accessible registry paths and sub paths (2) MACHINE\System\CurrentControlSet\Control\SecurePipeServers\Winreg\AllowedPaths\Machine(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Network access: Restrict anonymous access to Named Pipes and Shares (2) MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\NullSessionShares(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Network access: Shares that can be accessed anonymously (2) MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\NullSessionShares (1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Network access: Sharing and security model for local accounts (2) MACHINE\System\CurrentControlSet\Control\Lsa\ForceGuest(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Network security: Do not store LAN Manager hash value on next password change (2) MACHINE\System\CurrentControlSet\Control\Lsa\NoLMHash(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Network security: Force logoff when logon hours expire (1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Network security: LAN Manager authentication level (2) MACHINE\System\CurrentControlSet\Control\Lsa\LmCompatibilityLevel(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Network security: LDAP client signing requirements (2) MACHINE\System\CurrentControlSet\Services\LDAP\LDAPClientIntegrity(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Network security: Minimum session security for NTLM SSP based (including secure RPC) clients (2) MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0\NTLMMinClientSec(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Network security: Minimum session security for NTLM SSP based (including secure RPC) servers (2) MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0\NTLMMinServerSec(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Recovery console: Allow automatic administrative logon (2) MACHINE\Software\Microsoft\W< indows NT\CurrentVersion\Setup\RecoveryConsole\SecurityLevel(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Recovery console: Allow floppy copy and access to all drives and all folders (2) MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Setup\RecoveryConsole\SetCommand(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Shutdown: Allow system to be shut down without having to log on (2) MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\ShutdownWithoutLogon(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/Shutdown: Clear virtual memory pagefile (2) MACHINE\System\CurrentControlSet\Control\Session Manager\Memory Management\ClearPageFileAtShutdown(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/System cryptography: Force strong key protection for user keys stored on the computer (1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing (2) MACHINE\System\CurrentControlSet\Control\Lsa\FIPSAlgorithmPolicy(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/System objects: Require case insensitivity for non-Windows subsystems (2) MACHINE\System\CurrentControlSet\Control\Session Manager\Kernel\ObCaseInsensitive (1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links) (2) MACHINE\System\CurrentControlSet\Control\Session Manager\ProtectionMode(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/System settings: Use Certificate Rules on Windows Executables for Software Restriction Policies (1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/User Account Control: Admin Approval Mode for the Built-in Administrator account (2) MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken$(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop (2) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableUIADesktopToggle!(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode (2) MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin (1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/User Account Control: Behavior of the elevation prompt for standard users (2) MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUser(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/User Account Control: Detect application installations and prompt for elevation (2) MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/User Account Control: Only elevate executables that are signed and validated (2) MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/User Account Control: Only elevate UIAccess applications that are installed in secure locations (2) MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/User Account Control: Run all administrators in Admin Approval Mode (2) MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA (1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/User Account Control: Switch to the secure desktop when prompting for elevation (2) MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop(1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/User Account Control: Virtualize file and registry write failures to per-user locations (2) MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization(1) Computer Configuration/Windows Settings/Security Settings/Event Log//Prevent local guests group from accessing application log (2) Event Log security settings are not registry keys.(1) Computer Configuration/Windows Settings/Security Settings/Event Log//Prevent local guests group from accessing system log (2) Event Log security settings are not registry keys.(1) Computer Configuration/Windows Settings/Security Settings/Event Log//Prevent local guests group from accessing security log (2) Event Log security settings are not registry keys.%(1) Computer Configuration\Administrative Templates\Windows Components\Event Log Service\Application\Retain old events (2) HKCU\Software\Policies\Microsoft\Windows\EventLog\Application\Retention (3) Computer Configuration/Windows Settings/Security Settings/Event Log//Retain application log(1) Computer Configuration\Administrative Templates\Windows Components\Event Log Service\Security\Retain old events (2) HKCU\Software\Policies\Microsoft\Windows\EventLog\Security\Retention (3) Computer Configuration/Windows Settings/Security Settings/Event Log//Retain security log(1) Computer Configuration\Administrative Templates\Windows Components\Event Log Service\System\Retain old events (2) HKCU\Software\Policies\Microsoft\Windows\EventLog\System\Retention (3) Computer Configuration/Windows Settings/Security Settings/Event Log//Retain system logn(1) Computer Configuration/Windows Settings/Security Settings/Event Log//Retention method for application log k(1) Computer Configuration/Windows Settings/Security Settings/Event Log//Retention method for security log i(1) Computer Configuration/Windows Settings/Security Settings/Event Log//Retention method for system log (1) HKLM\ SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\fPromptForPassword (2) Computer Configuration\Administrative Templates\Windows Components\Terminal Services\Terminal Server\Security\Always prompt for password upon connectionm(1) Enabled: Do not execute any autorun commands / Enabled: Automatically execute autorun commands / Disabled(1) HKLM\Software\Policies\Microsoft\Conferencing\NoRDS, Computer Configuration\Administrative Templates\Windows Components\NetMeeting (1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mnmsrvc\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy ~(1) Computer Configuration\Windows Settings\Security Settings\Account Policies\Kerberos Policy\Enforce user logon restrictions(1) HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\CredUI\EnumerateAdministrators (2) Computer Configuration\Administrative Templates\Windows Components\Credential User Interface\Enumerate administrator accounts on elevation(1) Number of minutes(1) Computer Configuration\Windows Settings\Security Settings\Account Policies\Kerberos Policy\Maximum lifetime for service ticket(1) Number of hours(1) Computer Configuration\Windows Settings\Security Settings\Account Policies\Kerberos Policy\Maximum lifetime for user ticket(1) Computer Configuration\Windows Settings\Security Settings\Account Policies\Kerberos Policy\Maximum tolerance for computer clock synchronization(1) HKLM\SYSTEM\CurrentControlSet\Services\RasMan\Parameters\DisableSavePassword (2) Computer Configuration\Windows Settings\Local Policies\Security Options\MSS: (DisableSavePassword) Prevent the dial-up passsword from being saved (recommended)(1) HKLM\Software\po< licies\Microsoft\Windows NT\Terminal ServicesfAllowUnsolicited (2) Computer Configuration\Administrative Templates\System\Remote Assistance(1) HKLM\Software\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}\ NoBackgroundPolicy (2) Computer Configuration\Administrataive Templates\System\Group Policy\Registry policy processing(1) HKLM\Software\Policies\Microsoft\Windows NT\Rpc\RestrictRemoteClients (2) Computer Configuration\Administrative Templates\System\Remote Procedure Call\Restrictions for Unauthenticated RPC clients(1) HKLM\Software\Policies\Microsoft\Windows NT\Rpc\EnableAuthEpResolution (2) Computer Configuration\Administrative Templates\System\Remote Procedure Call\RPC Endpoint Mapper Client AuthenticationQ(1) Enabled:Client Compatible | Enabled:High level | Enabled:Low level | Disabled(1) HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\MinEncryptionLevel (2) Computer Configuration\Administrative Templates\Windows Components\Terminal Services\Terminal Server\Security\Set client connection encryption level(1) HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun (2) Computer Configuration\Administrative Templates\Windows Components\Autoplay Policies\Turn off Autoplay(1) 2007: GPO Settings:Computer Configuration / Administrative Templates / Classic Administrative Templates / Microsoft Office 2007 System / Security Settings (2) Registry keys: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Office\12.0\Common\VbaOff 2003: (3) Computer Configuration\Administrative Templates\Microsoft Office 2003\Security Settings\Disable VBA for Office applications (4) HKLM\Software\Policies\Microsoft\Office\11.0\Common - VbaOff (5) User Configuration\Administrative Templates\Microsoft Office 2003\Security Settings\Disable VBA for Office applications (6) HKCU\Software\Policies\Microsoft\Office\11.0\Common - VbaOff h(1) 1 = Do not prompt | 4 = Prompt user to use control defaults | 6 = Prompt user to use persisted data(1) 2007: GPO Settings:User Configuration / Administrative Templates / Classic Administrative Templates / Microsoft Office 2007 system / Security /ActiveX Control InitializationSettings (2) Registry keys: HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\Common\Security\UFIControls 2003: (3) User Configuration\Administrative Templates\Microsoft Office 2003\Security Settings\ActiveX Control Initialization (4) HKCU\Software\Policies\Microsoft\Office\Common\Security - UFIControls (1) GPO Settings:User Configuration / Administrative Templates / Classic Administrative Templates / Microsoft Office 2007 / Privacy / Trust Center , Registry Keys: HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\12.0\Common\QMEnable(1) GPO Settings:User Configuration / Administrative Templates / Classic Administrative Templates / Microsoft Office 2007 / Privacy / Trust Center (2) Registry keys: HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\12.0\Common\UpdateReliabilityData(1) 0 = Never show online content or entry points | 1 = Search only offline content whenever available | 2 = Search online content whenever available.(1) GPO Settings:User Configuration / Administrative Templates / Classic Administrative Templates / Microsoft Office 2007 system / Tools / Options / General / Service Options / Online Content (2) Registry keys: HKEY_CURRENT_USER\Softtware\Polices\Microsoft\Office\12.0\Common\Internet\UseOnlineContent(1) 1 = No Security checks for macros | 2 = Trust Bar warning for all macros | 3 = Trust Bar warning for digitally signed macros only | 4 = No Warnings for all macros but disable all macros(1) GPO Settings:User Configuration / Administrative Templates / Classic Administrative Templates / Microsoft Office Access 2007 / Application Settings / Security / Trust Center (2) Registry keys: HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\12.0\Access\Security\VBAWarnings(1) 2007: GPO Settings:User Configuration / Administrative Templates / Classic Administrative Templates / Microsoft Office Excel 2007 / Excel Options / Security / Trust Center (2) Registry keys: HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\12.0\Excel\Security\VBAWarnings(1) 2007GPO Settings:User Configuration / Administrative Templates / Classic Administrative Templates / Microsoft Office Excel 2007 / Excel Options / Security / Trust Center (2) Registry keys: HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\12.0\Excel\Security\AccessVBOM 2003: (3) Computer Configuration\Administrative Templates\Microsoft Office 2003\Security Settings\Excel: Trust access to Visual Basic Project (4) HKLM\Software\Policies\Microsoft\Office\11.0\Excel\Security - AccessVBOM (5) User Configuration\Administrative Templates\Microsoft Office Excel 2003\Tools\Macros\Security\Trust access to Visual Basic Project (6) HKCU\Software\Policies\Microsoft\Office\11.0\Excel\Security - AccessVBOM!(1) GPO Settings:User Configuration / Administrative Templates / Classic Administrative Templates / Microsoft Office PowerPoint 2007 / PowerPoint Options / Security / Trust Center (2) Registry keys: HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\12.0\PowerPoint\Security\VBAWarnings (1) GPO Settings:User Configuration / Administrative Templates / Classic Administrative Templates / Microsoft Office PowerPoint 2007 / PowerPoint Options / Security / Trust Center (2) Registry keys: HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\12.0\PowerPoint\Security\AccessVBOM(1) 0 = Trust all or use Exchange settings if present | 1 = Trust all loaded and installed COM addins | 2 = Do NOT trust loaded and installed COM addinsUser Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Security Form Settings\Programmatic Security\Trusted Add-insConfigure trusted add-ins(1) GPO Settings:User Configuration / Administrative Templates / Classic Administrative Templates / Microsoft Office Outlook 2007 / Security / Cryptography (2) Registry keys: HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\12.0\Outlook\Security\MinEncKey (1) GPO Settings:User Configuration / Administrative Templates / Classic Administrative Templates / Microsoft Office Outlook 2007 / Security / Cryptography (2) Registry keys: HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\12.0\Outlook\Security\SupressNameChecks(1) 2007: GPO Settings:User Configuration / Administrative Templates / Classic Administrative Templates / Microsoft Office Outlook 2007 / Security / Cryptography (2) Registry keys: HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\12.0\Outlook\Security\ClearSign 2003: (3) User Configuration\Administrative Templates\Microsoft Office Outlook 2003\Tools\Options\Security\Cryptography\Send all signed messages as clear signed messages (4) HKCU\Software\Policies\Microsoft\Office\11.0\Outlook\Security - ClearSign (1) GPO Settings:User Configuration / Administrative Templates / Classic Administrative Templates / Microsoft Office Outlook 2007 / Security / Cryptography (2) Registry keys: HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\12.0\Outlook\Security\RequestSecureReceipt (1) 2007: GPO Settings:User Configuration / Administrative Templates / Classic Administrative Templates / Microsoft Office Outlook 2007 / Security / Cryptography (2) Registry keys: HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\12.0\Outlook\Security\PublishToGalDisabled 2003: (3) User Configuration\Administrative Templates\Microsoft Office Outlook 2003\Tools\Options\Security\Cryptography\Disable 'Publish to GAL' button (4) HKCU\Software\Policies\Microsoft\office\11.0\outlook\Security - PublishToGalDisabled (1) 0 = Let user decide if they want to be warned | 1 = Always warn about invalid signatures | 2 = Never warn about invalid signatures(1) 2007: GPO Settings:User Configuration / Administrative Templates / Classic Administrative Templates / Microsoft Office Outlook 2007 / Security / Cryptography (2) Registry keys: HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\12.0\Outlook\Security\WarnAboutInvalid 2003: (3) User Configuration\Administrative Templates\Microsoft Office Ou< tlook 2003\Tools\Options\Security\Cryptography\Signature Warning (4) HKCU\Software\Policies\Microsoft\Office\11.0\Outlook\Security - WarnAboutInvalid (1) 2007: GPO Settings:User Configuration / Administrative Templates / Classic Administrative Templates / Microsoft Office Outlook 2007 / Security / Cryptography (2) Registry keys: HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\12.0\Outlook\Security\ConvertSMIMEBlobSignedIcons 2003: (3) User Configuration\Administrative Templates\Microsoft Office Outlook 2003\Tools\Options\Security\Cryptography\Enable cryptography icons (4) HKCU\Software\Policies\Microsoft\Office\11.0\Outlook\Security - ConvertSMIMEBlobSignedIconsb(1) 0 = Use system Default | 1 = When online always retreive the CRL | 2 = Never retreive the CRL&(1) GPO Settings:User Configuration / Administrative Templates / Classic Administrative Templates / Microsoft Office Outlook 2007 / Security / Cryptography / Signature Status Dialog Box (2) Registry keys: HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\12.0\Outlook\Security\UseCRLChasing(1) GPO Settings:User Configuration / Administrative Templates / Classic Administrative Templates / Microsoft Office Word 2007 / Word Options / Security / Trust Center (2) Registry keys: HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\12.0\Word\Security\VBAWarnings(1) 2007: GPO Settings:User Configuration / Administrative Templates / Classic Administrative Templates / Microsoft Office Word 2007 / Word Options / Security / Trust Center (2) Registry keys: HKEY_CURRENT_USER\Software\Policies\Policies\Microsoft\Office\12.0\Word\Security\AccessVBOM 2003: (3) Computer Configuration\Administrative Templates\Microsoft Office 2003\Security Settings\Word: Trust access to Visual Basic Project (4) HKLM\Software\Policies\Microsoft\Office\11.0\Word\Security - AccessVBOM (5) User Configuration\Administrative Templates\Microsoft Office Word 2003\Tools\Macro\Security\Trust access to Visual Basic Project (6) HKCU\Software\Policies\Microsoft\Office\11.0\Word\Security - AccessVBOM(1) 2007: GPO Settings:User Configuration / Administrative Templates / Classic Administrative Templates / Microsoft Office Word 2007 / Word Options / Security (2) Registry keys: HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\12.0\Word\Options\vpref\fWarnRevisions_1805_1 2003: (2) User Configuration\Administrative Templates\Microsoft Office Word 2003\Tools\Options\Security\Warn before printing or saving or sending a file that contains tracked changes or comments (3) HKCU\Software\Policies\Microsoft\Office\11.0\Word\Options\vpre(1) GPO Settings:User Configuration / Administrative Templates / Classic Administrative Templates / Microsoft Office 2007 / Miscellaneous (2) Registry keys: HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\Common\OfficeUpdate\BlockUpdates(1) User Configuration\Administrative Templates\Microsoft Office Access 2007\Application Settings\Web Options\General\Underline hyperlinks (2) Software\Policies\Microsoft\Office\12.0\Access\Internet(1) User Configuration\Administrative Templates\Microsoft Office Access 2007\Application Settings\General\General\Number of documents in the Recent Documents list (0-9) (2) Software\Policies\Microsoft\Office\12.0\Access\Settings(1) User Configuration\Administrative Templates\Microsoft Office Access 2007\Application Settings\Security\Trust Center\Disable Trust Bar Notification for unsigned application add-ins (2) Software\Policies\Microsoft\Office\12.0\Access\Security(1) User Configuration\Administrative Templates\Microsoft Office Access 2007\Application Settings\Security\Trust Center\Disable all application add-ins (2) Software\Policies\Microsoft\Office\12.0\Access\Security(1) User Configuration\Administrative Templates\Microsoft Office Access 2007\Application Settings\Security\Trust Center\Require that application add-ins are signed by Trusted Publisher (2) Software\Policies\Microsoft\Office\12.0\Access\Security(1) User Configuration\Administrative Templates\Microsoft Office Access 2007\Application Settings\Security\Trust Center\Trusted LocationsDisable all trusted locations (2) Software\Policies\Microsoft\Office\12.0\Access\Security\Trusted Locations(1) User Configuration\Administrative Templates\Microsoft Office Access 2007\Application Settings\Security\Trust Center\Trusted Locations\Allow Trusted Locations not on the computer (2) Software\Policies\Microsoft\Office\12.0\Access\Security\Trusted Locations(1) User Configuration\Administrative Templates\Microsoft Office Access 2007\Application Settings\Security\Trust Center\Trusted Locations\Modal Trust Decision Only (2) Software\Policies\Microsoft\Office\12.0\Access\Security\Trusted Locations(1) User Configuration\Administrative Templates\Microsoft Office Access 2007\Disable items in user interface\Predefined\Disable commands (2) Software\Policies\Microsoft\Office\12.0\Access\DisabledCmdBarItemsCheckBoxes(1) User Configuration\Administrative Templates\Microsoft Office Access 2007\Disable items in user interface\Predefined\Disable commands - Office Button | E-Mail (2) Software\Policies\Microsoft\Office\12.0\Access\DisabledCmdBarItemsCheckBoxes*(1) User Configuration\Administrative Templates\Microsoft Office Access 2007\Disable items in user interface\Predefined\Disable commands - Office Button | Access Options | Customize | All Commands | Insert Hyperlink (2) Software\Policies\Microsoft\Office\12.0\Access\DisabledCmdBarItemsCheckBoxes(1) User Configuration\Administrative Templates\Microsoft Office Access 2007\Disable items in user interface\Predefined\Disable commands - Database Tools | Database Tools | Encrypt with Password (2) Software\Policies\Microsoft\Office\12.0\Access\DisabledCmdBarItemsCheckBoxes-(1) User Configuration\Administrative Templates\Microsoft Office Access 2007\Disable items in user interface\Predefined\Disable commands - Database Tools | Administer | Users and Permission | User and Group Permissions (2) Software\Policies\Microsoft\Office\12.0\Access\DisabledCmdBarItemsCheckBoxes+(1) User Configuration\Administrative Templates\Microsoft Office Access 2007\Disable items in user interface\Predefined\Disable commands - Database Tools | Administer | Users and Permissions | User and Group Accounts (2) Software\Policies\Microsoft\Office\12.0\Access\DisabledCmdBarItemsCheckBoxes0(1) User Configuration\Administrative Templates\Microsoft Office Access 2007\Disable items in user interface\Predefined\Disable commands - Database Tools | Administer | Users and Permission | User-Level Security Wizard... (2) Software\Policies\Microsoft\Office\12.0\Access\DisabledCmdBarItemsCheckBoxes(1) User Configuration\Administrative Templates\Microsoft Office Access 2007\Disable items in user interface\Predefined\Disable commands - Database Tools | Database Tools | Encode/Decode Database (2) Software\Policies\Microsoft\Office\12.0\Access\DisabledCmdBarItemsCheckBoxes(1) User Configuration\Administrative Templates\Microsoft Office Access 2007\Disable items in user interface\Predefined\Disable commands - Database Tools | Macro | Visual Basic (2) Software\Policies\Microsoft\Office\12.0\Access\DisabledCmdBarItemsCheckBoxes(1) User Configuration\Administrative Templates\Microsoft Office Access 2007\Disable items in user interface\Predefined\Disable commands - Database Tools | Macro | Run Macro (2) Software\Policies\Microsoft\Office\12.0\Access\DisabledCmdBarItemsCheckBoxes(1) User Configuration\Administrative Templates\Microsoft Office Access 2007\Disable items in user interface\Predefined\Database Tools | Macro | Convert Macros to Visual Basic (2) Software\Policies\Microsoft\Office\12.0\Access\DisabledCmdBarItemsCheckBoxes(1) User Configuration\Administrative Templates\Microsoft Office Access 2007\Disable items in user interface\Predefined\Database Tools | Macro | Create Shortcut Menu from Macro (2) Software\Policies\Microsoft\Office\12.0\Access\DisabledCmdBarItemsCheckBoxes(1) User Configuration\Administrative Templates\Microsoft Office Access 2007\Disable items in user interface\Predefined\Disable shortcut keys (2) Software\< Policies\Microsoft\Office\12.0\Access\DisabledShortcutKeysCheckBoxes5(1) User Configuration\Administrative Templates\Microsoft Office Access 2007\Disable items in user interface\Predefined\Disable commands - Ctrl+K (Office Button | Access Options | Customize | All Commands | Insert Hyperlinks) (2) Software\Policies\Microsoft\Office\12.0\Access\DisabledShortcutKeysCheckBoxes(1) User Configuration\Administrative Templates\Microsoft Office Access 2007\Disable items in user interface\Predefined\Disable commands - Alt+F11 (Database Tools | Macro | Visual Basic) (2) Software\Policies\Microsoft\Office\12.0\Access\DisabledShortcutKeysCheckBoxes(1) User Configuration\Administrative Templates\Microsoft Office Access 2007\Miscellaneous\Default file format (Access 2007 | Access 2002-2003) (2) Software\Policies\Microsoft\Office\12.0\Access\Settings(1) User Configuration\Administrative Templates\Microsoft Office Access 2007\Miscellaneous\Do not prompt to convert older databases (2) Software\Policies\Microsoft\Office\12.0\Access\Settings(1) User Configuration\Administrative Templates\Microsoft Office Excel 2007\Excel Options\Proofing\Autocorrect Options\Internet and network paths as hyperlinks (2) Software\Policies\Microsoft\Office\12.0\Excel\Optionsm(1) User Configuration\Administrative Templates\Microsoft Office Excel 2007\Excel Options\Save\Save Excel files as (Excel Workbook (*.xlsx) | Excel Macro-Enabled Workbook (*.xlsm) | Excel Binary Workbook (*.xlsb) | Web Page (*.htm; *.html) | Excel 97-2003 Workbook (*.xls) | Excel 5.0/95 Workbook (*.xls)) (2) Software\Policies\Microsoft\Office\12.0\Excel\Options(1) User Configuration\Administrative Templates\Microsoft Office Excel 2007\Excel Options\Save\Disable AutoRepublish (2) Software\Policies\Microsoft\Office\12.0\Excel\Options (1) User Configuration\Administrative Templates\Microsoft Office Excel 2007\Excel Options\Save\AutoRepublish Warning Alert (Always show the alert before publishing | Never show the alert before publishing) (2) Software\Policies\Microsoft\Office\12.0\Excel\Options(1) User Configuration\Administrative Templates\Microsoft Office Excel 2007\Excel Options\Security\Determine whether to force encrypted macros to be scanned in Microsoft Excel Open XML workbooks (2) Software\Policies\Microsoft\Office\12.0\Excel\Security(1) User Configuration\Administrative Templates\Microsoft Office Excel 2007\Excel Options\Security\Force file extension to match file type (Allow different | Allow different, but warn | Always match file type) (2) Software\Policies\Microsoft\Office\12.0\Excel\Security(1) User Configuration\Administrative Templates\Microsoft Office Excel 2007\Excel Options\Security\Trust Center\Store macro in Personal Macro Workbook by default (2) Software\Policies\Microsoft\Office\12.0\Excel\Security(1) User Configuration\Administrative Templates\Microsoft Office Excel 2007\Excel Options\Security\Trust Center\Disable all application add-ins (2) Software\Policies\Microsoft\Office\12.0\Excel\Security(1) User Configuration\Administrative Templates\Microsoft Office Excel 2007\Excel Options\Security\Trust Center\Require that application add-ins are signed by Trusted Publisher (2) Software\Policies\Microsoft\Office\12.0\Excel\Security(1) User Configuration\Administrative Templates\Microsoft Office Excel 2007\Excel Options\Security\Trust Center\Disable Trust Bar Notification for unsigned application add-ins (2) Software\Policies\Microsoft\Office\12.0\Excel\Security(1) User Configuration\Administrative Templates\Microsoft Office Excel 2007\Excel Options\Security\Trust Center\Trusted LocationsAllow Trusted Locations not on the computer (2) Software\Policies\Microsoft\Office\12.0\Excel\Security\Trusted Locations(1) User Configuration\Administrative Templates\Microsoft Office Excel 2007\Excel Options\Security\Trust Center\Trusted LocationsDisable all trusted locations (2) Software\Policies\Microsoft\Office\12.0\Excel\Security\Trusted Locations(1) User Configuration\Administrative Templates\Microsoft Office Excel 2007\Excel Options\Advanced\Ignore other applications (2) Software\Policies\Microsoft\Office\12.0\Excel\Options\BinaryOptions(1) User Configuration\Administrative Templates\Microsoft Office Excel 2007\Excel Options\Advanced\Ask to update automatic links (2) Software\Policies\Microsoft\Office\12.0\Excel\Options(1) User Configuration\Administrative Templates\Microsoft Office Excel 2007\Excel Options\Advanced\Number of documents in the Recent Documents list (0-17) (2) Software\Policies\Microsoft\Office\12.0\Excel\File MRU(1) User Configuration\Administrative Templates\Microsoft Office Excel 2007\Excel Options\Advanced\Web Options& \GeneralSave any additional data necessary to maintain formulas (2) Software\Policies\Microsoft\Office\12.0\Excel\Internet(1) User Configuration\Administrative Templates\Microsoft Office Excel 2007\Excel Options\Advanced\Web Options& \GeneralLoad pictures from Web pages not created in Excel (2) Software\Policies\Microsoft\Office\12.0\Excel\Internet(1) User Configuration\Administrative Templates\Microsoft Office Excel 2007\Data Recovery\Do not show data extraction options when opening corrupt workbooks (2) Software\Policies\Microsoft\Office\12.0\Excel\Options(1) User Configuration\Administrative Templates\Microsoft Office Excel 2007\Data Recovery\Assume structured storage format of workbook is intact when recovering data (2) Software\Policies\Microsoft\Office\12.0\Excel\Options(1) User Configuration\Administrative Templates\Microsoft Office Excel 2007\Data Recovery\Corrupt formula conversion (Convert unrecoverable references to: values | #REF or #NAME) (2) Software\Policies\Microsoft\Office\12.0\Excel\Options(1) User Configuration\Administrative Templates\Microsoft Office Excel 2007\Data Access Security\Connection File Locations (2) Software\Policies\Microsoft\Office\Common\Server Links\Published)(1) User Configuration\Administrative Templates\Microsoft Office Excel 2007\Data Access Security\Automatic Query Refresh (Prompt for all workbooks | Do not prompt; do not allow auto refresh | Do not prompt; allow auto refresh) (2) Software\Policies\Microsoft\Office\Common\Server Links\Published(1) User Configuration\Administrative Templates\Microsoft Office Excel 2007\Disable items in user interface\Predefined\Disable commands (2) Software\Policies\Microsoft\Office\12.0\Excel\DisabledCmdBarItemsCheckBoxes'(1) User Configuration\Administrative Templates\Microsoft Office Excel 2007\Disable items in user interface\Predefined\Disable commands - Office Button | Excel Options | Customize | All Commands | Save as Web Page (2) Software\Policies\Microsoft\Office\12.0\Excel\DisabledCmdBarItemsCheckBoxes'(1) User Configuration\Administrative Templates\Microsoft Office Excel 2007\Disable items in user interface\Predefined\Disable commands - Office Button | Excel Options | Customize | All Commands | Web Page Preview (2) Software\Policies\Microsoft\Office\12.0\Excel\DisabledCmdBarItemsCheckBoxes(1) User Configuration\Administrative Templates\Microsoft Office Excel 2007\Disable items in user interface\Predefined\Disable commands - Office Button | Send | Email (2) Software\Policies\Microsoft\Office\12.0\Excel\DisabledCmdBarItemsCheckBoxes(1) User Configuration\Administrative Templates\Microsoft Office Excel 2007\Disable items in user interface\Predefined\Disable commands - Insert | Links | Hyperlink (2) Software\Policies\Microsoft\Office\12.0\Excel\DisabledCmdBarItemsCheckBoxes(1) User Configuration\Administrative Templates\Microsoft Office Excel 2007\Disable items in user interface\Predefined\Disable commands - Review < | Changes | Protect Sheet (2) Software\Policies\Microsoft\Office\12.0\Excel\DisabledCmdBarItemsCheckBoxes(1) User Configuration\Administrative Templates\Microsoft Office Excel 2007\Disable items in user interface\Predefined\Disable commands - Review | Changes | Protect Workbook (2) Software\Policies\Microsoft\Office\12.0\Excel\DisabledCmdBarItemsCheckBoxes (1) User Configuration\Administrative Templates\Microsoft Office Excel 2007\Disable items in user interface\Predefined\Disable commands - Review | Changes | Protect and Share Workbook (2) Software\Policies\Microsoft\Office\12.0\Excel\DisabledCmdBarItemsCheckBoxes(1) User Configuration\Administrative Templates\Microsoft Office Excel 2007\Disable items in user interface\Predefined\Disable commands - View | Macros | Macros (2) Software\Policies\Microsoft\Office\12.0\Excel\DisabledCmdBarItemsCheckBoxes(1) User Configuration\Administrative Templates\Microsoft Office Excel 2007\Disable items in user interface\Predefined\Disable commands - Developer | Code | Macros (2) Software\Policies\Microsoft\Office\12.0\Excel\DisabledCmdBarItemsCheckBoxes(1) User Configuration\Administrative Templates\Microsoft Office Excel 2007\Disable items in user interface\Predefined\Disable commands - Developer | Code | Record Macro (2) Software\Policies\Microsoft\Office\12.0\Excel\DisabledCmdBarItemsCheckBoxes(1) User Configuration\Administrative Templates\Microsoft Office Excel 2007\Disable items in user interface\Predefined\Disable commands - Developer | Code | Macro Security (2) Software\Policies\Microsoft\Office\12.0\Excel\DisabledCmdBarItemsCheckBoxes(1) User Configuration\Administrative Templates\Microsoft Office Excel 2007\Disable items in user interface\Predefined\Disable commands - Developer | Code | Visual Basic (2) Software\Policies\Microsoft\Office\12.0\Excel\DisabledCmdBarItemsCheckBoxes((1) User Configuration\Administrative Templates\Microsoft Office Excel 2007\Disable items in user interface\Predefined\Disable commands - Office Button | Excel Options | Customize | All Commands | Document Location (2) Software\Policies\Microsoft\Office\12.0\Excel\DisabledCmdBarItemsCheckBoxes(1) User Configuration\Administrative Templates\Microsoft Office Excel 2007\Disable items in user interface\Predefined\Disable shortcut keys (2) Software\Policies\Microsoft\Office\12.0\Excel\DisabledShortcutKeysCheckBoxes(1) User Configuration\Administrative Templates\Microsoft Office Excel 2007\Disable items in user interface\Predefined\Disable shortcut keys - Ctrl+K (Insert | Links | Hyperlink) (2) Software\Policies\Microsoft\Office\12.0\Excel\DisabledShortcutKeysCheckBoxes(1) User Configuration\Administrative Templates\Microsoft Office Excel 2007\Disable items in user interface\Predefined\Disable shortcut keys - Alt+F8 (Developer | Code | Macros) (2) Software\Policies\Microsoft\Office\12.0\Excel\DisabledShortcutKeysCheckBoxes (1) User Configuration\Administrative Templates\Microsoft Office Excel 2007\Disable items in user interface\Predefined\Disable shortcut keys - Alt+F11 (Developer | Code | Visual Basic) (2) Software\Policies\Microsoft\Office\12.0\Excel\DisabledShortcutKeysCheckBoxes(1) User Configuration\Administrative Templates\Microsoft Office Excel 2007\Block file formats\Open\Block opening of pre-release versions of file formats new to Excel 2007 (2) Software\Policies\Microsoft\Office\12.0\Excel\Security\FileOpenBlock(1) User Configuration\Administrative Templates\Microsoft Office Excel 2007\Block file formats\Open\Block opening of Open XML file types (2) Software\Policies\Microsoft\Office\12.0\Excel\Security\FileOpenBlock(1) User Configuration\Administrative Templates\Microsoft Office Excel 2007\Block file formats\Open\Block opening of Binary 12 file types (2) Software\Policies\Microsoft\Office\12.0\Excel\Security\FileOpenBlock(1) User Configuration\Administrative Templates\Microsoft Office Excel 2007\Block file formats\Open\Block opening of Binary file types (2) Software\Policies\Microsoft\Office\12.0\Excel\Security\FileOpenBlock(1) User Configuration\Administrative Templates\Microsoft Office Excel 2007\Block file formats\Open\Block opening of Html and Xmlss files types (2) Software\Policies\Microsoft\Office\12.0\Excel\Security\FileOpenBlock(1) User Configuration\Administrative Templates\Microsoft Office Excel 2007\Block file formats\Open\Block opening of Xml file types (2) Software\Policies\Microsoft\Office\12.0\Excel\Security\FileOpenBlock(1) User Configuration\Administrative Templates\Microsoft Office Excel 2007\Block file formats\Open\Block opening of DIF and SYLK file types (2) Software\Policies\Microsoft\Office\12.0\Excel\Security\FileOpenBlock(1) User Configuration\Administrative Templates\Microsoft Office Excel 2007\Block file formats\Open\Block opening of Text file types (2) Software\Policies\Microsoft\Office\12.0\Excel\Security\FileOpenBlock(1) User Configuration\Administrative Templates\Microsoft Office Excel 2007\Block file formats\Open\Block opening of Xll file type (2) Software\Policies\Microsoft\Office\12.0\Excel\Security\FileOpenBlock(1) User Configuration\Administrative Templates\Microsoft Office Excel 2007\Block file formats\Save\Block saving of Open Xml file types (2) Software\Policies\Microsoft\Office\12.0\Excel\Security\FileSaveBlock(1) User Configuration\Administrative Templates\Microsoft Office Excel 2007\Block file formats\Save\Block saving of Binary12 file types (2) Software\Policies\Microsoft\Office\12.0\Excel\Security\FileSaveBlock(1) User Configuration\Administrative Templates\Microsoft Office Excel 2007\Block file formats\Save\Block saving of Binary file types (2) Software\Policies\Microsoft\Office\12.0\Excel\Security\FileSaveBlock(1) User Configuration\Administrative Templates\Microsoft Office Excel 2007\Block file formats\Save\Block saving of Html and Xmlss file types (2) Software\Policies\Microsoft\Office\12.0\Excel\Security\FileSaveBlock(1) User Configuration\Administrative Templates\Microsoft Office Excel 2007\Block file formats\Save\Block saving Xml file types (2) Software\Policies\Microsoft\Office\12.0\Excel\Security\FileSaveBlock(1) User Configuration\Administrative Templates\Microsoft Office Excel 2007\Block file formats\Save\Block saving DIF and SYLK file types (2) Software\Policies\Microsoft\Office\12.0\Excel\Security\FileSaveBlock(1) User Configuration\Administrative Templates\Microsoft Office Excel 2007\Block file formats\Save\Block saving of Text file types (2) Software\Policies\Microsoft\Office\12.0\Excel\Security\FileSaveBlock(1) User Configuration\Administrative Templates\Microsoft Office Excel 2007\Miscellaneous\Locally cache network file storages (2) Software\Policies\Microsoft\Office\12.0\Excel\Options(1) User Configuration\Administrative Templates\Microsoft Office Excel 2007\Miscellaneous\Locally cache PivotTable reports (2) Software\Policies\Microsoft\Office\12.0\Excel\Options (1) User Configuration\Administrative Templates\Microsoft Office Excel 2007\Miscellaneous\OLAP PivotTable User Defined Function (UDF) security setting (Allow ALL UDFs | Allow safe UDFs only | Allow NO UDFs) (2) Software\Policies\Microsoft\Office\12.0\Excel\Options(1) User Configuration\Administrative Templates\Microsoft Office Excel 2007\Miscellaneous\Recognize SmartTags (2) Software\Policies\Microsoft\Office\12.0\Excel\Options(1) User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Tools | Options\General\Number of documents in the Recent Documents list (0 - 9) (2) Software\Policies\Microsoft\Office\12.0\InfoPath (1) User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Tools | Options\Advanced\Offline\Offline Mode status (Disabled | Enabled, InfoPath in Offline Mode | Enabled, InfoPath not in Offline Mode) (2) Software\Policies\Microsoft\Office\12.0\InfoPath\Editor\Offline(1) User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Disable items in user interface\Predefined\Disable commands (2) Software\Policies\Microsoft\Office\12.0\InfoPath\DisabledCmdBarItemsCheckBoxes(1) User Configurat< ion\Administrative Templates\Microsoft Office InfoPath 2007\Disable items in user interface\Predefined\Disable commands - File | Print (2) Software\Policies\Microsoft\Office\12.0\InfoPath\DisabledCmdBarItemsCheckBoxes(1) User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Disable items in user interface\Predefined\Disable commands - File | Send to Mail Recipient (2) Software\Policies\Microsoft\Office\12.0\InfoPath\DisabledCmdBarItemsCheckBoxes(1) User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Disable items in user interface\Predefined\Disable commands - File | Open from SharePoint Site (2) Software\Policies\Microsoft\Office\12.0\InfoPath\DisabledCmdBarItemsCheckBoxes(1) User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Disable items in user interface\Predefined\Disable commands - File | Print Preview (2) Software\Policies\Microsoft\Office\12.0\InfoPath\DisabledCmdBarItemsCheckBoxes(1) User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Disable items in user interface\Predefined\Disable commands - File | Page Setup (2) Software\Policies\Microsoft\Office\12.0\InfoPath\DisabledCmdBarItemsCheckBoxes(1) User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Disable items in user interface\Predefined\Disable commands - Insert | Hyperlinks... (2) Software\Policies\Microsoft\Office\12.0\InfoPath\DisabledCmdBarItemsCheckBoxes(1) User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Disable items in user interface\Predefined\Disable commands - Tools | Set Language (2) Software\Policies\Microsoft\Office\12.0\InfoPath\DisabledCmdBarItemsCheckBoxes(1) User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Disable items in user interface\Predefined\Disable commands - Tools | Customize... (2) Software\Policies\Microsoft\Office\12.0\InfoPath\DisabledCmdBarItemsCheckBoxes(1) User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Disable items in user interface\Predefined\Disable commands - Tools | Options... (2) Software\Policies\Microsoft\Office\12.0\InfoPath\DisabledCmdBarItemsCheckBoxes(1) User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Disable items in user interface\Predefined\Disable commands - Help | Microsoft Office Online (2) Software\Policies\Microsoft\Office\12.0\InfoPath\DisabledCmdBarItemsCheckBoxes(1) User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Disable items in user interface\Predefined\Disable commands - Office Diagnostics (2) Software\Policies\Microsoft\Office\12.0\InfoPath\DisabledCmdBarItemsCheckBoxes(1) User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Disable items in user interface\Predefined\Disable commands - Help | Activate Product... (2) Software\Policies\Microsoft\Office\12.0\InfoPath\DisabledCmdBarItemsCheckBoxes(1) User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Disable items in user interface\Predefined\Disable commands - Print Default (2) Software\Policies\Microsoft\Office\12.0\InfoPath\DisabledCmdBarItemsCheckBoxes(1) User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Disable items in user interface\Predefined\Disable shortcut keys (2) Software\Policies\Microsoft\Office\12.0\InfoPath\DisabledShortcutKeysCheckBoxes(1) User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Disable items in user interface\Predefined\Disable shortcut keys - Print Shortcut (Ctrl+P) (2) Software\Policies\Microsoft\Office\12.0\InfoPath\DisabledShortcutKeysCheckBoxes (1) User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Disable items in user interface\Predefined\Disable shortcut keys - Insert Hyperlink Shortcut (Ctrl+K) (2) Software\Policies\Microsoft\Office\12.0\InfoPath\DisabledShortcutKeysCheckBoxes<(1) User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Security\Control behavior for Windows SharePoint Services gradual upgrade (Allow redirections to any location | Allow redirections to Intranet only | Block all redirections) (2) Software\Policies\Microsoft\Office\12.0\InfoPath\Security(1) User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Security\Disable opening of solutions from the Internet security zone (2) Software\Policies\Microsoft\Office\12.0\InfoPath\Security(1) User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Security\Disable fully trusted solutions full access to computer (2) Software\Policies\Microsoft\Office\12.0\InfoPath\Security(1) User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Security\Allow the use of ActiveX Custom Controls in InfoPath forms (2) Software\Policies\Microsoft\Office\12.0\InfoPath(1) User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Security\Run forms in restricted mode if they do not specify a publish location and use only features introduced before InfoPath 2003 SP1 (2) Software\Policies\Microsoft\Office\12.0\InfoPath\Security(1) User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Security\Allow file types as attachments to forms (2) Software\Policies\Microsoft\Office\12.0\InfoPath\Security(1) User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Security\Block specific file types as attachments to forms (2) Software\Policies\Microsoft\Office\12.0\InfoPath\Security(1) User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Security\Prevent users from allowing unsafe file types to be attached to forms (2) Software\Policies\Microsoft\Office\12.0\InfoPath\Security(1) User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Security\Display a warning that a form is digitally signed (2) Software\Policies\Microsoft\Office\12.0\InfoPath\Security(1) User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Security\Control behavior when opening forms in the Internet security zone (Block | Prompt | Allow) (2) Software\Policies\Microsoft\Office\12.0\InfoPath\Open Behaviors(1) User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Security\Control behavior when opening forms in the Intranet security zone (Block | Prompt | Allow) (2) Software\Policies\Microsoft\Office\12.0\InfoPath\Open Behaviors(1) User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Security\Control behavior when opening forms in the Local Machine security zone (Block | Prompt | Allow) (2) Software\Policies\Microsoft\Office\12.0\InfoPath\Open Behaviors(1) User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Security\Control behavior when opening forms in the Trusted Site security zone (Block | Prompt | Allow) (2) Software\Policies\Microsoft\Office\12.0\InfoPath\Open Behaviors'(1) User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Security\Beaconing UI for forms opened in InfoPath (Never show beaconing UI | Always show beaconing UI | Show UI if Form Template is from Internet Zone) (2) Software\Policies\Microsoft\Office\12.0\InfoPath\Security6(1) User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Security\Beaconing UI for forms opened in InfoPath Editor ActiveX (Never show beaconing UI | Always show beaconing UI | Show UI if Form Template is from Internet Zone) (2) Software\Policies\Microsoft\Office\12.0\InfoPath\Security(1) User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Security\Trust Center\Disable all application add-ins (2) Software\Policies\Microsoft\Office\12.0\InfoPath\Security(1) User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Security\Trust Center\Require that application add-ins are signed by Trusted Publisher (2) Software\Policies\Microsoft\Office\12.0\InfoPath\Security(1) User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Security\Trust Center\Disable Trust B< ar Notification for unsigned application add-ins (2) Software\Policies\Microsoft\Office\12.0\InfoPath\Security8(1) User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Disable items in user interface\Control behavior when opening InfoPath e-mail forms containing code or script (Run without prompting | Prompt before running | Never run) (2) Software\Policies\Microsoft\Office\12.0\InfoPath\Security(1) User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Disable items in user interface\Disable sending form template with e-mail forms (2) Software\Policies\Microsoft\Office\12.0\InfoPath\Deployment(1) User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Disable items in user interface\Disable dynamic caching of the form template in InfoPath e-mail forms (2) Software\Policies\Microsoft\Office\12.0\InfoPath\Deployment(1) User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Disable items in user interface\Disable sending InfoPath 2003 Forms as e-mail forms (2) Software\Policies\Microsoft\Office\12.0\InfoPath(1) User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Disable items in user interface\Disable e-mail forms running in restricted security level (2) Software\Policies\Microsoft\Office\12.0\InfoPath\Security(1) User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Disable items in user interface\Disable e-mail forms from the Internet security zone (2) Software\Policies\Microsoft\Office\12.0\InfoPath\Security(1) User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Disable items in user interface\Disable e-mail forms from the Intranet security zone (2) Software\Policies\Microsoft\Office\12.0\InfoPath\Security(1) User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Disable items in user interface\Disable e-mail forms from the Full Trust security zone (2) Software\Policies\Microsoft\Office\12.0\InfoPath\Security(1) User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Disable items in user interface\Disable InfoPath e-mail forms in Outlook (2) Software\Policies\Microsoft\Office\12.0\Outlook\Options\Mail(1) User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Restricted Features\Information Rights Management (2) Software\Policies\Microsoft\Office\12.0\InfoPath\Designer\RestrictedFeatures(1) User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Restricted Features\Custom code (2) Software\Policies\Microsoft\Office\12.0\InfoPath\Designer\RestrictedFeatures(1) User Configuration\Administrative Templates\Microsoft Office InfoPath 2007\Miscellaneous\Email Forms Beaconing UI (Never show UI | Always show UI | Show UI if XSN is in Internet Zone) (2) Software\Policies\Microsoft\Office\12.0\InfoPath\Security(1) User Configuration\Administrative Templates\Microsoft Office 2007 system\Global Options\Customize\Disable user customization of Quick Access Toolbar via UI (2) Software\Policies\Microsoft\Office\12.0\Common\Toolbars(1) User Configuration\Administrative Templates\Microsoft Office 2007 system\Global Options\Customize\Disable user customization of Quick Access Toolbar via UI - Disallow in Word (2) Software\Policies\Microsoft\Office\12.0\Common\Toolbars(1) User Configuration\Administrative Templates\Microsoft Office 2007 system\Global Options\Customize\Disable user customization of Quick Access Toolbar via UI - Disallow in Excel (2) Software\Policies\Microsoft\Office\12.0\Common\Toolbars(1) User Configuration\Administrative Templates\Microsoft Office 2007 system\Global Options\Customize\Disable user customization of Quick Access Toolbar via UI - Disallow in PowerPoint (2) Software\Policies\Microsoft\Office\12.0\Common\Toolbars(1) User Configuration\Administrative Templates\Microsoft Office 2007 system\Global Options\Customize\Disable user customization of Quick Access Toolbar via UI - Disallow in Access (2) Software\Policies\Microsoft\Office\12.0\Common\Toolbars(1) User Configuration\Administrative Templates\Microsoft Office 2007 system\Global Options\Customize\Disable user customization of Quick Access Toolbar via UI - Disallow in Outlook (2) Software\Policies\Microsoft\Office\12.0\Common\Toolbars(1) User Configuration\Administrative Templates\Microsoft Office 2007 system\Global Options\Customize\Disable all user customization of Quick Access Toolbar (2) Software\Policies\Microsoft\Office\12.0\Common\Toolbars(1) User Configuration\Administrative Templates\Microsoft Office 2007 system\Global Options\Customize\Disable all user customization of Quick Access Toolbar - Disallow in Word (2) Software\Policies\Microsoft\Office\12.0\Common\Toolbars(1) User Configuration\Administrative Templates\Microsoft Office 2007 system\Global Options\Customize\Disable all user customization of Quick Access Toolbar - Disallow in Excel (2) Software\Policies\Microsoft\Office\12.0\Common\Toolbars(1) User Configuration\Administrative Templates\Microsoft Office 2007 system\Global Options\Customize\Disable all user customization of Quick Access Toolbar - Disallow in PowerPoint (2) Software\Policies\Microsoft\Office\12.0\Common\Toolbars(1) User Configuration\Administrative Templates\Microsoft Office 2007 system\Global Options\Customize\Disable all user customization of Quick Access Toolbar - Disallow in Access (2) Software\Policies\Microsoft\Office\12.0\Common\Toolbars(1) User Configuration\Administrative Templates\Microsoft Office 2007 system\Global Options\Customize\Disable all user customization of Quick Access Toolbar - Disallow in Outlook (2) Software\Policies\Microsoft\Office\12.0\Common\Toolbars(1) User Configuration\Administrative Templates\Microsoft Office 2007 system\Global Options\Customize\Disable UI extending from documents and templates (2) Software\Policies\Microsoft\Office\12.0\Common\Toolbars(1) User Configuration\Administrative Templates\Microsoft Office 2007 system\Global Options\Customize\Disable UI extending from documents and templates - Disallow in Word (2) Software\Policies\Microsoft\Office\12.0\Common\Toolbars(1) User Configuration\Administrative Templates\Microsoft Office 2007 system\Global Options\Customize\Disable UI extending from documents and templates - Disallow in Excel (2) Software\Policies\Microsoft\Office\12.0\Common\Toolbars(1) User Configuration\Administrative Templates\Microsoft Office 2007 system\Global Options\Customize\Disable UI extending from documents and templates - Disallow in PowerPoint (2) Software\Policies\Microsoft\Office\12.0\Common\Toolbars(1) User Configuration\Administrative Templates\Microsoft Office 2007 system\Global Options\Customize\Disable UI extending from documents and templates - Disallow in Access (2) Software\Policies\Microsoft\Office\12.0\Common\Toolbars(1) User Configuration\Administrative Templates\Microsoft Office 2007 system\Global Options\Customize\Disable UI extending from documents and templates - Disallow in Outlook (2) Software\Policies\Microsoft\Office\12.0\Common\Toolbars(1) User Configuration\Administrative Templates\Microsoft Office 2007 system\Tools | AutoCorrect Options... (Excel, Word, PowerPoint and Access)\Recognize smart tags in Excel (2) Software\Policies\Microsoft\Office\12.0\Excel\Options (1) User Configuration\Administrative Templates\Microsoft Office 2007 system\Tools | Options | General | Web Options...\Disable Clip Art and Media downloads from the client and from Office Online website (2) Software\Policies\Microsoft\Office\12.0\Common\Internet(1) User Configuration\Administrative Templates\Microsoft Office 2007 system\Tools | Options | General | Web Options...\Disable template downloads from the client and from Office Online website (2) Software\Policies\Microsoft\Office\12.0\Common\Internet(1) User Configuration\Administrative Templates\Microsoft Office 2007 system\Tools | Options | General | Web Options...\Disable access to updates, add-ins, and patches on the Office Online website (2) Software\Policies\Microsoft\Offi< ce\12.0\Common\Internet(1) User Configuration\Administrative Templates\Microsoft Office 2007 system\Tools | Options | General | Web Options...\Prevents users from uploading document templates to the Office Online community. (2) Software\Policies\Microsoft\Office\12.0\Common\Internet(1) User Configuration\Administrative Templates\Microsoft Office 2007 system\Tools | Options | General | Web Options...\Disable training practice downloads from the Office Online website (2) Software\Policies\Microsoft\Office\12.0\Common\Internet(1) User Configuration\Administrative Templates\Microsoft Office 2007 system\Tools | Options | General | Web Options...\Disable customer-submitted templates downloads from Office Online (2) Software\Policies\Microsoft\Office\12.0\Common\Internet(1) User Configuration\Administrative Templates\Microsoft Office 2007 system\Tools | Options | General | Web Options...\Files\Open Office documents as read/write while browsing (2) Software\Policies\Microsoft\Office\12.0\Common\Internet(1) User Configuration\Administrative Templates\Microsoft Office 2007 system\Tools | Options | General | Web Options...\Browsers\Rely on VML for displaying graphics in browsers (2) Software\Policies\Microsoft\Office\12.0\Common\Internet(1) User Configuration\Administrative Templates\Microsoft Office 2007 system\Tools | Options | General | Web Options...\Browsers\Allow PNG as an output format (2) Software\Policies\Microsoft\Office\12.0\Common\Internet(1) User Configuration\Administrative Templates\Microsoft Office 2007 system\Tools | Options | Spelling\Proofing Data Collection\Improve Proofing Tools (2) Software\Policies\Microsoft\Office\12.0\Common\PTWatson(1) User Configuration\Administrative Templates\Classic Administrative Templates\Microsoft Office 2007\Privacy \Trust Center\Disable Opt-in Wizard on first run (2) HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\12.0\Common\QMEnable(1) User Configuration\Administrative Templates\Microsoft Office 2007 system\Help\Microsoft Office Online (2) Software\Policies\Microsoft\Office\12.0\Common\Internet(1) User Configuration\Administrative Templates\Microsoft Office 2007 system\Security Settings\Disable Password Caching (2) Software\Policies\Microsoft\Office\12.0\Common\Security(1) User Configuration\Administrative Templates\Microsoft Office 2007 system\Security Settings\Disable all Trust Bar notifications for security issues (2) Software\Policies\Microsoft\Office\12.0\Common\TrustCenter(1) User Configuration\Administrative Templates\Microsoft Office 2007 system\Security Settings\Protect document metadata for rights managed Office Open XML Files (2) Software\Policies\Microsoft\Office\12.0\Common\Security(1) User Configuration\Administrative Templates\Microsoft Office 2007 system\Security Settings\Protect document metadata for password protected files. (2) Software\Policies\Microsoft\Office\12.0\Common\Security(1) User Configuration\Administrative Templates\Microsoft Office 2007 system\Security Settings\Encryption type for password protected Office Open XML files (2) Software\Policies\Microsoft\Office\12.0\Common\Security(1) User Configuration\Administrative Templates\Microsoft Office 2007 system\Security Settings\Encryption type for password protected Office 97-2003 files (2) Software\Policies\Microsoft\Office\12.0\Common\Security(1) User Configuration\Administrative Templates\Microsoft Office 2007 system\Security Settings\Load Controls in Forms3 (1 | 2 | 3 | 4) (2) Software\Policies\Microsoft\VBA\Security2007: (1) User Configuration\Administrative Templates\Microsoft Office 2007 system\Security Settings\Automation Security (Disable macros by default | Use application macro security level | Macros enabled) (2) Software\Policies\Microsoft\Office\Common\Security 2003: (1) Computer Configuration\Administrative Templates\Microsoft Office 2003\Security Settings\Automation Security (2) HKLM\Software\Policies\Microsoft\Office\11.0\Common\Security - AutomationSecurity(1) User Configuration\Administrative Templates\Microsoft Office 2007 system\Security Settings\Prevent Word and Excel from loading managed code extensions (2) Software\Policies\Microsoft\Office\Common\Smart Tag(1) User Configuration\Administrative Templates\Microsoft Office 2007 system\Security Settings\Disable hyperlink warnings (2) Software\Policies\Microsoft\Office\12.0\Common\Security(1) User Configuration\Administrative Templates\Microsoft Office 2007 system\Security Settings\Disable password to open UI (2) Software\Policies\Microsoft\Office\12.0\Common\Security(1) User Configuration\Administrative Templates\Microsoft Office 2007 system\Security Settings\Download Office Controls (2) Software\Policies\Microsoft\Office\12.0\Common\Internet(1) User Configuration\Administrative Templates\Microsoft Office 2007 system\Security Settings\Disable All ActiveX (2) Software\Policies\Microsoft\Office\Common\Security(1) User Configuration\Administrative Templates\Microsoft Office 2007 system\Security Settings\Trust Center\Allow mix of policy and user locations (2) Software\Policies\Microsoft\Office\12.0\Common\Security\Trusted Locations(1) User Configuration\Administrative Templates\Microsoft Office 2007 system\Smart Documents (Word, Excel)\Disable Smart Document's use of manifests (2) Software\Policies\Microsoft\Office\Common\Smart Tag(1) User Configuration\Administrative Templates\Microsoft Office 2007 system\Smart Documents (Word, Excel)\Completely disable the Smart Documents feature in Word and Excel (2) Software\Policies\Microsoft\Office\Common\Smart Tag(1) User Configuration\Administrative Templates\Microsoft Office 2007 system\Services\Fax\Disable Internet Fax feature (2) Software\Policies\Microsoft\Office\12.0\Common\Services\Fax(1) User Configuration\Administrative Templates\Microsoft Office 2007 system\Manage Restricted Permissions\Prevent users from changing permissions on rights managed content (2) Software\Policies\Microsoft\Office\12.0\Common\DRM(1) User Configuration\Administrative Templates\Microsoft Office 2007 system\Manage Restricted Permissions\Allow users with earlier versions of Office to read with browsers... (2) Software\Policies\Microsoft\Office\12.0\Common\DRM(1) User Configuration\Administrative Templates\Microsoft Office 2007 system\Manage Restricted Permissions\Always require users to connect to verify permission (2) Software\Policies\Microsoft\Office\12.0\Common\DRM(1) User Configuration\Administrative Templates\Microsoft Office 2007 system\Manage Restricted Permissions\Always expand groups in Office when restricting permission for documents (2) Software\Policies\Microsoft\Office\12.0\Common\DRM\AutoExpandDls(1) User Configuration\Administrative Templates\Microsoft Office 2007 system\Manage Restricted Permissions\Never allow users to specify groups when restricting permission for documents (2) Software\Policies\Microsoft\Office\12.0\Common\DRM(1) User Configuration\Administrative Templates\Microsoft Office 2007 system\Manage Restricted Permissions\Disable Microsoft Passport service for content with restricted permission (2) Software\Policies\Microsoft\Office\12.0\Common\DRM(1) User Configuration\Administrative Templates\Microsoft Office 2007 system\Manage Restricted Permissions\Do not allow users to upgrade Information Rights Management configuration (2) Software\Policies\Microsoft\Office\12.0\Common\DRM(1) User Configuration\Administrative Templates\Microsoft Office 2007 system\Signing\Key Usage Filtering (2) Software\Policies\Microsoft\Office\12.0\Common\General(1) User Configuration\Administrative Templates\Microsoft Office 2007 system\Signing\EKU filtering (2) Software\Policies\Microsoft\Office\12.0\Common\Signatures(1) User Configuration\Administrative Templates\Microsoft Office 2007 system\Signing\Legacy format signatures (2) Software\Policies\Microsoft\Office\12.0\Common\Signatures6(1) User Configuration\Administrative Templates\Microsoft Office 2007 system\Signing\Suppress Office Signing Providers (Enable Western and East Asian | Suppress default Western | Suppress< default East Asian | Suppress both Western and East Asian) (2) Software\Policies\Microsoft\Office\12.0\Common\Signatures(1) User Configuration\Administrative Templates\Microsoft Office 2007 system\Signing\Suppress external signature services menu item (2) Software\Policies\Microsoft\Office\12.0\Common\Signatures(1) User Configuration\Administrative Templates\Microsoft Office 2007 system\Office Diagnostics\Disable Check For Solutions (2) Software\Policies\Microsoft\Office\Common\OffDiag(1) User Configuration\Administrative Templates\Microsoft Office 2007 system\Microsoft Save As PDF and XPS add-ins\Disable inclusion of document properties in PDF and XPS output (2) Software\Policies\Microsoft\Office\12.0\Common\FixedFormat(1) User Configuration\Administrative Templates\Microsoft Office 2007 system\Document Information Panel\Disable Document Information Panel (2) Software\Policies\Microsoft\Office\12.0\Common\DocumentInformationPanel#(1) User Configuration\Administrative Templates\Microsoft Office 2007 system\Document Information Panel\Document Information Panel Beaconing UI (Never show UI | Always show UI | Show UI if XSN is in Internet Zone) (2) Software\Policies\Microsoft\Office\12.0\Common\DocumentInformationPanel(1) User Configuration\Administrative Templates\Microsoft Office 2007 system\Server Settings\Disable the Office client from polling the Office server for published links (2) Software\Policies\Microsoft\Office\12.0\Common\Portalc(1) User Configuration\Administrative Templates\Microsoft Office 2007 system\Office 2007 Converters\Block opening of pre-release versions of file formats new to Word 2007 through the Compatibility Pack for the 2007 Office system and Word 2007 Open XML/Word 97-2003 Format Converter (2) Software\Policies\Microsoft\Office\12.0\Word\Security\FileOpenBlockI(1) User Configuration\Administrative Templates\Microsoft Office 2007 system\Office 2007 Converters\Block opening of pre-release versions of file formats new to Excel 2007 through the Compatibility Pack for the 2007 Office system and Excel 2007 Converter (2) Software\Policies\Microsoft\Office\12.0\Excel\Security\FileOpenBlockX(1) User Configuration\Administrative Templates\Microsoft Office 2007 system\Office 2007 Converters\Block opening of pre-release versions of file formats new to PowerPoint 2007 through the Compatibility Pack for the 2007 Office system and PowerPoint 2007 Converter (2) Software\Policies\Microsoft\Office\12.0\PowerPoint\Security\FileOpenBlock(1) User Configuration\Administrative Templates\Microsoft Office 2007 system\Miscellaneous\Control Blogging (Enabled | Only SharePoint blogs allowed | All blogging disabled) (2) Software\Policies\Microsoft\Office\12.0\Common\Blog(1) User Configuration\Administrative Templates\Microsoft Office 2007 system\Miscellaneous\Enable Smart Resume (2) Software\Policies\Microsoft\Office\12.0\Common\Restore Workspace(1) User Configuration\Administrative Templates\Microsoft Office 2007 system\Miscellaneous\Do not upload media files (2) Software\Policies\Microsoft\Office\12.0\Common\Internet(1) User Configuration\Administrative Templates\Microsoft Office 2007 system\Miscellaneous\Disable hyperlinks to web templates in File | New and task panes (2) Software\Policies\Microsoft\Office\12.0\Common\Internet(1) User Configuration\Administrative Templates\Microsoft Office 2007 system\Miscellaneous\Prevent access to Web-based file storage (2) Software\Policies\Microsoft\Office\12.0\Common\WebServices(1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Options...\Preferences\E-mail Options\Do not allow attachment previewing in Outlook (2) Software\Policies\Microsoft\Office\12.0\Outlook\Preferences(1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Options...\Preferences\E-mail Options\Read e-mail as plain text (2) Software\Policies\Microsoft\Office\12.0\Outlook\Options\Mail(1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Options...\Preferences\E-mail Options\Read signed e-mail as plain text (2) Software\Policies\Microsoft\Office\12.0\Outlook\Options\Mail (1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Options...\Preferences\Calendar Options\Microsoft Office Online Sharing ServicePrevent publishing to Office Online (2) Software\Policies\Microsoft\Office\12.0\Outlook\Options\PubCal (1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Options...\Preferences\Calendar Options\Microsoft Office Online Sharing ServicePrevent publishing to a DAV server (2) Software\Policies\Microsoft\Office\12.0\Outlook\Options\PubCal(1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Options...\Preferences\Calendar Options\Microsoft Office Online Sharing ServiceRestrict level of calendar details users can publish (All options are available | Disables 'Full details' | Disables 'Full details' and 'Limited details') (2) Software\Policies\Microsoft\Office\12.0\Outlook\Options\PubCal(1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Options...\Preferences\Calendar Options\Microsoft Office Online Sharing ServiceAccess to published calendars (2) Software\Policies\Microsoft\Office\12.0\Outlook\Options\PubCal(1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Options...\Preferences\Calendar Options\Microsoft Office Online Sharing ServiceRestrict upload method (2) Software\Policies\Microsoft\Office\12.0\Outlook\Options\PubCal(1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Options...\Preferences\Junk E-mail\Hide Junk Mail UI (2) Software\Policies\Microsoft\Office\12.0\Outlook(1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Options...\Preferences\Junk E-mail\Junk E-mail protection level (No Protection, Low, High, Trusted Lists Only) (2) Software\Policies\Microsoft\Office\12.0\Outlook\Options\Mail(1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Options...\Preferences\Junk E-mail\Trust E-mail from Contacts (2) Software\Policies\Microsoft\Office\12.0\Outlook\Options\Mail(1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Options...\Preferences\Junk E-mail\Add e-mail recipients to users' Safe Senders Lists (2) Software\Policies\Microsoft\Office\12.0\Outlook\Options\Mail(1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Options...\Mail Setup\Dial-up options (2) Software\Policies\Microsoft\Office\12.0\Outlook\Options\Mail(1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Options...\Mail Setup\Dial-up options - Warn before switching dial-up connection (2) Software\Policies\Microsoft\Office\12.0\Outlook\Options\Mail(1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Options...\Mail Setup\Dial-up options - Hang up when finished sending, receiving, or updating (2) Software\Policies\Microsoft\Office\12.0\Outlook\Options\Mail(1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Options...\Mail Setup\Dial-up options - Automatically dial during a background Send/Receive (2) Software\Policies\Microsoft\Office\12.0\Outlook\Options\Mail(1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Options...\Mail Format\Do not allow creating, replying, or forwarding signatures for e-mail messages (2) Software\Policies\Microsoft\Office\12.0\Common\MailSettings(1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Options...\Mail Format\Internet Formatting\Send copy of pictures with HTML messages instead of reference to Internet location (2) Software\Policies\Microsoft\Office\12.0\Outlook\Options\Mail4(1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Options...\Mail Format\Internet Formatting\Outlook Rich Text opt< ions (Convert to HTML | Convert to Plain Text format | Send Using Outlook Rich Text format) (2) Software\Policies\Microsoft\Office\12.0\Outlook\Options\Mail(1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Options...\Mail Format\Internet Formatting\Plain text options (2) Software\Policies\Microsoft\Office\12.0\Outlook\Options\Mail (1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Options...\Mail Format\Internet Formatting\Plain text options - Encode attachments in UUENCODE format when sending a plain text message (2) Software\Policies\Microsoft\Office\12.0\Outlook\Options\Mail(1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Options...\Mail Format\Internet Formatting\Message FormatSet message format (HTML | Rich Text | Plain Text) (2) Software\Policies\Microsoft\Office\12.0\Outlook\Options\Mail(1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Options...\Other\Make Outlook the default program for E-mail, Contacts, and Calendar (2) software\policies\microsoft\office\12.0\outlook\options\general(1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Options...\Other\Advanced\Do not allow folders in non-default stores to be set as folder home pages (2) Software\Policies\Microsoft\Office\12.0\Outlook\Security(1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Options...\Other\Advanced\Use Unicode format when dragging e-mail message to file system (2) Software\Policies\Microsoft\Office\12.0\Outlook\Options\General(1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Options...\Other\Advanced\Do not allow Outlook object model scripts to run for shared folders (2) Software\Policies\Microsoft\Office\12.0\Outlook\Security(1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Options...\Other\Advanced\Do not allow Outlook object model scripts to run for public folders (2) Software\Policies\Microsoft\Office\12.0\Outlook\Security,(1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Options...\Other\Person Names\Set maximum level of online status on a person name (Do not allow | Allow everywhere except To and CC field | Allow everywhere) (2) Software\Policies\Microsoft\Office\12.0\Outlook\IM (1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Options...\Other\Person Names\Display online status on a person name (Never | Everywhere except To and CC field | Everywhere) (2) Software\Policies\Microsoft\Office\12.0\Outlook\IM(1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Options...\Other\Person Names\Turn off Enable the Person Names Smart Tag option (2) Software\Policies\Microsoft\Office\12.0\Outlook\IM(1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Security Form Settings\Outlook Security Mode (Outlook Default Security | Use Security Form from 'Outlook Security Settings' Public Folder | Use Security Form from 'Outlook 10 Security Settings' Public Folder | Use Outlook Security Group Policy) (2) Software\Policies\Microsoft\Office\12.0\Outlook\Security(1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Security Form Settings\Attachment Security\Display Level 1 attachments (2) Software\Policies\Microsoft\Office\12.0\Outlook\Security(1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Security Form Settings\Attachment Security\Allow users to demote attachments to Level 2 (2) Software\Policies\Microsoft\Office\12.0\Outlook\Security(1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Security Form Settings\Attachment Security\Do not prompt about Level 1 attachments when sending an item (2) Software\Policies\Microsoft\Office\12.0\Outlook\Security(1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Security Form Settings\Attachment Security\Do not prompt about Level 1 attachments when closing an item (2) Software\Policies\Microsoft\Office\12.0\Outlook\Security(1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Security Form Settings\Attachment Security\Allow in-place activation of embedded OLE objects (2) Software\Policies\Microsoft\Office\12.0\Outlook\Security(1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Security Form Settings\Attachment Security\Display OLE package objects (2) Software\Policies\Microsoft\Office\12.0\Outlook\Security(1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Security Form Settings\Attachment Security\Add file extensions to block as Level 1 (2) Software\Policies\Microsoft\Office\12.0\Outlook\Security(1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Security Form Settings\Attachment Security\Remove file extensions blocked as Level 1 (2) Software\Policies\Microsoft\Office\12.0\Outlook\Security(1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Security Form Settings\Attachment Security\Add file extensions to block as Level 2 (2) Software\Policies\Microsoft\Office\12.0\Outlook\Security(1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Security Form Settings\Attachment Security\Remove file extensions blocked as Level 2 (2) Software\Policies\Microsoft\Office\12.0\Outlook\Security(1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Security Form Settings\Custom Form Security\Allow scripts in one-off Outlook forms (2) Software\Policies\Microsoft\Office\12.0\Outlook\Security^(1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Security Form Settings\Custom Form Security\Set Outlook object model Custom Actions execution prompt (Prompt User | Automatically Approve | Automatically Deny | Prompt user based on computer security) (2) Software\Policies\Microsoft\Office\12.0\Outlook\SecurityE(1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Security Form Settings\Custom Form Security\Set control ItemProperty prompt (Prompt User | Automatically Approve | Automatically Deny | Prompt user based on computer security) (2) Software\Policies\Microsoft\Office\12.0\Outlook\Security^(1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Security Form Settings\Programmatic Security\Configure Outlook object model prompt when sending mail (Prompt User | Automatically Approve | Automatically Deny | Prompt user based on computer security) (2) Software\Policies\Microsoft\Office\12.0\Outlook\Securityk(1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Security Form Settings\Programmatic Security\Configure Outlook object model prompt when accessing an address book (Prompt User | Automatically Approve | Automatically Deny | Prompt user based on computer security) (2) Software\Policies\Microsoft\Office\12.0\Outlook\Securitym(1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Security Form Settings\Programmatic Security\Configure Outlook object model prompt when reading address information (Prompt User | Automatically Approve | Automatically Deny | Prompt user based on computer security) (2) Software\Policies\Microsoft\Office\12.0\Outlook\Securityy(1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Security Form Settings\Programmatic Security\Configure Outlook object model prompt when responding to meeting and task requests (Prompt User | Automatically Approve | Automatically Deny | Prompt user based on computer security) (2) Software\Policies\Microsoft\Office\12.0\Outlook\Securityc(1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Securit< y Form Settings\Programmatic Security\Configure Outlook object model prompt when executing Save As (Prompt User | Automatically Approve | Automatically Deny | Prompt user based on computer security) (2) Software\Policies\Microsoft\Office\12.0\Outlook\Security(1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Security Form Settings\Programmatic Security\Configure Outlook object model prompt When accessing the Formula property of a UserProperty object (Prompt User | Automatically Approve | Automatically Deny | Prompt user based on computer security) (2) Software\Policies\Microsoft\Office\12.0\Outlook\Security(1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Security Form Settings\Programmatic Security\Configure Outlook object model prompt when accessing address information via UserProperties.Find (Prompt User | Automatically Approve | Automatically Deny | Prompt user based on computer security) (2) Software\Policies\Microsoft\Office\12.0\Outlook\Security(1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Cryptography\Required Certificate Authority (2) Software\Policies\Microsoft\Office\12.0\Outlook\Security(1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Cryptography\S/MIME interoperability with external clients: (Handle internally | Handle externally | Handle if possible) (2) Software\Policies\Microsoft\Office\12.0\Outlook\Security(1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Cryptography\Always use Rich Text formatting in S/MIME messages (2) Software\Policies\Microsoft\Office\12.0\Outlook\Security(1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Cryptography\S/MIME password settings (2) Software\Policies\Microsoft\Cryptography\Defaults\Provider\Microsoft Exchange Cryptographic Provider v1.0'(1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Cryptography\S/MIME password settings - Default S/MIME password time (minutes): (0 - 2147483647) (2) Software\Policies\Microsoft\Cryptography\Defaults\Provider\Microsoft Exchange Cryptographic Provider v1.0'(1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Cryptography\S/MIME password settings - Maximum S/MIME password time (minutes): (0 - 2147483647) (2) Software\Policies\Microsoft\Cryptography\Defaults\Provider\Microsoft Exchange Cryptographic Provider v1.0(1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Cryptography\Message Formats (2) Software\Policies\Microsoft\Office\12.0\Outlook\Security_(1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Cryptography\Message Formats - Support the following message formats: (S/MIME | Exchange | Fortezza | S/MIME and Exchange | S/MIME and Fortezza | Exchange and Fortezza | S/MIME, Exchange, and Fortezza) (2) Software\Policies\Microsoft\Office\12.0\Outlook\Security(1) 2007: User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Cryptography\Do not provide Continue option on Encryption warning dialog boxes (2) Software\Policies\Microsoft\Office\12.0\Outlook\Security 2003: (3) User Configuration\Administrative Templates\Microsoft Office Outlook 2003\Tools\Options\Security\Cryptography\Disable Continue button on all Encryption warning dialogs (4) HKCU\Software\Policies\Microsoft\office\11.0\outlook\Security - DisableContinue(1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Cryptography\Run in FIPS compliant mode (2) Software\Policies\Microsoft\Office\12.0\Outlook\Security2007: (1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Cryptography\Encrypt all e-mail messages (2) Software\Policies\Microsoft\Office\12.0\Outlook\Security 2003: (1) User Configuration\Administrative Templates\Microsoft Office Outlook 2003\Tools\Options\Security\Cryptography\Encrypt all e-mail messages (2) HKCU\Software\Policies\Microsoft\Office\11.0\Outlook\Security - AlwaysEncrypt(1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Cryptography\Sign all e-mail messages (2) Software\Policies\Microsoft\Office\12.0\Outlook\Security(1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Cryptography\URL for S/MIME certificates (2) Software\Policies\Microsoft\Office\12.0\Outlook\Security(1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Cryptography\Ensure all S/MIME signed messages have a label (2) Software\Policies\Microsoft\Office\12.0\Outlook\SecurityL(1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Cryptography\S/MIME receipt requests (Open message if receipt can't be sent | Don't open message if receipt can't be sent | Always prompt before sending receipt | Never send S/MIME ) (2) Software\Policies\Microsoft\Office\12.0\Outlook\Security(1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Cryptography\Fortezza certificate policies (2) Software\Policies\Microsoft\Office\12.0\Outlook\Security(1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Cryptography\Require SuiteB algorithms for S/MIME operations (2) Software\Policies\Microsoft\Office\12.0\Outlook\Security(1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Cryptography\Signature Status dialog box\Missing CRLs (2) Software\Policies\Microsoft\Office\12.0\Outlook\Security(1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Cryptography\Signature Status dialog box\Missing CRLs - Indicate a missing CRL as a(n): (warning | error) (2) Software\Policies\Microsoft\Office\12.0\Outlook\Security(1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Cryptography\Signature Status dialog box\Missing root certificates (2) Software\Policies\Microsoft\Office\12.0\Outlook\Security5(1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Cryptography\Signature Status dialog box\Missing root certificates - Indicate a missing root certificate as a(n): (neither error nor warning | warning | error) (2) Software\Policies\Microsoft\Office\12.0\Outlook\Security(1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Cryptography\Signature Status dialog box\Promote Level 2 errors as errors, not warnings (2) Software\Policies\Microsoft\Office\12.0\Outlook\Security(1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Cryptography\Signature Status dialog box\Attachment Secure Temporary Folder (2) Software\Policies\Microsoft\Office\12.0\Outlook\Security(1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Automatic Picture Download Settings\Display pictures and external content in HTML e-mail (2) Software\Policies\Microsoft\Office\12.0\Outlook\Options\Mail(1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Automatic Picture Download Settings\Automatically download content for e-mail from people in Safe Senders and Safe Recipients Lists (2) Software\Policies\Microsoft\Office\12.0\Outlook\Options\Mail(1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Automatic Picture Download Settings\Do not permit download of content from safe zones (2) Software\Policies\Microsoft\Office\12.0\Outlook\Options\Mail(1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Automatic Picture Download Settings\Block Trusted Zones (2) Software\Policies\Microsoft\Office\12.0\Outlook\Options\Mail(1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Automatic Picture Download Settings\Include Internet in Safe Zones for Automatic Picture Download (2) Software\Po< licies\Microsoft\Office\12.0\Outlook\Options\Mail(1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Automatic Picture Download Settings\Include Intranet in Safe Zones for Automatic Picture Download (2) Software\Policies\Microsoft\Office\12.0\Outlook\Options\Mail(1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Trust Center\Security setting for macros (Always warn | Never warn, disable all | Warn for signed, disable unsigned | No security check) (2) Software\Policies\Microsoft\Office\12.0\Outlook\Security(1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Trust Center\Enable links in e-mail messages (2) Software\Policies\Microsoft\Office\12.0\Outlook\Options\Mail(1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Trust Center\Apply macro security settings to macros, add-ins, and SmartTags (2) Software\Policies\Microsoft\Office\12.0\Outlook\Security(1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Account Settings\Exchange\Automatically configure profile based on Active Directory Primary SMTP address (2) Software\Policies\Microsoft\Office\12.0\Outlook\AutoDiscover(1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Account Settings\Exchange\Do not allow users to change permissions on folders (2) Software\Policies\Microsoft\Office\12.0\Outlook\Options\Folders(1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Account Settings\Exchange\Enable RPC encryption (2) Software\Policies\Microsoft\Office\12.0\Outlook\RPC<(1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Account Settings\Exchange\Authentication with Exchange Server (Kerberos/NTLM Password Authentication | Kerberos Password Authentication | NTLM Password Authentication) (2) Software\Policies\Microsoft\Office\12.0\Outlook\Security(1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Account Settings\RSS Feeds\Synchronize Outlook RSS Feeds with Common Feed List (2) Software\Policies\Microsoft\Office\12.0\Outlook\Options\RSS(1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Account Settings\RSS Feeds\Turn off RSS feature (2) Software\Policies\Microsoft\Office\12.0\Outlook\Options\RSS(1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Account Settings\RSS Feeds\Automatically download enclosures (2) Software\Policies\Microsoft\Office\12.0\Outlook\Options\RSS(1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Account Settings\RSS Feeds\Download full text of articles as HTML attachments (2) Software\Policies\Microsoft\Office\12.0\Outlook\Options\RSS(1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Account Settings\Internet Calendars\Automatically download attachments (2) Software\Policies\Microsoft\Office\12.0\Outlook\Options\WebCal(1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Tools | Account Settings\Internet Calendars\Do not include Internet Calendar integration in Outlook (2) Software\Policies\Microsoft\Office\12.0\Outlook\Options\WebCal(1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Meeting Workspace\Disable user entries to server list (Publish default, allow others | Publish default, disallow others) (2) Software\Policies\Microsoft\Office\12.0\Meetings\Profile(1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Miscellaneous\Do not expand distribution lists (2) Software\Policies\Microsoft\Office\12.0\Outlook\Options\MailA(1) User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\PowerPoint Options\Save\Save files in this format (PowerPoint Presentation (*.pptx) | PowerPoint Macro-Enabled Presentation (*.pptm) | PowerPoint 97-2003 Presentation (*.ppt)) (2) Software\Policies\Microsoft\Office\12.0\PowerPoint\Options(1) User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\PowerPoint Options\Advanced\Number of documents in the Recent Documents list (0 - 50) (2) Software\Policies\Microsoft\Office\12.0\PowerPoint\File MRU(1) User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\PowerPoint Options\Security\Determine whether to force encrypted macros to be scanned in Microsoft PowerPoint Open XML presentations (2) Software\Policies\Microsoft\Office\12.0\PowerPoint\Security)(1) User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\PowerPoint Options\Security\Run Programs (disable (don't run any programs) | enable (prompt user before running) | enable all (run without prompting)) (2) Software\Policies\Microsoft\Office\12.0\PowerPoint\Security(1) User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\PowerPoint Options\Security\Make hidden markup visible (2) Software\Policies\Microsoft\Office\12.0\PowerPoint\Security(1) User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\PowerPoint Options\Security\Unblock automatic download of linked images (2) Software\Policies\Microsoft\Office\12.0\PowerPoint\Security(1) User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\PowerPoint Options\Security\Trust Center\Disable all application add-ins (2) Software\Policies\Microsoft\Office\12.0\PowerPoint\Security(1) User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\PowerPoint Options\Security\Trust Center\Require that application add-ins are signed by Trusted Publisher (2) Software\Policies\Microsoft\Office\12.0\PowerPoint\Security(1) User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\PowerPoint Options\Security\Trust Center\Disable Trust Bar Notification for unsigned application add-ins (2) Software\Policies\Microsoft\Office\12.0\PowerPoint\Security (1) User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\PowerPoint Options\Security\Trust Center\Trusted LocationsAllow Trusted Locations not on the computer (2) Software\Policies\Microsoft\Office\12.0\PowerPoint\Security\Trusted Locations(1) User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\PowerPoint Options\Security\Trust Center\Trusted LocationsDisable all trusted locations (2) Software\Policies\Microsoft\Office\12.0\PowerPoint\Security\Trusted Locations(1) User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\Disable items in user interface\Predefined\Disable commands (2) Software\Policies\Microsoft\Office\12.0\PowerPoint\DisabledCmdBarItemsCheckBoxes6(1) User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\Disable items in user interface\Predefined\Disable commands - Office Button | PowerPoint Options | Customize | All Commands | Web Page Preview (2) Software\Policies\Microsoft\Office\12.0\PowerPoint\DisabledCmdBarItemsCheckBoxes(1) User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\Disable items in user interface\Predefined\Disable commands - Office Button | Send | Email (2) Software\Policies\Microsoft\Office\12.0\PowerPoint\DisabledCmdBarItemsCheckBoxes(1) User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\Disable items in user interface\Predefined\Disable commands - Insert | Links | Hyperlink (2) Software\Policies\Microsoft\Office\12.0\PowerPoint\DisabledCmdBarItemsCheckBoxes(1) User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\Disable items in user interface\Predefined\Disable commands - Review | Proofing | Language (2) Software\Policies\Microsoft\Office\12.0\PowerPoint\DisabledCmdBarItemsCheckBoxes(1) User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\Disable items in user interface\Predefined\Disable commands - View | Macros | Macros (2) Software\Policies\Microsoft\Office\12.0\PowerPoint\Disa< bledCmdBarItemsCheckBoxes(1) User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\Disable items in user interface\Predefined\Disable commands - Developer | Code | Macros (2) Software\Policies\Microsoft\Office\12.0\PowerPoint\DisabledCmdBarItemsCheckBoxes(1) User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\Disable items in user interface\Predefined\Disable commands - Developer | Code | Macro Security (2) Software\Policies\Microsoft\Office\12.0\PowerPoint\DisabledCmdBarItemsCheckBoxes(1) User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\Disable items in user interface\Predefined\Disable commands - Developer | Code | Visual Basic (2) Software\Policies\Microsoft\Office\12.0\PowerPoint\DisabledCmdBarItemsCheckBoxes7(1) User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\Disable items in user interface\Predefined\Disable commands - Office Button | PowerPoint Options | Customize | All Commands | Document Location (2) Software\Policies\Microsoft\Office\12.0\PowerPoint\DisabledCmdBarItemsCheckBoxes(1) User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\Disable items in user interface\Predefined\Disable commands - Disable shortcut keys (2) Software\Policies\Microsoft\Office\12.0\PowerPoint\DisabledShortcutKeysCheckBoxes (1) User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\Disable items in user interface\Predefined\Disable commands - Ctrl+K (Insert | Links | Hyperlink) (2) Software\Policies\Microsoft\Office\12.0\PowerPoint\DisabledShortcutKeysCheckBoxes (1) User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\Disable items in user interface\Predefined\Disable commands - Alt+F8 (Developer | Code | Macros) (2) Software\Policies\Microsoft\Office\12.0\PowerPoint\DisabledShortcutKeysCheckBoxes(1) User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\Disable items in user interface\Predefined\Disable commands - Alt+F11 (Developer | Code | Visual Basic) (2) Software\Policies\Microsoft\Office\12.0\PowerPoint\DisabledShortcutKeysCheckBoxes(1) User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\Block file formats\Open\Block opening of pre-release versions of file formats new to PowerPoint 2007 (2) Software\Policies\Microsoft\Office\12.0\PowerPoint\Security\FileOpenBlock(1) User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\Block file formats\Open\Block opening of Open Xml files types (2) Software\Policies\Microsoft\Office\12.0\PowerPoint\Security\FileOpenBlock(1) User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\Block file formats\Open\Block opening of Binary file types (2) Software\Policies\Microsoft\Office\12.0\PowerPoint\Security\FileOpenBlock(1) User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\Block file formats\Open\Block opening of Html file types (2) Software\Policies\Microsoft\Office\12.0\PowerPoint\Security\FileOpenBlock(1) User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\Block file formats\Open\Block opening of Outlines (2) Software\Policies\Microsoft\Office\12.0\PowerPoint\Security\FileOpenBlock(1) User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\Block file formats\Open\Block opening of Converters (2) Software\Policies\Microsoft\Office\12.0\PowerPoint\Security\FileOpenBlock(1) User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\Block file formats\Save\Block saving of Open Xml file types (2) Software\Policies\Microsoft\Office\12.0\PowerPoint\Security\FileSaveBlock(1) User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\Block file formats\Save\Block saving of Binary file types (2) Software\Policies\Microsoft\Office\12.0\PowerPoint\Security\FileSaveBlock(1) User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\Block file formats\Save\Block saving of Html file types (2) Software\Policies\Microsoft\Office\12.0\PowerPoint\Security\FileSaveBlock(1) User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\Block file formats\Save\Block saving of Outlines (2) Software\Policies\Microsoft\Office\12.0\PowerPoint\Security\FileSaveBlock(1) User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\Block file formats\Save\Block saving of GraphicFilters (2) Software\Policies\Microsoft\Office\12.0\PowerPoint\Security\FileSaveBlock(1) User Configuration\Administrative Templates\Microsoft Office PowerPoint 2007\Block file formats\Miscellaneous\Disable Slide Update (2) Software\Policies\Microsoft\Office\12.0\PowerPoint\slide libraries(1) User Configuration\Administrative Templates\Microsoft Office Word 2007\Word Options\Display\Hidden text (2) Software\Policies\Microsoft\Office\12.0\Word\Options\vpref(1) User Configuration\Administrative Templates\Microsoft Office Word 2007\Word Options\Save\Save files in this format (Word document (*.docx) | Single Files Web Page (*.mht) | Web Page (*.htm; *.html) | Web Page, Filtered (*.htm, *.html) | Rich Text Format (*.rtf) | Plain Text (*.txt) | Word 6.0/95 (*.doc) | Word 6.0/95 - Chinese (Simplified) (*.doc) | Word 6.0/95 - Chinese (Traditional) (*.doc) | Word 6.0/95 - Japanese (*.doc) | Word 6.0/95 - Korean (*.doc) | Word 97-2002 & 6.0/95 - RTF | Word 5.1 for Macintosh (*.mcw) | Word 5.0 for Macintosh (*.mcw) | Word 2.x for Windows (*.doc) | Works 4.0 for Windows (*.wps) | WordPerfect 5.x for Windows (*.doc) | WordPerfect 5.1 for DOS (*.doc) | Word 2007 Macro Enabled Document (*.docm) | Word 2007 Macro Free Template (*.dotx) | Word 2007 Macro Enabled Template (*.dotm) | Word 97 - 2003 Document (*.doc) | Word 97 - 2003 Template (*.dot) | Flat XML Document (*.xml)) (2) Software\Policies\Microsoft\Office\12.0\Word\Options(1) User Configuration\Administrative Templates\Microsoft Office Word 2007\Word Options\Advanced\Number of documents in the Recent Documents list (0-50) (2) Software\Policies\Microsoft\Office\12.0\Word\File MRU(1) User Configuration\Administrative Templates\Microsoft Office Word 2007\Word Options\Advanced\Update automatic links at Open (2) Software\Policies\Microsoft\Office\12.0\Word\Options(1) User Configuration\Administrative Templates\Microsoft Office Word 2007\Word Options\Advanced\E-mail Options\Save smart tags in e-mail (2) Software\Policies\Microsoft\Office\12.0\Word\Options\vpref(1) User Configuration\Administrative Templates\Microsoft Office Word 2007\Word Options\Security\Trust Center\Determine whether to force encrypted macros to be scanned in Microsoft Word Open XML documents (2) Software\Policies\Microsoft\Office\12.0\Word\Security(1) User Configuration\Administrative Templates\Microsoft Office Word 2007\Word Options\Security\Trust Center\Disable all application add-ins (2) Software\Policies\Microsoft\Office\12.0\Word\Security(1) User Configuration\Administrative Templates\Microsoft Office Word 2007\Word Options\Security\Trust Center\Require that application add-ins are signed by Trusted Publisher (2) Software\Policies\Microsoft\Office\12.0\Word\Security(1) User Configuration\Administrative Templates\Microsoft Office Word 2007\Word Options\Security\Trust Center\Disable Trust Bar Notification for unsigned application add-ins (2) Software\Policies\Microsoft\Office\12.0\Word\Security(1) User Configuration\Administrative Templates\Microsoft Office Word 2007\Word Options\Security\Trust Center\Trusted LocationsAllow Trusted Locations not on the computer (2) Software\Policies\Microsoft\Office\12.0\Word\Security\Trusted Locations(1) User Configuration\Administrative Templates\Microsoft Office Word 2007\Word Options\Security\Trust Center\Trusted LocationsDisable all trusted locations (2) Software\Policies\Microsoft\Office\12.0\Word\Security\Trusted Locations(1) User Configuration\Administrative Templates\Microsoft Office Word 2007\Disable items in user interface\Predefined\Disable commands (2) Software\Policies\Micro< soft\Office\12.0\Word\DisabledCmdBarItemsCheckBoxes$(1) User Configuration\Administrative Templates\Microsoft Office Word 2007\Disable items in user interface\Predefined\Disable commands - Office Button | Word Options | Customize | All Commands | Save As Web Page (2) Software\Policies\Microsoft\Office\12.0\Word\DisabledCmdBarItemsCheckBoxes$(1) User Configuration\Administrative Templates\Microsoft Office Word 2007\Disable items in user interface\Predefined\Disable commands - Office Button | Word Options | Customize | All Commands | Web Page Preview (2) Software\Policies\Microsoft\Office\12.0\Word\DisabledCmdBarItemsCheckBoxes(1) User Configuration\Administrative Templates\Microsoft Office Word 2007\Disable items in user interface\Predefined\Disable commands - Office Button | Send | Email (2) Software\Policies\Microsoft\Office\12.0\Word\DisabledCmdBarItemsCheckBoxes(1) User Configuration\Administrative Templates\Microsoft Office Word 2007\Disable items in user interface\Predefined\Disable commands - Insert | Links | Hyperlink (2) Software\Policies\Microsoft\Office\12.0\Word\DisabledCmdBarItemsCheckBoxes(1) User Configuration\Administrative Templates\Microsoft Office Word 2007\Disable items in user interface\Predefined\Disable commands - Review | Protect | Protect Document (2) Software\Policies\Microsoft\Office\12.0\Word\DisabledCmdBarItemsCheckBoxes(1) User Configuration\Administrative Templates\Microsoft Office Word 2007\Disable items in user interface\Predefined\Disable commands - View | Macros | Macros (2) Software\Policies\Microsoft\Office\12.0\Word\DisabledCmdBarItemsCheckBoxes(1) User Configuration\Administrative Templates\Microsoft Office Word 2007\Disable items in user interface\Predefined\Disable commands - Developer | Code | Macros (2) Software\Policies\Microsoft\Office\12.0\Word\DisabledCmdBarItemsCheckBoxes(1) User Configuration\Administrative Templates\Microsoft Office Word 2007\Disable items in user interface\Predefined\Disable commands - Developer | Code | Record Macro (2) Software\Policies\Microsoft\Office\12.0\Word\DisabledCmdBarItemsCheckBoxes(1) User Configuration\Administrative Templates\Microsoft Office Word 2007\Disable items in user interface\Predefined\Disable commands - Developer | Code | Macro Security (2) Software\Policies\Microsoft\Office\12.0\Word\DisabledCmdBarItemsCheckBoxes(1) User Configuration\Administrative Templates\Microsoft Office Word 2007\Disable items in user interface\Predefined\Disable commands - Developer | Code | Visual Basic (2) Software\Policies\Microsoft\Office\12.0\Word\DisabledCmdBarItemsCheckBoxes(1) User Configuration\Administrative Templates\Microsoft Office Word 2007\Disable items in user interface\Predefined\Disable commands - Developer | Templates | Document Template (2) Software\Policies\Microsoft\Office\12.0\Word\DisabledCmdBarItemsCheckBoxes(1) User Configuration\Administrative Templates\Microsoft Office Word 2007\Disable items in user interface\Predefined\Disable shortcut keys (2) Software\Policies\Microsoft\Office\12.0\Word\DisabledShortcutKeysCheckBoxes(1) User Configuration\Administrative Templates\Microsoft Office Word 2007\Disable items in user interface\Predefined\Disable shortcut keys - Ctrl+F (Home | Editing | Find) (2) Software\Policies\Microsoft\Office\12.0\Word\DisabledShortcutKeysCheckBoxes(1) User Configuration\Administrative Templates\Microsoft Office Word 2007\Disable items in user interface\Predefined\Disable shortcut keys - Ctrl+K (Insert | Links | Hyperlink) (2) Software\Policies\Microsoft\Office\12.0\Word\DisabledShortcutKeysCheckBoxes(1) User Configuration\Administrative Templates\Microsoft Office Word 2007\Disable items in user interface\Predefined\Disable shortcut keys - Alt+F8 (Developer | Code | Macros) (2) Software\Policies\Microsoft\Office\12.0\Word\DisabledShortcutKeysCheckBoxes (1) User Configuration\Administrative Templates\Microsoft Office Word 2007\Disable items in user interface\Predefined\Disable shortcut keys - Alt+F11 (Developer | Code | Visual Basic) (2) Software\Policies\Microsoft\Office\12.0\Word\DisabledShortcutKeysCheckBoxes(1) User Configuration\Administrative Templates\Microsoft Office Word 2007\Block file formats\Open\Block opening of pre-release versions of file formats new to Word 2007 (2) Software\Policies\Microsoft\Office\12.0\Word\Security\FileOpenBlock(1) User Configuration\Administrative Templates\Microsoft Office Word 2007\Block file formats\Open\Block opening of Open XML file types (2) Software\Policies\Microsoft\Office\12.0\Word\Security\FileOpenBlock(1) User Configuration\Administrative Templates\Microsoft Office Word 2007\Block file formats\Open\Block opening of Binary file types (2) Software\Policies\Microsoft\Office\12.0\Word\Security\FileOpenBlock(1) User Configuration\Administrative Templates\Microsoft Office Word 2007\Block file formats\Open\Block opening of HTML file types (2) Software\Policies\Microsoft\Office\12.0\Word\Security\FileOpenBlock(1) User Configuration\Administrative Templates\Microsoft Office Word 2007\Block file formats\Open\Block opening of Word 2003 XML file types (2) Software\Policies\Microsoft\Office\12.0\Word\Security\FileOpenBlock(1) User Configuration\Administrative Templates\Microsoft Office Word 2007\Block file formats\Open\Block opening of RTF file types (2) Software\Policies\Microsoft\Office\12.0\Word\Security\FileOpenBlock(1) User Configuration\Administrative Templates\Microsoft Office Word 2007\Block file formats\Open\Block open Converters (2) Software\Policies\Microsoft\Office\12.0\Word\Security\FileOpenBlock(1) User Configuration\Administrative Templates\Microsoft Office Word 2007\Block file formats\Open\Block opening of Text file types (2) Software\Policies\Microsoft\Office\12.0\Word\Security\FileOpenBlock(1) User Configuration\Administrative Templates\Microsoft Office Word 2007\Block file formats\Open\Block opening of Internal file types (2) Software\Policies\Microsoft\Office\12.0\Word\Security\FileOpenBlock(1) User Configuration\Administrative Templates\Microsoft Office Word 2007\Block file formats\Open\Block opening of files before version (2) Software\Policies\Microsoft\Office\12.0\Word\Security\FileOpenBlock(1) User Configuration\Administrative Templates\Microsoft Office Word 2007\Block file formats\Save\Block saving of Open XML file types (2) Software\Policies\Microsoft\Office\12.0\Word\Security\FileSaveBlock(1) User Configuration\Administrative Templates\Microsoft Office Word 2007\Block file formats\Save\Block saving of Binary file types (2) Software\Policies\Microsoft\Office\12.0\Word\Security\FileSaveBlock(1) User Configuration\Administrative Templates\Microsoft Office Word 2007\Block file formats\Save\Block saving of HTML file types (2) Software\Policies\Microsoft\Office\12.0\Word\Security\FileSaveBlock(1) User Configuration\Administrative Templates\Microsoft Office Word 2007\Block file formats\Save\Block saving of Word 2003 XML file types (2) Software\Policies\Microsoft\Office\12.0\Word\Security\FileSaveBlock(1) User Configuration\Administrative Templates\Microsoft Office Word 2007\Block file formats\Save\Block saving of RTF file types (2) Software\Policies\Microsoft\Office\12.0\Word\Security\FileSaveBlock(1) User Configuration\Administrative Templates\Microsoft Office Word 2007\Block file formats\Save\Block saving of Converters (2) Software\Policies\Microsoft\Office\12.0\Word\Security\FileSaveBlock(1) User Configuration\Administrative Templates\Microsoft Office Word 2007\Block file formats\Save\Block saving of Text file types (2) Software\Policies\Microsoft\Office\12.0\Word\Security\FileSaveBlock(1) Computer Configuration\Administrative Templates\Microsoft Office InfoPath 2007 (Machine)\Security\InfoPath APTCA Assembly Whitelist (2) Software\Policies\Microsoft\Office\12.0\InfoPath\Security\APTCAl(1) Computer Configuration\Administrative Templates\Microsoft Office InfoPath 2007 (Machine)\Security\Windows Internet Explorer Feature Control Opt-In (None | InfoPath.exe, Document Information Panel and Workflow forms | InfoPath.exe, Document Inform< ation Panel, Workflow forms and 3rd Party Hosting) (2) Software\Policies\Microsoft\Office\12.0\InfoPath\Security(1) Computer Configuration\Administrative Templates\Microsoft Office InfoPath 2007 (Machine)\Security\InfoPath APTCA Assembly Whitelist Enforcement (2) Software\Policies\Microsoft\Office\12.0\InfoPath\Security(1) Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\Disable Package Repair (2) Software\Policies\Microsoft\Office\12.0\Common\OpenXMLFormat(1) Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Disable user name and password (2) Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE(1) Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Disable user name and password - excel.exe (2) Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE(1) Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Disable user name and password - powerpnt.exe (2) Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE(1) Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Disable user name and password - pptview.exe (2) Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE(1) Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Disable user name and password - winword.exe (2) Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE(1) Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Disable user name and password - outlook.exe (2) Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE(1) Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Disable user name and password - spDesign.exe (2) Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE(1) Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Disable user name and password - msaccess.exe (2) Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE(1) Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Bind to object (2) Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SAFE_BINDTOOBJECT(1) Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Bind to object - excel.exe (2) Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SAFE_BINDTOOBJECT(1) Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Bind to object - powerpnt.exe (2) Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SAFE_BINDTOOBJECT(1) Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Bind to object - pptview.exe (2) Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SAFE_BINDTOOBJECT(1) Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Bind to object - winword.exe (2) Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SAFE_BINDTOOBJECT(1) Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Bind to object - outlook.exe (2) Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SAFE_BINDTOOBJECT(1) Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Bind to object - spDesign.exe (2) Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SAFE_BINDTOOBJECT(1) Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Bind to object - msaccess.exe (2) Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SAFE_BINDTOOBJECT(1) Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Saved from URL (2) Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_UNC_SAVEDFILECHECK(1) Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Saved from URL - excel.exe (2) Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_UNC_SAVEDFILECHECK(1) Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Saved from URL - powerpnt.exe (2) Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_UNC_SAVEDFILECHECK(1) Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Saved from URL - pptview.exe (2) Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_UNC_SAVEDFILECHECK(1) Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Saved from URL - winword.exe (2) Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_UNC_SAVEDFILECHECK(1) Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Saved from URL - outlook.exe (2) Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_UNC_SAVEDFILECHECK(1) Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Saved from URL - spDesign.exe (2) Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_UNC_SAVEDFILECHECK(1) Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Saved from URL - msaccess.exe (2) Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_UNC_SAVEDFILECHECK(1) Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Navigate URL (2) Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VALIDATE_NAVIGATE_URL(1) Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Navigate URL - excel.exe (2) Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VALIDATE_NAVIGATE_URL(1) Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Navigate URL - powerpnt.exe (2) Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VALIDATE_NAVIGATE_URL(1) Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Navigate URL - pptview.exe (2) Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VALIDATE_NAVIGATE_URL(1) Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Navigate URL - winword.exe (2) Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VALIDATE_NAVIGATE_URL(1) Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Navigate URL - outlook.exe (2) Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VALIDATE_NAVIGATE< _URL(1) Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Navigate URL - spDesign.exe (2) Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VALIDATE_NAVIGATE_URL(1) Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Navigate URL - msaccess.exe (2) Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VALIDATE_NAVIGATE_URL(1) Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Block popups (2) Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_POPUPMANAGEMENT(1) Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Block popups - excel.exe (2) Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_POPUPMANAGEMENT(1) Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Block popups - powerpnt.exe (2) Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_POPUPMANAGEMENT(1) Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Block popups - pptview.exe (2) Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_POPUPMANAGEMENT(1) Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Block popups - winword.exe (2) Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_POPUPMANAGEMENT(1) Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Block popups - outlook.exe (2) Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_POPUPMANAGEMENT(1) Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Block popups - spDesign.exe (2) Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_POPUPMANAGEMENT(1) Computer Configuration\Administrative Templates\Microsoft Office 2007 system (Machine)\Security Settings\IE Security\Block popups - msaccess.exe (2) Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_POPUPMANAGEMENT(1) 1 = Enabled(1) User Configuration\Administrative Templates\Microsoft Office Outlook 2007\Security\Prevent users from customizing attachment security settings (2) HKCU\Software\Policies\Microsoft\Office\12.0\Outlook - DisallowAttachmentCustomizationA(1) 1 = Enabled - Low | 2 = Enabled - Medium | 3 = Enabled - High(1) Computer Configuration\Administrative Templates\Microsoft Office 2003\Security Settings\Access: Macro Security Leve (2) HKLM\Software\Policies\Microsoft\Office\11.0\Access\Security - Level (3) User Configuration\Administrative Templates\Microsoft Office Access 2003\Tools\Macros\Security\Security level (4) HKCU\Software\Policies\Microsoft\Office\11.0\Access\Security - Level(1) Computer Configuration\Administrative Templates\Microsoft Office 2003\Security Settings\Access: Trust all installed add  ins and templates (2) HKLM\Software\Policies\Microsoft\Office\11.0\Access\Security - DontTrustInstalledFiles (3) User Configuration\Administrative Templates\Microsoft Office Access 2003\Tools\Macros\Security\Trust all installed add-ins and templates (4) HKCU\Software\Policies\Microsoft\Office\11.0\Access\Security - DontTrustInstalledFilesB(1) 1 = Enabled - Low | 2 = Enabled - Medium | 3 = Enabled - High(1) Computer Configuration\Administrative Templates\Microsoft Office 2003\Security Settings\Excel: Macro Security Level (2) HKLM\Software\Policies\Microsoft\Office\11.0\Excel\Security - Level (3) User Configuration\Administrative Templates\Microsoft Office Excel 2003\Tools\Macros\Security\Security level (4) HKCU\Software\Policies\Microsoft\Office\11.0\Excel\Security - Level (1) Computer Configuration\Administrative Templates\Microsoft Office 2003\Security Settings\Excel: Trust all installed add  ins and templates (2) HKLM\Software\Policies\Microsoft\Office\11.0\Excel\Security - DontTrustInstalledFiles (3) User Configuration\Administrative Templates\Microsoft Office Excel 2003\Tools\Macros\Security\Trust all installed add-ins and templates (4) HKCU\Software\Policies\Microsoft\Office\11.0\Excel\Security - DontTrustInstalledFiles(1) Computer Configuration\Administrative Templates\Microsoft Office 2003\Security Settings\Outlook: Macro Security Level (2) HKLM\Software\Policies\Microsoft\Office\11.0\Outlook\Security - Level (3) User Configuration\Administrative Templates\Microsoft Office Outlook 2003\Tools\Macros\Security\Security Level (4) HKCU\Software\Policies\Microsoft\Office\11.0\Outlook - Security\Level(1) User Configuration\Administrative Templates\Microsoft Office Outlook 2003\Tools\Macros\Security\Outlook: Trust all installed add-ins and templates (2) HKCU\Software\Policies\Microsoft\Office\11.0\Outlook\Security - DontTrustInstalledFiles(1) 0 = Uses default administrative settings | 1 = Look in the Outlook Security Settings folder | 2 = Look in the Outlook 10 Security Settings folder(1) User Configuration\Administrative Templates\Microsoft Office Outlook 2003\Tools\Options\Security\Outlook virus security settings (2) HKCU\Software\Policies\Microsoft\Security - CheckAdminSettings(1) 0 = Open message if receipt can't be sent | 1 = Always prompt before sending receipt | 2 = Never send S/MIME receipts | 3 = Don't open message if receipt can't be sent(1) User Configuration\Administrative Templates\Microsoft Office Outlook 2003\Tools\Options\Security\Cryptography\S/MIME receipt requests (2) HKCU\Software\Policies\Microsoft\Office\11.0\Outlook\Security - RespondToReceiptRequests(1) Computer Configuration\Administrative Templates\Microsoft Office 2003\Security Settings\PowerPoint: Macro Security Level (2) HKLM\Software\Policies\Microsoft\Office\11.0\PowerPoint\Security - Level (3) User Configuration\Administrative Templates\Microsoft Office PowerPoint 2003\Tools\Macro\Security\Security Level (4) HKCU\Software\Policies\Microsoft\Office\11.0\PowerPoint - Security\Level(1) Computer Configuration\Administrative Templates\Microsoft Office 2003\Security Settings\PowerPoint: Trust all installed add  ins and templates (2) HKLM\Software\Policies\Microsoft\Office\11.0\PowerPoint\Security - DontTrustInstalledFiles (3) User Configuration\Administrative Templates\Microsoft Office PowerPoint 2003\Tools\Macro\Security\Trust all installed add  ins and templates (4) HKCU\Software\Pol< icies\Microsoft\Office\11.0\PowerPoint\Security - DontTrustInstalledFiles(1) Computer Configuration\Administrative Templates\Microsoft Office 2003\Security Settings\Publisher: Macro Security Level (2) HKLM\Software\Policies\Microsoft\Office\11.0\Publisher\Security - Level(1) Computer Configuration\Administrative Templates\Microsoft Office 2003\Security Settings\Publisher: Trust all installed add ins and templates (2) HKLM\Software\Policies\Microsoft\Office\11.0\Publisher\Security - DontTrustInstalledFilesy(1) Computer Configuration\Administrative Templates\Microsoft Office 2003\Security Settings\Word: Macro Security Level (2) HKLM\Software\Policies\Microsoft\Office\11.0\Word\Security - Level (3) User Configuration\Administrative Templates\Microsoft Office Word 2003\Tools\Macro\Security\Security Level (4) HKCU\Software\Policies\Microsoft\Office\11.0\Word - Security\Level(1) Computer Configuration\Administrative Templates\Microsoft Office 2003\Security Settings\Word: Trust all installed add ins and templates (2) HKLM\Software\Policies\Microsoft\Office\11.0\Word\Security - DontTrustInstalledFiles (3) User Configuration\Administrative Templates\Microsoft Office Word 2003\Tools\Macro\Security\Trust all installed add  ins and templates (4) HKCU\Software\Policies\Microsoft\Office\11.0\Word\Security - DontTrustInstalledFiles(1) User Configuration\Administrative Templates\Microsoft Office Word 2003\Tools\Options\Security\Store random number to improve merge accuracy (2) HKCU\Software\Policies\Microsoft\Office\11.0\Word\Options\vpref - fDontSaveRSID_1804_1(1) User Configuration\Administrative Templates\Microsoft Office 2003\Security Settings\Prevent Users from Changing Office Encryption Settings (2) HKCU\Software\Policies\Microsoft\Office\11.0\Common\Security - DisableCustomEncryption!Section: 2.1.2.2, Value: disabled#Section: 2.1.2.3.2, Value: disabled$Section: 2.1.3.1.1, Value: installed Section: 2.2.1.1, Value: enabled Section: 2.2.1.2, Value: enabled"Section: 2.2.2.1, Value: root-only%Section: 2.2.2.2.1, Value: not loaded&Section: 2.2.2.2.2, Value: uninstalled#Section: 2.2.2.2.3, Value: disabled#Section: 2.2.2.2.4, Value: disabled!Section: 2.2.2.3, Value: disabled!Section: 2.2.2.4, Value: disabledSection: 2.2.3.1, Value: rootSection: 2.2.3.1, Value: 400Section: 2.2.3.1, Value: 644Section: 2.2.3.2, Value: set!Section: 2.2.3.3, Value: disabled Section: 2.2.3.4, Value: not setSection: 2.2.3.5, Value: userSection: 2.2.3.5, Value: groupSection: 2.2.4.1, Value: 027!Section: 2.2.4.2, Value: disabled Section: 2.2.4.3, Value: enabled"Section: 2.2.4.4.2, Value: enabled"Section: 2.2.4.4.3, Value: enabled Section: 2.3.1.1, Value: enabled Section: 2.3.1.2, Value: enabled Section: 2.3.1.3, Value: granted!Section: 2.3.1.4, Value: disabled!Section: 2.3.1.5, Value: disabled!Section: 2.3.1.6, Value: disabledSection: 2.3.1.7, Value: 8Section: 2.3.1.7, Value: 7Section: 2.3.1.7, Value: 180Section: 2.3.1.8, Value: Section: 2.3.3.1, Value: Section: 2.3.3.2, Value: "Section: 2.3.3.4, Value: usergroupSection: 2.3.3.4, Value: 4710Section: 2.3.4.1, Value: "Section: 2.3.4.2, Value: g-w,o-rwxSection: 2.3.4.4, Value: 077Section: 2.3.5.2, Value: rootSection: 2.3.5.2, Value: 600Section: 2.3.5.2, Value: Section: 2.3.5.3, Value: enabled!Section: 2.3.5.4, Value: disabledSection: 2.3.5.5, Value: 10Section: 2.3.5.6.1, Value: 10Section: 2.3.5.6.1, Value: Section: 2.3.7.1, Value: Section: 2.3.7.2, Value: Section: 2.4.2, Value: enabled Section: 2.4.2, Value: enforcingSection: 2.4.2, Value: targeted!Section: 2.4.3.1, Value: disabled$Section: 2.4.3.1, Value: uninstalled!Section: 2.4.3.2, Value: disabled Section: 2.4.3.3, Value: enabled!Section: 2.5.1.1, Value: disabled!Section: 2.5.1.2, Value: disabled Section: 2.5.1.2, Value: enabled#Section: 2.5.2.2.1, Value: disabled#Section: 2.5.2.2.2, Value: disabled#Section: 2.5.2.2.3, Value: excluded#Section: 2.5.3.1.1, Value: disabled#Section: 2.5.3.1.2, Value: disabledvia NETWORKING_IPV6 in /etc/sysconfig/network via IPV6INIT in /etc/sysconfig/network via IPV6INIT in /etc/sysconfig/network-scripts/ifcfg-TU#Section: 2.5.3.2.1, Value: disabled"Section: 2.5.3.2.3, Value: rfc3041#Section: 2.5.3.2.5, Value: disabledSection: 2.5.3.2.5, Value: 1Section: 2.5.3.2.5, Value: 0 Section: 2.5.5.1, Value: enabledSection: 2.6.1, Value: enabledSection: 2.6.1.2, Value: rootSection: 2.6.1.2, Value: 600Section: 2.6.1.3, Value: sentSection: 2.6.1.4, Value: accept Section: 2.6.1.5, Value: enabled!Section: 2.6.1.6, Value: disabled Section: 2.6.2.1, Value: enabledSection: 3.2.1, Value: disabled"Section: 3.2.1, Value: uninstalledSection: 3.2.2, Value: disabled"Section: 3.2.2, Value: uninstalled!Section: 3.2.3.1, Value: disabled$Section: 3.2.3.1, Value: uninstalledSection: 3.2.4, Value: disabled"Section: 3.2.4, Value: uninstalledSection: 3.2.5, Value: disabled"Section: 3.2.5, Value: uninstalledSection: 3.3.1, Value: disabledSection: 3.3.2, Value: disabledSection: 3.3.3, Value: enabledSection: 3.3.4, Value: disabledSection: 3.3.5, Value: disabledSection: 3.3.6, Value: disabledSection: 3.3.7, Value: disabledSection: 3.3.8, Value: disabledSection: 3.3.9, Value: enabled Section: 3.3.10, Value: disabledSection: 3.3.11, Value: enabled Section: 3.3.12, Value: disabled"Section: 3.3.13.1, Value: disabled"Section: 3.3.13.2, Value: disabled"Section: 3.3.14.1, Value: disabled"Section: 3.3.14.2, Value: disabled"Section: 3.3.15.1, Value: disabled!Section: 3.3.15.2, Value: enabled!Section: 3.3.15.3, Value: enabledSection: 3.4, Value: enabledSection: 3.4.1, Value: disabled"Section: 3.4.1, Value: uninstalledSection: 3.4.2, Value: rootSection: 3.4.2, Value: 700Section: 3.4.2, Value: 600!Section: 3.5.1.1, Value: disabled$Section: 3.5.1.1, Value: uninstalled!Section: 3.5.1.2, Value: disabled&Section: 3.5.2.1, Value: not permitted&Section: 3.5.2.3, Value: no suggestion!Section: 3.5.2.4, Value: disabled!Section: 3.5.2.5, Value: disabled!Section: 3.5.2.6, Value: disabled!Section: 3.5.2.7, Value: disabled Section: 3.5.2.8, Value: enabled!Section: 3.6.1.1, Value: disabled$Section: 3.6.1.2, Value: uninstalledSection: , Value: #Section: 3.6.1.3.1, Value: disabled#Section: 3.6.1.3.2, Value: disabled Section: 3.6.2.1, Value: enabled!Section: 3.7.1.1, Value: disabled&Section: 3.7.2.1, Value: no suggestionSection: 3.7.2.2, Value: reject!Section: 3.7.2.3, Value: disallow!Section: 3.7.2.4, Value: disabled!Section: 3.7.2.5, Value: disabledSection: 3.8.1, Value: disabledSection: 3.8.2, Value: disabled#Section: 3.8.3.1.1, Value: disabledSection: 3.8.3.1.1, Value: deny!Section: 3.8.4.1, Value: disabledSection: 3.9.1, Value: disabledSection: 3.9.3, Value: disabled"Section: 3.9.3, Value: uninstalled!Section: 3.9.4.1, Value: disabledSection: 3.9.4.2, Value: deniedSection: 3.9.4.3, Value: denied!Section: 3.9.4.4, Value: not sent Section: 3.9.4.5, Value: enabled$Section: 3.10.2.2.1, Value: disabled Section: 3.10.2.2.2, Value: deny)Section: 3.10.2.2.3, Value: no suggestion'Section: 3.10.3.1, Value: no suggestion#Section: 3.10.3.2.1, Value: enabled&Section: 3.10.3.2.2, Value: ntp serverSection: 3.11, Value: enabled< "Section: 3.11.2.1, Value: disabled"Section: 3.12.3.1, Value: disabledSection: 3.12.3.4.2, Value: 644Section: 3.12.3.4.2, Value: 755 Section: 3.12.3.4.2, Value: root Section: 3.12.3.4.2, Value: ldapSection: 3.12.3.7, Value: rootSection: 3.12.3.7, Value: ldap"Section: 3.13.1.1, Value: disabled"Section: 3.13.1.2, Value: disabled"Section: 3.13.1.3, Value: disabled Section: 3.13.2.3, Value: static"Section: 3.13.3.1, Value: disabled!Section: 3.13.3.2, Value: enabled#Section: 3.13.4.1.2, Value: enabled$Section: 3.13.4.1.3, Value: disabled$Section: 3.13.4.1.4, Value: disabled Section: 3.14.1, Value: disabled#Section: 3.14.1, Value: uninstalledSection: 3.14.3.2, Value: rootSection: 3.14.3.2, Value: 644"Section: 3.14.4.5, Value: disabled Section: 3.15.1, Value: disabled!Section: 3.15.3.1, Value: enabled!Section: 3.15.3.2, Value: enabled$Section: 3.15.3.3.1, Value: disabled"Section: 3.15.3.4, Value: disabled Section: 3.16.1, Value: disabled#Section: 3.16.1, Value: uninstalled#Section: 3.16.2.1, Value: installedSection: 3.16.3.1, Value: ProdSection: 3.16.3.1, Value: OffSection: 3.16.5.1, Value: 750Section: 3.16.5.1, Value: 640Section: 3.16.5.1, Value: 511 Section: 3.16.5.1, Value: apache Section: 3.17.1, Value: disabled#Section: 3.17.1, Value: uninstalled%Section: 3.17.2.1, Value: not support$Section: 3.17.2.2.4, Value: disabled!Section: 3.17.2.3, Value: enabled Section: 3.18.1, Value: disabled Section: 3.19.1, Value: disabled#Section: 3.19.1, Value: uninstalled!Section: 3.19.2.2, Value: enabledSection: 3.19.2.2, Value: 20kbSection: 3.19.2.2, Value: squid"Section: 3.19.2.3, Value: disabled!Section: 3.19.2.3, Value: enabledSection: 3.19.2.5, Value: denySection: 3.19.2.5, Value: allow Section: 3.20.1, Value: disabled#Section: 3.20.1, Value: uninstalledLast modified: 2009-06-11DISA Gold Disk for Windows XP9NSA Security Guide for Windows XP (NSA-XP-C44-026-02.pdf)!CIS Windows XP Pro Benchmark v1.3FCIS Windows XP Pro Benchmark v2.01 (CIS_WindowsXP_Benchmark_v2.01.pdf)<CIS Windows XP Pro Benchmark v2.01 OVAL (cis-winxp-oval.xml)2NIST 800-68 Windows XP PDF (SP800-68-20051102.pdf)CIS Solaris 10 Benchmark v4.0ENSA "Guide to the Secure Configuration of Red Hat Enterprise Linux 5"aWindows Server 2008 Security Guide Spreadsheet (Windows Server 2008 Security Guide Settings.xls)Version: 5.20100428Microsoft Online DocumentationyAuditing of 'Policy Change: Authentication Policy Change' events on failure should be enabled or disabled as appropriate.pAuditing of 'Policy Change: Audit Policy Change' events on success should be enabled or disabled as appropriate.wAuditing of 'Policy Change: Other Policy Change Events' events on failure should be enabled or disabled as appropriate.xAuditing of 'Policy Change: Authorization Policy Change' events on failure should be enabled or disabled as appropriate.enabled/disabled eAuditing of 'Object Access:Registry' events on failure should be enabled or disabled as appropriate.}Auditing of 'Policy Change: Filtering Platform Policy Change' events on failure should be enabled or disabled as appropriate.dAuditing of 'Audit process tracking' events on failure should be enabled or disabled as appropriate.(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Audit Policy\Audit process tracking (2) WMI: Namespace = root\rsop\computer; Class = RSOP_AuditPolicy; Property = Success, Failure; Where = Category='AuditProcessTracking' and precedence=1iAuditing of 'System: Other System Events' events on failure should be enabled or disabled as appropriate.pAuditing of 'Object Access:Handle Manipulation' events on failure should be enabled or disabled as appropriate.`Auditing of 'Audit logon events' events on failure should be enabled or disabled as appropriate.(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Audit Policy\Audit logon events (2) WMI: Namespace = root\rsop\computer; Class = RSOP_AuditPolicy; Property = Success, Failure; Where = Category='AuditLogonEvents' and precedence=1aAuditing of 'Audit policy change' events on failure should be enabled or disabled as appropriate. (1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Audit Policy\Audit policy change (2) WMI: Namespace = root\rsop\computer; Class = RSOP_AuditPolicy; Property = Success, Failure; Where = Category='AuditPolicyChange' and precedence=1fAuditing of 'Audit account management' events on failure should be enabled or disabled as appropriate.(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Audit Policy\Audit account management (2) WMI: Namespace = root\rsop\computer; Class = RSOP_AuditPolicy; Property = Success, Failure; Where = Category='AuditAccountManage' and precedence=1aAuditing of 'Audit privilege use' events on failure should be enabled or disabled as appropriate. (1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Audit Policy\Audit privilege use (2) WMI: Namespace = root\rsop\computer; Class = RSOP_AuditPolicy; Property = Success, Failure; Where = Category='AuditPrivilegeUse' and precedence=1aAuditing of 'Audit system events' events on success should be enabled or disabled as appropriate. (1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Audit Policy\Audit system events (2) WMI: Namespace = root\rsop\computer; Class = RSOP_AuditPolicy; Property = Success, Failure; Where = Category='AuditSystemEvents' and precedence=1YThe 'Bypass traverse checking' user right should be assigned to the appropriate accounts.list of accounts!(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Bypass traverse checking (2) WMI: Namespace = root\rsop\computer; Class = RSOP_UserPrivilegeRight; Property = AccountList; Where = UserRight='SeChangeNotifyPrivilege' and precedence=1UThe 'Change the time zone' user right should be assigned to the appropriate accounts.(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Change the time zone (2) WMI: Namespace = root\rsop\computer; Class = RSOP_UserPrivilegeRight; Property = AccountList; Where = UserRight='SeTimeZonePrivilege' and precedence=1VThe 'Create global objects' user right should be assigned to the appropriate accounts.(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Create global objects (2) WMI: Namespace = root\rsop\computer; Class = RSOP_UserPrivilegeRight; Property = AccountList; Where = UserRight='SeCreateGlobalPrivilege' and precedence=1VThe 'Create symbolic links' user right should be assigned to the appropriate accounts.$(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Create symbolic links (2) WMI: Namespace = root\rsop\computer; Class = RSOP_UserPrivilegeRight; Property = AccountList; Where = UserRight='SeCreateSymbolicLinkPrivilege' and precedence=1jThe 'Impersonate a client after authentication' user right should be assigned to the appropriate accounts.1(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Impersonate a client after authentication (2) WMI: Namespace = root\rsop\computer; Class = RSOP_UserPrivilegeRight; Property = AccountList; Where = UserRight='SeImpersonatePrivilege' and precedence=1aThe 'Perform volume maintenance tasks' user right should be assigned to the appropriate accounts.)(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Perform volume maintenance tasks (2) WMI: Namespace = root\rsop\computer; Class = RSOP_UserPrivilegeRight; Property = AccountList; Where = UserRight='SeManageVolumePrivilege' and precedence=1 account name(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Accounts: Rename administrator accountThe 'Interactive logon: Number of < previous logons to cache (in case domain controller is not available)' setting should be configured correctly.number of logons3(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Interactive logon: Number of previous logons to cache (in case domain controller is not available) (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\cachedlogonscountoThe 'Microsoft network server: Server SPN target name validation level' setting should be configured correctly.5Off/Accept if provided by client/Required from client (1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Microsoft network server: Server SPN target name validation level (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\SMBServerNameHardeningLevel~The 'MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes' setting should be configured correctly.(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\EnableICMPRedirectQRights to activate or launch DCOM applications should be assigned as appropriate.h(1) users and/or groups (2) allow/deny (3) local launch/remote launch/local activation/remote activation((1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\DCOM: Machine Launch Restrictions in Security Descriptor Definition Language (SDDL) syntax (2) Registry Key: HKEY_LOCAL_MACHINE\Software\policies\Microsoft\windows NT\DCOM\MachineLaunchRestrictionuThe 'Interactive logon: Display user information when the session is locked.' setting should be configured correctly."(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Interactive logon: Display user information when the session is locked. (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\DontDisplayLockedUserIdThe 'MSS: (Hidden) Hide Computer From the Browse List (not recommended except for highly secure environments)' setting should be configured correctly.2(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\MSS: (Hidden) Hide Computer From the Browse List (not recommended except for highly secure environments) (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Lanmanserver\Parameters\HiddenThe 'MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers' setting should be configured correctly.B(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netbt\Parameters\NoNameReleaseOnDemandOThe 'Debug programs' user right should be assigned to the appropriate accounts.(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Debug programs (2) WMI: Namespace = root\rsop\computer; Class = RSOP_UserPrivilegeRight; Property = AccountList; Where = UserRight='SeDebugPrivilege' and precedence=1D(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\MSS: (ScreenSaverGracePeriod) The time in seconds before the screen saver grace period expires (0 recommended) (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ScreenSaverGracePeriodWThe 'Change the system time' user right should be assigned to the appropriate accounts.(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Change the system time (2) WMI: Namespace = root\rsop\computer; Class = RSOP_UserPrivilegeRight; Property = AccountList; Where = UserRight='SeSystemtimePrivilege' and precedence=1The 'Network access: Do not allow storage of passwords and credentials for network authentication' setting should be configured correctly.(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Network access: Do not allow storage of passwords and credentials for network authentication (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\DisableDomainCredsThe 'MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing)' setting should be configured correctly.6allowed/ignored when IP forwarding is enabled/disabled~(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing) (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip6\Parameters\DisableIPSourceRouting (3) WMI: Namespace = Windows XP; Class = ; Property = ; Where = LThe 'Accounts: Guest account status' setting should be configured correctly.(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Accounts: Guest account status^The 'Replace a process level token' user right should be assigned to the appropriate accounts.,(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Replace a process level token (2) WMI: Namespace = root\rsop\computer; Class = RSOP_UserPrivilegeRight; Property = AccountList; Where = UserRight='SeAssignPrimaryTokenPrivilege' and precedence=1mThe 'Interactive logon: Message title for users attempting to log on' setting should be configured correctly.(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Interactive logon: Message title for users attempting to log on (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\LegalNoticeCaptionThe 'MSS: (NtfsDisable8dot3NameCreation) Enable the computer to stop generating 8.3 style filenames (recommended)' setting should be configured correctly.>(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\MSS: (NtfsDisable8dot3NameCreation) Enable the computer to stop generating 8.3 style filenames (recommended) (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\FileSystem\NtfsDisable8dot3NameCreationbThe 'Audit: Audit the use of Backup and Restore privilege' setting should be configured correctly.(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Audit: Audit the use of Backup and Restore privilege (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\fullprivilegeauditinggThe 'Network security: Allow LocalSystem NULL session fallback' setting should be configured correctly.(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Network security: Allow LocalSystem NULL session fallback (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0\`The 'Network security: LAN Manager authentication level' setting should be configured correctly.authentication level(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Network security: LAN Manager authentication level (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\LmCompatibilityLeveldThe 'Recovery console: Allow automatic administrative logon' setting should be configured correctly.(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Recovery console: Allow automatic administrative logon (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Setup\RecoveryConsole\securitylevel~The 'User Account Control: Admin Ap< proval Mode for the Built-in Administrator account' setting should be configured correctly.,(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\User Account Control: Admin Approval Mode for the Built-in Administrator account (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorTokenwThe 'User Account Control: Behavior of the elevation prompt for standard users' setting should be configured correctly.<Prompt for credentials/Automatically deny elevation requests&(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\User Account Control: Behavior of the elevation prompt for standard users (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorUserThe 'User Account Control: Virtualize file and registry write failures to per-user locations' setting should be configured correctly./(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\User Account Control: Virtualize file and registry write failures to per-user locations (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualizationThe 'Interactive logon: Require Domain Controller authentication to unlock workstation' setting should be configured correctly.!(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Interactive logon: Require Domain Controller authentication to unlock workstation (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ForceUnlockLogon~Auditing of 'Account Management: Application Group Management' events on success should be enabled or disabled as appropriate.xThe 'Microsoft network server: Digitally sign communications (if client agrees)' setting should be configured correctly.%(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Microsoft network server: Digitally sign communications (if client agrees) (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\enablesecuritysignatureAuditing of 'Account Management: Distribution Group Management' events on failure should be enabled or disabled as appropriate.\The 'Devices: Allow undock without having to log on' setting should be configured correctly.(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Devices: Allow undock without having to log on (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\undockwithoutlogonrAuditing of 'DS Access: Directory Service Changes' events on failure should be enabled or disabled as appropriate.kAuditing of 'Logon-Logoff: Account Lockout' events on success should be enabled or disabled as appropriate.bAuditing of 'Logon-Logoff: Logoff' events on success should be enabled or disabled as appropriate.oAuditing of 'Logon-Logoff: IPsec Extended Mode' events on failure should be enabled or disabled as appropriate.rAuditing of 'Object Access:Application Generated' events on failure should be enabled or disabled as appropriate.pAuditing of 'Object Access: Detailed File Share' events on failure should be enabled or disabled as appropriate.(1) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Object Access\Audit Policy: Object Access: Detailed File SharebThe 'Devices: Allowed to format and eject removable media' setting should be configured correctly.RAdministrators/Administrators and Power Users/Administrators and Interactive Users(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Devices: Allowed to format and eject removable media (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\AllocateDASDnWindows Firewall should allow or block outbound connections by default as appropriate for the Private Profile. allow/blocke(1) GPO: Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall Properties\Private Profile\Windows Firewall: Private: Outbound connections (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsFirewall\PrivateProfile\DefaultOutboundActionDisplay of a notification to the user when Windows Firewall blocks network activity should be enabled or disabled as appropriate for the private profile.f(1) GPO: Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall Properties\Private Profile\Windows Firewall: Private: Display a notification (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsFirewall\PrivateProfile\DisableNotificationsnumber of passwords rememberedsThe 'Network Security: Restrict NTLM: Add server exceptions in this domain' setting should be configured correctly.list of servers(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Network Security: Restrict NTLM: Add server exceptions in this domain (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\DCAllowedNTLMServersThe 'Enable computer and user accounts to be trusted for delegation' user right should be assigned to the appropriate accounts.K(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Enable computer and user accounts to be trusted for delegation (2) WMI: Namespace = root\rsop\computer; Class = RSOP_UserPrivilegeRight; Property = AccountList; Where = UserRight='SeEnableDelegationPrivilege' and precedence=1oThe 'Network access: Let Everyone permissions apply to anonymous users' setting should be configured correctly. (1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Network access: Let Everyone permissions apply to anonymous users (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\EveryoneIncludesAnonymous{The 'Network security: Do not store LAN Manager hash value on next password change' setting should be configured correctly.(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Network security: Do not store LAN Manager hash value on next password change (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\NoLMHashzThe 'Recovery console: Allow floppy copy and access to all drives and all folders' setting should be configured correctly.#(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Recovery console: Allow floppy copy and access to all drives and all folders (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Setup\RecoveryConsole\setcommandkAuditing of 'Logon-Logoff: IPsec Main Mode' events on success should be enabled or disabled as appropriate.The 'User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode' setting should be configured correctly.Elevate without prompting/Prompt for credentials on the secure desktop/Prompt for consent on the secure desktop/Prompt for credentials/Prompt for consent/Prompt for consent for non-Windows binaries>(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdminlThe 'Interactive logon: Message text for users attempting to log on' setting should be configured correctly.(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Interactive logon: Message text for us< ers attempting to log on (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\LegalNoticeTextsThe 'Domain member: Digitally encrypt or sign secure channel data (always)' setting should be configured correctly.(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Domain member: Digitally encrypt or sign secure channel data (always) (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\requiresignorseal]The 'Increase scheduling priority' user right should be assigned to the appropriate accounts.-(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Increase scheduling priority (2) WMI: Namespace = root\rsop\computer; Class = RSOP_UserPrivilegeRight; Property = AccountList; Where = UserRight='SeIncreaseBasePriorityPrivilege' and precedence=1lWindows Firewall should allow or block inbound connections by default as appropriate for the Public Profile.`(1) GPO: Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall Properties\Public Profile\Windows Firewall: Public: Inbound connections (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsFirewall\PublicProfile\DefaultInboundActionUThe 'Shut down the system' user right should be assigned to the appropriate accounts.(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Shut down the system (2) WMI: Namespace = root\rsop\computer; Class = RSOP_UserPrivilegeRight; Property = AccountList; Where = UserRight='SeShutdownPrivilege' and precedence=1zThe 'User Account Control: Only elevate executables that are signed and validated' setting should be configured correctly.+(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\User Account Control: Only elevate executables that are signed and validated (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatureskAuditing of 'Logon-Logoff: Account Lockout' events on failure should be enabled or disabled as appropriate.dThe 'Devices: Prevent users from installing printer drivers' setting should be configured correctly. (1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Devices: Prevent users from installing printer drivers (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\Providers\LanMan Print Services\Servers\AddPrinterDriversThe 'Network Security: Restrict NTLM: Add remote server exceptions for NTLM authentication' setting should be configured correctly.#(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Network Security: Restrict NTLM: Add remote server exceptions for NTLM authentication (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0\ClientAllowedNTLMServersnThe 'Microsoft network server: Digitally sign communications (always)' setting should be configured correctly.(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Microsoft network server: Digitally sign communications (always) (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\requiresecuritysignature_The 'Increase a process working set' user right should be assigned to the appropriate accounts.-(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Increase a process working set (2) WMI: Namespace = root\rsop\computer; Class = RSOP_UserPrivilegeRight; Property = AccountList; Where = UserRight='SeIncreaseWorkingSetPrivilege' and precedence=1{Auditing of 'Account Management: Security Group Management' events on failure should be enabled or disabled as appropriate.bAuditing of 'Logon-Logoff: Logoff' events on failure should be enabled or disabled as appropriate.aAuditing of 'Audit privilege use' events on success should be enabled or disabled as appropriate.\The 'Interactive logon: Smart card removal behavior' setting should be configured correctly.XNo Action/Lock Workstation/Force Logoff/Disconnect if a remote Terminal Services session(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Interactive logon: Smart card removal behavior (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\scremoveoptioncThe 'Adjust memory quotas for a process' user right should be assigned to the appropriate accounts.,(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Adjust memory quotas for a process (2) WMI: Namespace = root\rsop\computer; Class = RSOP_UserPrivilegeRight; Property = AccountList; Where = UserRight='SeIncreaseQuotaPrivilege' and precedence=1z(1) GPO: Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall Properties\Domain Profile\Windows Firewall: Domain: Allow unicast response (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsFirewall\DomainProfile\DisableUnicastResponsesToMulticastBroadcastqAuditing of 'Logon-Logoff: Network Policy Server' events on success should be enabled or disabled as appropriate.tThe 'Network security: Allow Local System to use computer identity for NTLM' setting should be configured correctly.(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Network security: Allow Local System to use computer identity for NTLM (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\UseMachineIdYThe 'Deny log on as a service' user right should be assigned to the appropriate accounts.!(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Deny log on as a service (2) WMI: Namespace = root\rsop\computer; Class = RSOP_UserPrivilegeRight; Property = AccountList; Where = UserRight='SeDenyServiceLogonRight' and precedence=1mThe 'Allow log on through Remote Desktop Services' user right should be assigned to the appropriate accounts.;(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Allow log on through Remote Desktop Services (2) WMI: Namespace = root\rsop\computer; Class = RSOP_UserPrivilegeRight; Property = AccountList; Where = UserRight='SeRemoteInteractiveLogonRight' and precedence=1The 'System settings: Use Certificate Rules on Windows Executables for Software Restriction Policies' setting should be configured correctly.6(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\System settings: Use Certificate Rules on Windows Executables for Software Restriction Policies (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\AuthenticodeEnabled`The 'Network access: Remotely accessible registry paths' setting should be configured correctly. set of paths(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Network access: Remotely accessible registry paths (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurePipeServers\Winreg\AllowedExactPaths\MachineaThe 'Domain member: Maximum machine account password age' setting should be configured correctly.(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Domain member: Maximum machine account password age (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\maximumpasswordage^The 'Restore files and directories' user right should be assigned to the appropriate accounts.!(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Restore file< s and directories (2) WMI: Namespace = root\rsop\computer; Class = RSOP_UserPrivilegeRight; Property = AccountList; Where = UserRight='SeRestorePrivilege' and precedence=1{Auditing of 'Object Access:Filtering Platform Packet Drop' events on success should be enabled or disabled as appropriate._The 'Load and unload device drivers' user right should be assigned to the appropriate accounts.%(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Load and unload device drivers (2) WMI: Namespace = root\rsop\computer; Class = RSOP_UserPrivilegeRight; Property = AccountList; Where = UserRight='SeLoadDriverPrivilege' and precedence=1GThe 'Account lockout threshold' setting should be configured correctly.number of failed logon attempts(1) GPO: Computer Configuration\Windows Settings\Security Settings\Account Policies\Account Lockout Policy\Account lockout threshold (2) WMI: Namespace = root\rsop\computer; Class = RSOP_SecuritySettingNumeric; Property = Setting; Where = KeyName='LockoutBadCount' And precedence=1jAuditing of 'Object Access:Kernel Object' events on failure should be enabled or disabled as appropriate.Auditing of 'Account Logon: Kerberos Service Ticket Operations' events on success should be enabled or disabled as appropriate.WThe 'Modify an object label' user right should be assigned to the appropriate accounts.(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Modify an object label (2) WMI: Namespace = root\rsop\computer; Class = RSOP_UserPrivilegeRight; Property = AccountList; Where = UserRight='SeRelabelPrivilege' and precedence=1^The 'Audit: Audit the access of global system objects' setting should be configured correctly.(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Audit: Audit the access of global system objects (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\AuditBaseObjects|Auditing of 'Policy Change: MPSSVC Rule-Level Policy Change' events on success should be enabled or disabled as appropriate.{The 'Network access: Do not allow anonymous enumeration of SAM accounts and shares' setting should be configured correctly. (1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Network access: Do not allow anonymous enumeration of SAM accounts and shares (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\RestrictAnonymousxAuditing of 'Privilege Use: Non Sensitive Privilege Use' events on failure should be enabled or disabled as appropriate.aAuditing of 'Audit object access' events on success should be enabled or disabled as appropriate. (1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Audit Policy\Audit object access (2) WMI: Namespace = root\rsop\computer; Class = RSOP_AuditPolicy; Property = Success, Failure; Where = Category='AuditObjectAccess' and precedence=1tAuditing of 'Privilege Use: Sensitive Privilege Use' events on failure should be enabled or disabled as appropriate.kAuditing of 'System: Security State Change' events on failure should be enabled or disabled as appropriate.aAuditing of 'Audit policy change' events on success should be enabled or disabled as appropriate.RThe 'Create a pagefile' user right should be assigned to the appropriate accounts.(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Create a pagefile (2) WMI: Namespace = root\rsop\computer; Class = RSOP_UserPrivilegeRight; Property = AccountList; Where = UserRight='SeCreatePagefilePrivilege' and precedence=1qThe 'User Account Control: Run all administrators in Admin Approval Mode' setting should be configured correctly.(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\User Account Control: Run all administrators in Admin Approval Mode (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUAxAuditing of 'Privilege Use: Non Sensitive Privilege Use' events on success should be enabled or disabled as appropriate.The 'System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links)' setting should be configured correctly.((1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links) (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\ProtectionModeBThe 'Maximum password age' setting should be configured correctly.(1) GPO: Computer Configuration\Windows Settings\Security Settings\Account Policies\Password Policy\Maximum password age (2) WMI: Namespace = root\rsop\computer; Class = RSOP_SecuritySettingNumeric; Property = Setting; Where = KeyName = 'MaximumPasswordAge' And precedence=1fAuditing of 'System: System Integrity' events on failure should be enabled or disabled as appropriate.eThe 'Network access: Shares that can be accessed anonymously' setting should be configured correctly. set of shares (1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Network access: Shares that can be accessed anonymously (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\NullSessionSharesTThe 'Accounts: Administrator account status' setting should be configured correctly.(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Accounts: Administrator account status[The 'Deny log on as a batch job' user right should be assigned to the appropriate accounts.!(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Deny log on as a batch job (2) WMI: Namespace = root\rsop\computer; Class = RSOP_UserPrivilegeRight; Property = AccountList; Where = UserRight='SeDenyBatchLogonRight' and precedence=1aAuditing of 'Logon-Logoff: Logon' events on failure should be enabled or disabled as appropriate.lAuditing of 'Audit directory service access' events on failure should be enabled or disabled as appropriate.(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Audit Policy\Audit directory service access (2) WMI: Namespace = root\rsop\computer; Class = RSOP_AuditPolicy; Property = Success, Failure; Where = Category='AuditDSAccess' and precedence=1VThe 'Create a token object' user right should be assigned to the appropriate accounts.(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Create a token object (2) WMI: Namespace = root\rsop\computer; Class = RSOP_UserPrivilegeRight; Property = AccountList; Where = UserRight='SeCreateTokenPrivilege' and precedence=1hAuditing of 'Object Access:File System' events on success should be enabled or disabled as appropriate.jThe 'Network access: Named Pipes that can be accessed anonymously' setting should be configured correctly.list of named pipes(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Network access: Named Pipes that can be accessed anonymously (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\NullSessionPipesUThe 'Shutdown: Clear virtual memory pagefile' setting should be configured correctly. (1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Shutdown: Clear virtual memory pagefile (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Memory Management\ClearPageFileAtShutdownaThe 'Manage auditing and security log' user right should be assigned to the appropriate accounts.%(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Manage auditing and security log (2) WMI: Namespace = root\rsop\computer; Class = RSOP_UserPrivilegeRight; Prope< rty = AccountList; Where = UserRight='SeSecurityPrivilege' and precedence=1lAuditing of 'Audit directory service access' events on success should be enabled or disabled as appropriate.YThe 'Generate security audits' user right should be assigned to the appropriate accounts.(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Generate security audits (2) WMI: Namespace = root\rsop\computer; Class = RSOP_UserPrivilegeRight; Property = AccountList; Where = UserRight='SeAuditPrivilege' and precedence=1tAuditing of 'Detailed Tracking: Process Termination' events on success should be enabled or disabled as appropriate.(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Accounts: Rename guest accountpAuditing of 'Policy Change: Audit Policy Change' events on failure should be enabled or disabled as appropriate.TThe 'Deny log on locally' user right should be assigned to the appropriate accounts. (1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Deny log on locally (2) WMI: Namespace = root\rsop\computer; Class = RSOP_UserPrivilegeRight; Property = AccountList; Where = UserRight='SeDenyInteractiveLogonRight' and precedence=1nThe 'Deny access to this computer from the network' user right should be assigned to the appropriate accounts.6(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Deny access to this computer from the network (2) WMI: Namespace = root\rsop\computer; Class = RSOP_UserPrivilegeRight; Property = AccountList; Where = UserRight='SeDenyNetworkLogonRight' and precedence=1ERights to access DCOM applications should be assigned as appropriate.E(1) users and/or groups (2) allow/deny (3) local access/remote access((1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\DCOM: Machine Access Restrictions in Security Descriptor Definition Language (SDDL) syntax (2) Registry Key: HKEY_LOCAL_MACHINE\Software\policies\Microsoft\windows NT\DCOM\MachineAccessRestrictionpThe 'Network access: Do not allow anonymous enumeration of SAM accounts' setting should be configured correctly.(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Network access: Do not allow anonymous enumeration of SAM accounts (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\RestrictAnonymousSAMrThe 'Domain member: Digitally encrypt secure channel data (when possible)' setting should be configured correctly.(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Domain member: Digitally encrypt secure channel data (when possible) (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\sealsecurechannelfThe 'Access this computer from the network' user right should be assigned to the appropriate accounts.*(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Access this computer from the network (2) WMI: Namespace = root\rsop\computer; Class = RSOP_UserPrivilegeRight; Property = AccountList; Where = UserRight='SeNetworkLogonRight' and precedence=1`The 'Create permanent shared objects' user right should be assigned to the appropriate accounts.+(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Create permanent shared objects (2) WMI: Namespace = root\rsop\computer; Class = RSOP_UserPrivilegeRight; Property = AccountList; Where = UserRight='SeCreatePermanentPrivilege' and precedence=1|Auditing of 'Account Logon: Kerberos Authentication Service' events on success should be enabled or disabled as appropriate.YThe 'Store passwords using reversible encryption' setting should be configured correctly.)(1) GPO: Computer Configuration\Windows Settings\Security Settings\Account Policies\Password Policy\Store passwords using reversible encryption (2) WMI: Namespace = root\rsop\computer; Class = RSOP_SecuritySettingBoolean; Property = Setting; Where = KeyName = 'ClearTextPassword' And precedence=1|The 'Microsoft network client: Send unencrypted password to third-party SMB servers' setting should be configured correctly..(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Microsoft network client: Send unencrypted password to third-party SMB servers (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanWorkstation\Parameters\EnablePlainTextPasswordThe 'System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing' setting should be configured correctly.!(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\FIPSAlgorithmPolicy\EnabledAuditing of 'Account Logon: Kerberos Service Ticket Operations' events on failure should be enabled or disabled as appropriate.lThe 'Deny log on through Remote Desktop Services' user right should be assigned to the appropriate accounts.>(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Deny log on through Remote Desktop Services (2) WMI: Namespace = root\rsop\computer; Class = RSOP_UserPrivilegeRight; Property = AccountList; Where = UserRight='SeDenyRemoteInteractiveLogonRight' and precedence=1UThe 'Lock pages in memory' user right should be assigned to the appropriate accounts.(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Lock pages in memory (2) WMI: Namespace = root\rsop\computer; Class = RSOP_UserPrivilegeRight; Property = AccountList; Where = UserRight='SeLockMemoryPrivilege' and precedence=1eThe 'Domain member: Disable machine account password changes' setting should be configured correctly. (1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Domain member: Disable machine account password changes (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\disablepasswordchangeThe 'User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop' setting should be configured correctly.D(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop (2) Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableUIADesktopTogglelThe 'Devices: Restrict CD-ROM access to locally logged-on user only' setting should be configured correctly. (1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Devices: Restrict CD-ROM access to locally logged-on user only (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\AllocateCDRomsqThe 'Interactive logon: Prompt user to change password before expiration' setting should be configured correctly."number of days prior to expiration(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Interactive logon: Prompt user to change password before expiration (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\passwordexpirywarningFThe 'Account lockout duration' setting should be configured correctly.(1) GPO: Computer Configuration\Windows Settings\Security Settings\Account Policies\Account Lockout Policy\Account lockout duration (2) WMI: Namespace = root\rsop\computer; Class = RSOP_SecuritySettingNumeric; Property = Setting; Where = KeyName='LockoutDuration' And precedence=1iThe 'Take ownership of files or other objects' user right should be assigned to the appropriate accounts.< 2(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Take ownership of files or other objects (2) WMI: Namespace = root\rsop\computer; Class = RSOP_UserPrivilegeRight; Property = AccountList; Where = UserRight='SeTakeOwnershipPrivilege' and precedence=1wAuditing of 'Privilege Use: Other Privilege Use Events' events on failure should be enabled or disabled as appropriate.(1) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Privilege Use\Audit Policy: Privilege Use: Other Privilege Use Events\The 'Interactive logon: Do not require CTRL+ALT+DEL' setting should be configured correctly.(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Interactive logon: Do not require CTRL+ALT+DEL (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableCADsThe 'System objects: Require case insensitivity for non-Windows subsystems' setting should be configured correctly.(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\System objects: Require case insensitivity for non-Windows subsystems (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Kernel\ObCaseInsensitiveVThe 'Log on as a batch job' user right should be assigned to the appropriate accounts.(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Log on as a batch job (2) WMI: Namespace = root\rsop\computer; Class = RSOP_UserPrivilegeRight; Property = AccountList; Where = UserRight='SeBatchLogonRight' and precedence=1hAuditing of 'Audit account logon events' events on success should be enabled or disabled as appropriate.(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Audit Policy\Audit account logon events (2) WMI: Namespace = root\rsop\computer; Class = RSOP_AuditPolicy; Property = Success, Failure; Where = Category='AuditAccountLogon' and precedence=1eThe 'Remove computer from docking station' user right should be assigned to the appropriate accounts.'(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Remove computer from docking station (2) WMI: Namespace = root\rsop\computer; Class = RSOP_UserPrivilegeRight; Property = AccountList; Where = UserRight='SeUndockPrivilege' and precedence=1nThe 'Microsoft network client: Digitally sign communications (always)' setting should be configured correctly.!(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Microsoft network client: Digitally sign communications (always) (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanWorkstation\Parameters\RequireSecuritySignaturemThe 'Windows Firewall: Domain: Apply local connection security rules' setting should be configured correctly.x(1) GPO: Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall Properties\Domain Profile\Windows Firewall: Domain: Apply local connection security rules (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsFirewall\DomainProfile\AllowLocalIPsecPolicyMergeBThe 'Minimum password age' setting should be configured correctly.(1) GPO: Computer Configuration\Windows Settings\Security Settings\Account Policies\Password Policy\Minimum password age (2) WMI: Namespace = root\rsop\computer; Class = RSOP_SecuritySettingNumeric; Property = Setting; Where = KeyName = 'MinimumPasswordAge' And precedence=1dThe 'Force shutdown from a remote system' user right should be assigned to the appropriate accounts.(1) GPO: Computer Configuration\Windows Settings\Local Policies\User Rights Assignment\Force shutdown from a remote system (2) WMI: Namespace = root\rsop\computer; Class = RSOP_UserPrivilegeRight; Property = AccountList; Where = UserRight='SeRemoteShutdownPrivilege' and precedence=1fAuditing of 'Audit account management' events on success should be enabled or disabled as appropriate.jThe 'Network Security: Restrict NTLM: Audit Incoming NTLM Traffic' setting should be configured correctly. (1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Network Security: Restrict NTLM: Audit Incoming NTLM Traffic (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0\AuditReceivingNTLMTrafficlThe 'MSS: (AutoAdminLogon) Enable Automatic Logon (not recommended)' setting should be configured correctly. (1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\MSS: (AutoAdminLogon) Enable Automatic Logon (not recommended) (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\AutoAdminLogonxThe 'Microsoft network client: Digitally sign communications (if server agrees)' setting should be configured correctly.*(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Microsoft network client: Digitally sign communications (if server agrees) (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanWorkstation\Parameters\EnableSecuritySignatureUThe 'Allow log on locally' user right should be assigned to the appropriate accounts.(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Allow log on locally (2) WMI: Namespace = root\rsop\computer; Class = RSOP_UserPrivilegeRight; Property = AccountList; Where = UserRight='SeInteractiveLogonRight' and precedence=1dAuditing of 'Audit process tracking' events on success should be enabled or disabled as appropriate.pThe 'MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended)' setting should be configured correctly.(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended) (2) Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SafeDllSearchModeEThe 'Minimum password length' setting should be configured correctly.(1) GPO: Computer Configuration\Windows Settings\Security Settings\Account Policies\Password Policy\Minimum password length (2) WMI: Namespace = root\rsop\computer; Class = RSOP_SecuritySettingNumeric; Property = Setting; Where = KeyName = 'MinimumPasswordLength' And precedence=1rThe 'Microsoft network server: Disconnect clients when logon hours expire' setting should be configured correctly.(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Microsoft network server: Disconnect clients when logon hours expire (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\enableforcedlogoffkAuditing of 'Detailed Tracking: RPC Events' events on failure should be enabled or disabled as appropriate.`Auditing of 'Audit logon events' events on success should be enabled or disabled as appropriate.PThe 'Password must meet complexity requirements' policy should be set correctly.)(1) GPO: Computer Configuration\Windows Settings\Security Settings\Account Policies\Password Policy\Password must meet complexity requirements (2) WMI: Namespace = root\rsop\computer; Class = RSOP_SecuritySettingBoolean; Property = Setting; Where = KeyName = 'PasswordComplexity' And precedence=1oThe 'Domain member: Digitally sign secure channel data (when possible)' setting should be configured correctly.(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Domain member: Digitally sign secure channel data (when possible) (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\signsecurechannelgAuditing of 'Object Access:File Share' events on success should be enabled or disabled as appropriate.nThe 'Access Credential Manager as a trusted calle< r' user right should be assigned to the appropriate accounts.>(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Access Credential Manager as a trusted caller (2) WMI: Namespace = root\rsop\computer; Class = RSOP_UserPrivilegeRight; Property = AccountList; Where = UserRight='SeTrustedCredManAccessPrivilege' and precedence=1The 'System cryptography: Force strong key protection for user keys stored on the computer' setting should be configured correctly.(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\System cryptography: Force strong key protection for user keys stored on the computer (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Cryptography\ForceKeyProtectionnThe 'Network access: Remotely accessible registry paths and sub-paths' setting should be configured correctly.(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Network access: Remotely accessible registry paths and sub-paths (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurePipeServers\Winreg\AllowedPaths\MachineoThe 'Domain member: Require strong (Windows 2000 or later) session key' setting should be configured correctly.(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Domain member: Require strong (Windows 2000 or later) session key (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\requirestrongkeyWThe 'Profile single process' user right should be assigned to the appropriate accounts.'(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Profile single process (2) WMI: Namespace = root\rsop\computer; Class = RSOP_UserPrivilegeRight; Property = AccountList; Where = UserRight='SeProfileSingleProcessPrivilege' and precedence=1^The 'Back up files and directories' user right should be assigned to the appropriate accounts. (1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Back up files and directories (2) WMI: Namespace = root\rsop\computer; Class = RSOP_UserPrivilegeRight; Property = AccountList; Where = UserRight='SeBackupPrivilege' and precedence=1}The 'User Account Control: Switch to the secure desktop when prompting for elevation' setting should be configured correctly.((1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\User Account Control: Switch to the secure desktop when prompting for elevation (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktopQThe 'Reset account lockout counter after' setting should be configured correctly.&(1) GPO: Computer Configuration\Windows Settings\Security Settings\Account Policies\Account Lockout Policy\Reset account lockout counter after (2) WMI: Namespace = root\rsop\computer; Class = RSOP_SecuritySettingNumeric; Property = Setting; Where = KeyName='ResetLockoutCount' And precedence=1gAuditing of 'Object Access:File Share' events on failure should be enabled or disabled as appropriate.~The 'Microsoft network server: Amount of idle time required before suspending session' setting should be configured correctly."(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Microsoft network server: Amount of idle time required before suspending session (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\autodisconnectdThe 'Act as part of the operating system' user right should be assigned to the appropriate accounts.#(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Act as part of the operating system (2) WMI: Namespace = root\rsop\computer; Class = RSOP_UserPrivilegeRight; Property = AccountList; Where = UserRight='SeTcbPrivilege' and precedence=1SThe 'Interactive logon: Require smart card' setting should be configured correctly.(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Interactive logon: Require smart card (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\scforceoptionoAuditing of 'Detailed Tracking: DPAPI Activity' events on failure should be enabled or disabled as appropriate.cThe 'Modify firmware environment values' user right should be assigned to the appropriate accounts.0(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Modify firmware environment values (2) WMI: Namespace = root\rsop\computer; Class = RSOP_UserPrivilegeRight; Property = AccountList; Where = UserRight='SeSystemEnvironmentPrivilege' and precedence=1xThe 'Accounts: Limit local account use of blank passwords to console logon only' setting should be configured correctly.(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Accounts: Limit local account use of blank passwords to console logon only (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\LimitBlankPasswordUse[The 'Profile system performance' user right should be assigned to the appropriate accounts.$(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Profile system performance (2) WMI: Namespace = root\rsop\computer; Class = RSOP_UserPrivilegeRight; Property = AccountList; Where = UserRight='SeSystemProfilePrivilege' and precedence=1xThe 'MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds' setting should be configured correctly.frequency in milliseconds(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\KeepAliveTimeThe 'Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings' setting should be configured correctly.<(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\scenoapplylegacyauditpolicyThe 'MSS: (NoDefaultExempt) Configure IPSec exemptions for various types of network traffic.' setting should be configured correctly.Allow all exceptions (least secure)/Multicast, broadcast, and ISAKMP are exempt (Best for Windows XP)/RSVP, Kerberos, and ISAKMP are excempt/Only ISAKMP is excempt (recommended for Windows Server 2003)/Disabled(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\MSS: (NoDefaultExempt) Configure IPSec exemptions for various types of network traffic. (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\IPSEC\NoDefaultExemptlThe 'Devices: Restrict floppy access to locally logged-on user only' setting should be configured correctly.(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Devices: Restrict floppy access to locally logged-on user only (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\AllocateFloppieswAuditing of 'Account Logon: Other Account Logon Events' events on failure should be enabled or disabled as appropriate.^The 'Interactive logon: Do not display last user name' setting should be configured correctly. (1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Interactive logon: Do not display last user name (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\DontDisplayLastUserNamewAuditing of 'Object Access:Other Object Access Events' events o< n success should be enabled or disabled as appropriate.The 'MSS: (TcpMaxDataRetransmissions) How many times unacknowledged data is retransmitted (3 recommended, 5 is default)' setting should be configured correctly.number of retransmissionsH(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\MSS: (TcpMaxDataRetransmissions) How many times unacknowledged data is retransmitted (3 recommended, 5 is default) (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\TcpMaxDataRetransmissionsThe 'MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS)' setting should be configured correctly.NEnable only if DHCP sends the Perform Router Discovery option/Enabled/DisabledA(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS) (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\PerformRouterDiscoverysAuditing of 'Object Access:Certification Services' events on success should be enabled or disabled as appropriate.TThe 'Log on as a service' user right should be assigned to the appropriate accounts.(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Log on as a service (2) WMI: Namespace = root\rsop\computer; Class = RSOP_UserPrivilegeRight; Property = AccountList; Where = UserRight='SeServiceLogonRight' and precedence=1rThe 'Audit: Shut down system immediately if unable to log security audits' setting should be configured correctly.(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Audit: Shut down system immediately if unable to log security audits (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\crashonauditfailYThe Windows Firewall should be enabled or disabled as appropriate for the Domain Profile.U(1) GPO: Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall Properties\Domain Profile\Windows Firewall: Domain: Firewall state (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsFirewall\DomainProfile\EnableFirewallThe 'MSS: (TcpMaxDataRetransmissions IPv6) How many times unacknowledged data is retransmitted (3 recommended, 5 is default)' setting should be configured correctly.N(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\MSS: (TcpMaxDataRetransmissions IPv6) How many times unacknowledged data is retransmitted (3 recommended, 5 is default) (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip6\Parameters\TcpMaxDataRetransmissionssAuditing of 'Object Access:Certification Services' events on failure should be enabled or disabled as appropriate.kAuditing of 'Detailed Tracking: RPC Events' events on success should be enabled or disabled as appropriate.dThe 'Network Security: Restrict NTLM: Incoming NTLM traffic' setting should be configured correctly.4Allow all/Deny all domain accounts/Deny all accounts(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Network Security: Restrict NTLM: Incoming NTLM traffic (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0\RestrictReceivingNTLMTrafficThe 'MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing)' setting should be configured correctly.6(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing) (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\DisableIPSourceRouting}Auditing of 'Account Management: Computer Account Management' events on success should be enabled or disabled as appropriate.The 'MSS: (WarningLevel) Percentage threshold for the security event log at which the system will generate a warning' setting should be configured correctly.&log capacity threshold as a percentage9(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\MSS: (WarningLevel) Percentage threshold for the security event log at which the system will generate a warning (2) Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security\WarningLevel|Auditing of 'Account Logon: Kerberos Authentication Service' events on failure should be enabled or disabled as appropriate.kThe 'Network access: Sharing and security model for local accounts' setting should be configured correctly.Classic/Guest only(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Network access: Sharing and security model for local accounts (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\ForceGuestmWindows Firewall should allow or block outbound connections by default as appropriate for the Domain Profile.b(1) GPO: Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall Properties\Domain Profile\Windows Firewall: Domain: Outbound connections (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsFirewall\DomainProfile\DefaultOutboundActionfAuditing of 'System: System Integrity' events on success should be enabled or disabled as appropriate.iAuditing of 'Logon-Logoff: Special Logon' events on failure should be enabled or disabled as appropriate.}(1) GPO: Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall Properties\Private Profile\Windows Firewall: Private: Allow unicast response (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsFirewall\PrivateProfile\DisableUnicastResponsesToMulticastBroadcastqThe 'Network Security: Restrict NTLM: NTLM authentication in this domain' setting should be configured correctly.mDisabled/Deny for domain accounts to domain servers/deny for domain accounts/deny for domain servers/Deny all(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Network Security: Restrict NTLM: NTLM authentication in this domain (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\RestrictNTLMInDomainAuditing of 'DS Access: Detailed Directory Service Replication' events on failure should be enabled or disabled as appropriate.bThe 'Network access: Allow anonymous SID/Name translation' setting should be configured correctly."(1) GPO: Computer Configuration\Windows Settings\Local Policies\Security Options\Network access: Allow anonymous SID/Name translation (2) WMI: Namespace = root\rsop\computer; Class = RSOP_SecuritySettingBoolean; Property = Setting; Where = KeyName='LSAAnonymousNameLookup' and precedence=1oThe 'Network Security: Configure encryption types allowed for Kerberos' setting should be configured correctly.1(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Network Security: Configure encryption types allowed for Kerberos (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos\Parameters\SupportedEncryptionTypesThe 'Require message integrity' option for the 'Network security: Minimum session security for NTLM SSP based (including secure RPC) clients' setting should be enabled or disabled as appropriate."(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Network security: Minimum session security for NTLM SSP based (including secure RPC) clients (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0\NTLMMinClie< ntSecThe 'Require message confidentiality' option for the 'Network security: Minimum session security for NTLM SSP based (including secure RPC) clients' setting should be enabled or disabled as appropriate.The 'Require NTLMv2 session security' option for the 'Network security: Minimum session security for NTLM SSP based (including secure RPC) clients' setting should be enabled or disabled as appropriate.The 'Require 128-bit encryption' option for the 'Network security: Minimum session security for NTLM SSP based (including secure RPC) clients' setting should be enabled or disabled as appropriate.qThe 'Network access: Restrict anonymous access to Named Pipes and Shares' setting should be configured correctly.(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Network access: Restrict anonymous access to Named Pipes and Shares (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\restrictnullsessaccessyAuditing of 'Account Management: User Account Management' events on success should be enabled or disabled as appropriate.wAuditing of 'Object Access:Other Object Access Events' events on failure should be enabled or disabled as appropriate.vThe 'Network Security: Restrict NTLM: Outgoing NTLM traffic to remote servers' setting should be configured correctly.Allow all/Audit all/Deny all(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Network Security: Restrict NTLM: Outgoing NTLM traffic to remote servers (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0\RestrictSendingNTLMTrafficqAuditing of 'Detailed Tracking: Process Creation' events on success should be enabled or disabled as appropriate.zAuditing of 'Object Access:Filtering Platform Connection' events on failure should be enabled or disabled as appropriate.RThe 'System settings: Optional subsystems' setting should be configured correctly.List of subsystems(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\System settings: Optional subsystems (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\SubSystems\optionaliAuditing of 'System: Other System Events' events on success should be enabled or disabled as appropriate.mWindows Firewall should allow or block outbound connections by default as appropriate for the Public Profile.b(1) GPO: Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall Properties\Public Profile\Windows Firewall: Public: Outbound connections (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsFirewall\PublicProfile\DefaultOutboundAction~Auditing of 'Account Management: Application Group Management' events on failure should be enabled or disabled as appropriate.YThe Windows Firewall should be enabled or disabled as appropriate for the Public Profile.U(1) GPO: Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall Properties\Public Profile\Windows Firewall: Public: Firewall state (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsFirewall\PublicProfile\EnableFirewallwAuditing of 'Policy Change: Other Policy Change Events' events on success should be enabled or disabled as appropriate.wThe 'Network Security: Restrict NTLM: Audit NTLM authentication in this domain' setting should be configured correctly.(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Network Security: Restrict NTLM: Audit NTLM authentication in this domain (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\AuditNTLMInDomain}Auditing of 'Account Management: Computer Account Management' events on failure should be enabled or disabled as appropriate.}The 'User Account Control: Detect application installations and prompt for elevation' setting should be configured correctly.+(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\User Account Control: Detect application installations and prompt for elevation (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetectionlWindows Firewall should allow or block inbound connections by default as appropriate for the Domain Profile.`(1) GPO: Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall Properties\Domain Profile\Windows Firewall: Domain: Inbound connections (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsFirewall\DomainProfile\DefaultInboundActionuAuditing of 'Logon-Logoff: Other Logon/Logoff Events' events on success should be enabled or disabled as appropriate.Auditing of 'DS Access: Detailed Directory Service Replication' events on success should be enabled or disabled as appropriate.aAuditing of 'Audit object access' events on failure should be enabled or disabled as appropriate.uAuditing of 'Logon-Logoff: Other Logon/Logoff Events' events on failure should be enabled or disabled as appropriate.lAuditing of 'Logon-Logoff: IPsec Quick Mode' events on success should be enabled or disabled as appropriate.xAuditing of 'Policy Change: Authorization Policy Change' events on success should be enabled or disabled as appropriate.vAuditing of 'DS Access: Directory Service Replication' events on success should be enabled or disabled as appropriate.Auditing of 'Account Management: Distribution Group Management' events on success should be enabled or disabled as appropriate.Auditing of 'Account Management: Other Account Management Events' events on success should be enabled or disabled as appropriate.oAuditing of 'Logon-Logoff: IPsec Extended Mode' events on success should be enabled or disabled as appropriate.cThe 'Windows Firewall: Private: Apply local firewall rules' setting should be configured correctly.k(1) GPO: Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall Properties\Private Profile\Windows Firewall: Private: Apply local firewall rules (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsFirewall\PrivateProfile\AllowLocalPolicyMergeAuditing of 'Account Management: Other Account Management Events' events on failure should be enabled or disabled as appropriate.lAuditing of 'Logon-Logoff: IPsec Quick Mode' events on failure should be enabled or disabled as appropriate.aAuditing of 'Logon-Logoff: Logon' events on success should be enabled or disabled as appropriate.bThe 'Windows Firewall: Domain: Apply local firewall rules' setting should be configured correctly.h(1) GPO: Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall Properties\Domain Profile\Windows Firewall: Domain: Apply local firewall rules (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsFirewall\DomainProfile\AllowLocalPolicyMerge{Auditing of 'Account Management: Security Group Management' events on success should be enabled or disabled as appropriate.mWindows Firewall should allow or block inbound connections by default as appropriate for the Private Profile.c(1) GPO: Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall Properties\Private Profile\Windows Firewall: Private: Inbound connections (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsFirewall\PrivateProfile\DefaultInboundActiondThe 'Network security: Force logoff when logon hours expire' setting should be configured correctly.(1) GPO: Computer Configuration\Windows Settings\Security Set< tings\Local Policies\Security Options\Network security: Force logoff when logon hours expiremThe 'Shutdown: Allow system to be shut down without having to log on' setting should be configured correctly.(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Shutdown: Allow system to be shut down without having to log on (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\ShutdownWithoutLogonnThe 'Windows Firewall: Private: Apply local connection security rules' setting should be configured correctly.{(1) GPO: Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall Properties\Private Profile\Windows Firewall: Private: Apply local connection security rules (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsFirewall\PrivateProfile\AllowLocalIPsecPolicyMergekAuditing of 'Logon-Logoff: IPsec Main Mode' events on failure should be enabled or disabled as appropriate.rAuditing of 'Account Logon: Credential Validation' events on failure should be enabled or disabled as appropriate.pAuditing of 'Object Access: Detailed File Share' events on success should be enabled or disabled as appropriate.rAuditing of 'Account Logon: Credential Validation' events on success should be enabled or disabled as appropriate.zAuditing of 'Object Access:Filtering Platform Connection' events on success should be enabled or disabled as appropriate.rAuditing of 'DS Access: Directory Service Changes' events on success should be enabled or disabled as appropriate.oAuditing of 'Detailed Tracking: DPAPI Activity' events on success should be enabled or disabled as appropriate.The 'Require message integrity' option for the 'Network security: Minimum session security for NTLM SSP based (including secure RPC) servers' setting should be enabled or disabled as appropriate."(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Network security: Minimum session security for NTLM SSP based (including secure RPC) servers (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0\NTLMMinServerSecThe 'Require message confidentiality' option for the 'Network security: Minimum session security for NTLM SSP based (including secure RPC) servers' setting should be enabled or disabled as appropriate.The 'Require NTLMv2 session security' option for the 'Network security: Minimum session security for NTLM SSP based (including secure RPC) servers' setting should be enabled or disabled as appropriate.The 'Require 128-bit encryption' option for the 'Network security: Minimum session security for NTLM SSP based (including secure RPC) servers' setting should be enabled or disabled as appropriate.eAuditing of 'Object Access:Registry' events on success should be enabled or disabled as appropriate.ZThe Windows Firewall should be enabled or disabled as appropriate for the Private Profile.X(1) GPO: Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall Properties\Private Profile\Windows Firewall: Private: Firewall state (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsFirewall\PrivateProfile\EnableFirewallqAuditing of 'Logon-Logoff: Network Policy Server' events on failure should be enabled or disabled as appropriate.Display of a notification to the user when Windows Firewall blocks network activity should be enabled or disabled as appropriate for the public profile.c(1) GPO: Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall Properties\Public Profile\Windows Firewall: Public: Display a notification (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsFirewall\PublicProfile\DisableNotificationsvAuditing of 'DS Access: Directory Service Replication' events on failure should be enabled or disabled as appropriate.iAuditing of 'Logon-Logoff: Special Logon' events on success should be enabled or disabled as appropriate.qAuditing of 'DS Access: Directory Service Access' events on success should be enabled or disabled as appropriate.`The 'Network security: LDAP client signing requirements' setting should be configured correctly.&None/Negotiate signing/Require signing(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Network security: LDAP client signing requirements (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LDAP\LDAPClientIntegrityThe 'Network Security: Allow PKU2U authentication requests to this computer to use online identities' setting should be configured correctly.!(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Network Security: Allow PKU2U authentication requests to this computer to use online identities (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\pku2u\AllowOnlineIDz(1) GPO: Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall Properties\Public Profile\Windows Firewall: Public: Allow unicast response (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsFirewall\PublicProfile\DisableUnicastResponsesToMulticastBroadcastDisplay of a notification to the user when Windows Firewall blocks network activity should be enabled or disabled as appropriate for the domain profile.c(1) GPO: Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall Properties\Domain Profile\Windows Firewall: Domain: Display a notification (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsFirewall\DomainProfile\DisableNotificationsbThe 'Windows Firewall: Public: Apply local firewall rules' setting should be configured correctly.h(1) GPO: Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall Properties\Public Profile\Windows Firewall: Public: Apply local firewall rules (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsFirewall\PublicProfile\AllowLocalPolicyMergepAuditing of 'Object Access:Handle Manipulation' events on success should be enabled or disabled as appropriate.qAuditing of 'DS Access: Directory Service Access' events on failure should be enabled or disabled as appropriate.yAuditing of 'Account Management: User Account Management' events on failure should be enabled or disabled as appropriate.The 'User Account Control: Only elevate UIAccess applications that are installed in secure locations' setting should be configured correctly.7(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\User Account Control: Only elevate UIAccess applications that are installed in secure locations (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPathsbAuditing of 'System: IPsec Driver' events on failure should be enabled or disabled as appropriate.jAuditing of 'Object Access:Kernel Object' events on success should be enabled or disabled as appropriate.qAuditing of 'Detailed Tracking: Process Creation' events on failure should be enabled or disabled as appropriate.wAuditing of 'Account Logon: Other Account Logon Events' events on success should be enabled or disabled as appropriate.hAuditing of 'Object Access:File System' events on failure should be enabled or disabled as appropriate.rAuditing of 'Object Access:Application Generated' events on success should be enabled or disabled as appropriate.mThe 'Windows Firewall: Public: Apply local connection security rules' setting should be configured correctly.x(1) GPO: Computer Configurat< ion\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall Properties\Public Profile\Windows Firewall: Public: Apply local connection security rules (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsFirewall\PublicProfile\AllowLocalIPsecPolicyMergetAuditing of 'Detailed Tracking: Process Termination' events on failure should be enabled or disabled as appropriate.`Auditing of 'Object Access:SAM' events on failure should be enabled or disabled as appropriate.kAuditing of 'System: Security State Change' events on success should be enabled or disabled as appropriate.`Auditing of 'Object Access:SAM' events on success should be enabled or disabled as appropriate.oAuditing of 'System: Security System Extension' events on success should be enabled or disabled as appropriate.tAuditing of 'Privilege Use: Sensitive Privilege Use' events on success should be enabled or disabled as appropriate.hAuditing of 'Audit account logon events' events on failure should be enabled or disabled as appropriate.}Auditing of 'Policy Change: Filtering Platform Policy Change' events on success should be enabled or disabled as appropriate.|Auditing of 'Policy Change: MPSSVC Rule-Level Policy Change' events on failure should be enabled or disabled as appropriate.bAuditing of 'System: IPsec Driver' events on success should be enabled or disabled as appropriate.yAuditing of 'Policy Change: Authentication Policy Change' events on success should be enabled or disabled as appropriate.wAuditing of 'Privilege Use: Other Privilege Use Events' events on success should be enabled or disabled as appropriate.aAuditing of 'Audit system events' events on failure should be enabled or disabled as appropriate.oAuditing of 'System: Security System Extension' events on failure should be enabled or disabled as appropriate.Last modified: 2010-04-20DMicrosoft Windows Server 2003 Security Guide, version April 26, 2006(1) defined by the SeDenyNetworkLogonRight setting in Local or Group Policy (2) Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Deny access to this computer from the networkTable 4.11 User Rights Assignments Setting Recommendations: Deny access to this computer from the network, ANONOYMOUS LOGON; Guests; Support_388945a0; all NON-Operating System service accounts (Legacy, Enterprise, and Specialized Security) Table 4.30 Manually Added User Rights Assignments: Deny access to this computer from the network, Built-in Administrator; Support_388945a0; Guest; all NON-Operating System service accounts (Legacy, Enterprise, and Specialized Security) Table 5.8 Manually Added User Rights Assignments:Deny access to this computer from the network, Built-in Administrator; Support_388945a0; Guest; all NON-Operating System service accounts (Legacy, Enterprise, and Specialized Security) Table 9.10 Manually Added User Rights Assignments: Deny access to this computer from the network, Built-in Administrator; Support_388945a0; Guest; all NON-Operating System service accounts (Legacy, Enterprise and Specialized Security)8http://technet.microsoft.com/en-us/library/cc758316.aspx(1) defined by the SeNetworkLogonRight setting in Local or Group Policy (2) Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\@Table 4.11 User Rights Assignments Setting Recommendations: Access this computer from the network, not defined (Legacy and Enterprise), Administrators, Authenticated Users, ENTERPRISE DOMAIN CONTROLLERS (Specialized Security) Table 5.4 Recommended User Rights Assignments Settings: Access this computer from the network 9http://technet.microsoft.com/en-us/library/cc740196.aspx (1) defined the SeTcbPrivilege setting in by Local or Group Policy (2) Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Table 4.11 User Rights Assignments Setting Recommendations: Act as part of the operating system, Not defined (Legacy and Enterprise), No one Specialized Security)(1) defined the SeBackupPrivilege setting in by Local or Group Policy (2) Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Table 4.11 User Rights Assignments Setting Recommendations, Back up files and directories Not defined (Legacy and Enterprise), Administrators (Specialized Security)(1) defined the SeChangeNotifyPrivilege setting in by Local or Group Policy (2) Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Table 4.11 User Rights Assignments Setting Recommendations: Bypass traverse checking, Not defined (Legacy and Enterprise), Authenticated Users (Specialized Security)(1) defined the SeSystemTimePrivilege setting in by Local or Group Policy (2) Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\JTable 4.11 User Rights Assignments Setting Recommendations: Change the system time, Not defined (Legacy and Enterprise), Administrators, LOCAL SERVICE (Specialized Security) Table 5.4 Recommended User Rights Assignments Settings: Change the system time, Administrators, LOCAL SERVICE (Legacy, Enterprise, and Specialized Security)8http://technet.microsoft.com/en-us/library/cc786461.aspx(1) defined the SeCreatePagefilePrivilege setting in by Local or Group Policy (2) Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Table 4.11 User Rights Assignments Setting Recommendations: Create a pagefile, Not defined (Legacy and Enterprise), Administrators (Specialized Security)(1) defined the SeCreateTokenPrivilege setting in by Local or Group Policy (2) Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Table 4.11 User Rights Assignments Setting Recommendations: Create a token object, Not defined (Legacy and Enterprise), No one (Specialized Security)(1) defined the SeCreatePermanentPrivilege setting in by Local or Group Policy (2) Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Table 4.11 User Rights Assignments Setting Recommendations: Create permanent shared objects, Not defined (Legacy and Enterprise), No one (Specialized Security)(1) defined the SeDebugPrivilege setting in by Local or Group Policy (2) Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Table 4.11 User Rights Assignments Setting Recommendations: Debug programs, Not defined (Legacy), Administrators (Enterprise), No one (Specialized Security)(1) defined the SeRemoteShutdownPrivilege setting in by Local or Group Policy (2) Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Table 4.11 User Rights Assignments Setting Recommendations: Force shutdown from a remote system, Not defined (Legacy and Enterprise), Administrators (Specialized Security)(1) defined the SeAuditPrivilege setting in by Local or Group Policy (2) Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Table 4.11 User Rights Assignments Setting Recommendations: Generate security audits, Not defined (Legacy and Enterprise), NETWORK SERVICE, LOCAL SERVICE (Specialized Security)(1) defined the SeIncreaseQuotaPrivilege setting in by Local or Group Policy (2) Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Table 4.11 User Rights Assignments Setting Recommendations: Adjust memory quotas for a process, Not defined (Legacy and Enterprise), Administrators, NETWORK SERVICE, LOCAL SERVICE (Specialized Security)(1) defined the SeIncreaseBasePriorityPrivilege setting in by Local or Group Policy (2) Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Table 4.11 User Rights Assignments Setting Recommendations: Increase scheduling priority, Not defined (Legacy and Enterprise), Administrators (Specialized Security)< (1) defined the SeLoadDriverPrivilege setting in by Local or Group Policy (2) Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\<Table 4.11 User Rights Assignments Setting Recommendations: Load and unload device drivers, Not defined (Legacy and Enterprise), Administrators (Specialized Security) Table 5.4 Recommended User Rights Assignments Settings: Load and unload device drivers, Administrators (Legacy, Enterprise, and Specialized Security)8http://technet.microsoft.com/en-us/library/cc782779.aspx(1) defined the SeLockMemoryPrivilege setting in by Local or Group Policy (2) Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Table 4.11 User Rights Assignments Setting Recommendations: Lock pages in memory, Not defined (Legacy and Enterprise), No one (Specialized Security(1) defined the SeBatchLogonRight setting in by Local or Group Policy (2) Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Table 4.11 User Rights Assignments Setting Recommendations: Log on as a batch job, Not defined (Legacy, Enterprise, and Specialized Security), (1) defined the SeServiceLogonRight setting in by Local or Group Policy (2) Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Table 4.11 User Rights Assignments Setting Recommendations: Log on as a service, Not defined (Legacy and Enterprise), NETWORK SERVICE (Specialized Security)(1) defined the SeInteractiveLogonRight setting in by Local or Group Policy (2) Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\ Table 4.11 User Rights Assignments Setting Recommendations: Allow log on locally, Administrators, Backup Operators, Power Users(Legacy and Enterprise), Administrators (Specialized Security) Table 5.4 Recommended User Rights Assignments Settings: Allow log on locally8http://technet.microsoft.com/en-us/library/cc756809.aspx(1) defined the SeSecurityPrivilege setting in by Local or Group Policy (2) Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Table 4.11 User Rights Assignments Setting Recommendations: Manage auditing and security log, Not defined (Legacy and Enterprise), Administrators (Specialized Security)8http://technet.microsoft.com/en-us/library/aa996080.aspx(1) defined the SeSystemEnvironmentPrivilege setting in by Local or Group Policy (2) Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Table 4.11 User Rights Assignments Setting Recommendations: Not defined (Legacy and Enterprise), Administrators (Specialized Security)(1) defined the SeProfileSingleProcessPrivilege setting in by Local or Group Policy (2) Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Table 4.11 User Rights Assignments Setting Recommendations: Profile single process, Not defined (Legacy and Enterprise), Administrators (Specialized Security)(1) defined the SeSystemProfilePrivilege setting in by Local or Group Policy (2) Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Table 4.11 User Rights Assignments Setting Recommendations: Profile system performance, Not defined (Legacy and Enterprise), Administrators (Specialized Security)(1) defined the SeUndockPrivilege setting in by Local or Group Policy (2) Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Table 4.11 User Rights Assignments Setting Recommendations: Remove computer from docking station, Not defined (Legacy and Enterprise), Administrators (Specialized Security)(1) defined the SeAssignPrimaryTokenPrivilege setting in by Local or Group Policy (2) Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Table 4.11 User Rights Assignments Setting Recommendations: Replace a process level token, Not defined (Legacy and Enterprise), LOCAL SERVICE, NETWORK SERVICE (Specialized Security), Administrators (Specialized Security)(1) defined the SeRestorePrivilege setting in by Local or Group Policy (2) Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\:Table 4.11 User Rights Assignments Setting Recommendations: Restore files and directories, Not defined (Legacy and Enterprise), Administrators (Specialized Security) Table 5.4 Recommended User Rights Assignments Settings: Restore files and directories, Administrators (Legacy, Enterprise, and Specialized Security)8http://technet.microsoft.com/en-us/library/cc957236.aspx(1) defined the SeShutdownPrivilege setting in by Local or Group Policy (2) Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\'Table 4.11 User Rights Assignments Setting Recommendations: Shut down the system, Not defined (Legacy and Enterprise), Administrators (Specialized Security) Table 5.4 Recommended User Rights Assignments Settings: Shutdown the system, Administrators (Legacy, Enterprise, and Specialized Security)?http://technet.microsoft.com/en-us/library/cc759478(WS.10).aspx(1) defined the SeTakeOwnershipPrivilege setting in by Local or Group Policy (2) Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Table 4.11 User Rights Assignments Setting Recommendations: Take ownership of files or other objects, Not defined (Legacy and Enterprise), Administrators (Specialized Security)(1) defined the SeSynchAgentPrivilege setting in by Local or Group Policy (2) Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Table 4.11 User Rights Assignments Setting Recommendations: Synchronize directory service data, Not defined (Legacy and Enterprise), No one (Specialized Security) (1) defined the SeDenyInteractiveLogonRight setting in by Local or Group Policy (2) Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Table 4.11 User Rights Assignments Setting Recommendations: Deny logon locally, Not defined (Legacy and Enterprise), Guests; Support_388945a0 (Specialized Security)(1) defined the SeEnableDelegationPrivilege setting in by Local or Group Policy (2) Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\@Table 4.11 User Rights Assignments Setting Recommendations: Enable computer and user accounts to be trusted for delegation, Not defined (Legacy and Enterprise), Administrators (Specialized Security) Table 5.4 Recommended User Rights Assignments Settings: Enable computer and user accounts to be trusted for delegation, 8http://technet.microsoft.com/en-us/library/cc782684.aspx(1) defined the SeMachineAccountPrivilege setting in by Local or Group Policy (2) Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Table 5.4 Recommended User Rights Assignments Settings: Add workstations to domain, Not defined (Legacy and Enterprise), Administrators (Specialized Security)8http://technet.microsoft.com/en-us/library/cc780195.aspx(1) defined the SeRemoteInteractiveLogonRight setting in by Local or Group Policy (2) Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\ATable 4.11 User Rights Assignments Setting Recommendations: Allow log on through Terminal Services, Administrators and Remote Desktop Users (Legacy and Enterprise), Administrators (Specialized Security) Table 5.4 Recommended User Rights Assignments Settings: Administrators, (Legacy, Enterprise, and Specialized Security)8http://technet.microsoft.com/en-us/library/cc758613.aspx(1) defined the SeDenyBatchLogonRight setting in by Local or Group Policy (2) Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Deny log on as batch jobTable 4.11 User Rights Assignments Setting Recommendations: Deny logon as a batch job, G< uests; Support_388945a0 (Legacy, Enterprise, and Specialized Security) Table 4.30 Manually Added User Rights Assignments: Deny log on as a batch job, Support_388945a0 and Guest (Legacy, Enterprise, and Specialized Security) Table 5.8 Manually Added User Rights Assignments: Deny log on as a batch job (Legacy, Enterprise, and Specialized Security)?http://technet.microsoft.com/en-us/library/cc738621(WS.10).aspx(1) defined the SeDenyServiceLogonRight setting in by Local or Group Policy (2) Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Table 4.11 User Rights Assignments Setting Recommendations: Deny logon as a service, Not defined (Legacy and Enterprise), No one (Specialized Security)(1) defined the SeDenyRemoteInteractiveLogonRight setting in by Local or Group Policy (2) Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Deny log on through Terminal ServicesCUser Rights Assignments Setting Recommendations: Deny logon through Terminal Services, Guests (Legacy, Enterprise, and Specialized Security) Table 4.30 Manually Added User Rights Assignments: Deny log on through Terminal Services, Built-in Administrator; Guests; Support_388945a0; Guest ; all NON-operating system service accounts (Legacy, Enterprise, and Specialized Security) Table 5.8 Manually Added User Rights Assignments: Deny log on through Terminal Services, Built-in Administrator; all NON-operating system service accounts (Legacy, Enterprise, and Specialized Security)8http://technet.microsoft.com/en-us/library/cc737453.aspx(1) defined the SeManageVolumePrivilege setting in by Local or Group Policy (2) Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Table 4.11 User Rights Assignments Setting Recommendations: Perform volume maintenance tasks, Not defined (Legacy and Enterprise), Administrators (Specialized Security)(1) Computer Configuration\Windows Settings\Security Settings\Account Policies\Account Lockout Policy\Reset account lockout counter afterTable 3.2 Account Lockout Policy Settings: Reset account lockout counter after 30 minutes (Legacy and Enterprise), 15 minutes (Specialized Security)(1) Computer Configuration\Windows Settings\Security Settings\Account Policies\Account Lockout Policy\Account lockout duration Table 3.2 Account Lockout Policy Settings: Account lockout duration, 30 minutes (Legacy and Enterprise), 15 minutes (Specialized Security)(1) Computer Configuration\Windows Settings\Security Settings\Account Policies\Account Lockout Policy\Account lockout threshold Table 3.2 Account Lockout Policy Settings: Account lockout threshold, 50 invalid login attempts (Legacy and Enterprise) 10 invalid login attempts (Specialized Security)t(1) Computer Configuration\Windows Settings\Security Settings\Local Policies\Audit Policy\Audit account logon eventssTable 4.2 Audit Policy Settings: Audit account logon events, enabled (Legacy, Enterprise, and Specialized Security)8http://technet.microsoft.com/en-us/library/cc787176.aspx[Table 4.2 Audit Policy Settings: Audit account logon events, enabled (Specialized Security)t(1) Computer Configuration\Windows Settings\Security Settings\Local Policies\Audit Policy\Audit account management mTable 4.2 Audit Policy Settings: Audit account management, enabled (Legacy, Enterprise, Specialized Security)8http://technet.microsoft.com/en-us/library/cc737542.aspxYTable 4.2 Audit Policy Settings: Audit account management, enabled (Specialized Security)Z(1) Computer Configuration\Windows Settings\Security Settings\Local Policies\Audit Policy Table 5.2 Recommended Audit Policy Settings: Audit directory service access, no auditing (Legacy and Enterprise), Failure (Specialized Security)8http://technet.microsoft.com/en-us/library/cc960052.aspxl(1) Computer Configuration\Windows Settings\Security Settings\Local Policies\Audit Policy\Audit logon eventskTable 4.2 Audit Policy Settings: Audit logon events, enabled (Legacy, Enterprise, and Specialized Security)8http://technet.microsoft.com/en-us/library/cc787567.aspxSTable 4.2 Audit Policy Settings: Audit Logon events, enabled (Specialized Security)m(1) Computer Configuration\Windows Settings\Security Settings\Local Policies\Audit Policy\Audit object accessmTable 4.2 Audit Policy Settings: Audit object access, disabled (Legacy, Enterprise, and Specialized Security)9 http://technet.microsoft.com/en-us/library/cc776774.aspxTTable 4.2 Audit Policy Settings: Audit object access, enabled (Specialized Security)m(1) Computer Configuration\Windows Settings\Security Settings\Local Policies\Audit Policy\Audit policy changelTable 4.2 Audit Policy Settings: Audit policy change, enabled (Legacy, Enterprise, and Specialized Security)8http://technet.microsoft.com/en-us/library/cc776774.aspxm(1) Computer Configuration\Windows Settings\Security Settings\Local Policies\Audit Policy\Audit privilege usemTable 4.2 Audit Policy Settings: Audit privilege use, disabled (Legacy, Enterprise, and Specialized Security)8http://technet.microsoft.com/en-us/library/cc784501.aspxTTable 4.2 Audit Policy Settings: Audit privilege use, enabled (Specialized Security)q(1) Computer Configuration\Windows Settings\Security Settings\Local Policies\Audit Policy\ Audit Process trackingpTable 4.2 Audit Policy Settings: Audit Process tracking, disabled (Legacy, Enterprise, and Specialized Security)8http://technet.microsoft.com/en-us/library/cc775520.aspxn(1) Computer Configuration\Windows Settings\Security Settings\Local Policies\Audit Policy\ Audit system eventslTable 4.2 Audit Policy Settings: Audit system events: enabled (Legacy, Enterprise, and Specialized Security)8http://technet.microsoft.com/en-us/library/cc782518.aspxXTable 4.2 Audit Policy Settings: disabled (Legacy, Enterprise, and Specialized Security)(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\RestrictGuestAccess (2) defined by Group Policy Table 4.27 Event Log Setting Recommendations: Prevent local guests group from accessing application log, Enabled (Legacy, Enterprise, Specialized Security)?http://technet.microsoft.com/en-us/library/cc775983(WS.10).aspx(1) defined by the Windows Event Log (2) defined by Group Policy (3) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\MaxSize Table 4.27 Event Log Setting Recommendations: Maximum application log size, 16,384KB (Legacy, Enterprise, and Specialized Security)?http://technet.microsoft.com/en-us/library/cc779100(WS.10).aspxTable 4.27 Event Log Setting Recommendations: Retention method for application log, As needed (Legacy, Enterprise, and Specialized Security)?http://technet.microsoft.com/en-us/library/cc778157(WS.10).aspx~(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security\RestrictGuestAccess (2) defined by Group Policy Table 4.27 Event Log Setting Recommendations: Prevent local guests group from accessing security log, Enabled (Legacy, Enterprise, and Specialized Security)?http://technet.microsoft.com/en-us/library/cc736845(WS.10).aspx(1) defined by the Windows Event Log (2) defined by Group Policy (3) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security\MaxSize Table 4.27 Event Log Setting Recommendations: Maximum security log size, 81,920 KB (Legacy, Enterprise, and Specialized Security)w(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Retention (2) defined by Group Policy Table 4.27 Event Log Setting Recommendations: Retention method for security log, As needed (Legacy, Enterprise, and Specialized Security)|(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\RestrictGuestAccess (2) defined by Group Policy  (1) defined by the Windows Event Log (2) defined by Group Policy (3) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\MaxSize Table 4.27 Event Log Setting Recommendations: Retention method for system log, As needed (Legacy, Enterprise, Specialized Security)?http://technet.m< icrosoft.com/en-us/library/cc785245(WS.10).aspxeTable 3.1 Password Policy Setting Recommendations: 42 days (Legacy, Enterprise, Specialized Security)cTable 3.1 Password Policy Setting Recommendations: 1 day (Legacy, Enterprise, Specialized Security)}Table 3.1 Password Policy Setting Recommendations: 8 characters (Legacy and Enterprise), 12 characters (Specialized Security)iTable 3.1 Password Policy Setting Recommendations: Enabled (Legacy, Enterprise, and Specialized Security)Table 3.1 Password Policy Setting Recommendations: Enforce password History 24 passwords remembered Legacy, Enterprise, Specialized Security)Table 3.1 Password Policy Setting Recommendations: Store password using reversible encryption Disabled (Legacy, Enterprise, and Specialized Security)(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Alerter\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy (1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv (2) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU\NoAutoUpdate (3) defined by the Services Administrative Tool (4) definied by Group Policy (1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy (1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ClipSrv\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy (1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Fax\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy (1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSFTPSVC\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy (1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IISADMIN\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy (1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CiSvc\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy (1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Messenger\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy P(1) defined by the Services Administrative Tool (2) definied by Group Policy (1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mnmsrvc\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy (1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RDSessMgr\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy (1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy (1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy (1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy (1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RshSvc\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy (1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SIMPTCP\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy (1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SMTPSVC\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy (1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SNMP\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy (1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SNMPTRAP\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy (1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Schedule\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy (1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy (1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TermService\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy (1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\upnphost\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy (1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W3SVC\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy +(1) set of accounts (2) list of permissions?(1) set via Security Templates (2) definied by Group Policy (1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\RestrictAnonymous (2) Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Network access: Do not allow anonymous enumeration of SAM accounts and sharesTable 4.19 Security Options: Network Access Setting Recommendations: Do not allow anonymous enumeration of SAM accounts and shares, Enabled (Legacy, Enterprise and Specialized Security)?http://technet.microsoft.com/en-us/library/cc782569(WS.10).aspx(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\RestrictAnonymousSAM (2) Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Network access: Do not allow anonymous enumeration of SAM accounts Table 4.19 Security Options: Network Access Setting Recommendations: Do not allow anonymous enumeration of SAM accounts, Enabled (Legacy, Enterprise, and Specialized Security)8http://technet.microsoft.com/en-us/library/cc740088.aspx(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AnonymousNameLookup (2)Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Network access: Allow anonymous SID/NAME translationd(1) Table 3.3 Security Options Settings: Microsoft network server: Network Access: Allow anonymous SID/NAME translation, Disabled (Legacy, Enterprise, and Specialized Security) (2) Table 4.19 Security Options: Network Access Setting Recommendations: Allow anonymous SID/NAME translation, Not defined (Legacy and Enterprise), Disabled (Specialized Security)8http://technet.microsoft.com/en-us/library/cc728431.aspx)(1) exist/not exist (2) enabled/disabled(1) Local Users and Groups MMC (2) Computer Configuration\Windows Settings\Security Settings\ Local Policies\Security Options\Accounts: Guest account statusTable 4.12 Security Options: Accounts Setting Recommendations: Guest account status, Disabled (Legacy, Enterprise, and Specialized Security) (1) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\LegalNoticeCaption (2) Computer Configuration\Windows Settings\Security Settings\ Local Policies\Security Options\Interactive logon: Message title for users attempting to log on Table 4.16 Security Options: Interactive Logon Setting Recommendations: Message title for users attempting to log on, "Consult with the relevant people in your organization." (Legacy, Enterprise, and Specialized Security)8http://technet.microsoft.com/en-us/library/cc778393.aspx(1) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\LegalNoticeText (2) Computer Configuration\Windows Settings\Security Settings\ Local Policies\Security Options\Interactive logon: Message text for users attempting to log on Table 4.16 Security Options: Interactive Logon Setting Recommendations: Message text for users attempting to log on, "Consult with the relevant people in your organization" (Legacy, Enterprise, and Specialized Security)8http://technet.microsoft.com/en-us/library/cc779661.aspxTable 4.29 Other Registry Entry Recommendations: MSS: (AutoAdminLogon) Enable Automatic Logon (not recommended), 0 (Legacy, Enterprise, and Specialized Security)&http://support.microsoft.com/kb/324737Table 4.29 Other Registry Entry Recommendations: MSS: (NoDriveTypeAutoRun) Disable Autorun for all drives (recommend< ed), 0xFF (Legacy, Enterprise and Specialized Security)&http://support.microsoft.com/kb/895108vTable 4.28 TCP/IP Registry Entry Recommendations: EnableICMPRedirect, 0 (Legacy, Enterprise, and Specialized Security)?http://technet.microsoft.com/en-us/library/cc739622(WS.10).aspxzTable 4.28 TCP/IP Registry Entry Recommendations: PerformRouterDiscovery, 0 (Legacy, Enterprise, and Specialized Security)8http://technet.microsoft.com/en-us/library/cc962464.aspx(1) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\DontDisplayLastUserName (2) Computer Configuration\Windows Settings\Security Settings\ Local Policies\Security Options\Do not display last user nameTable 4.16 Security Options: Interactive Logon Setting Recommendations: Do not display last user name, Enabled (Legacy, Enterprise, and Specialized Security)8http://technet.microsoft.com/en-us/library/cc938084.aspxvTable 4.28 TCP/IP Registry Entry Recommendations: EnableDeadGWDetect, 0 (Legacy, Enterprise, and Specialized Security)8http://technet.microsoft.com/en-us/library/cc960464.aspxwTable 4.28 TCP/IP Registry Entry Recommendations: KeepAliveTime, 300,000 (Legacy, Enterprise, and Specialized Security)8http://technet.microsoft.com/en-us/library/cc957549.aspxTable 4.29 Other Registry Entry Recommendations: MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers, 1 (Legacy, Enterprise and Specialized Security)8http://technet.microsoft.com/en-us/library/cc766102.aspxtTable 4.28 TCP/IP Registry Entry Recommendations: SynAttackProtect, 1 (Legacy, Enterprise, and Specialized Security)8http://technet.microsoft.com/en-us/library/cc781167.aspxTable 4.29 Other Registry Entry Recommendations: MSS: (DisableSavePassword) Prevent the dial-up password from being saved (recommended), 1 (Legacy, Enterprise, and Specialized Security)?http://technet.microsoft.com/en-us/library/cc784187(WS.10).aspx(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\SealSecureChannel (2) defined by Local or Group Policy (1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\SignSecureChannel (2) defined by Local or Group Policy Table 4.29 Other Registry Entry Recommendations: MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended), 1 (Legacy, Enterprise, and Specialized Security)5http://msdn.microsoft.com/en-us/library/ms682586.aspx(1) Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Domain controller: Allow server operators to schedule tasksTable 5.5 Security Options: Domain Controller Setting Recommendations: Allow server operators to schedule tasks, Disabled (Legacy, Enterprise, and Specialized Security)8http://technet.microsoft.com/en-us/library/cc778844.aspx}Rename the Administrator and Guest accounts, and change their passwords to long and complex values on every domain and server(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\AutoDisconnect (2) Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Microsoft network server: Amount of idle time required before suspending sessionTable 4.18 Security Options: Microsoft Network Server Setting Recommendations: Amount of idle time required before suspending session, 15 minutes (Legacy, Enterprise and Specialized Security)?http://technet.microsoft.com/en-us/library/cc776037(WS.10).aspx(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\AuditBaseObjects (2) Computer Configuration\Windows Settings\Security Settings\ Local Policies\Security Options\Audit: Audit the access of global system objects Table 4.13 Security Options: Audit Setting Recommendations: Audit the access of global system objects, Disabled (Legacy, Enterprise, and Specialized Security)8http://technet.microsoft.com/en-us/library/cc776742.aspx(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\FullPrivilegeAuditing (2) Computer Configuration\Windows Settings\Security Settings\ Local Policies\Security Options\Audit: Audit the use of Backup and Restore privilege Table 4.13 Security Options: Audit Setting Recommendations: Audit the use of Backup and Restore privilege, Disabled (Legacy, Enterprise, and Specialized Security)9http://technet.microsoft.com/en-us/library/cc759769.aspx (1) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableCAD (2) Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Interactive logon: Do not require CTRL+ALT+DELTable 4.16 Security Options: Interactive Logon Setting Recommendations: Do not require CTRL+ALT+DEL, Disabled (Legacy, Enterprise, and Specialized Security)8http://technet.microsoft.com/en-us/library/cc780932.aspx(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\LMCompatibilityLevel (2) Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Network security: LAN Manager authentication levelTable 4.20 Security Options: Network Security Setting Recommendations: LAN Manager authentication level, Send NTLMv2 responses only (Legacy), Send NTLMv2 response only\refuse LM (Enterprise), Send NTLMv2 response only\refuse LM & NTLM (Specialized Security)8http://technet.microsoft.com/en-us/library/cc738867.aspx(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\Providers\LanMan Print Services\Servers\AddPrinterDrivers (2) Computer Configuration\Windows Settings\Security Settings\ Local Policies\Security Options\Devices: Prevent users from installing printer driversTable 4.14 Security Options: Devices Setting Recommendations: Prevent users from installing printer drivers, Enabled (Legacy, Enterprise and Specialized Security)8http://technet.microsoft.com/en-us/library/cc787926.aspx(1) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Setup\RecoveryConsole\SecurityLevel (2) Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Recovery console: Allow automatic administrative logonTable 4.22 Security Options: Recovery Console Setting Recommendations: Allow automatic administrative logon, Disabled (Legacy, Enterprise, and Specialized Security)8http://technet.microsoft.com/en-us/library/cc776592.aspx(1) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Setup\RecoveryConsole\SetCommand (2) Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Recovery console: Allow floppy copy and access to all drives and all folders Table 4.22 Security Options: Recovery Console Setting Recommendations: Allow floppy copy and access to all drives and all folders, Enabled (Legacy and Enterprise), Disabled (Specialized Security)8http://technet.microsoft.com/en-us/library/cc779593.aspx(1) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\AllocateCDRoms (2) Computer Configuration\Windows Settings\Security Settings\ Local Policies\Security Options\Devices: Restrict CD-ROM access to locally logged-on user onlyTable 4.14 Security Options: Devices Setting Recommendations: Restrict CD-ROM access to locally logged-on user only, Not defined (Legacy and Enterprise), Disabled (Specialized Security)8http://technet.microsoft.com/en-us/library/cc738129.aspx(1) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\AllocateFloppies (2) Computer Configuration\Windows Settings\Security Settings\ Local Policies\Security Options\Devices: Restrict floppy access to locally logged-on user only Table 4.14 Security Options: Devices Setting Recommendations: Restrict floppy access to locally logged-on user only, Not defined (Legacy and Enterprise), and Disabled (Specialized Security)8http://technet.microsoft.com/en-us/library/cc784198.aspx(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\ProtectionMode (2) Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\System objects: Strengthen default permissions of internal system objects (e.g.< Symbolic Links)Table 4.25 Security Options: System Objects Setting Recommendations: Strengthen default permissions of internal system objects (for example, Symbolic Links), Enabled (Legacy, Enterprise, and Specialized Security)@http://technet.microsoft.com/en-us/library/cc739013(WS.10).aspx ZThe "Require Strong (Windows 2000 or later) Session Key" policy should be set correctly. (1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\RequireStrongKey (2) Computer Configuration\Windows Settings\Security Settings\ Local Policies\Security Options\Domain member: Require strong (Windows 2000 or later) session keyTable 4.15 Security Options: Domain Member Setting Recommendations: Require strong (Windows 2000, Windows XP, or Windows Server 2003) session key, Enabled (Legacy, Enterprise, and Specialized Security)8http://technet.microsoft.com/en-us/library/cc938309.aspx(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanWorkstation\Parameters\EnablePlainTextPassword (2) Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Microsoft network client: Send unencrypted password to third-party SMB serversTable 4.17 Security Options: Microsoft Network Client Setting Recommendations: Send unencrypted password to third-party SMB servers, Disabled (Legacy, Enterprise, and Specialized Security)8http://technet.microsoft.com/en-us/library/cc782276.aspx(1) HKEY_LOCAL_MACHINE\Software\Microsoft\Driver Signing\Policy (2) Computer Configuration\Windows Settings\Security Settings\ Local Policies\Security Options\Devices: Unsigned driver installation behaviorTable 4.14 Security Options: Devices Setting Recommendations: Unsigned driver installation behavior, Warn but allow installation (Legacy, Enterprise and Specialized Security)9http://technet.microsoft.com/en-us/library/cc775492.aspx (1) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\PasswordExpiryWarning (2) Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Interactive logon: Prompt user to change password before expirationTable 4.16 Security Options: Interactive Logon Setting Recommendations: Prompt user to change password before expiration, 14 days (Legacy, Enterprise and Specialized Security)8http://technet.microsoft.com/en-us/library/cc783344.aspx(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\CrashOnAuditFail (2) Computer Configuration\Windows Settings\Security Settings\ Local Policies\Security Options\Audit: Shut down system immediately if unable to log security auditsTable 4.13 Security Options: Audit Setting Recommendations: Shut down system immediately if unable to log security audits, Disabled (Legacy and Enterprise), Enabled (Specialized Security)?http://technet.microsoft.com/en-us/library/cc739010(WS.10).aspx(1) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\ShutdownWithoutLogon (2) Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Shutdown: Allow system to be shut down without having to log onTable 4.23 Security Options: Shutdown Setting Recommendations: Allow system to be shut down without having to log on, Disabled (Legacy, Enterprise and Specialized Security)8http://technet.microsoft.com/en-us/library/cc957282.aspx(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Memory Management\ClearPageFileAtShutdown (2) Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Recovery console: Clear virtual memory page fileTable 4.23 Security Options: Shutdown Setting Recommendations: Clear virtual memory page file, Disabled (Legacy, Enterprise and Specialized Security)8http://technet.microsoft.com/en-us/library/cc938011.aspx(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanWorkstation\Parameters\RequireSecuritySignature (2) Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Microsoft network client: Digitally sign communications (always)Table 4.17 Security Options: Microsoft Network Client Setting Recommendations: Digitally sign communications (always), Disabled (Legacy), Enabled (Enterprise and Specialized Security)8http://technet.microsoft.com/en-us/library/cc728025.aspx (1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\RequireSecuritySignature (2) Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Microsoft network server: Digitally sign communications (always)Table 4.18 Security Options: Microsoft Network Server Setting Recommendations: Digitally sign communications (always), Disabled (Legacy), Enabled (Enterprise and Specialized Security) Table 8.2 Recommended Settings for Digitally Signing Communications (Always)8http://technet.microsoft.com/en-us/library/cc938043.aspx(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\EnableSecuritySignature (2) Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Microsoft network server: Digitally sign communications (if client agrees)Table 4.18 Security Options: Microsoft Network Server Setting Recommendations: Digitally sign communications (if client agrees), Enabled (Legacy, Enterprise, and Specialized Security)8http://technet.microsoft.com/en-us/library/cc759474.aspx (1) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\CachedLogonsCount (2) Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Number of previous logons to cache (in case domain controller is not available)Table 4.16 Security Options: Interactive Logon Setting Recommendations: Number of previous logons to cache (in case domain controller is not available), 1 (Legacy), 0 (Enterprise and Specialized Security)8http://technet.microsoft.com/en-us/library/cc755473.aspx(1) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\AllocateDASD (2) Computer Configuration\Windows Settings\Security Settings\ Local Policies\Security Options\Devices: Allowed to format and eject removable mediaTable 4.14 Security Options: Devices Setting Recommendations: Allowed to format and eject removable media, Administrators (Legacy, Enterprise, and Specialized Security)8http://technet.microsoft.com/en-us/library/cc740126.aspx(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\RequireSignOrSeal (2) Computer Configuration\Windows Settings\Security Settings\ Local Policies\Security Options\Domain member: Digitally encrypt or sign secure channel data (always)Table 4.15 Security Options: Domain Member Setting Recommendations: Digitally encrypt or sign secure channel data (always), Disabled (Legacy), Enabled (Enterprise and Specialized Security)8http://technet.microsoft.com/en-us/library/cc736800.aspx(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\SealSecureChannel (2) Computer Configuration\Windows Settings\Security Settings\ Local Policies\Security Options\Domain member: Digitally encrypt secure channel data (when possible)Table 4.15 Security Options: Domain Member Setting Recommendations: Digitally encrypt secure channel data (when possible), Enabled (Legacy, Enterprise, and Specialized Security)8http://technet.microsoft.com/en-us/library/cc757973.aspx(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\SignSecureChannel (2) Computer Configuration\Windows Settings\Security Settings\ Local Policies\Security Options\Domain member: Digitally sign secure channel data (when possible)Table 4.15 Security Options: Domain Member Setting Recommendations: Digitally sign secure channel data (when possible), Enabled (Legacy, Enterprise, and Specialized Security)8http://technet.microsoft.com/en-us/library/cc785086.aspx(1) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ScRemoveOption (2) Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Interactive logon: Sm< art card removal behaviorTable 4.16 Security Options: Interactive Logon Setting Recommendations: Smart card removal behavior, Not defined (Legacy), Lock Workstation (Enterprise and Specialized Security)?http://technet.microsoft.com/en-us/library/cc776917(WS.10).aspx(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\FIPSAlgorithmPolicy (2) Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signingnTable 4.24 Security Options: System Cryptography Setting Recommendations: Use FIPS compliant algorithms for encryption, hashing, and signing, Disabled (Legacy and Enterprise), Enabled (Specialized Security) Table 11.1 Recommended Security Options Settings: System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing, Enabled (Enterprise)8http://technet.microsoft.com/en-us/library/cc780081.aspx(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\NoDefaultAdminOwner (2) Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\System objects: Default owner for objects created by members of the Administrators groupTable 4.25 Security Options: System Objects Setting Recommendations: Default owner for objects created by members of the Administrators group: Default owner for objects created by members of the Administrators group, Object creator (Legacy, Enterprise, and Specialized Security)?http://technet.microsoft.com/en-us/library/cc775434(WS.10).aspx(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Kernel\ObCaseInsensitive (2) Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\System objects: Require case insensitivity for non-Windows subsystemsTable 4.25 Security Options: System Objects Setting Recommendations:Require case insensitivity for non-Windows subsystems, Enabled (Legacy, Enterprise, and Specialized Security)?http://technet.microsoft.com/en-us/library/cc775971(WS.10).aspx(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\LimitBlankPasswordUse (2) Computer Configuration\Windows Settings\Security Settings\ Local Policies\Security Options\Accounts: Limit local account use of blank passwords to console logon onlyTable 4.12 Security Options: Accounts Setting Recommendations: Limit local account use of blank passwords to console logon only, Enabled (Legacy, Enterprise, and Specialized Security)(1) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\UndockWithoutLogon (2) Computer Configuration\Windows Settings\Security Settings\ Local Policies\Security Options\Devices: Allow undock without having to log on Table 4.14 Security Options: Devices Setting Recommendations: Allow undock without having to log on, Disabled (Legacy, Enterprise, and Specialized Security)8http://technet.microsoft.com/en-us/library/cc737384.aspx(1) Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Domain controller: LDAP server signing requirementsTable 5.5 Security Options: Domain Controller Setting Recommendations: LDAP server signing requirements, Not defined (Legacy, and Enterprise), Require signing (Specialized Security)8http://technet.microsoft.com/en-us/library/cc778124.aspx(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LDAP\LDAPClientIntegrity (2) Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Network security: LDAP client signing requirementsTable 4.20 Security Options: Network Security Setting Recommendations: LDAP client signing requirements, Negotiate signing (Legacy, Enterprise, and Specialized Security)?http://technet.microsoft.com/en-us/library/cc738915(WS.10).aspx(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\RefusePasswordChange (2) Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Domain controller: Refuse machine account password changesTable 5.5 Security Options: Domain Controller Setting Recommendations: Refuse machine account password changes, Disabled (Legacy, Enterprise, and Specialized Security)8http://technet.microsoft.com/en-us/library/cc739351.aspx(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\MaximumPasswordAge (2) Computer Configuration\Windows Settings\Security Settings\ Local Policies\Security Options\Domain member: Maximum machine account password ageTable 4.15 Security Options: Domain Member Setting Recommendations: Maximum machine account password age, 30 days (Legacy, Enterprise, and Specialized Security)8http://technet.microsoft.com/en-us/library/cc781050.aspx(1) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ForceUnlockLogon (2) Computer Configuration\Windows Settings\Security Settings\ Local Policies\Security Options\Interactive logon: Require Domain Controller authentication to unlock workstation Table 4.16 Security Options: Interactive Logon Setting Recommendations: Require Domain Controller authentication to unlock workstation, Enabled (Legacy, Enterprise, and Specialized Security)(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\EnableForcedLogoff (2) defined by Local or Group Policy Z(1) Table 3.3 Security Options Settings: Microsoft network server: Disconnect clients when logon hours expire, Enabled (Legacy, Enterprise and Specialized Security) (2) Table 4.18 Security Options: Microsoft Network Server Setting Recommendations: Disconnect clients when logon hours expire, Enabled (Legacy, Enterprise, and Specialized Security)(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\DisableDomainCreds (2) Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Network access: Do not allow storage of credentials or .NET Passports for network authenticationTable 4.19 Security Options: Network Access Setting Recommendations: Do not allow storage of credentials or .NET Passports for network authentication, Enabled (Legacy, Enterprise, Specialized Security)8http://technet.microsoft.com/en-us/library/cc779377.aspx(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\EveryoneIncludesAnonymous (2) Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Network access: Let Everyone permissions apply to anonymous users Table 4.19 Security Options: Network Access Setting Recommendations: Let Everyone permissions apply to anonymous users, Disabled (Legacy, Enterprise, and Specialized Security)8http://technet.microsoft.com/en-us/library/cc778182.aspx(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\NullSessionPipes (2) Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Network Access: Named Pipes that can be accessed anonymouslyTable 4.19 Security Options: Network Access Setting Recommendations: Named Pipes that can be accessed anonymously, Not defined (Legacy and Enterprise), COMNAP, COMNODE, SQL\QUERY, SPOOLSS, LLSRPC, netlogon, lsarpc, samr, browser (Specialized Security)8http://technet.microsoft.com/en-us/library/cc785123.aspx(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurePipeServers\Winreg\AllowedPathsHKLM (2) Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Network access: Remotely accessible registry paths2Table 4.19 Security Options: Network Access Setting Recommendations: Remotely accessible registry paths, System\ CurrentControlSet\Control\ Product Options; System\ CurrentControlSet\Control\ Server Applications; Software\Microsoft\ Windows NT\ CurrentVersion (Legacy, Enterprise, and Specialized security)8http://technet.microsoft.com/en-us/library/cc786180.aspx(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\NullSessionShares (2) Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Network access: Shares that can be accessed anonymously< Table 4.19 Security Options: Network Access Setting Recommendations: Shares that can be accessed anonymously, Not defined (Legacy and Enterprise), None (Specialized Security)8http://technet.microsoft.com/en-us/library/cc776860.aspx(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\ForceGuest (2) Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Network access: Sharing and security model for local accountsTable 4.19 Security Options: Network Access Setting Recommendations: Sharing and security model for local accounts, Classic local users authenticate as themselves (Legacy, Enterprise, and Specialized Security)8http://technet.microsoft.com/en-us/library/cc786449.aspx(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\NoLMHash (2) Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Network security: Do not store LAN Manager hash value on next password change=Table 4.20 Security Options: Network Security Setting Recommendations: Do not store LAN Manager hash value on next password change, Enabled (Legacy, Enterprise, and Specialized Security) Table 5.6 Security Options: Network Security Settings Recommendations: Do not store LAN Manager hash value on next password change8http://technet.microsoft.com/en-us/library/cc757582.aspx(1) Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Microsoft network server: Disconnect clients when logon hours expireL(1) Table 3.3 Security Options Settings: Network Security: Force Logoff when Logon Hours expire, Enabled (Legacy, Enterprise and Specialized Security) (2) Table 4.18 Security Options: Microsoft Network Server Setting Recommendations: Disconnect clients when logon hours expire, Enabled (Legacy, Enterprise and Specialized Security) 8http://technet.microsoft.com/en-us/library/cc758192.aspx(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0\NTLMMinClientSec (2) Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Network Security: Minimum session security for NTLM SSP based (including secure RPC) clientsTable 4.20 Security Options: Network Security Setting Recommendations: Minimum session security for NTLM SSP based (including secure RPC) clients: No minimum (Legacy), Enabled all settings (Enterprise and Security)(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0\NTLMMinServerSec (2) Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Network security: Minimum session security for NTLM SSP based (including secure RPC) serversTable 4.20 Security Options: Network Security Setting Recommendations: Minimum session security for NTLM SSP based (including secure RPC) servers, No minimum (Legacy), Enabled all settings (Enterprise and Specialized Security)8http://technet.microsoft.com/en-us/library/cc776157.aspx(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Messenger\Client\{9b017612-c9f1-11d2-8d9f-0000f875c541}\Disabled (2) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\MessengerService (1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\MinEncryptionLevel (2) Computer Configuration\Administrative Templates\Windows Components\ Terminal Services\Encryption and Security\Set client connection encryption levelTable 4.31 Client Connection Encryption Level Setting Recommendation: Set client connection encryption level, High (Legacy, Enterprise, and Specialized Security) Table 5.10 Recommended Terminal Services Settings: Set client connection encryption level(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\PCHealth\ErrorReporting\DoReport (2) Computer Configuration\Administrative Templates\System\Internet Communications Management\Internet Communications settings\Tuff off Windows Error ReportingCTable 4.33 Recommended Error Reporting Settings: Turn off Windows Error Reporting, Enabled (Legacy, Enterprise, and Specialized Security) Table 5.12 Recommended Error Reporting Settings: Turn off Windows Error Reporting Table 12.4 Recommended Error Reporting Settings, Enabled (Legacy, Enterprise, and Specialized Security)v(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NtmsSvc\Start (2) defined by the Services Administrative Tool]Table 3.199 Removable Storage: Disabled (Legacy Client, Enterprise Client, and High Security)jThe "Allow automatic updates immediate installation" setting should be enabled or disabled as appropriate.(1) Computer Configuration/Administrative Templates/Windows Components/Windows Update/Allow Automatic Updates immediate installationDThe "Automatic Updates detection frequency" should be set correctly.{(1) Computer Configuration/Administrative Templates/Windows Components/Windows Update/Automatic Updates detection frequency?Automatic updates should be enabled or disabled as appropriate.q(1) Computer Configuration/Administrative Templates/Windows Components/Windows Update/Configure Automatic UpdatesThe "No auto-restart with logged on users for scheduled automatic updates installations" setting should be enabled or disabled as appropriate.(1) Computer Configuration/Administrative Templates/Windows Components/Windows Update/No auto-restart with logged on users for scheduled automatic updates installations(1) Computer Configuration/Administrative Templates/Windows Components/Windows Update/Reschedule Automatic Updates scheduled installationsnThe "Specify intranet Microsoft update service location" setting should be enabled or disabled as appropriate.(1) Computer Configuration/Administrative Templates/Windows Components/Windows Update/Specify intranet Microsoft update service location(1) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoMSAppLogo5ChannelNotify (2) Local Internet Options: (3) GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Features/Restrict File Download (4) Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD\(Reserved) (5) [HKLM | HKCU]\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD\explorer.exe (6) [HKLM | HKCU]\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD\iexplore.exec(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ProxySettingsPerUser, (2) Local Internet Options: (3) GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer, (4) Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ProxySettingsPerUserw(1) Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\MSS: (AutoShareServer) Enable Administrative Shares (recommended except for highly secure environments) (2) HKLM\System\CurrentControlSet\Services\LanmanServer\Parameters\AutoShareServer (3) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanServer\Parameters\AutoShareWksTable 4.29 Other Registry Entry Recommendations: MSS: (AutoShareWks) Enable Administrative Shares (recommended except for highly secure environments), 1 (Legacy), 0 (Enterprise and Specialized Security)&http://support.microsoft.com/kb/245117Table 4.29 Other Registry Entry Recommendations: MSS: (ScreenSaverGracePeriod) The time in seconds before the screen saver grace period expires, 0 (Legacy, Enterprise, and Specialized Security)8http://technet.microsoft.com/en-us/library/cc785331.aspxTable 4.12 Security Options: Accounts Setting Recommendations: Administrator account status, Not defined (Legacy and Enterprise), Enabled (Specialized Security)Table 4.11 User Rights Assignments Setting Recommendations: Not defined (Legacy and Enterprise), Administrators, SERVICE (Special< ized Security)Table 4.15 Security Options: Domain Member Setting Recommendations: Disable machine account password changes, Disabled (Legacy, Enterprise, and Specialized Security)8http://technet.microsoft.com/en-us/library/cc785826.aspxTable 4.11 User Rights Assignments Setting Recommendations: Impersonate a client after authentication, Not defined (Legacy and Enterprise), Administrators, SERVICE (Specialized Security)E(1) HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\scforceoption, Computer Configuration\Windows Settings\Local Policies\Security Options\Interactive logon: Require smart card (2) Computer Configuration\Windows Settings\Security Settings\ Local Policies\Security Options\Interactive logon: Require smart card Table 4.16 Security Options: Interactive Logon Setting Recommendations: Require smart card, Not defined (Legacy, and Enterprise), Disabled (Specialized Security)8http://technet.microsoft.com/en-us/library/cc782056.aspx(1) HKLM\System\CurrentControlSet\Services\LanmanWorkstation\Parameters\EnableSecuritySignature (2) Computer Configuration\Windows Settings\Local Policies\Security Options\Microsoft network client: Digitally sign communications (if server agrees)Table 4.17 Security Options: Microsoft Network Client Setting Recommendations: Digitally sign communications (if server agrees), Enabled (Legacy, Enterprise and Specialized Security)Table 4.29 Other Registry Entry Recommendations: MSS: (AutoReboot) Allow Windows to automatically restart after a system crash (recommended except for highly secure environments), 1 (Legacy and Enterprise), 0 (Specialized Security)8http://technet.microsoft.com/en-us/library/cc976049.aspxTable 4.29 Other Registry Entry Recommendations: MSS: (NoDefaultExempt) Enable NoDefaultExempt for IPSec Filtering (recommended), 3 (Legacy, Enterprise, and Specialized Security)8http://technet.microsoft.com/en-us/library/bb727063.aspxTable 4.29 Other Registry Entry Recommendations: MSS: (NtfsDisable8dot3NameCreation) Enable the computer to stop generating 8.3 style filenames (recommended), 0 (Legacy, Enterprise and Specialized Security)8http://technet.microsoft.com/en-us/library/cc959352.aspxTable 4.28 TCP/IP Registry Entry Recommendations: TcpMaxConnectResponseRetransmissions, 2 (Legacy, Enterprise and Specialized Security)8http://technet.microsoft.com/en-us/library/cc938208.aspx}Table 4.28 TCP/IP Registry Entry Recommendations: TcpMaxDataRetransmissions, 3 (Legacy, Enterprise, and Specialized Security)?http://technet.microsoft.com/en-us/library/cc780586(WS.10).aspxTable 4.29 Other Registry Entry Recommendations: MSS: (WarningLevel) Percentage threshold for the security event log at which the system will generate a warning, 90 (Legacy, Enterprise and Specialized Security)@Table 4.19 Security Options: Network Access Setting Recommendations: Remotely accessible registry paths and sub-paths, System\ CurrentControlSet\Control\ Product Options; System\ CurrentControlSet\Control\ Server Applications; Software\Microsoft\ Windows NT\ CurrentVersion (Legacy, Enterprise, and Specialized Security)Table 4.19 Security Options: Network Access Setting Recommendations: Restrict anonymous access to Named Pipes and Shares, Enabled (Legacy, Enterprise, and Specialized Security)9http://technet.microsoft.com/en-us/library/cc778473.aspx Table 4.24 Security Options: System Cryptography Setting Recommendations: Force strong key protection for user keys stored on the computer, User is prompted when the key is first used (Legacy and Enterprise), User must enter a password each time they use a key (Specialized Security)8http://technet.microsoft.com/en-us/library/cc738035.aspxTable 4.26 Security Options: System Setting Recommendations: System settings: Use Certificate Rules on Windows Executables for Software Restriction Policies, Not defined (Legacy), Disable (Enterprise), Enabled (Specialized Security) CCE-9994-5eThe "Change Password" option in the Ctrl+Alt+Del dialog should be enabled or disabled as appropriate.(1) User Configuration/Administrative Templates/System/Ctrl+Alt+Del Options/Remove Change Password (2) HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableChangePassword]How to Prevent Users from Changing a Password Except When Required (High Security Enviroment)YHow to Prevent Users from Changing a Password Except When Required (Specialized Security))http://support.microsoft.com/?kbid=324744 CCE-10633-6^(1) name, domain and user names (2) User display name only (3) Do not display user information(1) Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Interactive logon: Display user information when the session is locked (2) HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\DontDisplayLockedUserIdTable 4.16 Security Options: Interactive Logon Setting Recommendations: Display user information when the session is locked, Not defined (Legacy and Enterprise), User display name, domain and user names (Specialized Security)khttp://blogs.technet.com/askds/archive/2009/02/06/how-to-hide-user-information-when-computer-is-locked.aspx CCE-9710-5\The account description for the built-in Administrator account should be set as appropriate.(1) description7Computer Management>Local Users and Groups>Users>Renamepg 112: Change the account descriptions to something other than the defaults to help prevent easy identification of the accounts CCE-10688-0User-initiated system crashes via the CTRL+SCROLL LOCK+SCROLL LOCK sequence should be enabled or disabled for PS/2 keyboards as appropriate.^(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\i8042prt\Parameters\CrashOnCtrlScrollWindows Server 2003 with SP1 includes a feature that you can use to halt the computer and generate a Memory.dmp file. You must explicitly enable this feature, and it may not be appropriate for all servers in your organization.6http://support.microsoft.com/default.aspx?kbid=244139. CCE-10710-2User-initiated system crashes via the CTRL+SCROLL LOCK+SCROLL LOCK sequence should be enabled or disabled for USB keyboards as appropriate.\(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\kbdhid\Parameters\CrashOnCtrlScroll CCE-10463-8/The Syskey mode should be configured correctly.(1) mode(1) syskey commandTable 5.9 Syskey Modes, Mode 1: System Generated Password, Store Startup Key Locally, Mode 2: Administrator generated password, Password Startup, Mode 3: System Generated Password, Store Startup Key on Floppy Disk (Modes 2 and 3 are considered more secure options)W(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\EventLog\Setup\ChannelAccessj(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Windows Search Service\StartN(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WCN\UI\DisableWcnUi`(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\DeviceInstall\Settings\AllowRemoteRPCw(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\DeviceInstall\Settings\DisableSendGenericDriverNotFoundToWERc(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\DisableWindowsUpdateAccessq(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\HandwritingErrorReports\PreventHandwritingErrorReportsM(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\PCHealth\HelpSvc\HeadlinesV(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\PCHealth\HelpSvc\MicrosoftKBSearchsd(1) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableStartupSoundDMicrosoft Office 2007 Threats and Countermeasures guide Beta release`Table 1.124. Disable VBA for Office applications, Table 2.5. Disable VBA for Office applications)Table 1.3. ActiveX Control Initialization;Table 1.148. Enable Customer Experience Improvement ProgramFTable 1.23. Automatically receive small updates to improve reliability#Table 1.179. Online content options'Table 1.234. VBA Macro Warning Settings1Table 1.225. Trust access to Visual Basic ProjectYThe "Disable Remember Passwords" setting should be configu< red correctly for Outlook 2007.(1) User Configuration\Administrative Templates\Classic Administrative Templates\Microsoft Office Outlook 2007\Security\Disable Remember Passwords (2) HKCU\Software\Policies\Microsoft\Office\12.0\Outlook\Security\EnableRememberPwdUser Configuration\Administrative Templates\Classic Administrative Templates\Microsoft Office Outlook 2007\Security\Disable Remember Passwords [The "Configure Add-In Trust Level" setting should be configured correctly for Outlook 2007.(1) User Configuration\Administrative Templates\Classic Administrative Templates\Microsoft Office Outlook 2007\Security\Configure Add-In Trust Level (2) HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\12.0\Outlook\Security\AddinTrust%Table 1.72. Configure trusted add-ins!DEPRECATED in favor of CCE-537-1.(Table 1.173. Minimum encryption settingsTTable 1.134. Do not check e-mail address against address of certificates being using>Table 1.214. Send all signed messages as clear signed messagesETable 1.198. Request an S/MIME receipt for all S/MIME signed messages3Table 1.135. Do not display 'Publish to GAL' buttonTable 1.220. Signature Warning;Table 1.204. Retrieving CRLs (Certificate Revocation Lists)CTable 1.64. Block updates from the Office Update Site from applying!Table 1.230. Underline hyperlinksLTable 1.120. Disable Trust Bar Notification for unsigned application add-ins+Table 1.87. Disable all application add-insMTable 1.200. Require that application add-ins are signed by Trusted Publisher)Table 1.89. Disable all trusted locations7Table 1.11. Allow Trusted Locations not on the computer&Table 1.176. Modal Trust Decision OnlyTable 1.94. Disable commands"Table 1.114. Disable shortcut keysTable 1.80. Default file format5Table 1.141. Do not prompt to convert older databases5Table 1.164. Internet and network paths as hyperlinks Table 1.211. Save Excel files as!Table 1.91. Disable AutoRepublish'Table 1.25. AutoRepublish Warning AlertkTable 1.81. Determine whether to force encrypted macros to be scanned in Microsoft Excel Open XML workbooks4Table 1.155. Force file extension to match file type>Table 1.221. Store macro in Personal Macro Workbook by default&Table 1.159. Ignore other applications)Table 1.17. Ask to update automatic linksDTable 1.210. Save any additional data necessary to maintain formulas>Table 1.169. Load pictures from Web pages not created in ExcelOTable 1.143. Do not show data extraction options when opening corrupt workbooksPTable 1.34. Block opening of files created by pre-release versions of Excel 20070Table 1.38. Block opening of Open XML file types1Table 1.29. Block opening of Binary 12 file types.Table 1.30. Block opening of Binary file types7Table 1.35. Block opening of Html and Xmlss files types+Table 1.49. Block opening of Xml file types4Table 1.32. Block opening of DIF and SYLK file types,Table 1.46. Block opening of Text file types*Table 1.48. Block opening of Xll file type/Table 1.57. Block saving of Open Xml file types/Table 1.52. Block saving of Binary12 file types5Table 1.55. Block saving of Html and Xmlss file types0Table 1.50. Block saving DIF and SYLK file types+Table 1.60. Block saving of Text file types Table 1.178. Offline Mode statusLTable 1.73. Control behavior for Windows SharePoint Services gradual upgradeITable 1.109. Disable opening of solutions from the Internet security zoneDTable 1.102. Disable fully trusted solutions full access to computer3Table 1.7. Allow file types as attachments to forms=Table 1.62. Block specific file types as attachments to formsRTable 1.186. Prevent users from allowing unsafe file types to be attached to formsMTable 1.74. Control behavior when opening forms in the Internet security zoneMTable 1.75. Control behavior when opening forms in the Intranet security zoneQTable 1.76. Control behavior when opening forms in the Trusted Site security zone5Table 1.26. Beaconing UI for forms opened in InfoPathDTable 1.27. Beaconing UI for forms opened in InfoPath Editor ActiveXYTable 1.77. Control behavior when opening InfoPath e-mail forms containing code or script<Table 1.112. Disable sending form template with e-mail formsQTable 1.97. Disable dynamic caching of the form template in InfoPath e-mail forms@Table 1.113. Disable sending InfoPath 2003 Forms as e-mail formsFTable 1.101. Disable e-mail forms running in restricted security level@Table 1.99. Disable e-mail forms from the Internet security zoneATable 1.100. Disable e-mail forms from the Intranet security zoneBTable 1.98. Disable e-mail forms from the Full Trust security zone5Table 1.106. Disable InfoPath e-mail forms in Outlook*Table 1.163. Information Rights ManagementTable 1.79. Custom code%Table 1.147. Email Forms Beaconing UIFTable 1.122. Disable user customization of Quick Access Toolbar via UIBTable 1.90. Disable all user customization of Quick Access Toolbar>Table 1.121. Disable UI extending from documents and templates*Table 1.194. Recognize smart tags in Excel_Table 1.93. Disable Clip Art and Media downloads from the client and from Office Online websiteVTable 1.117. Disable template downloads from the client and from Office Online websiteXTable 1.85. Disable access to updates, add-ins, and patches on the Office Online website\Table 1.188. Prevents users from uploading document templates to the Office Online communityOTable 1.119. Disable training practice downloads from the Office Online websiteMTable 1.95. Disable customer-submitted templates downloads from Office Online?Table 1.180. Open Office documents as read/write while browsing<Table 1.195. Rely on VML for displaying graphics in browsers(Table 1.9. Allow PNG as an output format#Table 1.160. Improve Proofing Tools/Table 1.110. Disable Opt-in Wizard on first runCTable 1.88. Disable all Trust Bar notifications for security issuesOTable 1.191. Protect document metadata for rights managed Office Open XML FilesCTable 1.190. Protect document metadata for password protected filesITable 1.153. Encryption type for password protected Office Open XML filesHTable 1.152. Encryption type for password protected Office 97-2003 files$Table 1.168. Load Controls in Forms3Table 1.24. Automation Security'Table 1.103. Disable hyperlink warnings(Table 1.111. Disable password to open UITable 1.86. Disable All ActiveX1Table 1.8. Allow mix of policy and user locations6Table 1.116. Disable Smart Document's use of manifests)Table 1.107. Disable Internet Fax featureNTable 1.187. Prevent users from changing permissions on rights managed contentNTable 1.13. Allow users with earlier versions of Office to read with browsers& @Table 1.15. Always require users to connect to verify permissionTTable 1.14. Always expand groups in Office when restricting permission for documentsZTable 1.177. Never allow users to specify groups when restricting permission for documentsVTable 1.108. Disable Microsoft Passport service for content with restricted permission Table 1.166. Key Usage FilteringTable 1.146. EKU filtering%Table 1.167. Legacy format signatures.Table 1.223. Suppress Office Signing Providers;Table 1.222. Suppress external signature services menu item'Table 1.92. Disable Check For SolutionsKTable 1.105. Disable inclusion of document properties in PDF and XPS output.Table 1.96. Disable Document Information Panel4Table 1.144. Document Information Panel Beaconing UIYTable 1.118. Disable the Office client from polling the Office server for published linksTable 1.44. Block opening of pre-release versions of file formats new to Word 2007 through the Compatibility Pack for the 2007 Office system and Word 2007 Open XML/Word 97-2003 Format ConverterTable 1.40. Block opening of pre-release versions of file formats new to Excel 2007 through the Compatibility Pack for the 2007 Office system and Excel 2007 ConverterTable 1.42. Block opening of pre-release versions of file formats new to PowerPoint 2007 through the Compati< bility Pack for the 2007 Office system and PowerPoint 2007 ConverterTable 1.78. Control blogging_Table 1.104. Disable hyperlinks to web templates from the client and from Office Online website:Table 1.128. Do not allow attachment previewing in Outlook&Table 1.192. Read e-mail as plain text-Table 1.193. Read signed e-mail as plain text0Table 1.185. Prevent publishing to Office Online/Table 1.184. Prevent publishing to a DAV serverATable 1.202. Restrict level of calendar details users can publish(Table 1.1. Access to published calendars#Table 1.203. Restrict upload methodTable 1.158. Hide Junk Mail UI)Table 1.165. Junk E-mail protection level'Table 1.226. Trust E-mail from Contacts=Table 1.4. Add e-mail recipients to users' Safe Senders ListsTable 1.84. Dial-up optionsZTable 1.129. Do not allow creating, replying, or forwarding signatures for e-mail messages&Table 1.181. Outlook Rich Text optionsTable 1.183. Plain text optionsTable 1.217. Set message formatPTable 1.171. Make Outlook the default program for E-mail, Contacts, and CalendarVTable 1.130. Do not allow folders in non-default stores to be set as folder home pagesKTable 1.233. Use Unicode format when dragging e-mail message to file systemPTable 1.132. Do not allow Outlook object model scripts to run for shared foldersPTable 1.131. Do not allow Outlook object model scripts to run for public folders@Table 1.216. Set maximum level of online status on a person name3Table 1.126. Display online status on a person name>Table 1.227. Turn off Enable the Person Names Smart Tag option"Table 1.182. Outlook Security Mode(Table 1.125. Display Level 1 attachments8Table 1.12. Allow users to demote attachments to Level 2ITable 1.140. Do not prompt about Level 1 attachments when sending an itemITable 1.139. Do not prompt about Level 1 attachments when closing an item2Table 1.5. Add file extensions to block as Level 16Table 1.196. Remove file extensions blocked as Level 12Table 1.6. Add file extensions to block as Level 26Table 1.197. Remove file extensions blocked as Level 22Table 1.10. Allow scripts in one-off Outlook formsETable 1.218. Set Outlook object model Custom Actions execution prompt,Table 1.215. Set control ItemProperty promptCTable 1.71. Configure Outlook object model prompt when sending mailPTable 1.65. Configure Outlook object model prompt when accessing an address bookRTable 1.69. Configure Outlook object model prompt when reading address information^Table 1.70. Configure Outlook object model prompt when responding to meeting and task requestsHTable 1.68. Configure Outlook object model prompt when executing Save AsnTable 1.67. Configure Outlook object model prompt When accessing the Formula property of a UserProperty objectlTable 1.66. Configure Outlook object model prompt when accessing address information via UserProperties.Find+Table 1.201. Required Certificate Authority;Table 1.207. S/MIME interoperability with external clients:%Table 1.208. S/MIME password settingsTable 1.172. Message FormatsNTable 1.142. Do not provide Continue option on Encryption warning dialog boxes'Table 1.205. Run in FIPS compliant mode(Table 1.151. Encrypt all e-mail messages%Table 1.219. Sign all e-mail messages(Table 1.232. URL for S/MIME certificates;Table 1.154. Ensure all S/MIME signed messages have a label$Table 1.209. S/MIME receipt requests*Table 1.156. Fortezza certificate policies<Table 1.199. Require SuiteB algorithms for S/MIME operationsTable 1.174. Missing CRLs&Table 1.175. Missing root certificates;Table 1.189. Promote Level 2 errors as errors, not warnings.Table 1.18. Attachment Secure Temporary FolderATable 1.127. Display pictures and external content in HTML e-mailkTable 1.22. Automatically download content for e-mail from people in Safe Senders and Safe Recipients Lists>Table 1.138. Do not permit download of content from safe zonesTable 1.63. Block Trusted ZonesJTable 1.161. Include Internet in Safe Zones for Automatic Picture DownloadJTable 1.162. Include Intranet in Safe Zones for Automatic Picture Download(Table 1.213. Security setting for macros,Table 1.149. Enable links in e-mail messagesKTable 1.16. Apply macro security settings to macros, add-ins, and SmartTagsZTable 1.20. Automatically configure profile based on Active Directory Primary SMTP address@Table 1.133. Do not allow users to change permissions on folders"Table 1.150. Enable RPC encryption/Table 1.19. Authentication with Exchange Server@Table 1.224. Synchronize Outlook RSS Feeds with Common Feed List!Table 1.228. Turn off RSS feature?Table 1.145. Download full text of articles as HTML attachments.Table 1.21. Automatically download attachmentsDTable 1.137. Do not include Internet Calendar integration in Outlook0Table 1.123. Disable user entries to server list-Table 1.136. Do not expand distribution lists&Table 1.212. Save files in this formattTable 1.82. Determine whether to force encrypted macros to be scanned in Microsoft PowerPoint Open XML presentationsTable 1.206. Run Programs'Table 1.170. Make hidden markup visible8Table 1.229. Unblock automatic download of linked images@Table 1.94. Disable commands, Table 1.114. Disable shortcut keysXTable 1.41. Block opening of pre-release versions of file formats new to PowerPoint 2007,Table 1.36. Block opening of HTML file types%Table 1.39. Block opening of Outlines'Table 1.31. Block opening of Converters-Table 1.51. Block saving of Binary file types+Table 1.56. Block saving of HTML file types$Table 1.58. Block saving of Outlines*Table 1.54. Block saving of GraphicFilters!Table 1.115. Disable Slide UpdateTable 1.157. Hidden text+Table 1.231. Update automatic links at OpenjTable 1.83. Determine whether to force encrypted macros to be scanned in Microsoft Word Open XML documentsRTable 1.43. Block opening of pre-release versions of file formats new to Word 20075Table 1.47. Block opening of Word 2003 XML file types+Table 1.45. Block opening of RTF file types!Table 1.28. Block open Converters0Table 1.37. Block opening of Internal file types1Table 1.33. Block opening of files before version4Table 1.61. Block saving of Word 2003 XML file types*Table 1.59. Block saving of RTF file types&Table 1.53. Block saving of Converters1Table 2.6. InfoPath APTCA Assembly allowable list=Table 2.7. InfoPath APTCA Assembly Allowable List Enforcement!Table 2.3. Disable Package Repair)Table 2.4. Disable user name and passwordTable 2.1. Bind to objectTable 2.9. Saved from URLTable 2.8. Navigate URLTable 2.2. Block popupsUser Configuration\Administrative Templates\Classic Administrative Templates\Microsoft Office Outlook 2007\Security\Prevent users from customizing attachment security settings CCE-4277-0HThe "Disable Update Diagnostics" setting should be configured correctly.(1) 0 = Disabled | 1 = Enabled(1)Computer Configuration\Administrative Templates\Classic Administrative Templates (ADM)\Microsoft Office 2007 system\Office Diagnostics\Disable Update Diagnostics (2) HKLM\Software\Policies\Microsoft\Office\Common\OffDiag\DisableOffDiagnosticsComputer Configuration\Administrative Templates\Classic Administrative Templates (ADM)\Microsoft Office 2007 system\Office Diagnostics\Disable Update Diagnostics CCE-4280-4[The "Allow Active X One Off Forms" setting should be configured correctly for Outlook 2007.(1) 0 = Enabled (Load only Outlook Controls) | 1 = Enabled (Allows only Safe Controls) | 2 = Enabled (Allows all ActiveX Controls) (1) User Configuration\Administrative Templates\Classic Administrative Templates\Microsoft Office Outlook 2007\Security\Allow Active X One Off Forms (2) HKCU\Software\Policies\Microsoft\Office\12.0\Outlook\Security\AllowActiveXOneOffFormsUser Configuration\Administrative Templates\Classic Administrative Templates\Microsoft Office Outlook 2007\Security\Allow Active X One Off Forms CCE-4283-8aThe "Allow access to e-mail attachments" setting should be configured correctly for Outlook 2007.(1) User Configuration\Administrative Temp< lates\Classic Administrative Templates\Microsoft Office Outlook 2007\Security\Allow access to e-mail attachments (2) HKCU\Software\Policies\Microsoft\Office\12.0\Outlook\Security\Level1AddUser Configuration\Administrative Templates\Classic Administrative Templates\Microsoft Office Outlook 2007\Security\Allow access to e-mail attachments CCE-5276-1`The "Do not automatically sign replies" setting should be configured correctly for Outlook 2007.0 = Disabled | 1 = Enabled(1) User Configuration\Administrative Templates\Classic Administrative Templates\Microsoft Office Outlook 2007\Security\Do not automatically sign replies (2) HKCU\Software\Policies\Microsoft\Office\12.0\Outlook\Security\NoSignOnReplyUser Configuration\Administrative Templates\Classic Administrative Templates\Microsoft Office Outlook 2007\Security\Do not automatically sign replies CCE-4440-4The "Prompt user to choose security settings if default settings fail" setting should be configured correctly for Outlook 2007.(1) User Configuration\Administrative Templates\Classic Administrative Templates\Microsoft Office Outlook 2007\Security\Prompt user to choose security settings if default settings fail (2) HKCU\Software\Policies\Microsoft\Office\12.0\Outlook\Security\ForceDefaultProfileUser Configuration\Administrative Templates\Classic Administrative Templates\Microsoft Office Outlook 2007\Security\Prompt user to choose security settings if default settings fail Last modified: 2010-09-25Version: 5.201009267(1) disabled/manual/automatic/automatic (delayed start)|Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Add workstations to a domainMicrosoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Windows Server 2008 R2 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940Computer Configuration\Administrative Templates\System\Removable Storage Access\WPD Devices: Deny write access HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{6AC27878-A6FA-4155-BA85-F98F491D4F33}TThe "WPD Devices: Deny write access" machine setting should be configured correctly. CCE-11070-0Computer Configuration\Administrative Templates\System\Removable Storage Access\WPD Devices: Deny read access HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{6AC27878-A6FA-4155-BA85-F98F491D4F33}SThe "WPD Devices: Deny read access" machine setting should be configured correctly. CCE-11974-3Computer Configuration\Administrative Templates\System\Group Policy\Wireless policy processing HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Group Policy\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}PThe "Wireless policy processing" machine setting should be configured correctly. CCE-14616-7Computer Configuration\Administrative Templates\System\Group Policy\Wired policy processing HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Group Policy\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}MThe "Wired policy processing" machine setting should be configured correctly. CCE-13394-2Computer Configuration\Administrative Templates\Network\TCPIP Settings\Parameters\Windows Scaling Heuristics State HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\ParametersVThe "Windows Scaling Heuristics State" machine setting should be configured correctly. CCE-11768-9Computer Configuration\Administrative Templates\System\Net Logon\DC Locator DNS Records\Weight Set in the DC Locator DNS SRV Records HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Netlogon\ParametersbThe "Weight Set in the DC Locator DNS SRV Records" machine setting should be configured correctly. CCE-11561-8Computer Configuration\Administrative Templates\System\User Profiles\Wait for remote user profile HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\SystemRThe "Wait for remote user profile" machine setting should be configured correctly. CCE-10934-8Computer Configuration\Administrative Templates\Windows Components\Windows Explorer\Verify old and new Folder Redirection targets point to the same share before redirecting HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\ExplorerThe "Verify old and new Folder Redirection targets point to the same share before redirecting" machine setting should be configured correctly. CCE-12328-1Computer Configuration\Administrative Templates\System\Verbose vs normal status messages HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\SystemWThe "Verbose vs normal status messages" machine setting should be configured correctly. CCE-11385-2Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Validate smart card certificate usage rule compliance HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVEkThe "Validate smart card certificate usage rule compliance" machine setting should be configured correctly. CCE-11405-8Computer Configuration\Administrative Templates\System\Group Policy\User Group Policy loopback processing mode HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\System`The "User Group Policy loopback processing mode" machine setting should be configured correctly. CCE-13295-1Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Licensing\Use the specified Remote Desktop license servers HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal ServicesfThe "Use the specified Remote Desktop license servers" machine setting should be configured correctly. CCE-11403-3 Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Printer Redirection\Use Remote Desktop Easy Print printer driver first HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal ServiceshThe "Use Remote Desktop Easy Print printer driver first" machine setting should be configured correctly. CCE-11230-0Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\RD Connection Broker\Use RD Connection Broker load balancing HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services]The "Use RD Connection Broker load balancing" machine setting should be configured correctly. CCE-11558-4Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Profiles\Use mandatory profiles on the RD Session Host server HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal ServicesjThe "Use mandatory profiles on the RD Session Host server" machine setting should be configured correctly. CCE-11804-2Computer Configuration\Administrative Templates\System\Folder Redirection\Use localized subfolder names when redirecting Start Menu and My Documents HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\System\FdeployThe "Use localized subfolder names when redirecting Start Menu and My Documents" machine setting should be configured correctly. CCE-11331-6Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\RD Connection Broker\Use IP Address Redirection HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal ServicesPThe "Use IP Address Redirection" machine setting should be configured correctly. CCE-11099-9Computer Configuration\Administrative Templates\System\Kerberos\Use forest search order HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos\Parameters CCE-11191-4Computer Configuration\Administrative Templates\System\KDC\Use forest search order HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\KDC\Parameters CCE-10722-7Computer Configuration\Administrative Templates\Network\DNS Client\Update Top Level Domain Zones HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\DNSClientSThe "Update Top Level Domain Zones" machine setting should be configured correctly. CCE-11244-1Computer Configuration\Administrative Templates\Network\DNS Client\Update< Security Level HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\DNSClientKThe "Update Security Level" machine setting should be configured correctly. CCE-11037-9Computer Configuration\Administrative Templates\System\Trusted Platform Module Services\Turn on TPM backup to Active Directory Domain Services HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\TPMlThe "Turn on TPM backup to Active Directory Domain Services" machine setting should be configured correctly. CCE-11567-5Computer Configuration\Administrative Templates\Windows Components\Password Synchronization\Turn on the Windows to NIS password synchronization for users that have been migrated to Active Directory HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\PswdSyncThe "Turn on the Windows to NIS password synchronization for users that have been migrated to Active Directory" machine setting should be configured correctly. CCE-11255-7 Computer Configuration\Administrative Templates\System\Power Management\Sleep Settings\Turn on the Ability for Applications to Prevent Sleep Transitions (Plugged In) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Power\PowerSettings\B7A27025-E569-46c2-A504-2B96CAD225A1The "Turn on the Ability for Applications to Prevent Sleep Transitions (Plugged In)" machine setting should be configured correctly. CCE-11578-2 Computer Configuration\Administrative Templates\System\Power Management\Sleep Settings\Turn on the Ability for Applications to Prevent Sleep Transitions (On Battery) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Power\PowerSettings\B7A27025-E569-46c2-A504-2B96CAD225A1The "Turn on the Ability for Applications to Prevent Sleep Transitions (On Battery)" machine setting should be configured correctly. CCE-11731-7Computer Configuration\Administrative Templates\Windows Components\Windows Update\Turn on Software Notifications HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AUTThe "Turn on Software Notifications" machine setting should be configured correctly. CCE-10991-8Computer Configuration\Administrative Templates\Windows Components\Smart Card\Turn on Smart Card Plug and Play service HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\ScPnP^The "Turn on Smart Card Plug and Play service" machine setting should be configured correctly. CCE-10335-8Computer Configuration\Administrative Templates\System\Remote Assistance\Turn on session logging HKEY_LOCAL_MACHINE\Software\policies\Microsoft\Windows NT\Terminal ServicesMThe "Turn on session logging" machine setting should be configured correctly. CCE-11263-1Computer Configuration\Administrative Templates\Windows Components\Security Center\Turn on Security Center (Domain PCs only) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Security Center_The "Turn on Security Center (Domain PCs only)" machine setting should be configured correctly. CCE-11211-0Computer Configuration\Administrative Templates\Windows Components\Windows PowerShell\Turn on Script Execution HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\PowerShellNThe "Turn on Script Execution" machine setting should be configured correctly. CCE-10698-9Computer Configuration\Administrative Templates\Windows Components\Smart Card\Turn on root certificate propagation from smart card HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CertPropjThe "Turn on root certificate propagation from smart card" machine setting should be configured correctly. CCE-11907-3Computer Configuration\Administrative Templates\Network\Link-Layer Topology Discovery\Turn on Responder (RSPNDR) driver HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\LLTDWThe "Turn on Responder (RSPNDR) driver" machine setting should be configured correctly. CCE-11304-3Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Application Compatibility\Turn on Remote Desktop IP Virtualization HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\TSAppSrv\VirtualIP^The "Turn on Remote Desktop IP Virtualization" machine setting should be configured correctly. CCE-11205-2Computer Configuration\Administrative Templates\Windows Components\Windows Update\Turn on recommended updates via Automatic Updates HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AUgThe "Turn on recommended updates via Automatic Updates" machine setting should be configured correctly. CCE-11648-3Computer Configuration\Administrative Templates\Network\Link-Layer Topology Discovery\Turn on Mapper I/O (LLTDIO) driver HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\LLTDXThe "Turn on Mapper I/O (LLTDIO) driver" machine setting should be configured correctly. CCE-10484-4Computer Configuration\Administrative Templates\Windows Components\Event Log Service\Setup\Turn on logging HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\EventLog\SetupEThe "Turn on logging" machine setting should be configured correctly. CCE-10958-7Computer Configuration\Administrative Templates\Windows Components\Password Synchronization\Turn on extensive logging for Password Synchronization HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\PswdSynclThe "Turn on extensive logging for Password Synchronization" machine setting should be configured correctly. CCE-10442-2 Computer Configuration\Administrative Templates\Windows Components\Server for NIS\Turn on extensive logging for Active Directory Domain Services domain controllers that are running Server for NIS HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Server for NISThe "Turn on extensive logging for Active Directory Domain Services domain controllers that are running Server for NIS" machine setting should be configured correctly. CCE-12251-5Computer Configuration\Administrative Templates\Network\Offline Files\Turn on economical application of administratively assigned Offline Files HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\NetCacheThe "Turn on economical application of administratively assigned Offline Files" machine setting should be configured correctly. CCE-11293-8Computer Configuration\Administrative Templates\System\Power Management\Video and Display Settings\Turn On Desktop Background Slideshow (Plugged In) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Power\PowerSettings\309dce9b-bef4-4119-9921-a851fb12f0f4gThe "Turn On Desktop Background Slideshow (Plugged In)" machine setting should be configured correctly. CCE-10885-2Computer Configuration\Administrative Templates\System\Power Management\Video and Display Settings\Turn On Desktop Background Slideshow (On Battery) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Power\PowerSettings\309dce9b-bef4-4119-9921-a851fb12f0f4gThe "Turn On Desktop Background Slideshow (On Battery)" machine setting should be configured correctly. CCE-11200-3Computer Configuration\Administrative Templates\Windows Components\Windows Defender\Turn on definition updates through both WSUS and Windows Update HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows Defender\Signature UpdatesuThe "Turn on definition updates through both WSUS and Windows Update" machine setting should be configured correctly. CCE-11880-2Computer Configuration\Administrative Templates\Windows Components\Windows Defender\Turn on definition updates through both WSUS and the Microsoft Malware Protection Center HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows Defender\Signature UpdatesThe "Turn on definition updates through both WSUS and the Microsoft Malware Protection Center" machine setting should be configured correctly. CCE-10587-4Computer Configuration\Administrative Templates\Windows Components\Windows Remote Management (WinRM)\WinRM Service\Turn On Compatibility HTTPS Listener HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WinRM\ServiceZThe "Turn On Compatibility HTTPS Listener" machine setting should be configured correctly. CCE-12157-4Computer Configuration\Administrative Templates\Windows Components\Windows Remote Management (WinRM)\WinRM Service\Turn < On Compatibility HTTP Listener HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WinRM\ServiceYThe "Turn On Compatibility HTTP Listener" machine setting should be configured correctly. CCE-10621-1Computer Configuration\Administrative Templates\Windows Components\Smart Card\Turn on certificate propagation from smart card HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CertPropeThe "Turn on certificate propagation from smart card" machine setting should be configured correctly. CCE-10998-3Computer Configuration\Administrative Templates\Network\BranchCache\Turn on BranchCache HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\PeerDist\ServiceIThe "Turn on BranchCache" machine setting should be configured correctly. CCE-11222-7Computer Configuration\Administrative Templates\System\Remote Assistance\Turn on bandwidth optimization HKEY_LOCAL_MACHINE\Software\policies\Microsoft\Windows NT\Terminal ServicesTThe "Turn on bandwidth optimization" machine setting should be configured correctly. CCE-11183-1Computer Configuration\Administrative Templates\Windows Components\Windows System Resource Manager\Turn on Accounting for WSRM HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\WSRMQThe "Turn on Accounting for WSRM" machine setting should be configured correctly. CCE-11176-5Computer Configuration\Administrative Templates\System\Internet Communication Management\Internet Communication settings\Turn off Windows Update device driver searching HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\DriverSearchingeThe "Turn off Windows Update device driver searching" machine setting should be configured correctly. CCE-10357-2Computer Configuration\Administrative Templates\System\Driver Installation\Turn off Windows Update device driver search prompt HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\DriverSearchingiThe "Turn off Windows Update device driver search prompt" machine setting should be configured correctly. CCE-11319-1Computer Configuration\Administrative Templates\System\Logon\Turn off Windows Startup Sound HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\SystemTThe "Turn off Windows Startup Sound" machine setting should be configured correctly. CCE-11082-5Computer Configuration\Administrative Templates\Windows Components\Windows SideShow\Turn off Windows SideShow HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\SideShowOThe "Turn off Windows SideShow" machine setting should be configured correctly. CCE-11404-1Computer Configuration\Administrative Templates\Windows Components\Presentation Settings\Turn off Windows presentation settings HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\PresentationSettings\The "Turn off Windows presentation settings" machine setting should be configured correctly. CCE-11574-1Computer Configuration\Administrative Templates\System\Internet Communication Management\Internet Communication settings\Turn off Windows Network Connectivity Status Indicator active tests HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\NetworkConnectivityStatusIndicatoryThe "Turn off Windows Network Connectivity Status Indicator active tests" machine setting should be configured correctly. CCE-12049-3Computer Configuration\Administrative Templates\Windows Components\Windows Mobility Center\Turn off Windows Mobility Center HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\MobilityCenterVThe "Turn off Windows Mobility Center" machine setting should be configured correctly. CCE-11358-9Computer Configuration\Administrative Templates\Windows Components\Windows Mail\Turn off Windows Mail application HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows MailWThe "Turn off Windows Mail application" machine setting should be configured correctly. CCE-11123-7Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Application Compatibility\Turn off Windows Installer RDS Compatibility HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\TSAppSrv\TSMSIbThe "Turn off Windows Installer RDS Compatibility" machine setting should be configured correctly. CCE-11987-5Computer Configuration\Administrative Templates\System\Windows HotStart\Turn off Windows HotStart HKEY_LOCAL_MACHINE\Software\policies\Microsoft\System\HotStartOThe "Turn off Windows HotStart" machine setting should be configured correctly. CCE-11467-8Computer Configuration\Administrative Templates\System\Internet Communication Management\Internet Communication settings\Turn off Windows Error Reporting HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Windows Error ReportingVThe "Turn off Windows Error Reporting" machine setting should be configured correctly. CCE-11750-7Computer Configuration\Administrative Templates\Windows Components\Windows Defender\Turn off Windows Defender HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows DefenderOThe "Turn off Windows Defender" machine setting should be configured correctly. CCE-10517-1Computer Configuration\Administrative Templates\System\Internet Communication Management\Internet Communication settings\Turn off Windows Customer Experience Improvement Program HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SQMClient\WindowsnThe "Turn off Windows Customer Experience Improvement Program" machine setting should be configured correctly. CCE-11354-8Computer Configuration\Administrative Templates\Windows Components\Desktop Gadgets\Turn Off user-installed desktop gadgets HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Windows\Sidebar]The "Turn Off user-installed desktop gadgets" machine setting should be configured correctly. CCE-11727-5Computer Configuration\Administrative Templates\Windows Components\Game Explorer\Turn off tracking of last play time of games in the Games folder HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\GameUXvThe "Turn off tracking of last play time of games in the Games folder" machine setting should be configured correctly. CCE-11763-0Computer Configuration\Administrative Templates\Windows Components\Tablet PC\Touch Input\Turn off Touch Panning HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\TabletPCLThe "Turn off Touch Panning" machine setting should be configured correctly. CCE-11156-7Computer Configuration\Administrative Templates\System\Internet Communication Management\Internet Communication settings\Turn off the Windows Messenger Customer Experience Improvement Program HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Messenger\Client|The "Turn off the Windows Messenger Customer Experience Improvement Program" machine setting should be configured correctly. CCE-11958-6Computer Configuration\Administrative Templates\System\Power Management\Hard Disk Settings\Turn Off the Hard Disk (Plugged In) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Power\PowerSettings\6738E2C4-E8A5-4A42-B16A-E040E769756EYThe "Turn Off the Hard Disk (Plugged In)" machine setting should be configured correctly. CCE-11921-4Computer Configuration\Administrative Templates\System\Power Management\Hard Disk Settings\Turn Off the Hard Disk (On Battery) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Power\PowerSettings\6738E2C4-E8A5-4A42-B16A-E040E769756EYThe "Turn Off the Hard Disk (On Battery)" machine setting should be configured correctly. CCE-12139-2Computer Configuration\Administrative Templates\System\Power Management\Video and Display Settings\Turn Off the Display (Plugged In) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Power\PowerSettings\3C0BC021-C8A8-4E07-A973-6B14CBCB2B7EWThe "Turn Off the Display (Plugged In)" machine setting should be configured correctly. CCE-12282-0Computer Configuration\Administrative Templates\System\Power Management\Video and Display Settings\Turn Off the Display (On Battery) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Power\PowerSettings\3C0BC021-C8A8-4E07-A973-6B14CBCB2B7EWThe "Turn Off the Display (On Battery)" machine setting should be configured cor< rectly. CCE-10647-6Computer Configuration\Administrative Templates\Windows Components\Windows Mail\Turn off the communities features HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows MailWThe "Turn off the communities features" machine setting should be configured correctly. CCE-10366-3Computer Configuration\Administrative Templates\Windows Components\Backup\Client\Turn off the ability to create a system image HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Backup\ClientcThe "Turn off the ability to create a system image" machine setting should be configured correctly. CCE-12103-8Computer Configuration\Administrative Templates\Windows Components\Backup\Client\Turn off the ability to back up data files HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Backup\Client`The "Turn off the ability to back up data files" machine setting should be configured correctly. CCE-12354-7Computer Configuration\Administrative Templates\System\Internet Communication Management\Internet Communication settings\Turn off the "Publish to Web" task for files and folders HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\ExplorernThe "Turn off the "Publish to Web" task for files and folders" machine setting should be configured correctly. CCE-11587-3Computer Configuration\Administrative Templates\System\Internet Communication Management\Internet Communication settings\Turn off the "Order Prints" picture task HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer^The "Turn off the "Order Prints" picture task" machine setting should be configured correctly. CCE-11243-3Computer Configuration\Administrative Templates\Windows Components\Tablet PC\Touch Input\Turn off Tablet PC touch input HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\TabletPCTThe "Turn off Tablet PC touch input" machine setting should be configured correctly. CCE-10929-8Computer Configuration\Administrative Templates\System\System Restore\Turn off System Restore HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\SystemRestoreMThe "Turn off System Restore" machine setting should be configured correctly. CCE-11725-9Computer Configuration\Administrative Templates\Windows Components\Application Compatibility\Turn off SwitchBack Compatibility Engine HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\AppCompat^The "Turn off SwitchBack Compatibility Engine" machine setting should be configured correctly. CCE-11424-9Computer Configuration\Administrative Templates\System\Disk NV Cache\Turn Off Solid State Mode HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\NvCacheOThe "Turn Off Solid State Mode" machine setting should be configured correctly. CCE-11938-8Computer Configuration\Administrative Templates\Windows Components\Windows Explorer\Turn off shell protocol protected mode HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\The "Turn off shell protocol protected mode" machine setting should be configured correctly. CCE-11530-3Computer Configuration\Administrative Templates\Windows Components\Location and Sensors\Turn off sensors HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\LocationAndSensorsFThe "Turn off sensors" machine setting should be configured correctly. CCE-11409-0Computer Configuration\Administrative Templates\System\Internet Communication Management\Internet Communication settings\Turn off Search Companion content file updates HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SearchCompaniondThe "Turn off Search Companion content file updates" machine setting should be configured correctly. CCE-10889-4Computer Configuration\Administrative Templates\Windows Components\Windows Defender\Turn off Routinely Taking Action HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows DefenderVThe "Turn off Routinely Taking Action" machine setting should be configured correctly. CCE-10836-5Computer Configuration\Administrative Templates\System\Group Policy\Turn off Resultant Set of Policy logging HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\System^The "Turn off Resultant Set of Policy logging" machine setting should be configured correctly. CCE-14285-1Computer Configuration\Administrative Templates\Windows Components\Backup\Client\Turn off restore functionality HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Backup\ClientTThe "Turn off restore functionality" machine setting should be configured correctly. CCE-10813-4Computer Configuration\Administrative Templates\System\Internet Communication Management\Internet Communication settings\Turn off Registration if URL connection is referring to Microsoft.com HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Registration Wizard Control{The "Turn off Registration if URL connection is referring to Microsoft.com" machine setting should be configured correctly. CCE-11112-0Computer Configuration\Administrative Templates\Windows Components\Windows Defender\Turn off Real-Time Monitoring HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows Defender\Real-time ProtectionSThe "Turn off Real-Time Monitoring" machine setting should be configured correctly. CCE-11748-1Computer Configuration\Administrative Templates\Windows Components\Application Compatibility\Turn off Program Inventory HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\AppCompatPThe "Turn off Program Inventory" machine setting should be configured correctly. CCE-11043-7Computer Configuration\Administrative Templates\Windows Components\Application Compatibility\Turn off Program Compatibility Assistant HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\AppCompat^The "Turn off Program Compatibility Assistant" machine setting should be configured correctly. CCE-11757-2Computer Configuration\Administrative Templates\Windows Components\Application Compatibility\Turn off Problem Steps Recorder HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\AppCompatUThe "Turn off Problem Steps Recorder" machine setting should be configured correctly. CCE-11175-7Computer Configuration\Administrative Templates\System\Internet Communication Management\Internet Communication settings\Turn off printing over HTTP HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\PrintersQThe "Turn off printing over HTTP" machine setting should be configured correctly. CCE-11360-5Computer Configuration\Administrative Templates\Network\Microsoft Peer-to-Peer Networking Services\Peer Name Resolution Protocol\Site-Local Clouds\Turn off PNRP cloud creation HKEY_LOCAL_MACHINE\Software\policies\Microsoft\Peernet\Pnrp\IPv6-SiteLocalfThe "Turn off PNRP cloud creation" machine setting should be configured correctly for IPv6 Site Local. CCE-12065-9Computer Configuration\Administrative Templates\Network\Microsoft Peer-to-Peer Networking Services\Peer Name Resolution Protocol\Link-Local Clouds\Turn off PNRP cloud creation HKEY_LOCAL_MACHINE\Software\policies\Microsoft\Peernet\Pnrp\IPv6-LinkLocalfThe "Turn off PNRP cloud creation" machine setting should be configured correctly for IPv6 Link Local. CCE-10333-3Computer Configuration\Administrative Templates\Network\Microsoft Peer-to-Peer Networking Services\Peer Name Resolution Protocol\Global Clouds\Turn off PNRP cloud creation HKEY_LOCAL_MACHINE\Software\policies\Microsoft\Peernet\Pnrp\IPv6-GlobalbThe "Turn off PNRP cloud creation" machine setting should be configured correctly for IPv6 Global. CCE-11950-3Computer Configuration\Administrative Templates\Windows Components\Tablet PC\Cursors\Turn off pen feedback HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\TabletPCKThe "Turn off pen feedback" machine setting should be configured correctly. CCE-12255-6Computer Configuration\Administrative Templates\Windows Components\Tablet PC\Input Panel\Turn off password security in Input Panel HKEY_LOCAL_MACHINE\software\policies\microsoft\TabletTip\1.7_The "Turn off password security in Input Panel" machine setting should be configured correctly. CCE-11616-0Computer Configuration\Administrative Templates\Windows Components\Windo< ws Explorer\Turn off numerical sorting in Windows Explorer HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\ExplorerdThe "Turn off numerical sorting in Windows Explorer" machine setting should be configured correctly. CCE-11588-1Computer Configuration\Administrative Templates\System\Disk NV Cache\Turn Off Non Volatile Cache Feature HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\NvCacheYThe "Turn Off Non Volatile Cache Feature" machine setting should be configured correctly. CCE-11823-2Computer Configuration\Administrative Templates\Network\DNS Client\Turn off Multicast Name Resolution HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\DNSClientXThe "Turn off Multicast Name Resolution" machine setting should be configured correctly. CCE-11472-8Computer Configuration\Administrative Templates\Network\Microsoft Peer-to-Peer Networking Services\Peer Name Resolution Protocol\Site-Local Clouds\Turn off Multicast Bootstrap HKEY_LOCAL_MACHINE\Software\policies\Microsoft\Peernet\Pnrp\IPv6-SiteLocalfThe "Turn off Multicast Bootstrap" machine setting should be configured correctly for IPv6 Site Local. CCE-11186-4Computer Configuration\Administrative Templates\Network\Microsoft Peer-to-Peer Networking Services\Peer Name Resolution Protocol\Link-Local Clouds\Turn off Multicast Bootstrap HKEY_LOCAL_MACHINE\Software\policies\Microsoft\Peernet\Pnrp\IPv6-LinkLocalfThe "Turn off Multicast Bootstrap" machine setting should be configured correctly for IPv6 Link Local. CCE-10962-9Computer Configuration\Administrative Templates\Network\Microsoft Peer-to-Peer Networking Services\Peer Name Resolution Protocol\Global Clouds\Turn off Multicast Bootstrap HKEY_LOCAL_MACHINE\Software\policies\Microsoft\Peernet\Pnrp\IPv6-GlobalbThe "Turn off Multicast Bootstrap" machine setting should be configured correctly for IPv6 Global. CCE-11270-6Computer Configuration\Administrative Templates\Network\Microsoft Peer-to-Peer Networking Services\Turn off Microsoft Peer-to-Peer Networking Services HKEY_LOCAL_MACHINE\Software\policies\Microsoft\PeernetiThe "Turn off Microsoft Peer-to-Peer Networking Services" machine setting should be configured correctly. CCE-11604-6Computer Configuration\Administrative Templates\System\Power Management\Notification Settings\Turn Off Low Battery User Notification HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Power\PowerSettings\bcded951-187b-4d05-bccc-f7e51960c258\The "Turn Off Low Battery User Notification" machine setting should be configured correctly. CCE-11158-3Computer Configuration\Administrative Templates\Windows Components\Location and Sensors\Turn off location scripting HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\LocationAndSensorsQThe "Turn off location scripting" machine setting should be configured correctly. CCE-11040-3Computer Configuration\Administrative Templates\Windows Components\Location and Sensors\Turn off location HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\LocationAndSensorsGThe "Turn off location" machine setting should be configured correctly. CCE-11367-0Computer Configuration\Administrative Templates\System\Group Policy\Turn off Local Group Policy objects processing HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\SystemdThe "Turn off Local Group Policy objects processing" machine setting should be configured correctly. CCE-13373-6Computer Configuration\Administrative Templates\Windows Components\Shutdown Options\Turn off legacy remote shutdown interface HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System_The "Turn off legacy remote shutdown interface" machine setting should be configured correctly. CCE-11458-7Computer Configuration\Administrative Templates\System\Internet Communication Management\Internet Communication settings\Turn off Internet File Association service HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer`The "Turn off Internet File Association service" machine setting should be configured correctly. CCE-10697-1Computer Configuration\Administrative Templates\System\Internet Communication Management\Internet Communication settings\Turn off Internet download for Web publishing and online ordering wizards HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\ExplorerThe "Turn off Internet download for Web publishing and online ordering wizards" machine setting should be configured correctly. CCE-11136-9Computer Configuration\Administrative Templates\System\Internet Communication Management\Internet Communication settings\Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Internet Connection WizardThe "Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com" machine setting should be configured correctly. CCE-12082-4Computer Configuration\Administrative Templates\System\Power Management\Sleep Settings\Turn Off Hybrid Sleep (Plugged In) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Power\PowerSettings\94ac6d29-73ce-41a6-809f-6363ba21b47eXThe "Turn Off Hybrid Sleep (Plugged In)" machine setting should be configured correctly. CCE-11397-7Computer Configuration\Administrative Templates\System\Power Management\Sleep Settings\Turn Off Hybrid Sleep (On Battery) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Power\PowerSettings\94ac6d29-73ce-41a6-809f-6363ba21b47eXThe "Turn Off Hybrid Sleep (On Battery)" machine setting should be configured correctly. CCE-11204-5Computer Configuration\Administrative Templates\System\Internet Communication Management\Internet Communication settings\Turn off Help and Support Center Microsoft Knowledge Base search HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\PCHealth\HelpSvcvThe "Turn off Help and Support Center Microsoft Knowledge Base search" machine setting should be configured correctly. CCE-11544-4Computer Configuration\Administrative Templates\System\Internet Communication Management\Internet Communication settings\Turn off Help and Support Center "Did you know?" content HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\PCHealth\HelpSvcnThe "Turn off Help and Support Center "Did you know?" content" machine setting should be configured correctly. CCE-11812-5Computer Configuration\Administrative Templates\Windows Components\Windows Explorer\Turn off heap termination on corruption HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Explorer]The "Turn off heap termination on corruption" machine setting should be configured correctly. CCE-10981-9Computer Configuration\Administrative Templates\Windows Components\Tablet PC\Hardware Buttons\Turn off hardware buttons HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\TabletPCOThe "Turn off hardware buttons" machine setting should be configured correctly. CCE-12064-2Computer Configuration\Administrative Templates\System\Internet Communication Management\Internet Communication settings\Turn off handwriting recognition error reporting HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\HandwritingErrorReportsfThe "Turn off handwriting recognition error reporting" machine setting should be configured correctly. CCE-11030-4Computer Configuration\Administrative Templates\Windows Components\Game Explorer\Turn off game updates HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\GameUXKThe "Turn off game updates" machine setting should be configured correctly. CCE-11807-5Computer Configuration\Administrative Templates\Windows Components\Active Directory Federation Services\Turn off Federation Service HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\ADFSQThe "Turn off Federation Service" machine setting should be configured correctly. CCE-11292-0Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections\Turn off Fair Share CPU Scheduling HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\SessionManager\DFSSXThe "Turn off Fair Share CPU Scheduling" machine setting should be configu< red correctly. CCE-11203-7Computer Configuration\Administrative Templates\System\Internet Communication Management\Internet Communication settings\Turn off Event Viewer "Events.asp" links HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\EventViewer^The "Turn off Event Viewer "Events.asp" links" machine setting should be configured correctly. CCE-10693-0Computer Configuration\Administrative Templates\System\Internet Communication Management\Internet Communication settings\Turn off downloading of print drivers over HTTP HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\PrinterseThe "Turn off downloading of print drivers over HTTP" machine setting should be configured correctly. CCE-11563-4Computer Configuration\Administrative Templates\Windows Components\Game Explorer\Turn off downloading of game information HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\GameUX^The "Turn off downloading of game information" machine setting should be configured correctly. CCE-11739-0Computer Configuration\Administrative Templates\Windows Components\Desktop Gadgets\Turn off desktop gadgets HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Windows\SidebarNThe "Turn off desktop gadgets" machine setting should be configured correctly. CCE-10801-9Computer Configuration\Administrative Templates\System\Turn off Data Execution Prevention for HTML Help Executible HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\SystemqThe "Turn off Data Execution Prevention for HTML Help Executible" machine setting should be configured correctly. CCE-11317-5Computer Configuration\Administrative Templates\Windows Components\Windows Explorer\Turn off Data Execution Prevention for Explorer HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\ExplorereThe "Turn off Data Execution Prevention for Explorer" machine setting should be configured correctly. CCE-12161-6Computer Configuration\Administrative Templates\Windows Components\Windows Installer\Turn off creation of System Restore Checkpoints HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\InstallereThe "Turn off creation of System Restore Checkpoints" machine setting should be configured correctly. CCE-10895-1Computer Configuration\Administrative Templates\Windows Components\Network Projector\Turn off Connect to a Network Projector HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\NetworkProjector]The "Turn off Connect to a Network Projector" machine setting should be configured correctly. CCE-11372-0Computer Configuration\Administrative Templates\System\System Restore\Turn off Configuration HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\SystemRestoreLThe "Turn off Configuration" machine setting should be configured correctly. CCE-11168-2Computer Configuration\Administrative Templates\System\Disk NV Cache\Turn Off Cache Power Mode HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\NvCacheOThe "Turn Off Cache Power Mode" machine setting should be configured correctly. CCE-11990-9Computer Configuration\Administrative Templates\System\Disk NV Cache\Turn Off Boot and Resume Optimizations HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\NvCache\The "Turn Off Boot and Resume Optimizations" machine setting should be configured correctly. CCE-11416-5Computer Configuration\Administrative Templates\System\Group Policy\Turn off background refresh of Group Policy HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\SystemaThe "Turn off background refresh of Group Policy" machine setting should be configured correctly. CCE-14437-8Computer Configuration\Administrative Templates\Windows Components\AutoPlay Policies\Turn off Autoplay for non-volume devices HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Explorer^The "Turn off Autoplay for non-volume devices" machine setting should be configured correctly. CCE-11375-3Computer Configuration\Administrative Templates\Windows Components\AutoPlay Policies\Turn off Autoplay HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\ExplorerGThe "Turn off Autoplay" machine setting should be configured correctly. CCE-11126-0Computer Configuration\Administrative Templates\Windows Components\Windows SideShow\Turn off automatic wake HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\SideShowMThe "Turn off automatic wake" machine setting should be configured correctly. CCE-11419-9Computer Configuration\Administrative Templates\System\Shutdown Options\Turn off automatic termination of applications that block or cancel shutdown HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\SystemThe "Turn off automatic termination of applications that block or cancel shutdown" machine setting should be configured correctly. CCE-10823-3Computer Configuration\Administrative Templates\System\Internet Communication Management\Internet Communication settings\Turn off Automatic Root Certificates Update HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\AuthRootaThe "Turn off Automatic Root Certificates Update" machine setting should be configured correctly. CCE-11264-9Computer Configuration\Administrative Templates\Windows Components\Tablet PC\Handwriting personalization\Turn off automatic learning HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\InputPersonalizationQThe "Turn off automatic learning" machine setting should be configured correctly. CCE-12123-6Computer Configuration\Administrative Templates\Windows Components\Tablet PC\Input Panel\Turn off AutoComplete integration with Input Panel HKEY_LOCAL_MACHINE\software\policies\microsoft\TabletTip\1.7hThe "Turn off AutoComplete integration with Input Panel" machine setting should be configured correctly. CCE-10627-8Computer Configuration\Administrative Templates\Windows Components\Application Compatibility\Turn off Application Telemetry HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\AppCompatTThe "Turn off Application Telemetry" machine setting should be configured correctly. CCE-11002-3Computer Configuration\Administrative Templates\Windows Components\Application Compatibility\Turn off Application Compatibility Engine HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\AppCompat_The "Turn off Application Compatibility Engine" machine setting should be configured correctly. CCE-11337-3Computer Configuration\Administrative Templates\System\Power Management\Video and Display Settings\Turn Off Adaptive Display Timeout (Plugged In) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Power\PowerSettings\90959D22-D6A1-49B9-AF93-BCE885AD335BdThe "Turn Off Adaptive Display Timeout (Plugged In)" machine setting should be configured correctly. CCE-11145-0Computer Configuration\Administrative Templates\System\Power Management\Video and Display Settings\Turn Off Adaptive Display Timeout (On Battery) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Power\PowerSettings\90959D22-D6A1-49B9-AF93-BCE885AD335BdThe "Turn Off Adaptive Display Timeout (On Battery)" machine setting should be configured correctly. CCE-11451-2Computer Configuration\Administrative Templates\Windows Components\Online Assistance\Turn off Active Help HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Assistance\Client\1.0JThe "Turn off Active Help" machine setting should be configured correctly. CCE-11609-5Computer Configuration\Administrative Templates\System\Performance Control Panel\Turn off access to the solutions to performance problems section HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Control Panel\Performance Control PanelvThe "Turn off access to the solutions to performance problems section" machine setting should be configured correctly. CCE-12078-2Computer Configuration\Administrative Templates\System\Performance Control Panel\Turn off access to the performance center core section HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Control Panel\Performance Control PanellThe "Turn off access to the performance center core section" machine setting should be configured correctly. CCE-11795-2Computer Configuration\Administrati< ve Templates\System\Performance Control Panel\Turn off access to the OEM and Microsoft branding section HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Control Panel\Performance Control PaneloThe "Turn off access to the OEM and Microsoft branding section" machine setting should be configured correctly. CCE-11639-2Computer Configuration\Administrative Templates\System\Internet Communication Management\Internet Communication settings\Turn off access to all Windows Update features HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdatedThe "Turn off access to all Windows Update features" machine setting should be configured correctly. CCE-11310-0Computer Configuration\Administrative Templates\System\Device Installation\Turn off "Found New Hardware" balloons during device installation HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\DeviceInstall\SettingswThe "Turn off "Found New Hardware" balloons during device installation" machine setting should be configured correctly. CCE-10565-0Computer Configuration\Administrative Templates\System\Net Logon\DC Locator DNS Records\TTL Set in the DC Locator DNS Records HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Netlogon\Parameters[The "TTL Set in the DC Locator DNS Records" machine setting should be configured correctly. CCE-12105-3Computer Configuration\Administrative Templates\Network\DNS Client\TTL Set in the A and PTR records HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\DNSClientVThe "TTL Set in the A and PTR records" machine setting should be configured correctly. CCE-11343-1Computer Configuration\Administrative Templates\System\Net Logon\DC Locator DNS Records\Try Next Closest Site HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Netlogon\ParametersKThe "Try Next Closest Site" machine setting should be configured correctly. CCE-11542-8Computer Configuration\Administrative Templates\Windows Components\Windows Remote Management (WinRM)\WinRM Client\Trusted Hosts HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WinRM\ClientCThe "Trusted Hosts" machine setting should be configured correctly. CCE-11013-0Computer Configuration\Administrative Templates\System\Troubleshooting and Diagnostics\Scripted Diagnostics\Troubleshooting: Allow users to access online troubleshooting content on Microsoft servers from the Troubleshooting Control Panel (via the Windows Online Troubleshooting Service - WOTS) HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\ScriptedDiagnosticsProvider\PolicyThe "Troubleshooting: Allow users to access online troubleshooting content on Microsoft servers from the Troubleshooting Control Panel (via the Windows Online Troubleshooting Service - WOTS)" machine setting should be configured correctly. CCE-11161-7Computer Configuration\Administrative Templates\System\Troubleshooting and Diagnostics\Scripted Diagnostics\Troubleshooting: Allow users to access and run Troubleshooting Wizards HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\ScriptedDiagnostics|The "Troubleshooting: Allow users to access and run Troubleshooting Wizards" machine setting should be configured correctly. CCE-11253-2Computer Configuration\Administrative Templates\Network\SNMP\Traps for public community HKEY_LOCAL_MACHINE\Software\Policies\SNMP\Parameters\TrapConfiguration\publicPThe "Traps for public community" machine setting should be configured correctly. CCE-10831-6Computer Configuration\Administrative Templates\Windows Components\Shutdown Options\Timeout for hung logon sessions during shutdown HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\SystemeThe "Timeout for hung logon sessions during shutdown" machine setting should be configured correctly. CCE-10468-7Computer Configuration\Administrative Templates\Windows Components\Biometrics\Timeout for fast user switching events HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Biometrics\Credential Provider\The "Timeout for fast user switching events" machine setting should be configured correctly. CCE-10928-0Computer Configuration\Administrative Templates\System\Device Installation\Device Installation Restrictions\Time (in seconds) to force reboot when required for policy changes to take effect HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\DeviceInstall\RestrictionsThe "Time (in seconds) to force reboot when required for policy changes to take effect" machine setting should be configured correctly. CCE-10358-0Computer Configuration\Administrative Templates\System\Removable Storage Access\Time (in seconds) to force reboot HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\RemovableStorageDevicesWThe "Time (in seconds) to force reboot" machine setting should be configured correctly. CCE-11732-5Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits\Terminate session when time limits are reached HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal ServicesdThe "Terminate session when time limits are reached" machine setting should be configured correctly. CCE-11159-1Computer Configuration\Administrative Templates\Network\TCPIP Settings\IPv6 Transition Technologies\Teredo State HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\TCPIP\v6TransitionBThe "Teredo State" machine setting should be configured correctly. CCE-11865-3Computer Configuration\Administrative Templates\Network\TCPIP Settings\IPv6 Transition Technologies\Teredo Server Name HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\TCPIP\v6TransitionHThe "Teredo Server Name" machine setting should be configured correctly. CCE-11770-5Computer Configuration\Administrative Templates\Network\TCPIP Settings\IPv6 Transition Technologies\Teredo Refresh Rate HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\TCPIP\v6TransitionIThe "Teredo Refresh Rate" machine setting should be configured correctly. CCE-11759-8Computer Configuration\Administrative Templates\Network\TCPIP Settings\IPv6 Transition Technologies\Teredo Default Qualified HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\TCPIP\v6TransitionNThe "Teredo Default Qualified" machine setting should be configured correctly. CCE-11737-4Computer Configuration\Administrative Templates\Network\TCPIP Settings\IPv6 Transition Technologies\Teredo Client Port HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\TCPIP\v6TransitionHThe "Teredo Client Port" machine setting should be configured correctly. CCE-12099-8Computer Configuration\Administrative Templates\System\Removable Storage Access\Tape Drives: Deny write access HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{53f5630b-b6bf-11d0-94f2-00a0c91efb8b}TThe "Tape Drives: Deny write access" machine setting should be configured correctly. CCE-10717-7Computer Configuration\Administrative Templates\System\Removable Storage Access\Tape Drives: Deny read access HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{53f5630b-b6bf-11d0-94f2-00a0c91efb8b}SThe "Tape Drives: Deny read access" machine setting should be configured correctly. CCE-10942-1Computer Configuration\Administrative Templates\System\Removable Storage Access\Tape Drives: Deny execute access HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{53f5630b-b6bf-11d0-94f2-00a0c91efb8b}VThe "Tape Drives: Deny execute access" machine setting should be configured correctly. CCE-12345-5Computer Configuration\Administrative Templates\Windows Components\Windows Customer Experience Improvement Program\Tag Windows Customer Experience Improvement data with Study Identifier HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SQMClient\Windows|The "Tag Windows Customer Experience Improvement data with Study Identifier" machine setting should be configured correctly. CCE-11669-9Computer Configuration\Administrative Templates\System\Net Logon\Sysvol share compatibility HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Netlogon\ParametersPThe "Sysvol share compatibility"< machine setting should be configured correctly. CCE-10914-0Computer Configuration\Administrative Templates\Windows Components\Tablet PC\Input Panel\Switch to the Simplified Chinese (PRC) gestures HKEY_LOCAL_MACHINE\software\policies\microsoft\TabletTip\1.7eThe "Switch to the Simplified Chinese (PRC) gestures" machine setting should be configured correctly. CCE-12269-7Computer Configuration\Administrative Templates\System\Group Policy\Startup policy processing wait time HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\SystemYThe "Startup policy processing wait time" machine setting should be configured correctly. CCE-12994-0Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment\Start a program on connection HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal ServicesSThe "Start a program on connection" machine setting should be configured correctly. CCE-10827-4Computer Configuration\Administrative Templates\Network\SSL Configuration Settings\SSL Cipher Suite Order HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Cryptography\Configuration\SSL\00010002LThe "SSL Cipher Suite Order" machine setting should be configured correctly. CCE-11076-7Computer Configuration\Administrative Templates\System\Specify Windows Service Pack installation file location HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\SetupmThe "Specify Windows Service Pack installation file location" machine setting should be configured correctly. CCE-11415-7Computer Configuration\Administrative Templates\System\Specify Windows installation file location HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Setup`The "Specify Windows installation file location" machine setting should be configured correctly. CCE-11190-6Computer Configuration\Administrative Templates\System\Power Management\Sleep Settings\Specify the Unattended Sleep Timeout (Plugged In) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Power\PowerSettings\7bc4a2f9-d8fc-4469-b07b-33eb785aaca0gThe "Specify the Unattended Sleep Timeout (Plugged In)" machine setting should be configured correctly. CCE-10757-3Computer Configuration\Administrative Templates\System\Power Management\Sleep Settings\Specify the Unattended Sleep Timeout (On Battery) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Power\PowerSettings\7bc4a2f9-d8fc-4469-b07b-33eb785aaca0gThe "Specify the Unattended Sleep Timeout (On Battery)" machine setting should be configured correctly. CCE-11658-2Computer Configuration\Administrative Templates\System\Power Management\Sleep Settings\Specify the System Sleep Timeout (Plugged In) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Power\PowerSettings\29F6C1DB-86DA-48C5-9FDB-F2B67B1F44DAcThe "Specify the System Sleep Timeout (Plugged In)" machine setting should be configured correctly. CCE-11608-7Computer Configuration\Administrative Templates\System\Power Management\Sleep Settings\Specify the System Sleep Timeout (On Battery) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Power\PowerSettings\29F6C1DB-86DA-48C5-9FDB-F2B67B1F44DAcThe "Specify the System Sleep Timeout (On Battery)" machine setting should be configured correctly. CCE-11605-3Computer Configuration\Administrative Templates\System\Power Management\Sleep Settings\Specify the System Hibernate Timeout (Plugged In) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Power\PowerSettings\9D7815A6-7EE4-497E-8888-515A05F02364gThe "Specify the System Hibernate Timeout (Plugged In)" machine setting should be configured correctly. CCE-11932-1Computer Configuration\Administrative Templates\System\Power Management\Sleep Settings\Specify the System Hibernate Timeout (On Battery) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Power\PowerSettings\9D7815A6-7EE4-497E-8888-515A05F02364gThe "Specify the System Hibernate Timeout (On Battery)" machine setting should be configured correctly. CCE-11798-6Computer Configuration\Administrative Templates\System\Power Management\Video and Display Settings\Specify the Display Dim Brightness (Plugged In) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Power\PowerSettings\f1fbfde2-a960-4165-9f88-50667911ce96eThe "Specify the Display Dim Brightness (Plugged In)" machine setting should be configured correctly. CCE-11271-4Computer Configuration\Administrative Templates\System\Power Management\Video and Display Settings\Specify the Display Dim Brightness (On Battery) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Power\PowerSettings\f1fbfde2-a960-4165-9f88-50667911ce96eThe "Specify the Display Dim Brightness (On Battery)" machine setting should be configured correctly. CCE-12044-4Computer Configuration\Administrative Templates\Windows Components\Windows Remote Shell\Specify Shell Timeout HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WinRM\Service\WinRSKThe "Specify Shell Timeout" machine setting should be configured correctly. CCE-11339-9Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Connection Client\Specify SHA1 thumbprints of certificates representing trusted .rdp publishers HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal ServicesThe "Specify SHA1 thumbprints of certificates representing trusted .rdp publishers" machine setting should be configured correctly. CCE-11470-2Computer Configuration\Administrative Templates\System\Device Installation\Specify search order for device driver source locations HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\DriverSearchingmThe "Specify search order for device driver source locations" machine setting should be configured correctly. CCE-11787-9Computer Configuration\Administrative Templates\Windows Components\Windows Remote Shell\Specify maximum number of remote shells per user HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WinRM\Service\WinRSfThe "Specify maximum number of remote shells per user" machine setting should be configured correctly. CCE-10964-5Computer Configuration\Administrative Templates\Windows Components\Windows Remote Shell\Specify maximum number of processes per Shell HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WinRM\Service\WinRScThe "Specify maximum number of processes per Shell" machine setting should be configured correctly. CCE-11614-5Computer Configuration\Administrative Templates\Windows Components\Windows Remote Shell\Specify maximum amount of memory in MB per Shell HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WinRM\Service\WinRSfThe "Specify maximum amount of memory in MB per Shell" machine setting should be configured correctly. CCE-10374-7Computer Configuration\Administrative Templates\Windows Components\Windows Update\Specify intranet Microsoft update service location HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AUhThe "Specify intranet Microsoft update service location" machine setting should be configured correctly. CCE-10416-6Computer Configuration\Administrative Templates\Windows Components\Windows Remote Shell\Specify idle Timeout HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WinRM\Service\WinRSJThe "Specify idle Timeout" machine setting should be configured correctly. CCE-11945-3Computer Configuration\Administrative Templates\Windows Components\Windows Remote Management (WinRM)\WinRM Service\Specify channel binding token hardening level HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WinRM\ServicecThe "Specify channel binding token hardening level" machine setting should be configured correctly. CCE-11875-2Computer Configuration\Administrative Templates\Windows Components\Desktop Window Manager\Window Frame Coloring\Specify a default color HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DWMMThe "Specify a default color" machine setting should be configured correctly. CCE-11324-1Computer Configuration\Administrative Templates\System\Power Management\Specify a Custom Active Power Plan HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Power\PowerS< ettingsXThe "Specify a Custom Active Power Plan" machine setting should be configured correctly. CCE-10505-6Computer Configuration\Administrative Templates\System\Remote Assistance\Solicited Remote Assistance HKEY_LOCAL_MACHINE\Software\policies\Microsoft\Windows NT\Terminal ServicesQThe "Solicited Remote Assistance" machine setting should be configured correctly. CCE-11723-4Computer Configuration\Administrative Templates\System\Group Policy\Software Installation policy processing HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Group Policy\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]The "Software Installation policy processing" machine setting should be configured correctly. CCE-13580-6Computer Configuration\Administrative Templates\System\User Profiles\Slow network connection timeout for user profiles HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\SystemgThe "Slow network connection timeout for user profiles" machine setting should be configured correctly. CCE-11942-0Computer Configuration\Administrative Templates\System\Net Logon\DC Locator DNS Records\Sites Covered by the GC Locator DNS SRV Records HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Netlogon\ParameterseThe "Sites Covered by the GC Locator DNS SRV Records" machine setting should be configured correctly. CCE-11208-6Computer Configuration\Administrative Templates\System\Net Logon\DC Locator DNS Records\Sites Covered by the DC Locator DNS SRV Records HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Netlogon\ParameterseThe "Sites Covered by the DC Locator DNS SRV Records" machine setting should be configured correctly. CCE-12086-5Computer Configuration\Administrative Templates\System\Net Logon\DC Locator DNS Records\Sites Covered by the Application Directory Partition Locator DNS SRV Records HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Netlogon\ParametersThe "Sites Covered by the Application Directory Partition Locator DNS SRV Records" machine setting should be configured correctly. CCE-10920-7Computer Configuration\Administrative Templates\System\Net Logon\Site Name HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Netlogon\Parameters?The "Site Name" machine setting should be configured correctly. CCE-11371-2Computer Configuration\Administrative Templates\System\Filesystem\NTFS\Short name creation options HKEY_LOCAL_MACHINE\System\CurrentControlSet\PoliciesQThe "Short name creation options" machine setting should be configured correctly. CCE-12312-5Computer Configuration\Administrative Templates\Network\Sets how often a DFS Client discovers DC's HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\System\DFSClient`The "Sets how often a DFS Client discovers DC's" machine setting should be configured correctly. CCE-10907-4Computer Configuration\Administrative Templates\Network\Background Intelligent Transfer Service (BITS)\Set up a work schedule to limit the maximum network bandwidth used for BITS background transfers HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\BITS\ThrottlingThe "Set up a work schedule to limit the maximum network bandwidth used for BITS background transfers" machine setting should be configured correctly. CCE-11181-5Computer Configuration\Administrative Templates\Network\Background Intelligent Transfer Service (BITS)\Set up a maintenance schedule to limit the maximum network bandwidth used for BITS background transfers HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\BITS\ThrottlingThe "Set up a maintenance schedule to limit the maximum network bandwidth used for BITS background transfers" machine setting should be configured correctly. CCE-11500-6Computer Configuration\Administrative Templates\Network\QoS Packet Scheduler\Set timer resolution HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\PschedJThe "Set timer resolution" machine setting should be configured correctly. CCE-11012-2Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits\Set time limit for logoff of RemoteApp sessions HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal ServiceseThe "Set time limit for logoff of RemoteApp sessions" machine setting should be configured correctly. CCE-12003-0Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits\Set time limit for disconnected sessions HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services^The "Set time limit for disconnected sessions" machine setting should be configured correctly. CCE-11117-9Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits\Set time limit for active Remote Desktop Services sessions HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal ServicespThe "Set time limit for active Remote Desktop Services sessions" machine setting should be configured correctly. CCE-11326-6Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits\Set time limit for active but idle Remote Desktop Services sessions HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal ServicesyThe "Set time limit for active but idle Remote Desktop Services sessions" machine setting should be configured correctly. CCE-11506-3Computer Configuration\Administrative Templates\Windows Components\Windows System Resource Manager\Set the Time interval in minutes for logging accounting data HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\WSRMrThe "Set the Time interval in minutes for logging accounting data" machine setting should be configured correctly. CCE-10876-1Computer Configuration\Administrative Templates\Windows Components\Windows System Resource Manager\Set the SMTP Server used to send notifications HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\WSRMdThe "Set the SMTP Server used to send notifications" machine setting should be configured correctly. CCE-11260-7Computer Configuration\Administrative Templates\Network\Microsoft Peer-to-Peer Networking Services\Peer Name Resolution Protocol\Site-Local Clouds\Set the Seed Server HKEY_LOCAL_MACHINE\Software\policies\Microsoft\Peernet\Pnrp\IPv6-SiteLocal]The "Set the Seed Server" machine setting should be configured correctly for IPv6 Site Local. CCE-11560-0Computer Configuration\Administrative Templates\Network\Microsoft Peer-to-Peer Networking Services\Peer Name Resolution Protocol\Link-Local Clouds\Set the Seed Server HKEY_LOCAL_MACHINE\Software\policies\Microsoft\Peernet\Pnrp\IPv6-LinkLocal]The "Set the Seed Server" machine setting should be configured correctly for IPv6 Link Local. CCE-10585-8Computer Configuration\Administrative Templates\Network\Microsoft Peer-to-Peer Networking Services\Peer Name Resolution Protocol\Global Clouds\Set the Seed Server HKEY_LOCAL_MACHINE\Software\policies\Microsoft\Peernet\Pnrp\IPv6-GlobalYThe "Set the Seed Server" machine setting should be configured correctly for IPv6 Global. CCE-11627-7Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Licensing\Set the Remote Desktop licensing mode HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services[The "Set the Remote Desktop licensing mode" machine setting should be configured correctly. CCE-10893-6Computer Configuration\Administrative Templates\Windows Components\Password Synchronization\Set the number of synchronization retries for servers running Password Synchronization HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\PswdSyncThe "Set the number of synchronization retries for servers running Password Synchronization" machine setting should be configured correctly. CCE-11716-8Computer Configuration\Administrative Templates\Windows Components\Server for NIS\Set the map update interval for NIS subordinate servers HKEY_LOCAL_MACHINE\Software\Policies\Micr< osoft\Windows\Server for NISmThe "Set the map update interval for NIS subordinate servers" machine setting should be configured correctly. CCE-12273-9Computer Configuration\Administrative Templates\Windows Components\Password Synchronization\Set the interval between synchronization retries for Password Synchronization HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\PswdSyncThe "Set the interval between synchronization retries for Password Synchronization" machine setting should be configured correctly. CCE-11384-5Computer Configuration\Administrative Templates\Windows Components\Windows System Resource Manager\Set the Email IDs to which notifications are to be sent HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\WSRMmThe "Set the Email IDs to which notifications are to be sent" machine setting should be configured correctly. CCE-11724-2Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections\Set rules for remote control of Remote Desktop Services user sessions HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services{The "Set rules for remote control of Remote Desktop Services user sessions" machine setting should be configured correctly. CCE-11693-9Computer Configuration\Administrative Templates\System\User Profiles\Set roaming profile path for all users logging onto this computer HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\SystemwThe "Set roaming profile path for all users logging onto this computer" machine setting should be configured correctly. CCE-11689-7Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Profiles\Set Remote Desktop Services User Home Directory HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal ServiceseThe "Set Remote Desktop Services User Home Directory" machine setting should be configured correctly. CCE-11366-2Computer Configuration\Administrative Templates\Network\Microsoft Peer-to-Peer Networking Services\Peer Name Resolution Protocol\Site-Local Clouds\Set PNRP cloud to resolve only HKEY_LOCAL_MACHINE\Software\policies\Microsoft\Peernet\Pnrp\IPv6-SiteLocalhThe "Set PNRP cloud to resolve only" machine setting should be configured correctly for IPv6 Site Local. CCE-11463-7Computer Configuration\Administrative Templates\Network\Microsoft Peer-to-Peer Networking Services\Peer Name Resolution Protocol\Link-Local Clouds\Set PNRP cloud to resolve only HKEY_LOCAL_MACHINE\Software\policies\Microsoft\Peernet\Pnrp\IPv6-LinkLocalhThe "Set PNRP cloud to resolve only" machine setting should be configured correctly for IPv6 Link Local. CCE-11524-6Computer Configuration\Administrative Templates\Network\Microsoft Peer-to-Peer Networking Services\Peer Name Resolution Protocol\Global Clouds\Set PNRP cloud to resolve only HKEY_LOCAL_MACHINE\Software\policies\Microsoft\Peernet\Pnrp\IPv6-GlobaldThe "Set PNRP cloud to resolve only" machine setting should be configured correctly for IPv6 Global. CCE-11742-4Computer Configuration\Administrative Templates\Network\BranchCache\Set percentage of disk space used for client computer cache HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\PeerDist\CacheMgr\RepublicationqThe "Set percentage of disk space used for client computer cache" machine setting should be configured correctly. CCE-11417-3Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Profiles\Set path for Remote Desktop Services Roaming User Profile HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal ServicesoThe "Set path for Remote Desktop Services Roaming User Profile" machine setting should be configured correctly. CCE-11296-1Computer Configuration\Administrative Templates\System\User Profiles\Set maximum wait time for the network if a user has a roaming user profile or remote home directory HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\SystemThe "Set maximum wait time for the network if a user has a roaming user profile or remote home directory" machine setting should be configured correctly. CCE-11556-8Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment\Set compression algorithm for RDP data HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\The "Set compression algorithm for RDP data" machine setting should be configured correctly. CCE-10815-9Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security\Set client connection encryption level HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\The "Set client connection encryption level" machine setting should be configured correctly. CCE-11677-2Computer Configuration\Administrative Templates\Network\BranchCache\Set BranchCache Hosted Cache mode HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\PeerDist\HostedCache\ConnectionWThe "Set BranchCache Hosted Cache mode" machine setting should be configured correctly. CCE-11436-3Computer Configuration\Administrative Templates\Network\BranchCache\Set BranchCache Distributed Cache mode HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\PeerDist\CooperativeCaching\The "Set BranchCache Distributed Cache mode" machine setting should be configured correctly. CCE-11977-6Computer Configuration\Administrative Templates\Windows Components\Windows Explorer\Set a support web page link HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\ExplorerQThe "Set a support web page link" machine setting should be configured correctly. CCE-10766-4Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security\Server Authentication Certificate Template HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services`The "Server Authentication Certificate Template" machine setting should be configured correctly. CCE-11833-1Computer Configuration\Administrative Templates\System\Filesystem\Selectively allow the evaluation of a symbolic link HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Filesystems\NTFSiThe "Selectively allow the evaluation of a symbolic link" machine setting should be configured correctly. CCE-10682-3Computer Configuration\Administrative Templates\System\Power Management\Button Settings\Select the Sleep Button Action (Plugged In) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Power\PowerSettings\96996BC0-AD50-47EC-923B-6F41874DD9EBaThe "Select the Sleep Button Action (Plugged In)" machine setting should be configured correctly. CCE-10555-1Computer Configuration\Administrative Templates\System\Power Management\Button Settings\Select the Sleep Button Action (On Battery) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Power\PowerSettings\96996BC0-AD50-47EC-923B-6F41874DD9EBaThe "Select the Sleep Button Action (On Battery)" machine setting should be configured correctly. CCE-11832-3Computer Configuration\Administrative Templates\System\Power Management\Button Settings\Select the Power Button Action (Plugged In) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Power\PowerSettings\7648EFA3-DD9C-4E3E-B566-50F929386280aThe "Select the Power Button Action (Plugged In)" machine setting should be configured correctly. CCE-10662-5Computer Configuration\Administrative Templates\System\Power Management\Button Settings\Select the Power Button Action (On Battery) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Power\PowerSettings\7648EFA3-DD9C-4E3E-B566-50F929386280aThe "Select the Power Button Action (On Battery)" machine setting should be configured correctly. CCE-11251-6:Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Application Compatibility\Select the network adapter to be used for Remote Desktop IP Virtualization HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Ter< minal Services\TSAppSrv\VirtualIPThe "Select the network adapter to be used for Remote Desktop IP Virtualization" machine setting should be configured correctly. CCE-10987-6Computer Configuration\Administrative Templates\System\Power Management\Button Settings\Select the Lid Switch Action (Plugged In) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Power\PowerSettings\5CA83367-6E45-459F-A27B-476B1D01C936_The "Select the Lid Switch Action (Plugged In)" machine setting should be configured correctly. CCE-12232-5Computer Configuration\Administrative Templates\System\Power Management\Button Settings\Select the Lid Switch Action (On Battery) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Power\PowerSettings\5CA83367-6E45-459F-A27B-476B1D01C936_The "Select the Lid Switch Action (On Battery)" machine setting should be configured correctly. CCE-11944-6Computer Configuration\Administrative Templates\System\Power Management\Select an Active Power Plan HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Power\PowerSettingsQThe "Select an Active Power Plan" machine setting should be configured correctly. CCE-11529-5Computer Configuration\Administrative Templates\System\Group Policy\Security policy processing HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Group Policy\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}PThe "Security policy processing" machine setting should be configured correctly. CCE-14153-1Computer Configuration\Administrative Templates\System\Group Policy\Scripts policy processing HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Group Policy\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}OThe "Scripts policy processing" machine setting should be configured correctly. CCE-12661-5Computer Configuration\Administrative Templates\System\Net Logon\Scavenge Interval HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Netlogon\ParametersGThe "Scavenge Interval" machine setting should be configured correctly. CCE-11389-4Computer Configuration\Administrative Templates\System\Scripts\Run Windows PowerShell scripts first at user logon, logoff HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\SystempThe "Run Windows PowerShell scripts first at user logon, logoff" machine setting should be configured correctly. CCE-10301-0Computer Configuration\Administrative Templates\System\Scripts\Run Windows PowerShell scripts first at computer startup, shutdown HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\SystemxThe "Run Windows PowerShell scripts first at computer startup, shutdown" machine setting should be configured correctly. CCE-11612-9Computer Configuration\Administrative Templates\System\Logon\Run these programs at user logon HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\RunVThe "Run these programs at user logon" machine setting should be configured correctly. CCE-11114-6Computer Configuration\Administrative Templates\System\Scripts\Run startup scripts visible HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\SystemQThe "Run startup scripts visible" machine setting should be configured correctly. CCE-10719-3Computer Configuration\Administrative Templates\System\Scripts\Run startup scripts asynchronously HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\SystemXThe "Run startup scripts asynchronously" machine setting should be configured correctly. CCE-11437-1Computer Configuration\Administrative Templates\System\Scripts\Run shutdown scripts visible HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\SystemRThe "Run shutdown scripts visible" machine setting should be configured correctly. CCE-11301-9Computer Configuration\Administrative Templates\System\Scripts\Run logon scripts synchronously HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\SystemUThe "Run logon scripts synchronously" machine setting should be configured correctly. CCE-10963-7Computer Configuration\Administrative Templates\System\Remote Procedure Call\RPC Troubleshooting State Information HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Rpc[The "RPC Troubleshooting State Information" machine setting should be configured correctly. CCE-11641-8Computer Configuration\Administrative Templates\System\Remote Procedure Call\RPC Endpoint Mapper Client Authentication HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Rpc_The "RPC Endpoint Mapper Client Authentication" machine setting should be configured correctly. CCE-10715-1Computer Configuration\Administrative Templates\Network\Network Connections\Route all traffic through the internal network HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\TCPIP\v6TransitiondThe "Route all traffic through the internal network" machine setting should be configured correctly. CCE-11300-1Computer Configuration\Administrative Templates\Windows Components\Smart Card\Reverse the subject name stored in a certificate when displaying HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\SmartCardCredentialProvidervThe "Reverse the subject name stored in a certificate when displaying" machine setting should be configured correctly. CCE-12001-4Computer Configuration\Administrative Templates\Windows Components\Event Log Service\System\Retain old events HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\EventLog\System CCE-11055-1Computer Configuration\Administrative Templates\Windows Components\Event Log Service\Setup\Retain old events HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\EventLog\Setup CCE-10309-3Computer Configuration\Administrative Templates\Windows Components\Event Log Service\Security\Retain old events HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\EventLog\Security CCE-10663-3Computer Configuration\Administrative Templates\Windows Components\Event Log Service\Application\Retain old events HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\EventLog\Application CCE-10918-1Computer Configuration\Administrative Templates\Control Panel\Regional and Language Options\Restricts the UI language Windows uses for all logged users HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\MUI\SettingsqThe "Restricts the UI language Windows uses for all logged users" machine setting should be configured correctly. CCE-11540-2Computer Configuration\Administrative Templates\System\Remote Procedure Call\Restrictions for Unauthenticated RPC clients HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\RpcbThe "Restrictions for Unauthenticated RPC clients" machine setting should be configured correctly. CCE-10881-1Computer Configuration\Administrative Templates\System\Locale Services\Restrict user locales HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Control Panel\InternationalKThe "Restrict user locales" machine setting should be configured correctly. CCE-11380-3Computer Configuration\Administrative Templates\Windows Components\Desktop Gadgets\Restrict unpacking and installation of gadgets that are not digitally signed. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Windows\SidebarThe "Restrict unpacking and installation of gadgets that are not digitally signed." machine setting should be configured correctly. CCE-10610-4Computer Configuration\Administrative Templates\System\Restrict these programs from being launched from Help HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\SystemkThe "Restrict these programs from being launched from Help" machine setting should be configured correctly. CCE-12090-7Computer Configuration\Administrative Templates\System\Locale Services\Restrict system locales HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Control Panel\InternationalMThe "Restrict system locales" machine setting should be configured correctly. CCE-11432-2!Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections\Restrict Remote Desktop Services users to a single Remote Desktop Services session HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Micros< oft\Windows NT\Terminal ServicesThe "Restrict Remote Desktop Services users to a single Remote Desktop Services session" machine setting should be configured correctly. CCE-12016-2Computer Configuration\Administrative Templates\System\Restrict potentially unsafe HTML Help functions to specified folders HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\SystemzThe "Restrict potentially unsafe HTML Help functions to specified folders" machine setting should be configured correctly. CCE-11307-6Computer Configuration\Administrative Templates\System\Internet Communication Management\Restrict Internet communication HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\InternetManagementUThe "Restrict Internet communication" machine setting should be configured correctly. CCE-11439-7Computer Configuration\Administrative Templates\System\Power Management\Notification Settings\Reserve Battery Notification Level HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Power\PowerSettings\F3C5027D-CD16-4930-AA6B-90DB844A8F00XThe "Reserve Battery Notification Level" machine setting should be configured correctly. CCE-11985-9Computer Configuration\Administrative Templates\Windows Components\Windows Update\Reschedule Automatic Updates scheduled installations HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AUjThe "Reschedule Automatic Updates scheduled installations" machine setting should be configured correctly. CCE-11923-0$Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security\Require user authentication for remote connections by using Network Level Authentication HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal ServicesThe "Require user authentication for remote connections by using Network Level Authentication" machine setting should be configured correctly. CCE-10338-2Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security\Require use of specific security layer for remote (RDP) connections HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal ServicesyThe "Require use of specific security layer for remote (RDP) connections" machine setting should be configured correctly. CCE-11295-3Computer Configuration\Administrative Templates\Windows Components\Credential User Interface\Require trusted path for credential entry. HKEY_LOCAL_MACHINE\`The "Require trusted path for credential entry." machine setting should be configured correctly. CCE-12070-9Computer Configuration\Administrative Templates\System\Kerberos\Require strict target SPN match on remote procedure calls HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos\ParametersoThe "Require strict target SPN match on remote procedure calls" machine setting should be configured correctly. CCE-12131-9Computer Configuration\Administrative Templates\System\Kerberos\Require strict KDC validation HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos\ParametersSThe "Require strict KDC validation" machine setting should be configured correctly. CCE-11919-8Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security\Require secure RPC communication HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal ServicesVThe "Require secure RPC communication" machine setting should be configured correctly. CCE-11368-8Computer Configuration\Administrative Templates\Network\Network Connections\Require domain users to elevate when setting a network's location HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Network ConnectionswThe "Require domain users to elevate when setting a network's location" machine setting should be configured correctly. CCE-11610-3Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives\Require additional authentication at startup HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVEbThe "Require additional authentication at startup" machine setting should be configured correctly. CCE-11933-9Computer Configuration\Administrative Templates\Windows Components\Windows SideShow\Require a PIN to access data on devices running Microsoft firmware HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\SideShowxThe "Require a PIN to access data on devices running Microsoft firmware" machine setting should be configured correctly. CCE-10791-2Computer Configuration\Administrative Templates\System\Power Management\Sleep Settings\Require a Password When a Computer Wakes (Plugged In) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Power\PowerSettings\0e796bdb-100d-47d6-a2d5-f7d2daa51f51kThe "Require a Password When a Computer Wakes (Plugged In)" machine setting should be configured correctly. CCE-11651-7Computer Configuration\Administrative Templates\System\Power Management\Sleep Settings\Require a Password When a Computer Wakes (On Battery) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Power\PowerSettings\0e796bdb-100d-47d6-a2d5-f7d2daa51f51kThe "Require a Password When a Computer Wakes (On Battery)" machine setting should be configured correctly. CCE-12088-1Computer Configuration\Administrative Templates\Windows Components\Windows Update\Re-prompt for restart with scheduled installations HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AUhThe "Re-prompt for restart with scheduled installations" machine setting should be configured correctly. CCE-11308-4Computer Configuration\Administrative Templates\Windows Components\Windows Logon Options\Report when logon server was not available during user logon HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\SystemrThe "Report when logon server was not available during user logon" machine setting should be configured correctly. CCE-12260-6 Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment\Remove Windows Security item from Start menu HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\ExplorerbThe "Remove Windows Security item from Start menu" machine setting should be configured correctly. CCE-11421-5Computer Configuration\Administrative Templates\System\Group Policy\Remove users ability to invoke machine policy refresh HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\SystemkThe "Remove users ability to invoke machine policy refresh" machine setting should be configured correctly. CCE-12585-6Computer Configuration\Administrative Templates\Windows Components\Application Compatibility\Remove Program Compatibility Property Page HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\AppCompat`The "Remove Program Compatibility Property Page" machine setting should be configured correctly. CCE-11182-3Computer Configuration\Administrative Templates\Network\Offline Files\Remove 'Make Available Offline' HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\NetCacheUThe "Remove 'Make Available Offline'" machine setting should be configured correctly. CCE-12200-2Computer Configuration\Administrative Templates\Windows Components\Windows Installer\Remove browse dialog box for new source HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer]The "Remove browse dialog box for new source" machine setting should be configured correctly. CCE-11911-5Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment\Remove "Disconnect" option from Shut Down dialog HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\ExplorerfThe "Remove "Disconnect" option from Shut Down dialog" machine setting should be configured correctly. CCE-11997-4Computer Configuration\Administrative Templates\System\Removable Storage Access\Removable Disks: Deny write access HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Remo< vableStorageDevices\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}XThe "Removable Disks: Deny write access" machine setting should be configured correctly. CCE-10469-5Computer Configuration\Administrative Templates\System\Removable Storage Access\Removable Disks: Deny read access HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}WThe "Removable Disks: Deny read access" machine setting should be configured correctly. CCE-12029-5Computer Configuration\Administrative Templates\System\Removable Storage Access\Removable Disks: Deny execute access HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}ZThe "Removable Disks: Deny execute access" machine setting should be configured correctly. CCE-11773-9Computer Configuration\Administrative Templates\System\Group Policy\Registry policy processing HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}PThe "Registry policy processing" machine setting should be configured correctly. CCE-12754-8Computer Configuration\Administrative Templates\Network\DNS Client\Registration Refresh Interval HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\DNSClientSThe "Registration Refresh Interval" machine setting should be configured correctly. CCE-11086-6Computer Configuration\Administrative Templates\Network\DNS Client\Register PTR Records HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\DNSClientJThe "Register PTR Records" machine setting should be configured correctly. CCE-11063-5Computer Configuration\Administrative Templates\Network\DNS Client\Register DNS records with connection-specific DNS suffix HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\DNSClientnThe "Register DNS records with connection-specific DNS suffix" machine setting should be configured correctly. CCE-10579-1Computer Configuration\Administrative Templates\System\Net Logon\DC Locator DNS Records\Refresh Interval of the DC Locator DNS Records HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Netlogon\ParametersdThe "Refresh Interval of the DC Locator DNS Records" machine setting should be configured correctly. CCE-11053-6Computer Configuration\Administrative Templates\System\Power Management\Video and Display Settings\Reduce Display Brightness (Plugged In) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Power\PowerSettings\17aaa29b-8b43-4b94-aafe-35f64daaf1ee\The "Reduce Display Brightness (Plugged In)" machine setting should be configured correctly. CCE-11199-7Computer Configuration\Administrative Templates\System\Power Management\Video and Display Settings\Reduce Display Brightness (On Battery) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Power\PowerSettings\17aaa29b-8b43-4b94-aafe-35f64daaf1ee\The "Reduce Display Brightness (On Battery)" machine setting should be configured correctly. CCE-12083-2Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Printer Redirection\Redirect only the default client printer HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services^The "Redirect only the default client printer" machine setting should be configured correctly. CCE-10977-7Computer Configuration\Administrative Templates\Network\QoS Packet Scheduler\Layer-2 priority value\Qualitative service type HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Psched\UserPriorityMapping CCE-11479-3Computer Configuration\Administrative Templates\Network\QoS Packet Scheduler\DSCP value of non-conforming packets\Qualitative service type HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Psched\DiffservByteMappingNonConforming CCE-11192-2Computer Configuration\Administrative Templates\Network\QoS Packet Scheduler\DSCP value of conforming packets\Qualitative service type HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Psched\DiffservByteMappingConforming CCE-11698-8Computer Configuration\Administrative Templates\Printers\Prune printers that are not automatically republished HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\PrinterskThe "Prune printers that are not automatically republished" machine setting should be configured correctly. CCE-12150-9Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Provide the unique identifiers for your organization HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVEjThe "Provide the unique identifiers for your organization" machine setting should be configured correctly. CCE-11258-1Computer Configuration\Administrative Templates\System\KDC\Provide information about previous logons to client computers HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\KDC\ParameterssThe "Provide information about previous logons to client computers" machine setting should be configured correctly. CCE-11564-2Computer Configuration\Administrative Templates\System\Remote Procedure Call\Propagation of extended error information HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Rpc_The "Propagation of extended error information" machine setting should be configured correctly. CCE-11338-1Computer Configuration\Administrative Templates\System\User Profiles\Prompt user when a slow network connection is detected HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\SystemlThe "Prompt user when a slow network connection is detected" machine setting should be configured correctly. CCE-11122-9Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Connection Client\Prompt for credentials on the client computer HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal ServicescThe "Prompt for credentials on the client computer" machine setting should be configured correctly. CCE-11711-9Computer Configuration\Administrative Templates\Windows Components\Windows Installer\Prohibit Use of Restart Manager HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\InstallerUThe "Prohibit Use of Restart Manager" machine setting should be configured correctly. CCE-11077-5Computer Configuration\Administrative Templates\Windows Components\Windows Installer\Prohibit rollback HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\InstallerGThe "Prohibit rollback" machine setting should be configured correctly. CCE-10670-8Computer Configuration\Administrative Templates\Windows Components\Windows Installer\Prohibit removal of updates HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\InstallerQThe "Prohibit removal of updates" machine setting should be configured correctly. CCE-11498-3Computer Configuration\Administrative Templates\Windows Components\Windows Installer\Prohibit patching HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\InstallerGThe "Prohibit patching" machine setting should be configured correctly. CCE-11118-7Computer Configuration\Administrative Templates\Windows Components\Windows Installer\Prohibit non-administrators from applying vendor signed updates HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\InstalleruThe "Prohibit non-administrators from applying vendor signed updates" machine setting should be configured correctly. CCE-11468-6Computer Configuration\Administrative Templates\Windows Components\Windows Color System\Prohibit installing or uninstalling color profiles HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsColorSystemhThe "Prohibit installing or uninstalling color profiles" machine setting should be configured correctly. CCE-12011-3Computer Configuration\Administrative Templates\Network\Network Connections\Prohibit installation and configuration of Network Bridge on your DNS domain network HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Network ConnectionsThe "Prohibit installation and configuration of Network Bridge on your DNS domain network" machine setting should be configured correctly. CCE-12074-1Computer Configurati< on\Administrative Templates\Windows Components\Windows Installer\Prohibit Flyweight Patching HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\InstallerQThe "Prohibit Flyweight Patching" machine setting should be configured correctly. CCE-11599-8Computer Configuration\Administrative Templates\Network\Windows Connect Now\Prohibit Access of the Windows Connect Now wizards HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WCN\UIhThe "Prohibit Access of the Windows Connect Now wizards" machine setting should be configured correctly. CCE-11155-9Computer Configuration\Administrative Templates\System\Net Logon\DC Locator DNS Records\Priority Set in the DC Locator DNS SRV Records HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Netlogon\ParametersdThe "Priority Set in the DC Locator DNS SRV Records" machine setting should be configured correctly. CCE-11072-6Computer Configuration\Administrative Templates\System\Device Installation\Prioritize all digitally signed drivers equally during the driver ranking and selection process HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\DeviceInstall\SettingsThe "Prioritize all digitally signed drivers equally during the driver ranking and selection process" machine setting should be configured correctly. CCE-10951-2Computer Configuration\Administrative Templates\Printers\Printer browsing HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\PrintersFThe "Printer browsing" machine setting should be configured correctly. CCE-11383-7Computer Configuration\Administrative Templates\Network\DNS Client\Primary DNS Suffix Devolution Level HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\DNSClientYThe "Primary DNS Suffix Devolution Level" machine setting should be configured correctly. CCE-11157-5Computer Configuration\Administrative Templates\Network\DNS Client\Primary DNS Suffix Devolution HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\DNSClientSThe "Primary DNS Suffix Devolution" machine setting should be configured correctly. CCE-10931-4Computer Configuration\Administrative Templates\Network\DNS Client\Primary DNS Suffix HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\System\DNSClientHThe "Primary DNS Suffix" machine setting should be configured correctly. CCE-11475-1Computer Configuration\Administrative Templates\Windows Components\Windows Media Digital Rights Management\Prevent Windows Media DRM Internet Access HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WMDRM_The "Prevent Windows Media DRM Internet Access" machine setting should be configured correctly. CCE-11052-8 Computer Configuration\Administrative Templates\System\Device Installation\Prevent Windows from sending an error report when a device driver requests additional software during installation HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\DeviceInstall\SettingsThe "Prevent Windows from sending an error report when a device driver requests additional software during installation" machine setting should be configured correctly. CCE-11336-5Computer Configuration\Administrative Templates\Windows Components\Windows Anytime Upgrade\Prevent Windows Anytime Upgrade from running. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\WAUcThe "Prevent Windows Anytime Upgrade from running." machine setting should be configured correctly. CCE-10544-5Computer Configuration\Administrative Templates\Windows Components\Windows Media Player\Prevent Video Smoothing HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsMediaPlayerMThe "Prevent Video Smoothing" machine setting should be configured correctly. CCE-11765-5Computer Configuration\Administrative Templates\Windows Components\HomeGroup\Prevent the computer from joining a homegroup HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\HomeGroupcThe "Prevent the computer from joining a homegroup" machine setting should be configured correctly. CCE-10691-4Computer Configuration\Administrative Templates\System\User Profiles\Prevent Roaming Profile changes from propagating to the server HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\SystemtThe "Prevent Roaming Profile changes from propagating to the server" machine setting should be configured correctly. CCE-10384-6Computer Configuration\Administrative Templates\Windows Components\Windows Explorer\Previous Versions\Prevent restoring remote previous versions HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\PreviousVersions`The "Prevent restoring remote previous versions" machine setting should be configured correctly. CCE-10908-2Computer Configuration\Administrative Templates\Windows Components\Windows Explorer\Previous Versions\Prevent restoring previous versions from backups HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\PreviousVersionsfThe "Prevent restoring previous versions from backups" machine setting should be configured correctly. CCE-11323-3Computer Configuration\Administrative Templates\Windows Components\Windows Explorer\Previous Versions\Prevent restoring local previous versions HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\PreviousVersions_The "Prevent restoring local previous versions" machine setting should be configured correctly. CCE-11026-2Computer Configuration\Administrative Templates\Windows Components\Windows Media Player\Prevent Quick Launch Toolbar Shortcut Creation HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsMediaPlayerdThe "Prevent Quick Launch Toolbar Shortcut Creation" machine setting should be configured correctly. CCE-12108-7Computer Configuration\Administrative Templates\Windows Components\Tablet PC\Hardware Buttons\Prevent press and hold HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\TabletPCLThe "Prevent press and hold" machine setting should be configured correctly. CCE-11983-4Computer Configuration\Administrative Templates\Windows Components\Smart Card\Prevent plaintext PINs from being returned by Credential Manager HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\SmartCardCredentialProvidervThe "Prevent plaintext PINs from being returned by Credential Manager" machine setting should be configured correctly. CCE-11378-7Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Prevent memory overwrite on restart HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVEYThe "Prevent memory overwrite on restart" machine setting should be configured correctly. CCE-11928-9Computer Configuration\Administrative Templates\Windows Components\Windows Media Player\Prevent Media Sharing HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsMediaPlayerKThe "Prevent Media Sharing" machine setting should be configured correctly. CCE-11090-8Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\RD Licensing\Prevent license upgrade HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal ServicesMThe "Prevent license upgrade" machine setting should be configured correctly. CCE-11392-8Computer Configuration\Administrative Templates\Windows Components\Tablet PC\Hardware Buttons\Prevent launch an application HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\TabletPCSThe "Prevent launch an application" machine setting should be configured correctly. CCE-11286-2Computer Configuration\Administrative Templates\System\Device Installation\Device Installation Restrictions\Prevent installation of removable devices HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\DeviceInstall\Restrictions_The "Prevent installation of removable devices" machine setting should be configured correctly. CCE-11662-4Computer Configuration\Administrative Templates\System\Device Installation\Device Installation Restrictions\Prevent installation of devices using drivers that match these device setup classes HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\DeviceInstall\RestrictionsThe "Prevent installation of devices using drivers that match these device setup classes" machine setting should be configured correctly. CCE-10478-6Computer Configuration\Adminis< trative Templates\System\Device Installation\Device Installation Restrictions\Prevent installation of devices that match any of these device IDs HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\DeviceInstall\RestrictionsxThe "Prevent installation of devices that match any of these device IDs" machine setting should be configured correctly. CCE-11764-8Computer Configuration\Administrative Templates\System\Device Installation\Device Installation Restrictions\Prevent installation of devices not described by other policy settings HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\DeviceInstall\Restrictions|The "Prevent installation of devices not described by other policy settings" machine setting should be configured correctly. CCE-11591-5Computer Configuration\Administrative Templates\Windows Components\Tablet PC\Input Panel\Prevent Input Panel tab from appearing HKEY_LOCAL_MACHINE\software\policies\microsoft\TabletTip\1.7\The "Prevent Input Panel tab from appearing" machine setting should be configured correctly. CCE-11080-9Computer Configuration\Administrative Templates\Windows Components\Tablet PC\Pen Flicks Learning\Prevent Flicks Learning Mode HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\TabletPCRThe "Prevent Flicks Learning Mode" machine setting should be configured correctly. CCE-11488-4Computer Configuration\Administrative Templates\Windows Components\Tablet PC\Pen UX Behaviors\Prevent flicks HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\TabletPCDThe "Prevent flicks" machine setting should be configured correctly. CCE-11665-7Computer Configuration\Administrative Templates\Windows Components\Windows Error Reporting\Prevent display of the user interface for critical errors HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error ReportingoThe "Prevent display of the user interface for critical errors" machine setting should be configured correctly. CCE-11941-2Computer Configuration\Administrative Templates\System\Device Installation\Prevent device metadata retrieval from the Internet HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Device MetadataiThe "Prevent device metadata retrieval from the Internet" machine setting should be configured correctly. CCE-11589-9Computer Configuration\Administrative Templates\Windows Components\Windows Media Player\Prevent Desktop Shortcut Creation HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsMediaPlayerWThe "Prevent Desktop Shortcut Creation" machine setting should be configured correctly. CCE-11598-0Computer Configuration\Administrative Templates\System\Device Installation\Prevent creation of a system restore point during device activity that would normally prompt creation of a restore point HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\DeviceInstall\SettingsThe "Prevent creation of a system restore point during device activity that would normally prompt creation of a restore point" machine setting should be configured correctly. CCE-10546-0Computer Configuration\Administrative Templates\Windows Components\Backup\Client\Prevent backing up to optical media (CD/DVD) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Backup\ClientbThe "Prevent backing up to optical media (CD/DVD)" machine setting should be configured correctly. CCE-11412-4Computer Configuration\Administrative Templates\Windows Components\Backup\Client\Prevent backing up to network location HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Backup\Client\The "Prevent backing up to network location" machine setting should be configured correctly. CCE-10508-0Computer Configuration\Administrative Templates\Windows Components\Backup\Client\Prevent backing up to local disks HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Backup\ClientWThe "Prevent backing up to local disks" machine setting should be configured correctly. CCE-10665-8Computer Configuration\Administrative Templates\Windows Components\Tablet PC\Hardware Buttons\Prevent Back-ESC mapping HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\TabletPCNThe "Prevent Back-ESC mapping" machine setting should be configured correctly. CCE-10776-3Computer Configuration\Administrative Templates\Windows Components\Windows Media Player\Prevent Automatic Updates HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsMediaPlayerOThe "Prevent Automatic Updates" machine setting should be configured correctly. CCE-11298-7Computer Configuration\Administrative Templates\Windows Components\Application Compatibility\Prevent access to 16-bit applications HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\AppCompat[The "Prevent access to 16-bit applications" machine setting should be configured correctly. CCE-11274-8Computer Configuration\Administrative Templates\Printers\Pre-populate printer search location text HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Printers_The "Pre-populate printer search location text" machine setting should be configured correctly. CCE-11487-6Computer Configuration\Administrative Templates\System\Net Logon\Positive Periodic DC Cache Refresh for Non-Background Callers HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Netlogon\ParameterssThe "Positive Periodic DC Cache Refresh for Non-Background Callers" machine setting should be configured correctly. CCE-11005-6Computer Configuration\Administrative Templates\System\Net Logon\Positive Periodic DC Cache Refresh for Background Callers HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Netlogon\ParametersoThe "Positive Periodic DC Cache Refresh for Background Callers" machine setting should be configured correctly. CCE-11799-4Computer Configuration\Administrative Templates\Printers\Point and Print Restrictions HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Printers\PointAndPrintRThe "Point and Print Restrictions" machine setting should be configured correctly. CCE-11925-5Computer Configuration\Administrative Templates\Network\SNMP\Permitted Managers HKEY_LOCAL_MACHINE\Software\Policies\SNMP\Parameters\PermittedManagersHThe "Permitted Managers" machine setting should be configured correctly. CCE-10945-4Computer Configuration\Administrative Templates\Printers\Package Point and print - Approved servers HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Printers\PackagePointAndPrint`The "Package Point and print - Approved servers" machine setting should be configured correctly. CCE-11863-8Computer Configuration\Administrative Templates\Windows Components\Desktop Gadgets\Override the More Gadgets link HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Windows\SidebarTThe "Override the More Gadgets link" machine setting should be configured correctly. CCE-11365-4Computer Configuration\Administrative Templates\Printers\Override print driver execution compatibility setting reported by print driver HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\PrintersThe "Override print driver execution compatibility setting reported by print driver" machine setting should be configured correctly. CCE-11758-0Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment\Optimize visual experience for Remote Desktop Services sessions HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal ServicesvThe "Optimize visual experience for Remote Desktop Services sessions" machine setting should be configured correctly. CCE-11313-4Computer Configuration\Administrative Templates\Printers\Only use Package Point and print HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Printers\PackagePointAndPrintVThe "Only use Package Point and print" machine setting should be configured correctly. CCE-10910-8Computer Configuration\Administrative Templates\System\User Profiles\Only allow local user profiles HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\SystemTThe "Only allow local user profiles" machine setting should be configured correctly. CCE-11262-3Computer Configuration\Administrative Templates\S< ystem\Remote Assistance\Offer Remote Assistance HKEY_LOCAL_MACHINE\Software\policies\Microsoft\Windows NT\Terminal ServicesMThe "Offer Remote Assistance" machine setting should be configured correctly. CCE-11625-1Computer Configuration\Administrative Templates\Windows Components\Smart Card\Notify user of successful smart card driver installation HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\ScPnPnThe "Notify user of successful smart card driver installation" machine setting should be configured correctly. CCE-11408-2Computer Configuration\Administrative Templates\System\Troubleshooting and Diagnostics\Application Compatibility Diagnostics\Notify blocked drivers HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WDI\{affc81e2-612a-4f70-6fb2-916ff5c7e3f8}LThe "Notify blocked drivers" machine setting should be configured correctly. CCE-11518-8Computer Configuration\Administrative Templates\Network\QoS Packet Scheduler\Layer-2 priority value\Non-conforming packets HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Psched\UserPriorityMappingLThe "Non-conforming packets" machine setting should be configured correctly. CCE-11857-0Computer Configuration\Administrative Templates\Windows Components\Windows Update\No auto-restart with logged on users for scheduled automatic updates installations HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AUThe "No auto-restart with logged on users for scheduled automatic updates installations" machine setting should be configured correctly. CCE-11453-8Computer Configuration\Administrative Templates\Windows Components\Network Projector\Network Projector Port Setting HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\NetworkProjectorTThe "Network Projector Port Setting" machine setting should be configured correctly. CCE-11000-7Computer Configuration\Administrative Templates\Network\QoS Packet Scheduler\Layer-2 priority value\Network control service type HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Psched\UserPriorityMapping CCE-11947-9Computer Configuration\Administrative Templates\Network\QoS Packet Scheduler\DSCP value of non-conforming packets\Network control service type HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Psched\DiffservByteMappingNonConforming CCE-12248-1Computer Configuration\Administrative Templates\Network\QoS Packet Scheduler\DSCP value of conforming packets\Network control service type HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Psched\DiffservByteMappingConforming CCE-11573-3Computer Configuration\Administrative Templates\System\Net Logon\Netlogon share compatibility HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Netlogon\ParametersRThe "Netlogon share compatibility" machine setting should be configured correctly. CCE-11413-2Computer Configuration\Administrative Templates\System\Net Logon\Negative DC Discovery Cache Setting HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Netlogon\ParametersYThe "Negative DC Discovery Cache Setting" machine setting should be configured correctly. CCE-10474-5Computer Configuration\Administrative Templates\System\Remote Procedure Call\Minimum Idle Connection Timeout for RPC/HTTP connections HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\RpcnThe "Minimum Idle Connection Timeout for RPC/HTTP connections" machine setting should be configured correctly. CCE-11800-02Computer Configuration\Administrative Templates\System\Troubleshooting and Diagnostics\Microsoft Support Diagnostic Tool\Microsoft Support Diagnostic Tool: Turn on MSDT interactive communication with Support Provider HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\ScriptedDiagnosticsProvider\PolicyThe "Microsoft Support Diagnostic Tool: Turn on MSDT interactive communication with Support Provider" machine setting should be configured correctly. CCE-10855-5Computer Configuration\Administrative Templates\System\Troubleshooting and Diagnostics\Microsoft Support Diagnostic Tool\Microsoft Support Diagnostic Tool: Restrict tool download HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WDI\{C295FBBA-FD47-46ac-8BEE-B1715EC634E5}oThe "Microsoft Support Diagnostic Tool: Restrict tool download" machine setting should be configured correctly. CCE-11167-4Computer Configuration\Administrative Templates\System\Troubleshooting and Diagnostics\Microsoft Support Diagnostic Tool\Microsoft Support Diagnostic Tool: Configure execution level HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WDI\{C295FBBA-FD47-46ac-8BEE-B1715EC634E5}rThe "Microsoft Support Diagnostic Tool: Configure execution level" machine setting should be configured correctly. CCE-12127-7Computer Configuration\Administrative Templates\System\Scripts\Maximum wait time for Group Policy scripts HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System`The "Maximum wait time for Group Policy scripts" machine setting should be configured correctly. CCE-11840-6Computer Configuration\Administrative Templates\Windows Components\Event Log Service\System\Maximum Log Size (KB) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\EventLog\System CCE-11174-0Computer Configuration\Administrative Templates\Windows Components\Event Log Service\Setup\Maximum Log Size (KB) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\EventLog\Setup CCE-11717-6Computer Configuration\Administrative Templates\Windows Components\Event Log Service\Security\Maximum Log Size (KB) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\EventLog\Security CCE-11033-8Computer Configuration\Administrative Templates\Windows Components\Event Log Service\Application\Maximum Log Size (KB) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\EventLog\Application CCE-11143-5Computer Configuration\Administrative Templates\System\Net Logon\Maximum Log File Size HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Netlogon\ParametersKThe "Maximum Log File Size" machine setting should be configured correctly. CCE-11115-3Computer Configuration\Administrative Templates\System\Net Logon\Maximum DC Discovery Retry Interval Setting for Background Callers HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Netlogon\ParametersxThe "Maximum DC Discovery Retry Interval Setting for Background Callers" machine setting should be configured correctly. CCE-11105-4Computer Configuration\Administrative Templates\Windows Components\Windows Remote Shell\MaxConcurrentUsers HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WinRM\Service\WinRSHThe "MaxConcurrentUsers" machine setting should be configured correctly. CCE-11009-8Computer Configuration\Administrative Templates\Windows Components\Parental Controls\Make Parental Controls control panel visible on a Domain HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\ParentalControlsnThe "Make Parental Controls control panel visible on a Domain" machine setting should be configured correctly. CCE-11620-2Computer Configuration\Administrative Templates\System\Power Management\Notification Settings\Low Battery Notification Level HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Power\PowerSettings\8183ba9a-e910-48da-8769-14ae6dc1170aTThe "Low Battery Notification Level" machine setting should be configured correctly. CCE-11930-5Computer Configuration\Administrative Templates\System\Power Management\Notification Settings\Low Battery Notification Action HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Power\PowerSettings\d8742dcb-3e6a-4b3c-b3fe-374623cdcf06UThe "Low Battery Notification Action" machine setting should be configured correctly. CCE-11469-4Computer Configuration\Administrative Templates\Windows Components\Windows Installer\Logging HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer=The "Logging" machine setting should be configured correctly. CCE-12018-8Computer Configuration\Administrative Templates\Windows Components\Event Log Service\System\Log File Path HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\EventLog\System CCE-11441-3Computer Configuration\Administrative Templates\< Windows Components\Event Log Service\Setup\Log File Path HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\EventLog\Setup CCE-12180-6Computer Configuration\Administrative Templates\Windows Components\Event Log Service\Security\Log File Path HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\EventLog\Security CCE-10421-6Computer Configuration\Administrative Templates\Windows Components\Event Log Service\Application\Log File Path HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\EventLog\Application CCE-11883-6Computer Configuration\Administrative Templates\System\Net Logon\Log File Debug Output Level HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Netlogon\ParametersQThe "Log File Debug Output Level" machine setting should be configured correctly. CCE-10639-3Computer Configuration\Administrative Templates\System\Disk Quotas\Log event when quota warning level exceeded HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\DiskQuotaaThe "Log event when quota warning level exceeded" machine setting should be configured correctly. CCE-11394-4Computer Configuration\Administrative Templates\System\Disk Quotas\Log event when quota limit exceeded HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\DiskQuotaYThe "Log event when quota limit exceeded" machine setting should be configured correctly. CCE-11581-6Computer Configuration\Administrative Templates\Printers\Log directory pruning retry events HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\PrintersXThe "Log directory pruning retry events" machine setting should be configured correctly. CCE-12246-5Computer Configuration\Administrative Templates\Windows Components\Event Log Service\System\Log Access HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\EventLog\System CCE-11712-7Computer Configuration\Administrative Templates\Windows Components\Event Log Service\Setup\Log Access HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\EventLog\Setup CCE-10679-9Computer Configuration\Administrative Templates\Windows Components\Event Log Service\Security\Log Access HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\EventLog\Security CCE-11690-5Computer Configuration\Administrative Templates\Windows Components\Event Log Service\Application\Log Access HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\EventLog\Application CCE-11219-3Computer Configuration\Administrative Templates\System\Enhanced Storage Access\Lock Enhanced Storage when the computer is locked HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\EnhancedStorageDevicesgThe "Lock Enhanced Storage when the computer is locked" machine setting should be configured correctly. CCE-11314-2Computer Configuration\Administrative Templates\System\Net Logon\DC Locator DNS Records\Location of the DCs hosting a domain with single label DNS name HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Netlogon\ParametersuThe "Location of the DCs hosting a domain with single label DNS name" machine setting should be configured correctly. CCE-11988-3Computer Configuration\Administrative Templates\Windows Components\Windows Error Reporting\Advanced Error Reporting Settings\List of applications to be excluded HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Windows Error Reporting\ExcludedApplicationsYThe "List of applications to be excluded" machine setting should be configured correctly. CCE-11900-8Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Profiles\Limit the size of the entire roaming user profile cache HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal ServicesmThe "Limit the size of the entire roaming user profile cache" machine setting should be configured correctly. CCE-11445-4Computer Configuration\Administrative Templates\Network\Background Intelligent Transfer Service (BITS)\Limit the maximum number of ranges that can be added to the file in a BITS job HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\BITSThe "Limit the maximum number of ranges that can be added to the file in a BITS job" machine setting should be configured correctly. CCE-10702-9Computer Configuration\Administrative Templates\Network\Background Intelligent Transfer Service (BITS)\Limit the maximum number of files allowed in a BITS job HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\BITSmThe "Limit the maximum number of files allowed in a BITS job" machine setting should be configured correctly. CCE-11707-7Computer Configuration\Administrative Templates\Network\Background Intelligent Transfer Service (BITS)\Limit the maximum number of BITS jobs for this computer HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\BITSmThe "Limit the maximum number of BITS jobs for this computer" machine setting should be configured correctly. CCE-11407-4Computer Configuration\Administrative Templates\Network\Background Intelligent Transfer Service (BITS)\Limit the maximum number of BITS jobs for each user HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\BITSiThe "Limit the maximum number of BITS jobs for each user" machine setting should be configured correctly. CCE-11570-9Computer Configuration\Administrative Templates\Network\Background Intelligent Transfer Service (BITS)\Limit the maximum network bandwidth used for Peercaching HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\BITSnThe "Limit the maximum network bandwidth used for Peercaching" machine setting should be configured correctly. CCE-11752-3Computer Configuration\Administrative Templates\Network\Background Intelligent Transfer Service (BITS)\Limit the maximum BITS job download time HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\BITS^The "Limit the maximum BITS job download time" machine setting should be configured correctly. CCE-12104-6Computer Configuration\Administrative Templates\Network\Background Intelligent Transfer Service (BITS)\Limit the BITS Peercache size HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\BITSSThe "Limit the BITS Peercache size" machine setting should be configured correctly. CCE-11710-1Computer Configuration\Administrative Templates\Network\Background Intelligent Transfer Service (BITS)\Limit the age of files in the BITS Peercache HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\BITSbThe "Limit the age of files in the BITS Peercache" machine setting should be configured correctly. CCE-11726-7Computer Configuration\Administrative Templates\Network\QoS Packet Scheduler\Limit reservable bandwidth HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\PschedPThe "Limit reservable bandwidth" machine setting should be configured correctly. CCE-11864-6Computer Configuration\Administrative Templates\Network\QoS Packet Scheduler\Limit outstanding packets HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\PschedOThe "Limit outstanding packets" machine setting should be configured correctly. CCE-12043-6Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections\Limit number of connections HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal ServicesQThe "Limit number of connections" machine setting should be configured correctly. CCE-11047-8Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment\Limit maximum number of monitors HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal ServicesVThe "Limit maximum number of monitors" machine setting should be configured correctly. CCE-11147-6Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment\Limit maximum display resolution HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal ServicesVThe "Limit maximum display resolution" machine setting should be configured correctly. CCE-11769-7Computer Configuration\Administrative Templates\Windows Components\Remot< e Desktop Services\Remote Desktop Session Host\Remote Session Environment\Limit maximum color depth HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal ServicesOThe "Limit maximum color depth" machine setting should be configured correctly. CCE-11464-5Computer Configuration\Administrative Templates\Network\Offline Files\Limit disk space used by offline files HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\NetCache\The "Limit disk space used by offline files" machine setting should be configured correctly. CCE-11266-4Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection\Limit audio playback quality HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal ServicesRThe "Limit audio playback quality" machine setting should be configured correctly. CCE-11473-6Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\RD Licensing\License server security group HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal ServicesSThe "License server security group" machine setting should be configured correctly. CCE-11656-6Computer Configuration\Administrative Templates\System\User Profiles\Leave Windows Installer and Group Policy Software Installation Data HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\SystemyThe "Leave Windows Installer and Group Policy Software Installation Data" machine setting should be configured correctly. CCE-11344-9Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\RD Connection Broker\Join RD Connection Broker HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal ServicesOThe "Join RD Connection Broker" machine setting should be configured correctly. CCE-12215-0Computer Configuration\Administrative Templates\Network\TCPIP Settings\IPv6 Transition Technologies\ISATAP State HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\TCPIP\v6TransitionBThe "ISATAP State" machine setting should be configured correctly. CCE-11141-9Computer Configuration\Administrative Templates\Network\TCPIP Settings\IPv6 Transition Technologies\ISATAP Router Name HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\TCPIP\v6TransitionHThe "ISATAP Router Name" machine setting should be configured correctly. CCE-10712-8Computer Configuration\Administrative Templates\Network\TCPIP Settings\IPv6 Transition Technologies\IP-HTTPS State HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\TCPIP\v6Transition\IPHTTPS\IPHTTPSInterfaceDThe "IP-HTTPS State" machine setting should be configured correctly. CCE-10832-4Computer Configuration\Administrative Templates\System\Group Policy\IP Security policy processing HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Group Policy\{e437bc1c-aa7d-11d2-a382-00c04f991e27}SThe "IP Security policy processing" machine setting should be configured correctly. CCE-11110-4Computer Configuration\Administrative Templates\System\Group Policy\Internet Explorer Maintenance policy processing HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Group Policy\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}eThe "Internet Explorer Maintenance policy processing" machine setting should be configured correctly. CCE-12085-7Computer Configuration\Administrative Templates\System\Net Logon\Initial DC Discovery Retry Setting for Background Callers HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Netlogon\ParametersoThe "Initial DC Discovery Retry Setting for Background Callers" machine setting should be configured correctly. CCE-10703-7Computer Configuration\Administrative Templates\Windows Components\Tablet PC\Input Panel\Include rarely used Chinese, Kanji, or Hanja characters HKEY_LOCAL_MACHINE\software\policies\microsoft\TabletTip\1.7mThe "Include rarely used Chinese, Kanji, or Hanja characters" machine setting should be configured correctly. CCE-11008-0Computer Configuration\Administrative Templates\System\Trusted Platform Module Services\Ignore the local list of blocked TPM commands HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\TPM\BlockedCommandscThe "Ignore the local list of blocked TPM commands" machine setting should be configured correctly. CCE-11491-8Computer Configuration\Administrative Templates\System\Trusted Platform Module Services\Ignore the default list of blocked TPM commands HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\TPM\BlockedCommandseThe "Ignore the default list of blocked TPM commands" machine setting should be configured correctly. CCE-11998-2Computer Configuration\Administrative Templates\System\Remote Procedure Call\Ignore Delegation Failure HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\RpcOThe "Ignore Delegation Failure" machine setting should be configured correctly. CCE-10660-9Computer Configuration\Administrative Templates\Windows Components\Windows Error Reporting\Consent\Ignore custom consent settings HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting\ConsentTThe "Ignore custom consent settings" machine setting should be configured correctly. CCE-12120-2Computer Configuration\Administrative Templates\Windows Components\Windows Explorer\Previous Versions\Hide previous versions of files on backup location HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\PreviousVersionshThe "Hide previous versions of files on backup location" machine setting should be configured correctly. CCE-12067-5Computer Configuration\Administrative Templates\Windows Components\Windows Explorer\Previous Versions\Hide previous versions list for remote files HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\PreviousVersionsbThe "Hide previous versions list for remote files" machine setting should be configured correctly. CCE-10846-4Computer Configuration\Administrative Templates\Windows Components\Windows Explorer\Previous Versions\Hide previous versions list for local files HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\PreviousVersionsaThe "Hide previous versions list for local files" machine setting should be configured correctly. CCE-11778-8"Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Licensing\Hide notifications about RD Licensing problems that affect the RD Session Host server HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal ServicesThe "Hide notifications about RD Licensing problems that affect the RD Session Host server" machine setting should be configured correctly. CCE-11401-7Computer Configuration\Administrative Templates\System\Logon\Hide entry points for Fast User Switching HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System_The "Hide entry points for Fast User Switching" machine setting should be configured correctly. CCE-11848-9Computer Configuration\Administrative Templates\Network\Lanman Server\Hash Publication for BranchCache HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\LanmanServerVThe "Hash Publication for BranchCache" machine setting should be configured correctly. CCE-11440-5Computer Configuration\Administrative Templates\Network\QoS Packet Scheduler\Layer-2 priority value\Guaranteed service type HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Psched\UserPriorityMapping CCE-11269-8Computer Configuration\Administrative Templates\Network\QoS Packet Scheduler\DSCP value of non-conforming packets\Guaranteed service type HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Psched\DiffservByteMappingNonConforming CCE-11634-3Computer Configuration\Administrative Templates\Network\QoS Packet Scheduler\DSCP value of conforming packets\Guaranteed service type HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Psched\DiffservByteMappingConforming CCE-10863-9Computer Configuration\Administrative Templates\System\Group Policy\Group Policy slow link detection HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\SystemVThe "Group Policy slow link detection" m< achine setting should be configured correctly. CCE-12121-0Computer Configuration\Administrative Templates\System\Group Policy\Group Policy refresh interval for domain controllers HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\SystemjThe "Group Policy refresh interval for domain controllers" machine setting should be configured correctly. CCE-11520-4Computer Configuration\Administrative Templates\System\Group Policy\Group Policy refresh interval for computers HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\SystemaThe "Group Policy refresh interval for computers" machine setting should be configured correctly. CCE-11995-8Computer Configuration\Administrative Templates\System\Windows Time Service\Global Configuration Settings HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\W32Time\ConfigSThe "Global Configuration Settings" machine setting should be configured correctly. CCE-11543-6Computer Configuration\Administrative Templates\Windows Components\Event Forwarding\ForwarderResourceUsage HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\EventLog\EventForwardingLThe "ForwarderResourceUsage" machine setting should be configured correctly. CCE-11402-5Computer Configuration\Administrative Templates\Windows Components\Smart Card\Force the reading of all certificates from the smart card HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\SmartCardCredentialProvideroThe "Force the reading of all certificates from the smart card" machine setting should be configured correctly. CCE-11297-9Computer Configuration\Administrative Templates\Control Panel\Regional and Language Options\Force selected system UI language to overwrite the user UI language HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\MUI\SettingsyThe "Force selected system UI language to overwrite the user UI language" machine setting should be configured correctly. CCE-11180-7Computer Configuration\Administrative Templates\System\Net Logon\DC Locator DNS Records\Force Rediscovery Interval HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Netlogon\ParametersPThe "Force Rediscovery Interval" machine setting should be configured correctly. CCE-11821-6Computer Configuration\Administrative Templates\Windows Components\Tablet PC\Input Panel\For touch input, don t show the Input Panel icon HKEY_LOCAL_MACHINE\software\policies\microsoft\TabletTip\1.7fThe "For touch input, don t show the Input Panel icon" machine setting should be configured correctly. CCE-11322-5Computer Configuration\Administrative Templates\Windows Components\Tablet PC\Input Panel\For tablet pen input, don t show the Input Panel icon HKEY_LOCAL_MACHINE\software\policies\microsoft\TabletTip\1.7kThe "For tablet pen input, don t show the Input Panel icon" machine setting should be configured correctly. CCE-11643-4Computer Configuration\Administrative Templates\System\Group Policy\Folder Redirection policy processing HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Group Policy\{25537BA6-77A8-11D2-9B6C-0000F8080861}ZThe "Folder Redirection policy processing" machine setting should be configured correctly. CCE-12115-2Computer Configuration\Administrative Templates\System\Removable Storage Access\Floppy Drives: Deny write access HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{53f56311-b6bf-11d0-94f2-00a0c91efb8b}VThe "Floppy Drives: Deny write access" machine setting should be configured correctly. CCE-12142-6Computer Configuration\Administrative Templates\System\Removable Storage Access\Floppy Drives: Deny read access HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{53f56311-b6bf-11d0-94f2-00a0c91efb8b}UThe "Floppy Drives: Deny read access" machine setting should be configured correctly. CCE-11411-6Computer Configuration\Administrative Templates\System\Removable Storage Access\Floppy Drives: Deny execute access HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{53f56311-b6bf-11d0-94f2-00a0c91efb8b}XThe "Floppy Drives: Deny execute access" machine setting should be configured correctly. CCE-12010-5Computer Configuration\Administrative Templates\System\Net Logon\Final DC Discovery Retry Setting for Background Callers HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Netlogon\ParametersmThe "Final DC Discovery Retry Setting for Background Callers" machine setting should be configured correctly. CCE-10973-6Computer Configuration\Administrative Templates\Windows Components\Smart Card\Filter duplicate logon certificates HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\SmartCardCredentialProviderYThe "Filter duplicate logon certificates" machine setting should be configured correctly. CCE-11075-9Computer Configuration\Administrative Templates\Printers\Extend Point and Print connection to search Windows Update HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\PrinterspThe "Extend Point and Print connection to search Windows Update" machine setting should be configured correctly. CCE-11976-8Computer Configuration\Administrative Templates\System\Net Logon\Expected dial-up delay on logon HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Netlogon\ParametersUThe "Expected dial-up delay on logon" machine setting should be configured correctly. CCE-10624-5Computer Configuration\Administrative Templates\Printers\Execute print drivers in isolated processes HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\PrintersaThe "Execute print drivers in isolated processes" machine setting should be configured correctly. CCE-10864-7Computer Configuration\Administrative Templates\Network\Offline Files\Exclude files from being cached HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\NetCacheUThe "Exclude files from being cached" machine setting should be configured correctly. CCE-11137-7Computer Configuration\Administrative Templates\System\Logon\Exclude credential providers HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\SystemRThe "Exclude credential providers" machine setting should be configured correctly. CCE-11460-3Computer Configuration\Administrative Templates\Windows Components\Event Viewer\Events.asp URL HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\EventViewerDThe "Events.asp URL" machine setting should be configured correctly. CCE-11964-4Computer Configuration\Administrative Templates\Windows Components\Event Viewer\Events.asp program command line parameters HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\EventViewer`The "Events.asp program command line parameters" machine setting should be configured correctly. CCE-11152-6Computer Configuration\Administrative Templates\Windows Components\Event Viewer\Events.asp program HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\EventViewerHThe "Events.asp program" machine setting should be configured correctly. CCE-11746-5Computer Configuration\Administrative Templates\Windows Components\Credential User Interface\Enumerate administrator accounts on elevation HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\CredUIcThe "Enumerate administrator accounts on elevation" machine setting should be configured correctly. CCE-11450-4Computer Configuration\Administrative Templates\Windows Components\Windows Installer\Enforce upgrade component rules HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\InstallerUThe "Enforce upgrade component rules" machine setting should be configured correctly. CCE-11434-8< Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment\Enforce Removal of Remote Desktop Wallpaper HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal ServicesaThe "Enforce Removal of Remote Desktop Wallpaper" machine setting should be configured correctly. CCE-12058-4Computer Configuration\Administrative Templates\System\Disk Quotas\Enforce disk quota limit HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\DiskQuotaNThe "Enforce disk quota limit" machine setting should be configured correctly. CCE-11593-1Computer Configuration\Administrative Templates\Network\Offline Files\Encrypt the Offline Files cache HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\NetCacheUThe "Encrypt the Offline Files cache" machine setting should be configured correctly. CCE-10894-4Computer Configuration\Administrative Templates\Windows Components\Windows Update\Enabling Windows Update Power Management to automatically wake up the system to install scheduled updates HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AUThe "Enabling Windows Update Power Management to automatically wake up the system to install scheduled updates" machine setting should be configured correctly. CCE-11088-2Computer Configuration\Administrative Templates\System\Troubleshooting and Diagnostics\Windows Performance PerfTrack\Enable/Disable PerfTrack HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WDI\{9c5a40da-b965-4fc3-8781-88dd50a6299d}NThe "Enable/Disable PerfTrack" machine setting should be configured correctly. CCE-11889-3Computer Configuration\Administrative Templates\System\Windows Time Service\Time Providers\Enable Windows NTP Server HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\W32Time\TimeProviders\NtpServerOThe "Enable Windows NTP Server" machine setting should be configured correctly. CCE-11873-7Computer Configuration\Administrative Templates\System\Windows Time Service\Time Providers\Enable Windows NTP Client HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\W32time\TimeProviders\NtpClientOThe "Enable Windows NTP Client" machine setting should be configured correctly. CCE-11057-7Computer Configuration\Administrative Templates\Windows Components\Windows Installer\Enable user to use media source while elevated HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\InstallerdThe "Enable user to use media source while elevated" machine setting should be configured correctly. CCE-11844-8Computer Configuration\Administrative Templates\Windows Components\Windows Installer\Enable user to patch elevated products HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer\The "Enable user to patch elevated products" machine setting should be configured correctly. CCE-10965-2Computer Configuration\Administrative Templates\Windows Components\Windows Installer\Enable user to browse for source while elevated HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\InstallereThe "Enable user to browse for source while elevated" machine setting should be configured correctly. CCE-10866-2Computer Configuration\Administrative Templates\Windows Components\Windows Installer\Enable user control over installs HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\InstallerWThe "Enable user control over installs" machine setting should be configured correctly. CCE-10906-6Computer Configuration\Administrative Templates\Network\Offline Files\Enable Transparent Caching HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\NetCachePThe "Enable Transparent Caching" machine setting should be configured correctly. CCE-11369-6Computer Configuration\Administrative Templates\System\Enable Persistent Time Stamp HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\ReliabilityRThe "Enable Persistent Time Stamp" machine setting should be configured correctly. CCE-11261-5Computer Configuration\Administrative Templates\System\Filesystem\NTFS\Enable NTFS pagefile encryption HKEY_LOCAL_MACHINE\System\CurrentControlSet\PoliciesUThe "Enable NTFS pagefile encryption" machine setting should be configured correctly. CCE-10568-4Computer Configuration\Administrative Templates\System\Disk Quotas\Enable disk quotas HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\DiskQuotaHThe "Enable disk quotas" machine setting should be configured correctly. CCE-11198-9Computer Configuration\Administrative Templates\Windows Components\Windows Update\Enable client-side targeting HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdateRThe "Enable client-side targeting" machine setting should be configured correctly. CCE-11917-2Computer Configuration\Administrative Templates\System\Group Policy\EFS recovery policy processing HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Group Policy\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}TThe "EFS recovery policy processing" machine setting should be configured correctly. CCE-11058-5Computer Configuration\Administrative Templates\Network\DNS Client\Dynamic Update HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\DNSClientDThe "Dynamic Update" machine setting should be configured correctly. CCE-11209-4Computer Configuration\Administrative Templates\System\Net Logon\DC Locator DNS Records\Dynamic Registration of the DC Locator DNS Records HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Netlogon\ParametershThe "Dynamic Registration of the DC Locator DNS Records" machine setting should be configured correctly. CCE-11318-3Computer Configuration\Administrative Templates\System\Download missing COM components HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\App ManagementUThe "Download missing COM components" machine setting should be configured correctly. CCE-11217-7Computer Configuration\Administrative Templates\Windows Components\AutoPlay Policies\Don't set the always do this checkbox HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer[The "Don't set the always do this checkbox" machine setting should be configured correctly. CCE-11913-1Computer Configuration\Administrative Templates\Network\Network Connectivity Status Indicator\Domain Location Determination URL HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\NetworkConnectivityStatusIndicator\CorporateConnectivityWThe "Domain Location Determination URL" machine setting should be configured correctly. CCE-10842-3Computer Configuration\Administrative Templates\System\Net Logon\DC Locator DNS Records\Domain Controller Address Type Returned HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Netlogon\Parameters]The "Domain Controller Address Type Returned" machine setting should be configured correctly. CCE-11849-7Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Temporary folders\Do not use temporary folders per session HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services^The "Do not use temporary folders per session" machine setting should be configured correctly. CCE-10669-0QComputer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Application Compatibility\Do not use Remote Desktop Session Host server IP address when virtual IP address is not available HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\TSAppSrv\VirtualIPThe "Do not use Remote Desktop Session Host server IP address when virtual IP address is not available" machine setting should be configured correctly. CCE-11178-1Computer Configuration\Administrative Templates\System\Do not turn off system power after a Windows system shutdown has occurred. HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NTThe "Do not turn off system power after a Windows system shutdown has occurred." machine setting should be configured correctly. CCE-10806-8Computer Configuration\Administrative Templates\Network\Network Connections\Do not show the "local access only" n< etwork icon HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Network ConnectionsfThe "Do not show the "local access only" network icon" machine setting should be configured correctly. CCE-10355-6Computer Configuration\Administrative Templates\Windows Components\Windows Media Player\Do Not Show First Use Dialog Boxes HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsMediaPlayerXThe "Do Not Show First Use Dialog Boxes" machine setting should be configured correctly. CCE-11596-4Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Printer Redirection\Do not set default client printer to be default printer in a session HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal ServiceszThe "Do not set default client printer to be default printer in a session" machine setting should be configured correctly. CCE-10572-6Computer Configuration\Administrative Templates\Windows Components\Windows Error Reporting\Do not send additional data HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error ReportingQThe "Do not send additional data" machine setting should be configured correctly. CCE-11584-0Computer Configuration\Administrative Templates\System\Device Installation\Do not send a Windows error report when a generic driver is installed on a device HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\DeviceInstall\SettingsThe "Do not send a Windows error report when a generic driver is installed on a device" machine setting should be configured correctly. CCE-12274-7qComputer Configuration\Administrative Templates\System\Logon\Do not process the run once list HKEY_LOCAL_MACHINE\VThe "Do not process the run once list" machine setting should be configured correctly. CCE-11992-5sComputer Configuration\Administrative Templates\System\Logon\Do not process the legacy run list HKEY_LOCAL_MACHINE\XThe "Do not process the legacy run list" machine setting should be configured correctly. CCE-11245-8Computer Configuration\Administrative Templates\System\Net Logon\DC Locator DNS Records\Do not process incoming mailslot messages used for domain controller location based on NetBIOS domain names HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Netlogon\ParametersThe "Do not process incoming mailslot messages used for domain controller location based on NetBIOS domain names" machine setting should be configured correctly. CCE-10320-0Computer Configuration\Administrative Templates\System\User Profiles\Do not log users on with temporary profiles HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\SystemaThe "Do not log users on with temporary profiles" machine setting should be configured correctly. CCE-10837-3Computer Configuration\Administrative Templates\System\User Profiles\Do not forcefully unload the users registry at user logoff HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\SystempThe "Do not forcefully unload the users registry at user logoff" machine setting should be configured correctly. CCE-11603-8Computer Configuration\Administrative Templates\System\Server Manager\Do not display Server Manager automatically at logon HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Server\ServerManagerjThe "Do not display Server Manager automatically at logon" machine setting should be configured correctly. CCE-11282-1Computer Configuration\Administrative Templates\System\Do not display Manage Your Server page at logon HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\CurrentVersion\MYSeThe "Do not display Manage Your Server page at logon" machine setting should be configured correctly. CCE-11872-9Computer Configuration\Administrative Templates\Windows Components\Windows Update\Do not display 'Install Updates and Shut Down' option in Shut Down Windows dialog box HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AUThe "Do not display 'Install Updates and Shut Down' option in Shut Down Windows dialog box" machine setting should be configured correctly. CCE-10299-6Computer Configuration\Administrative Templates\System\Server Manager\Do not display Initial Configuration Tasks window automatically at logon HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Server\InitialConfigurationTasks~The "Do not display Initial Configuration Tasks window automatically at logon" machine setting should be configured correctly. CCE-10819-1Computer Configuration\Administrative Templates\System\User Profiles\Do not detect slow network connections HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\System\The "Do not detect slow network connections" machine setting should be configured correctly. CCE-11898-4Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Temporary folders\Do not delete temp folder upon exit HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal ServicesYThe "Do not delete temp folder upon exit" machine setting should be configured correctly. CCE-12046-9Computer Configuration\Administrative Templates\System\User Profiles\Do not check for user ownership of Roaming Profile Folders HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\SystempThe "Do not check for user ownership of Roaming Profile Folders" machine setting should be configured correctly. CCE-11172-4Computer Configuration\Administrative Templates\Windows Components\Windows Messenger\Do not automatically start Windows Messenger initially HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Messenger\ClientlThe "Do not automatically start Windows Messenger initially" machine setting should be configured correctly. CCE-10773-0Computer Configuration\Administrative Templates\System\Do not automatically encrypt files moved to encrypted folders HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\ExplorersThe "Do not automatically encrypt files moved to encrypted folders" machine setting should be configured correctly. CCE-11794-5Computer Configuration\Administrative Templates\Windows Components\Windows Messenger\Do not allow Windows Messenger to be run HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Messenger\Client^The "Do not allow Windows Messenger to be run" machine setting should be configured correctly. CCE-10872-0Computer Configuration\Administrative Templates\Windows Components\Windows Media Center\Do not allow Windows Media Center to run HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsMediaCenter^The "Do not allow Windows Media Center to run" machine setting should be configured correctly. CCE-12192-1Computer Configuration\Administrative Templates\Windows Components\Tablet PC\Accessories\Do not allow Windows Journal to be run HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\TabletPC\The "Do not allow Windows Journal to be run" machine setting should be configured correctly. CCE-11342-3Computer Configuration\Administrative Templates\Windows Components\Desktop Window Manager\Do not allow window animations HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DWMTThe "Do not allow window animations" machine setting should be configured correctly. CCE-10861-3Computer Configuration\Administrative Templates\Network\Background Intelligent Transfer Service (BITS)\Do not allow the computer to act as a BITS Peercaching server HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\BITSsThe "Do not allow the computer to act as a BITS Peercaching server" machine setting should be configured correctly. CCE-11870-3Computer Configuration\Administrative Templates\Network\Background Intelligent Transfer Service (BITS)\Do not allow the computer to act as a BITS Peercaching client HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\BITSsThe "Do not allow the computer to act as a BITS Peercaching client" machine setting should be configured correctly. CCE-11353-0Computer Configuration\Administrative Templates\Network\Background Intelligent Transfer Service (BITS)\Do not allow the BITS client to use Windows Branch Cache HKEY_LOCAL_MACHINE\Softwa< re\Policies\Microsoft\Windows\BITSnThe "Do not allow the BITS client to use Windows Branch Cache" machine setting should be configured correctly. CCE-11991-7Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection\Do not allow supported Plug and Play device redirection HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal ServicesmThe "Do not allow supported Plug and Play device redirection" machine setting should be configured correctly. CCE-11128-6Computer Configuration\Administrative Templates\Windows Components\Sound Recorder\Do not allow Sound Recorder to run HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SoundRecorderXThe "Do not allow Sound Recorder to run" machine setting should be configured correctly. CCE-11387-8Computer Configuration\Administrative Templates\Windows Components\Tablet PC\Accessories\Do not allow Snipping Tool to run HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\TabletPCWThe "Do not allow Snipping Tool to run" machine setting should be configured correctly. CCE-11390-2 Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection\Do not allow smart card device redirection HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services`The "Do not allow smart card device redirection" machine setting should be configured correctly. CCE-11517-0Computer Configuration\Administrative Templates\System\iSCSI\iSCSI Security\Do not allow sessions without one way CHAP HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\iSCSI`The "Do not allow sessions without one way CHAP" machine setting should be configured correctly. CCE-11486-8Computer Configuration\Administrative Templates\System\iSCSI\iSCSI Security\Do not allow sessions without mutual CHAP HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\iSCSI_The "Do not allow sessions without mutual CHAP" machine setting should be configured correctly. CCE-11232-6Computer Configuration\Administrative Templates\Windows Components\Tablet PC\Accessories\Do not allow printing to Journal Note Writer HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\TabletPCbThe "Do not allow printing to Journal Note Writer" machine setting should be configured correctly. CCE-11531-1Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Connection Client\Do not allow passwords to be saved HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal ServicesXThe "Do not allow passwords to be saved" machine setting should be configured correctly. CCE-11905-7Computer Configuration\Administrative Templates\System\Enhanced Storage Access\Do not allow password authentication of Enhanced Storage devices HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\EnhancedStorageDevicesvThe "Do not allow password authentication of Enhanced Storage devices" machine setting should be configured correctly. CCE-12040-2Computer Configuration\Administrative Templates\System\Enhanced Storage Access\Do not allow non-Enhanced Storage removable devices HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\EnhancedStorageDevicesiThe "Do not allow non-Enhanced Storage removable devices" machine setting should be configured correctly. CCE-11316-7Computer Configuration\Administrative Templates\System\iSCSI\iSCSI Target Discovery\Do not allow manual configuration of target portals HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\iSCSIiThe "Do not allow manual configuration of target portals" machine setting should be configured correctly. CCE-12045-1Computer Configuration\Administrative Templates\System\iSCSI\iSCSI Target Discovery\Do not allow manual configuration of iSNS servers HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\iSCSIgThe "Do not allow manual configuration of iSNS servers" machine setting should be configured correctly. CCE-11852-1Computer Configuration\Administrative Templates\System\iSCSI\iSCSI Target Discovery\Do not allow manual configuration of discovered targets HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\iSCSImThe "Do not allow manual configuration of discovered targets" machine setting should be configured correctly. CCE-12170-7Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection\Do not allow LPT port redirection HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal ServicesWThe "Do not allow LPT port redirection" machine setting should be configured correctly. CCE-11623-6Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security\Do not allow local administrators to customize permissions HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal ServicespThe "Do not allow local administrators to customize permissions" machine setting should be configured correctly. CCE-12159-0Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment\Do not allow font smoothing HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal ServicesQThe "Do not allow font smoothing" machine setting should be configured correctly. CCE-11664-0Computer Configuration\Administrative Templates\Windows Components\Desktop Window Manager\Do not allow Flip3D invocation HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DWMTThe "Do not allow Flip3D invocation" machine setting should be configured correctly. CCE-10353-1Computer Configuration\Administrative Templates\System\Filesystem\NTFS\Do not allow encryption on all NTFS volumes HKEY_LOCAL_MACHINE\System\CurrentControlSet\PoliciesaThe "Do not allow encryption on all NTFS volumes" machine setting should be configured correctly. CCE-11284-7Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection\Do not allow drive redirection HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal ServicesTThe "Do not allow drive redirection" machine setting should be configured correctly. CCE-11709-3Computer Configuration\Administrative Templates\Windows Components\Digital Locker\Do not allow Digital Locker to run HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Digital LockerXThe "Do not allow Digital Locker to run" machine setting should be configured correctly. CCE-11098-1Computer Configuration\Administrative Templates\Windows Components\Desktop Window Manager\Do not allow desktop composition HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DWMVThe "Do not allow desktop composition" machine setting should be configured correctly. CCE-11352-2Computer Configuration\Administrative Templates\System\iSCSI\iSCSI Security\Do not allow connections without IPSec HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\iSCSI\The "Do not allow connections without IPSec" machine setting should be configured correctly. CCE-11277-1Computer Configuration\Administrative Templates\System\Filesystem\NTFS\Do not allow compression on all NTFS volumes HKEY_LOCAL_MACHINE\System\CurrentControlSet\PoliciesbThe "Do not allow compression on all NTFS volumes" machine setting should be configured correctly. CCE-11425-6Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection\Do not allow COM port redirection HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal ServicesWThe "Do not allow COM port redirection" machine setting should be configured correctly. CCE-10600-5Computer Configuration\Administrative Templates\Windows Components\Desktop Window Manager\Window Frame Coloring\Do not allow color changes HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DWMPThe "Do not allow color changes" mach< ine setting should be configured correctly. CCE-11448-8Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection\Do not allow clipboard redirection HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal ServicesXThe "Do not allow clipboard redirection" machine setting should be configured correctly. CCE-11303-5Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Printer Redirection\Do not allow client printer redirection HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services]The "Do not allow client printer redirection" machine setting should be configured correctly. CCE-12056-8Computer Configuration\Administrative Templates\System\iSCSI\General iSCSI\Do not allow changes to initiator iqn name HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\iSCSI`The "Do not allow changes to initiator iqn name" machine setting should be configured correctly. CCE-11285-4Computer Configuration\Administrative Templates\System\iSCSI\iSCSI Security\Do not allow changes to initiator CHAP secret HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\iSCSIcThe "Do not allow changes to initiator CHAP secret" machine setting should be configured correctly. CCE-11127-8Computer Configuration\Administrative Templates\System\iSCSI\General iSCSI\Do not allow additional session logins HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\iSCSI\The "Do not allow additional session logins" machine setting should be configured correctly. CCE-10996-7Computer Configuration\Administrative Templates\System\iSCSI\iSCSI Target Discovery\Do not allow adding new targets via manual configuration HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\iSCSInThe "Do not allow adding new targets via manual configuration" machine setting should be configured correctly. CCE-11785-3Computer Configuration\Administrative Templates\Windows Components\Windows Update\Do not adjust default option to 'Install Updates and Shut Down' in Shut Down Windows dialog box HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AUThe "Do not adjust default option to 'Install Updates and Shut Down' in Shut Down Windows dialog box" machine setting should be configured correctly. CCE-11341-5Computer Configuration\Administrative Templates\Network\DNS Client\DNS Suffix Search List HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\DNSClientLThe "DNS Suffix Search List" machine setting should be configured correctly. CCE-11834-9Computer Configuration\Administrative Templates\Windows Components\Smart Card\Display string when smart card is blocked HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\SmartCardCredentialProvider_The "Display string when smart card is blocked" machine setting should be configured correctly. CCE-11362-1Computer Configuration\Administrative Templates\System\Display Shutdown Event Tracker HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\ReliabilityTThe "Display Shutdown Event Tracker" machine setting should be configured correctly. CCE-11444-7Computer Configuration\Administrative Templates\Windows Components\Windows Logon Options\Display information about previous logons during user logon HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\SystemqThe "Display information about previous logons during user logon" machine setting should be configured correctly. CCE-11410-8Computer Configuration\Administrative Templates\System\Device Installation\Device Installation Restrictions\Display a custom message when installation is prevented by a policy setting HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\DeviceInstall\Restrictions\DeniedPolicyThe "Display a custom message when installation is prevented by a policy setting" machine setting should be configured correctly. CCE-12020-4#Computer Configuration\Administrative Templates\System\Device Installation\Device Installation Restrictions\Display a custom message title when device installation is prevented by a policy setting HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\DeviceInstall\Restrictions\DeniedPolicyThe "Display a custom message title when device installation is prevented by a policy setting" machine setting should be configured correctly. CCE-11125-2Computer Configuration\Administrative Templates\System\Group Policy\Disk Quota policy processing HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Group Policy\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}RThe "Disk Quota policy processing" machine setting should be configured correctly. CCE-12073-3Computer Configuration\Administrative Templates\System\Troubleshooting and Diagnostics\Disk Diagnostic\Disk Diagnostic: Configure execution level HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WDI\{29689E29-2CE9-4751-B4FC-8EFF5066E3FD}`The "Disk Diagnostic: Configure execution level" machine setting should be configured correctly. CCE-11922-2Computer Configuration\Administrative Templates\System\Troubleshooting and Diagnostics\Disk Diagnostic\Disk Diagnostic: Configure custom alert text HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WDI\{29689E29-2CE9-4751-B4FC-8EFF5066E3FD}bThe "Disk Diagnostic: Configure custom alert text" machine setting should be configured correctly. CCE-12166-5Computer Configuration\Administrative Templates\System\Locale Services\Disallow user override of locale settings HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Control Panel\International_The "Disallow user override of locale settings" machine setting should be configured correctly. CCE-11420-7Computer Configuration\Administrative Templates\System\Locale Services\Disallow selection of Custom Locales HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Control Panel\InternationalZThe "Disallow selection of Custom Locales" machine setting should be configured correctly. CCE-11327-4Computer Configuration\Administrative Templates\Windows Components\Backup\Server\Disallow run-once backups HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Backup\ServerOThe "Disallow run-once backups" machine setting should be configured correctly. CCE-11681-4Computer Configuration\Administrative Templates\Windows Components\Backup\Server\Disallow optical media as backup target HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Backup\Server]The "Disallow optical media as backup target" machine setting should be configured correctly. CCE-11797-8Computer Configuration\Administrative Templates\Windows Components\Backup\Server\Disallow network as backup target HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Backup\ServerWThe "Disallow network as backup target" machine setting should be configured correctly. CCE-11908-1Computer Configuration\Administrative Templates\Windows Components\Windows Remote Management (WinRM)\WinRM Service\Disallow Negotiate authentication HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WinRM\Service CCE-12295-2Computer Configuration\Administrative Templates\Windows Components\Windows Remote Management (WinRM)\WinRM Client\Disallow Negotiate authentication HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WinRM\Client CCE-11756-4Computer Configuration\Administrative Templates\Windows Components\Backup\Server\Disallow locally attached storage as backup target HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Backup\ServerhThe "Disallow locally attached storage as backup target" machine setting should be configured correctly. CCE-11497-5Computer Configuration\Administrative Templates\Windows Components\Windows Remote Management (WinRM)\WinRM Service\Disallow Kerberos authentication HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WinRM\Service CCE-11149-2Computer Configuration\Administrative Templates\Windows Components\Windows Remote Management (WinRM)\WinRM Client\Disallow Kerberos authentication HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WinRM\Client< CCE-11697-0Computer Configuration\Administrative Templates\System\Group Policy\Disallow Interactive Users from generating Resultant Set of Policy data HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\System}The "Disallow Interactive Users from generating Resultant Set of Policy data" machine setting should be configured correctly. CCE-12168-1Computer Configuration\Administrative Templates\Windows Components\Windows Remote Management (WinRM)\WinRM Client\Disallow Digest authentication HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WinRM\ClientTThe "Disallow Digest authentication" machine setting should be configured correctly. CCE-12266-3Computer Configuration\Administrative Templates\System\Locale Services\Disallow changing of geographic location HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Control Panel\International^The "Disallow changing of geographic location" machine setting should be configured correctly. CCE-10899-3Computer Configuration\Administrative Templates\Windows Components\Windows Installer\Disable Windows Installer HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\InstallerOThe "Disable Windows Installer" machine setting should be configured correctly. CCE-10972-8Computer Configuration\Administrative Templates\Windows Components\Windows Error Reporting\Disable Windows Error Reporting HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error ReportingUThe "Disable Windows Error Reporting" machine setting should be configured correctly. CCE-11708-5Computer Configuration\Administrative Templates\Windows Components\Tablet PC\Input Panel\Disable text prediction HKEY_LOCAL_MACHINE\software\policies\microsoft\TabletTip\1.7MThe "Disable text prediction" machine setting should be configured correctly. CCE-12376-0Computer Configuration\Administrative Templates\Windows Components\NetMeeting\Disable remote Desktop Sharing HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\ConferencingTThe "Disable remote Desktop Sharing" machine setting should be configured correctly. CCE-11017-1Computer Configuration\Administrative Templates\Network\Microsoft Peer-to-Peer Networking Services\Disable password strength validation for Peer Grouping HKEY_LOCAL_MACHINE\Software\policies\Microsoft\PeernetlThe "Disable password strength validation for Peer Grouping" machine setting should be configured correctly. CCE-11547-7Computer Configuration\Administrative Templates\Windows Components\Windows Logon Options\Disable or enable software Secure Attention Sequence HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\SystemjThe "Disable or enable software Secure Attention Sequence" machine setting should be configured correctly. CCE-12332-3Computer Configuration\Administrative Templates\Windows Components\Windows Installer\Disable logging via package settings HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\InstallerZThe "Disable logging via package settings" machine setting should be configured correctly. CCE-11094-0Computer Configuration\Administrative Templates\Windows Components\Windows Error Reporting\Disable Logging HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error ReportingEThe "Disable Logging" machine setting should be configured correctly. CCE-11621-0Computer Configuration\Administrative Templates\Windows Components\Windows Installer\Disable IE security prompt for Windows Installer scripts HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\InstallernThe "Disable IE security prompt for Windows Installer scripts" machine setting should be configured correctly. CCE-10343-2Computer Configuration\Administrative Templates\System\Filesystem\Disable delete notifications on all volumes HKEY_LOCAL_MACHINE\System\CurrentControlSet\PoliciesaThe "Disable delete notifications on all volumes" machine setting should be configured correctly. CCE-11824-0Computer Configuration\Administrative Templates\Windows Components\Windows Explorer\Disable binding directly to IPropertySetStorage without intermediate layers. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\ExplorerThe "Disable binding directly to IPropertySetStorage without intermediate layers." machine setting should be configured correctly. CCE-11705-1Computer Configuration\Administrative Templates\Printers\Directory pruning retry HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\PrintersMThe "Directory pruning retry" machine setting should be configured correctly. CCE-10477-8Computer Configuration\Administrative Templates\Printers\Directory pruning priority HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\PrintersPThe "Directory pruning priority" machine setting should be configured correctly. CCE-11129-4Computer Configuration\Administrative Templates\Printers\Directory pruning interval HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\PrintersPThe "Directory pruning interval" machine setting should be configured correctly. CCE-12047-7Computer Configuration\Administrative Templates\System\Troubleshooting and Diagnostics\Diagnostics: Configure scenario retention HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WDI_The "Diagnostics: Configure scenario retention" machine setting should be configured correctly. CCE-11611-1Computer Configuration\Administrative Templates\System\Troubleshooting and Diagnostics\Diagnostics: Configure scenario execution level HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WDIeThe "Diagnostics: Configure scenario execution level" machine setting should be configured correctly. CCE-11241-7Computer Configuration\Administrative Templates\System\Troubleshooting and Diagnostics\Application Compatibility Diagnostics\Detect applications unable to launch installers under UAC HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WDI\{081D3213-48AA-4533-9284-D98F01BDC8E6}oThe "Detect applications unable to launch installers under UAC" machine setting should be configured correctly. CCE-11885-1!Computer Configuration\Administrative Templates\System\Troubleshooting and Diagnostics\Application Compatibility Diagnostics\Detect application installers that need to be run as administrator HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WDI\{D113E4AA-2D07-41b1-8D9B-C065194A791D}xThe "Detect application installers that need to be run as administrator" machine setting should be configured correctly. CCE-10569-2Computer Configuration\Administrative Templates\System\Troubleshooting and Diagnostics\Application Compatibility Diagnostics\Detect application install failures HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WDI\{acfd1ca6-18b6-4ccf-9c07-580cdb6eded4}YThe "Detect application install failures" machine setting should be configured correctly. CCE-10784-7Computer Configuration\Administrative Templates\System\Troubleshooting and Diagnostics\Application Compatibility Diagnostics\Detect application failures caused by deprecated Windows DLLs HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WDI\{659F08FB-2FAB-42a7-BD4F-566CFA528769}sThe "Detect application failures caused by deprecated Windows DLLs" machine setting should be configured correctly. CCE-11688-9Computer Configuration\Administrative Templates\System\Troubleshooting and Diagnostics\Application Compatibility Diagnostics\Detect application failures caused by deprecated COM objects HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WDI\{88D69CE1-577A-4dd9-87AE-AD36D3CD9643}rThe "Detect application failures caused by deprecated COM objects" machine setting should be configured correctly. CCE-11234-2Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Removable Data Drives\Deny write access to removable drives not protected by BitLocker HKEY_LOCAL_MACHINE\System\CurrentControlSet\Policies\Microsoft\FVEvThe "Deny write access to removable drives not protected by BitLocker" machine setting should be configured correctly. CCE-11142-7Computer Configuration\Administrative Templates\Windows Components\BitLocker Driv< e Encryption\Fixed Data Drives\Deny write access to fixed drives not protected by BitLocker HKEY_LOCAL_MACHINE\System\CurrentControlSet\Policies\Microsoft\FVErThe "Deny write access to fixed drives not protected by BitLocker" machine setting should be configured correctly. CCE-11615-2Computer Configuration\Administrative Templates\System\Credentials Delegation\Deny Delegating Saved Credentials HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CredentialsDelegationWThe "Deny Delegating Saved Credentials" machine setting should be configured correctly. CCE-11231-8Computer Configuration\Administrative Templates\System\Credentials Delegation\Deny Delegating Fresh Credentials HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CredentialsDelegationWThe "Deny Delegating Fresh Credentials" machine setting should be configured correctly. CCE-11281-3Computer Configuration\Administrative Templates\System\Credentials Delegation\Deny Delegating Default Credentials HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CredentialsDelegationYThe "Deny Delegating Default Credentials" machine setting should be configured correctly. CCE-12399-2Computer Configuration\Administrative Templates\System\User Profiles\Delete user profiles older than a specified number of days on system restart HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\SystemThe "Delete user profiles older than a specified number of days on system restart" machine setting should be configured correctly. CCE-11349-8Computer Configuration\Administrative Templates\Windows Components\Windows SideShow\Delete data from devices running Microsoft firmware when a user logs off from the computer. HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\SideShowThe "Delete data from devices running Microsoft firmware when a user logs off from the computer." machine setting should be configured correctly. CCE-10613-8Computer Configuration\Administrative Templates\System\User Profiles\Delete cached copies of roaming profiles HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\System^The "Delete cached copies of roaming profiles" machine setting should be configured correctly. CCE-11955-2Computer Configuration\Administrative Templates\Windows Components\Windows Update\Delay Restart for scheduled installations HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU_The "Delay Restart for scheduled installations" machine setting should be configured correctly. CCE-11534-5Computer Configuration\Administrative Templates\System\Kerberos\Define interoperable Kerberos V5 realm settings HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\KerberoseThe "Define interoperable Kerberos V5 realm settings" machine setting should be configured correctly. CCE-10868-8Computer Configuration\Administrative Templates\System\Kerberos\Define host name-to-Kerberos realm mappings HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\KerberosaThe "Define host name-to-Kerberos realm mappings" machine setting should be configured correctly. CCE-12137-6Computer Configuration\Administrative Templates\System\Distributed COM\Application Compatibility Settings\Define Activation Security Check exemptions HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\DCOM\AppCompataThe "Define Activation Security Check exemptions" machine setting should be configured correctly. CCE-11718-4Computer Configuration\Administrative Templates\System\Disk Quotas\Default quota limit and warning level HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\DiskQuota[The "Default quota limit and warning level" machine setting should be configured correctly. CCE-11601-2Computer Configuration\Administrative Templates\Windows Components\AutoPlay Policies\Default behavior for AutoRun HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\ExplorerRThe "Default behavior for AutoRun" machine setting should be configured correctly. CCE-11431-4Computer Configuration\Administrative Templates\System\Net Logon\DC Locator DNS Records\DC Locator DNS records not registered by the DCs HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Netlogon\ParametersfThe "DC Locator DNS records not registered by the DCs" machine setting should be configured correctly. CCE-11083-3Computer Configuration\Administrative Templates\System\Remote Assistance\Customize Warning Messages HKEY_LOCAL_MACHINE\Software\policies\Microsoft\Windows NT\Terminal ServicesPThe "Customize Warning Messages" machine setting should be configured correctly. CCE-11554-3Computer Configuration\Administrative Templates\Windows Components\Windows Error Reporting\Consent\Customize consent settings HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting\ConsentPThe "Customize consent settings" machine setting should be configured correctly. CCE-11703-6Computer Configuration\Administrative Templates\System\Removable Storage Access\Custom Classes: Deny write access HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\RemovableStorageDevices\Custom\Deny_WriteWThe "Custom Classes: Deny write access" machine setting should be configured correctly. CCE-10718-5Computer Configuration\Administrative Templates\System\Removable Storage Access\Custom Classes: Deny read access HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\RemovableStorageDevices\Custom\Deny_ReadVThe "Custom Classes: Deny read access" machine setting should be configured correctly. CCE-11370-4Computer Configuration\Administrative Templates\System\Power Management\Notification Settings\Critical Battery Notification Level HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Power\PowerSettings\9A66D8D7-4FF7-4EF9-B5A2-5A326CA2A469YThe "Critical Battery Notification Level" machine setting should be configured correctly. CCE-11438-9Computer Configuration\Administrative Templates\System\Power Management\Notification Settings\Critical Battery Notification Action HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Power\PowerSettings\637EA02F-BBCB-4015-8E2C-A1C7B9C0B546ZThe "Critical Battery Notification Action" machine setting should be configured correctly. CCE-11279-7Computer Configuration\Administrative Templates\Network\Network Connectivity Status Indicator\Corporate Website Probe URL HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\NetworkConnectivityStatusIndicator\CorporateConnectivityQThe "Corporate Website Probe URL" machine setting should be configured correctly. CCE-12005-5Computer Configuration\Administrative Templates\Network\Network Connectivity Status Indicator\Corporate Site Prefix List HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\NetworkConnectivityStatusIndicator\CorporateConnectivityPThe "Corporate Site Prefix List" machine setting should be configured correctly. CCE-11600-4Computer Configuration\Administrative Templates\Network\Network Connectivity Status Indicator\Corporate DNS Probe Host Name HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\NetworkConnectivityStatusIndicator\CorporateConnectivitySThe "Corporate DNS Probe Host Name" machine setting should be configured correctly. CCE-10891-0Computer Configuration\Administrative Templates\Network\Network Connectivity Status Indicator\Corporate DNS Probe Host Address HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\NetworkConnectivityStatusIndicator\CorporateConnectivityVThe "Corporate DNS Probe Host Address" machine setting should be configured correctly. CCE-11399-3Computer Configuration\Administrative Templates\Network\QoS Packet Scheduler\Layer-2 priority value\Controlled load service type HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Psched\UserPriorityMapping CCE-10315-0Computer Configuration\Administrative Templates\Network\QoS Packet Scheduler\DSCP value of non-conforming packets\Controlled load service type HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Psched\DiffservByteMappingNonConforming CCE-11393-6Computer Configuration\Administrative Templates\Network\QoS Packet Scheduler\DSCP va< lue of conforming packets\Controlled load service type HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Psched\DiffservByteMappingConforming CCE-10558-5Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Removable Data Drives\Control use of BitLocker on removable drives HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVEbThe "Control use of BitLocker on removable drives" machine setting should be configured correctly. CCE-11377-9Computer Configuration\Administrative Templates\System\Net Logon\Contact PDC on logon failure HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Netlogon\ParametersRThe "Contact PDC on logon failure" machine setting should be configured correctly. CCE-11328-2Computer Configuration\Administrative Templates\System\Windows Time Service\Time Providers\Configure Windows NTP Client HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\W32time\TimeProviders\NtpClientRThe "Configure Windows NTP Client" machine setting should be configured correctly. CCE-11856-2Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Removable Data Drives\Configure use of smart cards on removable data drives HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVEkThe "Configure use of smart cards on removable data drives" machine setting should be configured correctly. CCE-12336-4Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Fixed Data Drives\Configure use of smart cards on fixed data drives HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVEgThe "Configure use of smart cards on fixed data drives" machine setting should be configured correctly. CCE-11239-1Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Removable Data Drives\Configure use of passwords for removable data drives HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVEjThe "Configure use of passwords for removable data drives" machine setting should be configured correctly. CCE-10422-4Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Fixed Data Drives\Configure use of passwords for fixed data drives HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVEfThe "Configure use of passwords for fixed data drives" machine setting should be configured correctly. CCE-12237-4Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives\Configure TPM platform validation profile HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE\PlatformValidation_The "Configure TPM platform validation profile" machine setting should be configured correctly. CCE-11809-1)Computer Configuration\Administrative Templates\Windows Components\Event Forwarding\Configure the server address, refresh interval, and issuer certificate authority of a target Subscription Manager HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\EventLog\EventForwarding\SubscriptionManagerThe "Configure the server address, refresh interval, and issuer certificate authority of a target Subscription Manager" machine setting should be configured correctly. CCE-11673-1Computer Configuration\Administrative Templates\System\Server Manager\Configure the refresh interval for Server Manager HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Server\ServerManagergThe "Configure the refresh interval for Server Manager" machine setting should be configured correctly. CCE-10994-2Computer Configuration\Administrative Templates\System\Trusted Platform Module Services\Configure the list of blocked TPM commands HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Tpm\BlockedCommands`The "Configure the list of blocked TPM commands" machine setting should be configured correctly. CCE-10870-4Computer Configuration\Administrative Templates\System\Group Policy\Logging and tracing\Configure Start Menu preference logging and tracing HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Group Policy\{E4F48E54-F38D-4884-BFB9-D4D2E5729C18}iThe "Configure Start Menu preference logging and tracing" machine setting should be configured correctly. CCE-12226-7Computer Configuration\Administrative Templates\Network\Offline Files\Configure slow-link mode HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\NetCacheNThe "Configure slow-link mode" machine setting should be configured correctly. CCE-12002-2Computer Configuration\Administrative Templates\System\Group Policy\Logging and tracing\Configure Shortcuts preference logging and tracing HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Group Policy\{C418DD9D-0D14-4efb-8FBF-CFE535C8FAC7}hThe "Configure Shortcuts preference logging and tracing" machine setting should be configured correctly. CCE-14699-3Computer Configuration\Administrative Templates\System\Group Policy\Logging and tracing\Configure Services preference logging and tracing HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Group Policy\{91FBB303-0CD5-4055-BF42-E512A681B325}gThe "Configure Services preference logging and tracing" machine setting should be configured correctly. CCE-12116-0Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Connection Client\Configure server authentication for client HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services CCE-11494-2Computer Configuration\Administrative Templates\System\Troubleshooting and Diagnostics\Scripted Diagnostics\Configure Security Policy for Scripted Diagnostics HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\ScriptedDiagnosticshThe "Configure Security Policy for Scripted Diagnostics" machine setting should be configured correctly. CCE-11106-2Computer Configuration\Administrative Templates\System\Group Policy\Logging and tracing\Configure Scheduled Tasks preference logging and tracing HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Group Policy\{AADCED64-746C-4633-A97C-D61349046527}nThe "Configure Scheduled Tasks preference logging and tracing" machine setting should be configured correctly. CCE-13753-9Computer Configuration\Administrative Templates\System\Troubleshooting and Diagnostics\Windows System Responsiveness Performance Diagnostics\Configure Scenario Execution Level HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WDI\{a7a5847a-7511-4e4e-90b1-45ad2a002f51} CCE-11966-9 Computer Configuration\Administrative Templates\System\Troubleshooting and Diagnostics\Windows Standby/Resume Performance Diagnostics\Configure Scenario Execution Level HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WDI\{ffc42108-4920-4acf-a4fc-8abdcc68ada4} CCE-11054-4Computer Configuration\Administrative Templates\System\Troubleshooting and Diagnostics\Windows Shutdown Performance Diagnostics\Configure Scenario Execution Level HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WDI\{2698178D-FDAD-40AE-9D3C-1371703ADC5B} CCE-10626-0Computer Configuration\Administrative Templates\System\Troubleshooting and Diagnostics\Windows Resource Exhaustion Detection and Resolution\Configure Scenario Execution Level HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WDI\{3af8b24a-c441-4fa4-8c5c-bed591bfa867} CCE-10616-1Computer Configuration\Administrative Templates\System\Troubleshooting and Diagnostics\Windows Memory Leak Diagnosis\Configure Scenario Execution Level HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WDI\{eb73b633-3f4e-4ba0-8f60-8f3c6f53168f} CCE-11484-3Computer Configuration\Administrative Templates\System\Troubleshooting and Diagnostics\Windows Boot Performance Diagnostics\Configure Scenario Execution Level HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WDI\{67144949-5132-4859-8036-a737b43825d8} CCE-11210-2Computer Configuration\Administrative Templates\System\Troubleshooting and Diagnostics\Fault Tolerant Heap\Configure Scenario Execution Level HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WDI\{dc42ff48-e40d-4a60-8675-e71f7e64aa9a} CCE-12038-6Computer Configuration\Administrative Templates\Windows < Components\Smart Card\Configure root certificate clean up HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CertPropYThe "Configure root certificate clean up" machine setting should be configured correctly. CCE-11646-7Computer Configuration\Administrative Templates\Windows Components\Windows Error Reporting\Advanced Error Reporting Settings\Configure Report Queue HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error ReportingLThe "Configure Report Queue" machine setting should be configured correctly. CCE-11861-2Computer Configuration\Administrative Templates\Windows Components\Windows Error Reporting\Advanced Error Reporting Settings\Configure Report Archive HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error ReportingNThe "Configure Report Archive" machine setting should be configured correctly. CCE-11962-8Computer Configuration\Administrative Templates\Windows Components\Windows Reliability Analysis\Configure Reliability WMI Providers HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Reliability Analysis\WMIYThe "Configure Reliability WMI Providers" machine setting should be configured correctly. CCE-11971-9Computer Configuration\Administrative Templates\System\Group Policy\Logging and tracing\Configure Registry preference logging and tracing HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Group Policy\{B087BE9D-ED37-454f-AF9C-04291E351182}gThe "Configure Registry preference logging and tracing" machine setting should be configured correctly. CCE-13691-1Computer Configuration\Administrative Templates\System\Group Policy\Logging and tracing\Configure Regional Options preference logging and tracing HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Group Policy\{E5094040-C46C-4115-B030-04FB2E545B00}oThe "Configure Regional Options preference logging and tracing" machine setting should be configured correctly. CCE-12147-5Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\RD Connection Broker\Configure RD Connection Broker server name HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services`The "Configure RD Connection Broker server name" machine setting should be configured correctly. CCE-11132-8Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\RD Connection Broker\Configure RD Connection Broker farm name HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services^The "Configure RD Connection Broker farm name" machine setting should be configured correctly. CCE-10563-5Computer Configuration\Administrative Templates\System\Group Policy\Logging and tracing\Configure Printers preference logging and tracing HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Group Policy\{BC75B1ED-5833-4858-9BB8-CBF0B166DF9D}gThe "Configure Printers preference logging and tracing" machine setting should be configured correctly. CCE-12806-6Computer Configuration\Administrative Templates\System\Group Policy\Logging and tracing\Configure Power Options preference logging and tracing HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Group Policy\{E62688F0-25FD-4c90-BFF5-F508B9D2E31F}lThe "Configure Power Options preference logging and tracing" machine setting should be configured correctly. CCE-11881-0Computer Configuration\Administrative Templates\System\Group Policy\Logging and tracing\Configure Network Shares preference logging and tracing HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Group Policy\{6A4C88C6-C502-4f74-8F60-2CB23EDC24E2}mThe "Configure Network Shares preference logging and tracing" machine setting should be configured correctly. CCE-13026-0Computer Configuration\Administrative Templates\System\Group Policy\Logging and tracing\Configure Network Options preference logging and tracing HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Group Policy\{3A0DBA37-F8B2-4356-83DE-3E90BD5C261F}nThe "Configure Network Options preference logging and tracing" machine setting should be configured correctly. CCE-11144-3Computer Configuration\Administrative Templates\System\Troubleshooting and Diagnostics\MSI Corrupted File Recovery\Configure MSI Corrupted File Recovery Behavior HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WDI\{54077489-683b-4762-86c8-02cf87a33423}dThe "Configure MSI Corrupted File Recovery Behavior" machine setting should be configured correctly. CCE-11305-0Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives\Configure minimum PIN length for startup HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVE^The "Configure minimum PIN length for startup" machine setting should be configured correctly. CCE-11332-4Computer Configuration\Administrative Templates\Windows Components\Windows Defender\Configure Microsoft SpyNet Reporting HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows Defender\SpyNetZThe "Configure Microsoft SpyNet Reporting" machine setting should be configured correctly. CCE-11638-4Computer Configuration\Administrative Templates\System\Group Policy\Logging and tracing\Configure Local Users and Groups preference logging and tracing HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Group Policy\{17D89FEC-5C44-4972-B12D-241CAEF74509}uThe "Configure Local Users and Groups preference logging and tracing" machine setting should be configured correctly. CCE-12051-9Computer Configuration\Administrative Templates\System\Enhanced Storage Access\Configure list of IEEE 1667 silos usable on your computer HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\EnhancedStorageDevices\ApprovedSilosoThe "Configure list of IEEE 1667 silos usable on your computer" machine setting should be configured correctly. CCE-10797-9Computer Configuration\Administrative Templates\System\Enhanced Storage Access\Configure list of Enhanced Storage devices usable on your computer HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\EnhancedStorageDevices\ApprovedEnStorDevicesxThe "Configure list of Enhanced Storage devices usable on your computer" machine setting should be configured correctly. CCE-11418-1Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections\Configure keep-alive connection interval HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services^The "Configure keep-alive connection interval" machine setting should be configured correctly. CCE-11194-8Computer Configuration\Administrative Templates\System\Group Policy\Logging and tracing\Configure Internet Settings preference logging and tracing HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Group Policy\{E47248BA-94CC-49c4-BBB5-9EB7F05183D0}pThe "Configure Internet Settings preference logging and tracing" machine setting should be configured correctly. CCE-11522-0Computer Configuration\Administrative Templates\System\Group Policy\Logging and tracing\Configure Ini Files preference logging and tracing HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Group Policy\{74EE6C03-5363-4554-B161-627540339CAB}hThe "Configure Ini Files preference logging and tracing" machine setting should be configured correctly. CCE-12948-6Computer Configuration\Administrative Templates\System\Group Policy\Logging and tracing\Configure Folders preference logging and tracing HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Group Policy\{6232C319-91AC-4931-9385-E70C2B099F0E}fThe "Configure Folders preference logging and tracing" machine setting should be configured correctly. CCE-11935-4Computer Configuration\Administrative Templates\System\Group Policy\Logging and tracing\Configure Folder Options preference logging and tracing HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Group Policy\{A3F3E39B-5D83-4940-B954-28315B82F0A8}mThe "Configure Folder Options preference logging and tracing" machine setting should be configured correctly. CCE-12974-2Computer Configuration\Adm< inistrative Templates\System\Group Policy\Logging and tracing\Configure Files preference logging and tracing HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Group Policy\{7150F9BF-48AD-4da4-A49C-29EF4A8369BA}dThe "Configure Files preference logging and tracing" machine setting should be configured correctly. CCE-12822-3Computer Configuration\Administrative Templates\System\Group Policy\Logging and tracing\Configure Environment preference logging and tracing HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Group Policy\{0E28E245-9368-4853-AD84-6DA3BA35BB75}jThe "Configure Environment preference logging and tracing" machine setting should be configured correctly. CCE-12910-6Computer Configuration\Administrative Templates\System\Group Policy\Logging and tracing\Configure Drive Maps preference logging and tracing HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Group Policy\{5794DAFD-BE60-433f-88A2-1A31939AC01F}iThe "Configure Drive Maps preference logging and tracing" machine setting should be configured correctly. CCE-11527-9Computer Configuration\Administrative Templates\System\Group Policy\Logging and tracing\Configure Devices preference logging and tracing HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Group Policy\{1A6364EB-776B-4120-ADE1-B63A406A76B5}fThe "Configure Devices preference logging and tracing" machine setting should be configured correctly. CCE-14026-9Computer Configuration\Administrative Templates\System\Device Installation\Configure device installation time-out HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\DeviceInstall\Settings\The "Configure device installation time-out" machine setting should be configured correctly. CCE-12057-6Computer Configuration\Administrative Templates\Windows Components\Windows Error Reporting\Consent\Configure Default consent HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting\ConsentOThe "Configure Default consent" machine setting should be configured correctly. CCE-11575-8Computer Configuration\Administrative Templates\System\Group Policy\Logging and tracing\Configure Data Sources preference logging and tracing HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Group Policy\{728EE579-943C-4519-9EF7-AB56765798ED}kThe "Configure Data Sources preference logging and tracing" machine setting should be configured correctly. CCE-11321-7Computer Configuration\Administrative Templates\System\Troubleshooting and Diagnostics\Corrupted File Recovery\Configure Corrupted File Recovery Behavior HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WDI\{8519d925-541e-4a2b-8b1e-8059d16082f2}`The "Configure Corrupted File Recovery Behavior" machine setting should be configured correctly. CCE-10485-1Computer Configuration\Administrative Templates\Windows Components\Windows Error Reporting\Advanced Error Reporting Settings\Configure Corporate Windows Error Reporting HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error ReportingaThe "Configure Corporate Windows Error Reporting" machine setting should be configured correctly. CCE-10483-6Computer Configuration\Administrative Templates\Network\BranchCache\Configure BranchCache for network files HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\NetCache]The "Configure BranchCache for network files" machine setting should be configured correctly. CCE-11275-5Computer Configuration\Administrative Templates\Network\Offline Files\Configure Background Sync HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\NetCacheOThe "Configure Background Sync" machine setting should be configured correctly. CCE-10511-4Computer Configuration\Administrative Templates\Windows Components\Windows Update\Configure Automatic Updates HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AUQThe "Configure Automatic Updates" machine setting should be configured correctly. CCE-10749-0Computer Configuration\Administrative Templates\System\Group Policy\Logging and tracing\Configure Applications preference logging and tracing HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Group Policy\{F9C77450-3A41-477E-9310-9ACD617BD9E3}kThe "Configure Applications preference logging and tracing" machine setting should be configured correctly. CCE-11287-0Computer Configuration\Administrative Templates\Network\Windows Connect Now\Configuration of wireless settings using Windows Connect Now HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WCN\RegistrarsrThe "Configuration of wireless settings using Windows Connect Now" machine setting should be configured correctly. CCE-11242-5Computer Configuration\Administrative Templates\Printers\Computer location HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\PrintersGThe "Computer location" machine setting should be configured correctly. CCE-11177-3Computer Configuration\Administrative Templates\Network\SNMP\Communities HKEY_LOCAL_MACHINE\Software\Policies\SNMP\Parameters\ValidCommunitiesAThe "Communities" machine setting should be configured correctly. CCE-10583-3Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Removable Data Drives\Choose how BitLocker-protected removable drives can be recovered HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVEvThe "Choose how BitLocker-protected removable drives can be recovered" machine setting should be configured correctly. CCE-11973-5Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives\Choose how BitLocker-protected operating system drives can be recovered HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE}The "Choose how BitLocker-protected operating system drives can be recovered" machine setting should be configured correctly. CCE-12060-0Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Fixed Data Drives\Choose how BitLocker-protected fixed drives can be recovered HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVErThe "Choose how BitLocker-protected fixed drives can be recovered" machine setting should be configured correctly. CCE-11273-0Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Choose drive encryption method and cipher strength HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVEhThe "Choose drive encryption method and cipher strength" machine setting should be configured correctly. CCE-11829-9Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Choose default folder for recovery password HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVEaThe "Choose default folder for recovery password" machine setting should be configured correctly. CCE-11423-1Computer Configuration\Administrative Templates\Printers\Check published state HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\PrintersKThe "Check published state" machine setting should be configured correctly. CCE-11185-6Computer Configuration\Administrative Templates\Windows Components\Windows Defender\Check for New Signatures Before Scheduled Scans HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows Defender\ScaneThe "Check for New Signatures Before Scheduled Scans" machine setting should be configured correctly. CCE-10771-4Computer Configuration\Administrative Templates\System\Removable Storage Access\CD and DVD: Deny write access HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{53f56308-b6bf-11d0-94f2-00a0c91efb8b}SThe "CD and DVD: Deny write access" machine setting should be configured correctly. CCE-10724-3Computer Configuration\Administrative Templates\System\Removable Storage Access\CD and DVD: Deny read access HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{53f56308-b6bf-11d0-94f2-00a0c91efb8b}RThe "CD and DVD: Deny read access" machine setting should be configured correctly. CCE-11847-1Computer Configuration\Administrative Templates\System\Removable Storage Access\CD and DVD: Deny execute acc< ess HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{53f56308-b6bf-11d0-94f2-00a0c91efb8b}UThe "CD and DVD: Deny execute access" machine setting should be configured correctly. CCE-12092-3Computer Configuration\Administrative Templates\Windows Components\Windows Installer\Cache transforms in secure location on workstation HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\InstallerhThe "Cache transforms in secure location on workstation" machine setting should be configured correctly. CCE-11092-4Computer Configuration\Administrative Templates\Network\QoS Packet Scheduler\Layer-2 priority value\Best effort service type HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Psched\UserPriorityMapping CCE-10975-1Computer Configuration\Administrative Templates\Network\QoS Packet Scheduler\DSCP value of non-conforming packets\Best effort service type HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Psched\DiffservByteMappingNonConforming CCE-11663-2Computer Configuration\Administrative Templates\Network\QoS Packet Scheduler\DSCP value of conforming packets\Best effort service type HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Psched\DiffservByteMappingConforming CCE-12036-0Computer Configuration\Administrative Templates\Windows Components\Windows Installer\Baseline file cache maximum size HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\InstallerVThe "Baseline file cache maximum size" machine setting should be configured correctly. CCE-11345-6Computer Configuration\Administrative Templates\Windows Components\Event Log Service\System\Backup log automatically when full HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\EventLog\System CCE-12204-4Computer Configuration\Administrative Templates\Windows Components\Event Log Service\Setup\Backup log automatically when full HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\EventLog\Setup CCE-11138-5Computer Configuration\Administrative Templates\Windows Components\Event Log Service\Security\Backup log automatically when full HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\EventLog\Security CCE-11400-9Computer Configuration\Administrative Templates\Windows Components\Event Log Service\Application\Backup log automatically when full HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\EventLog\Application CCE-11890-1Computer Configuration\Administrative Templates\System\User Profiles\Background upload of a roaming user profile's registry file while user is logged on HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\SystemThe "Background upload of a roaming user profile's registry file while user is logged on" machine setting should be configured correctly. CCE-11237-5Computer Configuration\Administrative Templates\Windows Components\Windows Update\Automatic Updates detection frequency HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU[The "Automatic Updates detection frequency" machine setting should be configured correctly. CCE-11761-4Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections\Automatic reconnection HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal ServicesLThe "Automatic reconnection" machine setting should be configured correctly. CCE-11039-5Computer Configuration\Administrative Templates\System\Net Logon\DC Locator DNS Records\Automated Site Coverage by the DC Locator DNS SRV Records HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Netlogon\ParametersoThe "Automated Site Coverage by the DC Locator DNS SRV Records" machine setting should be configured correctly. CCE-11511-3Computer Configuration\Administrative Templates\System\Logon\Assign a default domain for logon HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\SystemWThe "Assign a default domain for logon" machine setting should be configured correctly. CCE-11133-6Computer Configuration\Administrative Templates\Windows Components\ActiveX Installer Service\Approved Installation Sites for ActiveX Controls HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\AxInstallerfThe "Approved Installation Sites for ActiveX Controls" machine setting should be configured correctly. CCE-11433-0Computer Configuration\Administrative Templates\Control Panel\User Accounts\Apply the default user logon picture to all users HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\ExplorergThe "Apply the default user logon picture to all users" machine setting should be configured correctly. CCE-11594-9Computer Configuration\Administrative Templates\System\Disk Quotas\Apply policy to removable media HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\DiskQuotaUThe "Apply policy to removable media" machine setting should be configured correctly. CCE-11166-6Computer Configuration\Administrative Templates\System\Logon\Always wait for the network at computer startup and logon HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\CurrentVersion\WinlogonoThe "Always wait for the network at computer startup and logon" machine setting should be configured correctly. CCE-12164-0Computer Configuration\Administrative Templates\System\Logon\Always use custom logon background HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\SystemXThe "Always use custom logon background" machine setting should be configured correctly. CCE-11499-1Computer Configuration\Administrative Templates\System\Logon\Always use classic logon HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\SystemNThe "Always use classic logon" machine setting should be configured correctly. CCE-11256-5Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment\Always show desktop on connection HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal ServicesWThe "Always show desktop on connection" machine setting should be configured correctly. CCE-11015-5Computer Configuration\Administrative Templates\Printers\Always render print jobs on the server HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Printers\The "Always render print jobs on the server" machine setting should be configured correctly. CCE-11478-5Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security\Always prompt for password upon connection HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services`The "Always prompt for password upon connection" machine setting should be configured correctly. CCE-11299-5Computer Configuration\Administrative Templates\Windows Components\Windows Installer\Always install with elevated privileges HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer]The "Always install with elevated privileges" machine setting should be configured correctly. CCE-12401-6Computer Configuration\Administrative Templates\Windows Components\Biometrics\Allow users to log on using biometrics HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Biometrics\Credential Provider\The "Allow users to log on using biometrics" machine setting should be configured correctly. CCE-10455-4 Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections\Allow users to connect remotely using Remote Desktop Services HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal ServicessThe "Allow users to connect remotely using Remote Desktop Services" machine setting should be configured correctly. CCE-11867-9Computer Configuration\Administrative Templates\Windows Components\Smart Card\Allow user name hint HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\SmartCardCredentialProviderJThe "Allow user name hint" machine setting should be configured correctly. CCE-10713-6Computer Configuration\Administrative Templates\Windows Components\Windows Remote Management (WinRM)\WinRM Service< \Allow unencrypted traffic HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WinRM\Service CCE-11290-4Computer Configuration\Administrative Templates\Windows Components\Windows Remote Management (WinRM)\WinRM Client\Allow unencrypted traffic HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WinRM\Client CCE-11954-5Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection\Allow time zone redirection HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal ServicesQThe "Allow time zone redirection" machine setting should be configured correctly. CCE-11427-2Computer Configuration\Administrative Templates\Windows Components\Smart Card\Allow time invalid certificates HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\SmartCardCredentialProviderUThe "Allow time invalid certificates" machine setting should be configured correctly. CCE-11213-6Computer Configuration\Administrative Templates\Windows Components\Biometrics\Allow the use of biometrics HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\BiometricsQThe "Allow the use of biometrics" machine setting should be configured correctly. CCE-11545-1Computer Configuration\Administrative Templates\Windows Components\Network Access Protection\Allow the Network Access Protection client to support the 802.1x Enforcement Client component HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\NetworkAccessProtection\ClientConfig\Qecs\79620The "Allow the Network Access Protection client to support the 802.1x Enforcement Client component" machine setting should be configured correctly. CCE-10854-8Computer Configuration\Administrative Templates\System\Power Management\Sleep Settings\Allow Standby States (S1-S3) When Sleeping (Plugged In) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Power\PowerSettings\abfc2519-3608-4c2a-94ea-171b0ed546abmThe "Allow Standby States (S1-S3) When Sleeping (Plugged In)" machine setting should be configured correctly. CCE-11714-3Computer Configuration\Administrative Templates\System\Power Management\Sleep Settings\Allow Standby States (S1-S3) When Sleeping (On Battery) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Power\PowerSettings\abfc2519-3608-4c2a-94ea-171b0ed546abmThe "Allow Standby States (S1-S3) When Sleeping (On Battery)" machine setting should be configured correctly. CCE-11837-2Computer Configuration\Administrative Templates\Windows Components\Windows Update\Allow signed updates from an intranet Microsoft update service location HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate}The "Allow signed updates from an intranet Microsoft update service location" machine setting should be configured correctly. CCE-11428-0Computer Configuration\Administrative Templates\Windows Components\Smart Card\Allow signature keys valid for Logon HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\SmartCardCredentialProviderZThe "Allow signature keys valid for Logon" machine setting should be configured correctly. CCE-11398-5Computer Configuration\Administrative Templates\System\Recovery\Allow restore of system to default state HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WinRE^The "Allow restore of system to default state" machine setting should be configured correctly. CCE-11784-6Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections\Allow remote start of unlisted programs HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services]The "Allow remote start of unlisted programs" machine setting should be configured correctly. CCE-12066-7Computer Configuration\Administrative Templates\Windows Components\Windows Remote Shell\Allow Remote Shell Access HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WinRM\Service\WinRSOThe "Allow Remote Shell Access" machine setting should be configured correctly. CCE-11860-4Computer Configuration\Administrative Templates\System\Device Installation\Allow remote access to the Plug and Play interface HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\DeviceInstall\SettingshThe "Allow remote access to the Plug and Play interface" machine setting should be configured correctly. CCE-11248-2Computer Configuration\Administrative Templates\Printers\Allow pruning of published printers HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\PrintersYThe "Allow pruning of published printers" machine setting should be configured correctly. CCE-11704-4Computer Configuration\Administrative Templates\Printers\Allow printers to be published HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\PrintersTThe "Allow printers to be published" machine setting should be configured correctly. CCE-11104-7Computer Configuration\Administrative Templates\Printers\Allow Print Spooler to accept client connections HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\PrintersfThe "Allow Print Spooler to accept client connections" machine setting should be configured correctly. CCE-11912-3Computer Configuration\Administrative Templates\Network\Offline Files\Allow or Disallow use of the Offline Files feature HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\NetCachehThe "Allow or Disallow use of the Offline Files feature" machine setting should be configured correctly. CCE-10947-0Computer Configuration\Administrative Templates\System\Remote Assistance\Allow only Vista or later connections HKEY_LOCAL_MACHINE\Software\policies\Microsoft\Windows NT\Terminal Services[The "Allow only Vista or later connections" machine setting should be configured correctly. CCE-11249-0Computer Configuration\Administrative Templates\System\Enhanced Storage Access\Allow only USB root hub connected Enhanced Storage devices HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\EnhancedStorageDevicespThe "Allow only USB root hub connected Enhanced Storage devices" machine setting should be configured correctly. CCE-11081-7Computer Configuration\Administrative Templates\Windows Components\Backup\Server\Allow only system backup HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Backup\ServerNThe "Allow only system backup" machine setting should be configured correctly. CCE-10946-2Computer Configuration\Administrative Templates\Windows Components\Windows Update\Allow non-administrators to receive update notifications HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdatenThe "Allow non-administrators to receive update notifications" machine setting should be configured correctly. CCE-10383-8Computer Configuration\Administrative Templates\System\Driver Installation\Allow non-administrators to install drivers for these device setup classes HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\DriverInstall\RestrictionsThe "Allow non-administrators to install drivers for these device setup classes" machine setting should be configured correctly. CCE-12004-8Computer Configuration\Administrative Templates\System\Scripts\Allow logon scripts when NetBIOS or WINS is disabled HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\SystemjThe "Allow logon scripts when NetBIOS or WINS is disabled" machine setting should be configured correctly. CCE-11330-8Computer Configuration\Administrative Templates\System\Distributed COM\Application Compatibility Settings\Allow local activation security check exemptions HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\DCOM\AppCompatfThe "Allow local activation security check exemptions" machine setting should be configured correctly. CCE-11201-1Computer Configuration\Administrative Templates\Windows Components\Smart Card\Allow Integrated Unblock screen to be displayed at the time of logon HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\SmartCardCredentialProviderzThe "Allow Integrated Unblock screen to be displayed at the time of logon" machine setting should be configured correctly. CCE-11250-8Computer Configuration\Administrative Templates\S< ystem\Device Installation\Device Installation Restrictions\Allow installation of devices using drivers that match these device setup classes HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\DeviceInstall\RestrictionsThe "Allow installation of devices using drivers that match these device setup classes" machine setting should be configured correctly. CCE-11822-4Computer Configuration\Administrative Templates\System\Device Installation\Device Installation Restrictions\Allow installation of devices that match any of these device IDs HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\DeviceInstall\RestrictionsvThe "Allow installation of devices that match any of these device IDs" machine setting should be configured correctly. CCE-10675-7Computer Configuration\Administrative Templates\System\Enhanced Storage Access\Allow Enhanced Storage certificate provisioning HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\EnhancedStorageDeviceseThe "Allow Enhanced Storage certificate provisioning" machine setting should be configured correctly. CCE-10532-0Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives\Allow enhanced PINs for startup HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVEUThe "Allow enhanced PINs for startup" machine setting should be configured correctly. CCE-10612-0Computer Configuration\Administrative Templates\Windows Components\Smart Card\Allow ECC certificates to be used for logon and authentication HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\SmartCardCredentialProvidertThe "Allow ECC certificates to be used for logon and authentication" machine setting should be configured correctly. CCE-11455-3Computer Configuration\Administrative Templates\Windows Components\Biometrics\Allow domain users to log on using biometrics HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Biometrics\Credential ProvidercThe "Allow domain users to log on using biometrics" machine setting should be configured correctly. CCE-11188-0Computer Configuration\Administrative Templates\Network\DNS Client\Allow DNS Suffix Appending to Unqualified Multi-Label Name Queries HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\DNSClientxThe "Allow DNS Suffix Appending to Unqualified Multi-Label Name Queries" machine setting should be configured correctly. CCE-11379-5Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment\Allow desktop composition for remote desktop sessions HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal ServiceskThe "Allow desktop composition for remote desktop sessions" machine setting should be configured correctly. CCE-12042-8Computer Configuration\Administrative Templates\System\Credentials Delegation\Allow Delegating Saved Credentials with NTLM-only Server Authentication HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CredentialsDelegation}The "Allow Delegating Saved Credentials with NTLM-only Server Authentication" machine setting should be configured correctly. CCE-12094-9Computer Configuration\Administrative Templates\System\Credentials Delegation\Allow Delegating Saved Credentials HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CredentialsDelegationXThe "Allow Delegating Saved Credentials" machine setting should be configured correctly. CCE-10440-6Computer Configuration\Administrative Templates\System\Credentials Delegation\Allow Delegating Fresh Credentials with NTLM-only Server Authentication HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CredentialsDelegation}The "Allow Delegating Fresh Credentials with NTLM-only Server Authentication" machine setting should be configured correctly. CCE-10968-6Computer Configuration\Administrative Templates\System\Credentials Delegation\Allow Delegating Fresh Credentials HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CredentialsDelegationXThe "Allow Delegating Fresh Credentials" machine setting should be configured correctly. CCE-11223-5Computer Configuration\Administrative Templates\System\Credentials Delegation\Allow Delegating Default Credentials with NTLM-only Server Authentication HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CredentialsDelegationThe "Allow Delegating Default Credentials with NTLM-only Server Authentication" machine setting should be configured correctly. CCE-10648-4Computer Configuration\Administrative Templates\System\Credentials Delegation\Allow Delegating Default Credentials HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CredentialsDelegationZThe "Allow Delegating Default Credentials" machine setting should be configured correctly. CCE-10397-8Computer Configuration\Administrative Templates\System\Net Logon\Allow cryptography algorithms compatible with Windows NT 4.0 HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Netlogon\ParametersrThe "Allow cryptography algorithms compatible with Windows NT 4.0" machine setting should be configured correctly. CCE-11972-7Computer Configuration\Administrative Templates\System\Group Policy\Allow Cross-Forest User Policy and Roaming User Profiles HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\SystemnThe "Allow Cross-Forest User Policy and Roaming User Profiles" machine setting should be configured correctly. CCE-13723-2Computer Configuration\Administrative Templates\Windows Components\Windows Remote Management (WinRM)\WinRM Service\Allow CredSSP authentication HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WinRM\Service CCE-11306-8Computer Configuration\Administrative Templates\Windows Components\Windows Remote Management (WinRM)\WinRM Client\Allow CredSSP authentication HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WinRM\Client CCE-12032-9Computer Configuration\Administrative Templates\Windows Components\Windows Customer Experience Improvement Program\Allow Corporate redirection of Customer Experience Improvement uploads HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SQMClient|The "Allow Corporate redirection of Customer Experience Improvement uploads" machine setting should be configured correctly. CCE-11539-4Computer Configuration\Administrative Templates\Windows Components\Smart Card\Allow certificates with no extended key usage certificate attribute HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\SmartCardCredentialProvideryThe "Allow certificates with no extended key usage certificate attribute" machine setting should be configured correctly. CCE-11906-5Computer Configuration\Administrative Templates\Network\Background Intelligent Transfer Service (BITS)\Allow BITS Peercaching HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\BITSLThe "Allow BITS Peercaching" machine setting should be configured correctly. CCE-11216-9Computer Configuration\Administrative Templates\Windows Components\Windows Remote Management (WinRM)\WinRM Service\Allow Basic authentication HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WinRM\Service CCE-11131-0Computer Configuration\Administrative Templates\Windows Components\Windows Remote Management (WinRM)\WinRM Client\Allow Basic authentication HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WinRM\Client CCE-10454-7Computer Configuration\Administrative Templates\Windows Components\Windows Update\Allow Automatic Updates immediate installation HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AUdThe "Allow Automatic Updates immediate installation" machine setting should be configured correctly. CCE-11537-8Computer Configuration\Administrative Templates\System\Power Management\Sleep Settings\Allow Automatic Sleep with Open Network Files (Plugged In) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Power\PowerSettings\d4c1d4c8-d5cc-43d3-b83e-fc51215cb04dpThe "Allow Automatic Sleep with Open Network Files (Plugged In)" machine setting should be configured correctly. CCE-11514-7Computer Configuration\Administrative Templates\System\Power Management\Sleep Settings\Allow Automatic < Sleep with Open Network Files (On Battery) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Power\PowerSettings\d4c1d4c8-d5cc-43d3-b83e-fc51215cb04dpThe "Allow Automatic Sleep with Open Network Files (On Battery)" machine setting should be configured correctly. CCE-10584-1Computer Configuration\Administrative Templates\Windows Components\Windows Remote Management (WinRM)\WinRM Service\Allow automatic configuration of listeners HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WinRM\Service`The "Allow automatic configuration of listeners" machine setting should be configured correctly. CCE-11381-1Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection\Allow audio recording redirection HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal ServicesWThe "Allow audio recording redirection" machine setting should be configured correctly. CCE-11228-4 Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection\Allow audio and video playback redirection HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services`The "Allow audio and video playback redirection" machine setting should be configured correctly. CCE-11359-7Computer Configuration\Administrative Templates\System\Group Policy\Allow asynchronous user Group Policy processing when logging on through Remote Desktop Services HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\SystemThe "Allow asynchronous user Group Policy processing when logging on through Remote Desktop Services" machine setting should be configured correctly. CCE-12885-0Computer Configuration\Administrative Templates\System\Power Management\Sleep Settings\Allow Applications to Prevent Automatic Sleep (Plugged In) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Power\PowerSettings\A4B195F5-8225-47D8-8012-9D41369786E2pThe "Allow Applications to Prevent Automatic Sleep (Plugged In)" machine setting should be configured correctly. CCE-11835-6Computer Configuration\Administrative Templates\System\Power Management\Sleep Settings\Allow Applications to Prevent Automatic Sleep (On Battery) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Power\PowerSettings\A4B195F5-8225-47D8-8012-9D41369786E2pThe "Allow Applications to Prevent Automatic Sleep (On Battery)" machine setting should be configured correctly. CCE-11674-9Computer Configuration\Administrative Templates\System\Device Installation\Device Installation Restrictions\Allow administrators to override Device Installation Restriction policies HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\DeviceInstall\RestrictionsThe "Allow administrators to override Device Installation Restriction policies" machine setting should be configured correctly. CCE-10446-3Computer Configuration\Administrative Templates\Windows Components\Windows Installer\Allow admin to install from Remote Desktop Services session HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\InstallerqThe "Allow admin to install from Remote Desktop Services session" machine setting should be configured correctly. CCE-10520-5Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Removable Data Drives\Allow access to BitLocker-protected removable data drives from earlier versions of Windows HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVEThe "Allow access to BitLocker-protected removable data drives from earlier versions of Windows" machine setting should be configured correctly. CCE-11636-8Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Fixed Data Drives\Allow access to BitLocker-protected fixed data drives from earlier versions of Windows HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\FVEThe "Allow access to BitLocker-protected fixed data drives from earlier versions of Windows" machine setting should be configured correctly. CCE-11465-2Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Connection Client\Allow .rdp files from valid publishers and user's default .rdp settings HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services}The "Allow .rdp files from valid publishers and user's default .rdp settings" machine setting should be configured correctly. CCE-11350-6Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Connection Client\Allow .rdp files from unknown publishers HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services^The "Allow .rdp files from unknown publishers" machine setting should be configured correctly. CCE-10982-7Computer Configuration\Administrative Templates\System\Removable Storage Access\All Removable Storage: Allow direct access in remote sessions HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\RemovableStorageDevicessThe "All Removable Storage: Allow direct access in remote sessions" machine setting should be configured correctly. CCE-11585-7Computer Configuration\Administrative Templates\System\Removable Storage Access\All Removable Storage classes: Deny all access HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\RemovableStorageDevicesdThe "All Removable Storage classes: Deny all access" machine setting should be configured correctly. CCE-11762-2Computer Configuration\Administrative Templates\Network\Offline Files\Administratively assigned offline files HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\NetCache\AssignedOfflineFolders]The "Administratively assigned offline files" machine setting should be configured correctly. CCE-11163-3Computer Configuration\Administrative Templates\System\User Profiles\Add the Administrators security group to roaming user profiles HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\SystemtThe "Add the Administrators security group to roaming user profiles" machine setting should be configured correctly. CCE-11456-1Computer Configuration\Administrative Templates\Printers\Add Printer wizard - Network scan page (Unmanaged network) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Printers\WizardpThe "Add Printer wizard - Network scan page (Unmanaged network)" machine setting should be configured correctly. CCE-11325-8Computer Configuration\Administrative Templates\Printers\Add Printer wizard - Network scan page (Managed network) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Printers\WizardnThe "Add Printer wizard - Network scan page (Managed network)" machine setting should be configured correctly. CCE-11699-6Computer Configuration\Administrative Templates\Windows Components\ActiveX Installer Service\ActiveX installation policy for sites in Trusted zones HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\AxInstaller\AxISURLZonePolicieslThe "ActiveX installation policy for sites in Trusted zones" machine setting should be configured correctly. CCE-12287-9Computer Configuration\Administrative Templates\Network\TCPIP Settings\IPv6 Transition Technologies\6to4 State HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\TCPIP\v6Transition@The "6to4 State" machine setting should be configured correctly. CCE-11356-3Computer Configuration\Administrative Templates\Network\TCPIP Settings\IPv6 Transition Technologies\6to4 Relay Name Resolution Interval HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\TCPIP\v6TransitionYThe "6to4 Relay Name Resolution Interval" machine setting should be configured correctly. CCE-12009-7Computer Configuration\Administrative Templates\Network\TCPIP Settings\IPv6 Transition Technologies\6to4 Relay Name HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\TCPIP\v6TransitionEThe "6to4 Relay Name" machine setting should be configured correctly. CCE-12007-1HMicrosoft Security Compliance Manager (SCM) Baselines and Settings Packs (1) via chmod (1) valueCSet the permissions to the Middleware Home directory appro< priately. CCE-18185-9(1) open file descriptorsRSet the "Maximum Open Sockets" setting appropriately on the Administration server. CCE-18198-2 (1) seconds+Set the "Post Timeout" field appropriately. CCE-18193-3AEnable or disable the "Auth Cookie Enabled" option appropriately. CCE-18171-9JEnable or disable the "Client Cert Proxy Enabled" attribute appropriately. CCE-17216-3?Set the premissions to the Domain Home directory appropriately. CCE-17425-0XSet the premissions to the Weblogic Server Product Installation directory appropriately. CCE-18046-3BSet the "Keystores" permission value appropriately in directories. CCE-18024-0 CCE-18147-9In order to configure a connection filter, follow the instructions under the "Configuring Connection Filtering" section of the following URL: http://download-llnw.oracle.com/docs/cd/E13222_01/wls/docs81/secmanage/domain.html#1107380(1) connection filterCCreate a connection filter for the appropriate serves and machines. CCE-17214-8BFor the Managed Server, create a "Connection Filter" if necessary. CCE-17650-3x(1) via the Administration Console, Domain > Environment > Servers > Server > Protocols > HTTP > HTTP Maximum Size field (1) bytesBSet the "HTTP Maximum Message Size" appropriately for each server. CCE-17769-1z(1) via the Administration Console, Domain > Environment > Servers > Server Name > Protocols > HTTP > HTTPS Duration Field7Set the "HTTPS Duration" appropriately for each server. CCE-17513-3y(1) via the Administration Console, Domain > Environment > Servers > Server Name > Protocols > HTTP . HTTP Duration Field6Set the HTTP "Duration" appropriately for each server. CCE-18152-9x(1) via the Administration Console, Domain > Environment > Servers > Server Name > Protocols > HTTP > Post Timeout FieldBSet the Server "Post Timeout" field appropriately for each server. CCE-18148-7g(1) via the Administration Console, Domain > Security > Embedded LDAP > Anonymous Bind Allowed checkbox7Enable or disable the "Anonymous Bind Allowed" setting. CCE-18126-3U(1) via the Administration Console, Domain > Security > Embedded LDAP > Timeout field.Set the Embedded LDAP "Timeout" appropriately. CCE-17210-6(1) via the Administration Console, Environment > Servers > Configuration > SSL > Advanced > Two Way Client Cert Behavior attribute<Enable or disable two-way SSL appropriately for each server. CCE-17507-5 CCE-18128-92link down to 4.6.2 "Enable Configuration Auditing"(1) via the Administration Console, Domain Structure > Domain Name > Configuration > General > Advanced > Configuration Audit Type field9(1) Change None/Change Log/Change Audit/ Change and Audit7Set the "Configuration Audit Type" field appropriately. CCE-17208-0(1) via the Administration Console, Security Realm > Name of the Active Realm > Settings > Advanced > When Deploying Web Applications or EJBs setting@Set the "When Deploying Web Applications or EJBS" appropriately. CCE-17346-8(1) via the Administration Console, Security Realm > Name of the Active Realm > Configuration > General > Security Model Default setting5(1) DDOnly/CustomRoles/CustomRolesAndPolices/Advanced/Set the "Security Model Default" appropriately. CCE-17482-1Oracle Fusion Middleware Securing Resources Using Roles and Policies for Oracle WebLogic Server 11g Release 1 (10.3.1) E13747-01. link down to 4.2.1, "Understanding the Check Roles and Policies Setting" and 4.2.2, "Understanding the When Deploying Web Applications or EJBs Setting"(1) via the Administration Console, Security Realm > Name of the Active Realm > Configuration > General > Advanced > Check Roles and Policies setting1Set the "Check Roles and Policies" appropriately. CCE-17478-9&p30 Table 3-4, "Securing Applications"y(1) via the Administration Console, Domain > Environment > Servers > Server Name > Protocols > HTTP > Frontend Host field(1) name of server@Set the "Frontend Host" attribute appropriately for each server. CCE-18082-8q(1) via the Administration Console > Environment > Servers > Managed Servers > Client Cert Proxy Enabled checkboxPEnable or disable the "Client Cert Proxy Enabled" setting on the managed server. CCE-18077-8(1) via the Administration Console, Environment > Servers > AdminServer > Configuration > General > Client Cert Proxy Enabled checkboxWEnable or disable the "Client Cert Proxy Enabled" setting on the Administration Server. CCE-17844-2 CCE-17963-0 CCE-18144-6u(1) via the Administration Console, Domain Structure > Configuration > General > Enable Administration Port attribute;Enable or disable the "Enable Administration Port" setting. CCE-17201-5s(1) via the Administration Console, Domain > Security > General > Advanced > Web App Files Case Insensitive textbox@Enabled or disable the "Web App Files Case Insensitive" setting. CCE-17196-7_(1) via the Administration Console, Domain Name > Security > Anonymous Admin Lookup Enabled box?Enable or disable the "Anonymous Admin Lookup Enabled" setting. CCE-17612-3Elink down to section 2.4,"install WebLogic server in a secure manner"(1) via the Administration Console, Console > Domain Structure > Domain Name > Configuration > General > Advanced > Invocation Timeout Seconds field7Set the appropriate "Invocation Timeout Seconds" value. CCE-17872-3e(1) via the Administration Console, Security Realms > name of the Active Realm > Providers > Auditing@Enable or disable the WebLogic Auditing provider as appropriate. CCE-17991-1d(1) via the Administration Console, Base_Domain > Configuration > General > Production mode checkbox7Enable or disable the "Production Mode" appropriately. CCE-17969-7(1) via the Administration Console, Domain Structure > Domain Name > Configuration > General > Advanced > Console Session Timeout field(1) numerical valueESet the "Administration Console Session Timeout" field appropriately. CCE-17964-8BEA WebLogic Platform Security Guide Network Applications Team of the Systems and Network Attack Center (SNAC), p. 24 "Domains and Realms" CCE-17603-2(1) via the Administration console, Domain Name > Security Realm > Security Realm of interest > Users and Groups > WebLogic user account > Passwords > Password field (1) passwordESet the password field appropriately for the "Default Administrator". CCE-17973-9(1) via the Administration Console, Domain Structure > Domain Name > Configuration > General > Advanced > Archive Configuration Count field(1) number of archive files4Set the "Archive Configuration Count" appropriately. CCE-17951-5DIntroduction to Oracle WebLogic Server, 3 domain configuration files(1) via the Administration Console, Domain Structure > Domain Name > Configuration > General > Advanced > Configuration Archive Enabled checkboxHEnable or disable the "Configuration Archive Enabled" box appropriately. CCE-17947-3,link down to 13.2.2, "Enabling Global Trust"[(1) via the Administration console, Security > General > Advanced > Domain Credential field(1) credential 2Change and set "Domain Credentials" appropriately. CCE-17960-69link down to section 12.4,"using host name verification" (1) via the Administration Console, Environment > Servers > Administration Server > Configuration > SSL > Advanced > Host Name Verification setting CCE-17956-4Report Number: I33-004R-2005 BEA WebLogic Platform Security Guide Network Applications Team of the Systems and Network Attack Center (SNAC) Publication Date: 4 April 2005 Version Number: 1.0 "Security Service Provides" p25,28(1) via the Administration Console, Security Realm > Name of the active Realm > Providers > Configuration > Provider Specific > SSL enabled box CCE-17189-2dlink down to section 5.8.1 Table 5-7, "Password Composition Rules and Default Values" scroll to p70(1) via the Administration Console, Security Realm > Name of the active Realm > Providers > Password Validation > System Password Validator > Provider Specific > Minimum Number of Non-Alphabetic Characters field (1) number of charactersGDefine the "Minimum Number of Non-Alphabetic < Characters" appropriately. CCE-18186-78link down to section 12.4,"using host name verification (1) name of hostMSet the "Host Name Verification" appropriately on the Administration Server. CCE-17794-9Klink down to section 4.4, "configuring the WebLogic communication provider"(1) via the Administration Console, Security Realm > Name of the active Realm > Providers > Adjudication > DefaultAdjudicator > Provider Specific > Require Unanimous Permit attribute9Enable or disable the "Require Unanimous Permit" setting. CCE-17856-6{(1) via the Administration Console, Security Realm > Name of the active Realm > User Lockout > Lockout Reset Duration fieldHDefine the "Lockout Reset Duration" in the Security Realm appropriately. CCE-17464-9Report Number: I733-033R-2006 Date: December 2006 Oracle Application Server Security Recommendations and DoDI 8500.2 IA Controls can be reached at: http://www.nsa.gov/ia/_files/app/I733-033R-2006.PDF, p.27 bullet 4 under "OAS Identity Management'u(1) via the Administration Console, Security Realm > Name of the active Realm > User Lockout > Lockout Duration fieldBDefine the "Lockout Duration" in the Security Realm appropriately. CCE-18068-7v(1) via the Administration Console, Security Realm > Name of the active Realm > User Lockout > Lockout Threshold field$(1) number of invalid login attemptsCDefine the "Lockout Threshold" in the Security Realm appropriately. CCE-17913-5Zsection 3.3. (link down to section 13.6, "How Passwords Are Protected in WebLogic Server")(1) permissionsNSet permissions on the SerializedSystemIni.dat file permissions appropriately. CCE-17393-0Msection 3.3. bullet 8 (link down to section 13.7, "protecting user accounts")(1) via the Administration Console, Security Realm > Name of the active Realm > Configuration > User Lockout > Lockout Enabled attribute0Enable or disable the "Lockout Enabled" setting. CCE-17763-4%link down to section 5.8.1, Table 5-7(1) via the Administration Console, Security Realm > Name of the active Realm > Providers > Password Validation > System Password Validator > Provider Specific > Minimum Number of Non-Alphanumeric Characters field LSet the "minimum number of non-alphanumeric characters" field appropriately. CCE-17618-0(1) via the Administration Console, Security Realm > Name of the active Realm > Providers > Password Validation > System Password Validator > Provider Specific > Minimum Number of Upper Case Characters field ESet the "minimum number of upper case characters" field appropriately CCE-17979-6(1) via the Administration Console, Security Realm > Name of the active Realm > Providers > Password Validation > System Password Validator > Provider Specific > Minimum Number of Lower Case Characters field FSet the "minimum number of lower case characters" field appropriately. CCE-17561-2(1) via the Administration Console, Security Realm > Name of the active Realm > Providers > Password Validation > System Password Validator > Provider Specific > Minimum Number of Numeric Characters field CSet the "minimum number of numeric characters" field appropriately. CCE-17186-8(1) via the Administration Console, Security Realm > Name of the active Realm > Providers > Password Validation > System Password Validator > Provider Specific > Minimum Number of Alphabetic Characters field FSet the "minimum number of alphabetic characters" field appropriately. CCE-17183-5(1) via the Administration Console, Security Realm > Name of the active Realm > Providers > Password Validation > System Password Validator > Provider Specific > Maximum Consecutive Characters field =Set the "maximum consecutive characters" field appropriately. CCE-18028-1(1) via the Administration Console, Security Realm > Name of the active Realm > Providers > Password Validation > System Password Validator > Provider Specific > Maximum Instances of Any Character field ASet the "maximum instances of any character" field appropriately. CCE-17892-1(1) via the Administration Console, Security Realm > Name of the active Realm > Providers > Password Validation > System Password Validator > Provider Specific > Minimum Password Length field 6Set the "minimum password length" field appropriately. CCE-17601-6(1) via the Administration Console, Security Realm > Name of the active Realm > Providers > Password Validation > System Password Validator > Provider Specific > Maximum Password Length field 6Set the "maximum password length" field appropriately. CCE-17182-7(1) via the Administration Console, Security Realm > Name of the active Realm > Providers > Password Validation > System Password Validator > Provider Specific > Reject if Password Contains the user Name Reversed fieldSEnable or disable the "Reject if Password Contains the User Name Reversed" setting. CCE-18038-0(1) via the Administration Console, Security Realm > Name of the active Realm > Providers > Password Validation > System Password Validator > Provider Specific > User Name Policies section[Enable or disable the "Reject if Password Contains the User Name" attribute as appropriate. CCE-17254-4Klink down to section 5.3, "configuring the default authentication provider"(1) via the Administration Console, Security Realm > Name of the active Realm > Providers > Authentication > DefualtAuthenticator > Configuration > Minimum Password Length field CCE-17738-6?link down to section 4.6.1, "auditing context handler elements"(1) via the Administration Console, Security Realm > Name of the active Realm > Providers > Auditing > WebLogic Auditing Provider > Provider Specific > Active Context Handler EntriesTEnable or disable the Active Context Handler "jmx.OldAttributeValue" as appropriate. CCE-18091-9WEnable or disable the Active Context Handle "jmx.AuditProtectedArgInfo" as appropriate. CCE-17805-3LEnable or disable the Active Context Handler "jmx.Signature" as appropriate. CCE-17713-9KEnable or disable the Active Context Handle "jmx.Parameters" as appropriate CCE-17558-8LEnable or disable the Active Context Handler "jmx.ShortName" as appropriate. CCE-17893-9MEnable or disable the Active Context Handler "jmx.ObjectName" as appropriate. CCE-17179-3WEnable or disable the Active Context Handler "saml.subject.dom.KeyInfo" as appropriate. CCE-18088-5^Enable or disable the Active Context Handler "saml.subject.ConfirmationMethod" as appropriate. CCE-17304-7ZEnable or disable the Active Context Handler "saml.MessageSignerCerficate" as appropriate. CCE-17970-5]Enable or disable the Active Context Handler "saml.SSLClientCertificateChain" as appropriate. CCE-17948-1 CCE-17287-4SEnable or disable the Active Context Handler "webservice.Integrity" as appropriate. CCE-17789-9PEnable or disable the Active Context Handler "xml.SecurityToken" as appropriate. CCE-18023-2^Enable or disable the Active Context Handler "security.ChainPrevalidatedBySSL" as appropriate. CCE-17736-0VEnable or disable the Active Context Handler "entitlement.EAuxilaryID" as appropriate. CCE-17335-1OEnable or disable the Active Context Handler "wsee.SOAPmessage" as appropriate. CCE-17798-0NEnable or disable the Active Context Handler "ejb20.Parameter" as appropriate. CCE-17296-5MEnable or disable the Active Context Handler "channel.Secure" as appropriate. CCE-18009-1REnable or disable the Active Context Handler "channel.ChannelName" as appropriate. CCE-17812-9TEnable or disable the Active Context Handler "channel.RemoteAddress" as appropriate. CCE-18120-6TEnable or disable the Active Context Handler "channel.PublicAddress" as appropriate. CCE-17176-9NEnable or disable the Active Context Handler "channel.Address" as appropriate. CCE-17877-2OEnable or disable the Active Context Handler "channel.Protocol" as appropriate. CCE-17825-1PEnable or disable the Active Context Handler "channel.RemotePort"as appropriate. CCE-18007-5ZEnable or disable the Active Context Handler "servlet.HttpServletResponse" as appropriate. CCE-17167-8 CCE-17652-9QEnable or disable the Active Context Handler "channel.PublicPo< rt" as appropriate. CCE-17740-2KEnable or disable the Active Context Handler "channel.Port" as appropriate. CCE-17572-9JEnable or disable the Active Context Handler "wli.Message" as appropriate. CCE-17171-0 CCE-17181-9Flink down to section 4.6, "configuring the WebLogic auditing provider"(1) via the Administration Console, Security Realm > Name of the active Realm > Providers > Auditing > WebLogic Auditing Provider > Provider Specific > Severity attribute-(1) Failure/Success/Error/Warning/Information+Define the "Severity" field as appropriate. CCE-17155-3Gp.21, Table 3-1 in section 3.6, "Securing the WebLogic Security Notice".(1) via the Configuration Wizard (2) via chownDThe Oracle WebLogic Server should be run by the appropriate account. CCE-17888-9y(1) via the Administration console, Domain Name > Security > General > Advanced > Security Interoperability Mode setting%(1) default/performance/compatibilityCDetermine the appropriate "Security Interoperability Mode" setting. CCE-17760-0ATable 3-3 in section 3.5, "Securing the WebLogic Security Notice"z(1) via the Administration console, Environment > Servers > Server name > Protocols > General > Maximum Message Size fieldADetermine the appropriate "Maximum Message Size" for each server. CCE-17743-6ASection 3.1, "an important note regarding null cipher use in SSL"(1) via the Administration console, Domain Structure > Environment > Servers > Server Name > Configuration > SSL > Advanced > Allow Unencrypted Null Cipher checkboxUEnable or disable the "Allow Unencrypted Null Cipher" as appropriate for each server. CCE-17853-3SNote in section 3.2, "Securing a Production Environment for Oracle WebLogic server"(1) via 'setDomainEnv.sh'=Enable or disable the "FIPS- compliant cryptographic module". CCE-18113-1(1) via the Administration console, Environment > Servers > Server Domain > Server name > Protocols > General > Complete Message Timeout fieldASet the "Complete Message Timeout" appropriately for each server. CCE-17933-3Other WebLogic Documentation6Securing Oracle WebLogic Server 11g Release 1 (10.3.1)TSecuring a Production Environment for Oracle WebLogic Server 11g Release 1 (10.3.1) 6Section: 2.3.3.1.1 - Set Password Quality Requirements)(1) via pam_cracklib (2) via pam_passwdqcnumber of retry attemptsThe number of times a user is prompted to provide a new password if it fails to meet configured password strength requirements (also known as the retry value) should be set appropriately. CCE-15054-06Section: 2.3.1.2 - Limit su Access to the Root Account via /etc/pam.d/surestricted / not restricted`Access to the root account via su should be restricted to the wheel group or not as appropriate. CCE-15047-4 via /etc/groupexist / not exist4The 'wheel' group should exist or not as appropriate CCE-14088-91Section: 3.20.1 - Disable SNMP Server if Possible via yumHThe net-snmpd package should be installed or uninstalled as appropriate. CCE-14081-4KSection: 3.18.2.11 - Require Client SMB Packet Signing, if using mount.cifsrequired / not required[Client SMB packet signing should be required or not required for mount.cifs as appropriate. CCE-15029-2JSection: 3.18.2.10 - Require Client SMB Packet Signing, if using smbclientvia /etc/samba/smb.confZClient SMB packet signing should be required or not required for smbclient as appropriate. CCE-14075-6,Section: 3.15.1 - Disable vsftpd if PossibleEThe vsftpd package should be installed or uninstalled as appropriate. CCE-14881-7ASection: 3.12.2.2 - Congure LDAP to Use TLS for All Transactionsvia /etc/ldap.confrequires / does not requiregLDAP client requires or does not require LDAP servers to use TLS for SSL communications as appropriate. CCE-14894-07Section: 3.11.2.1.1 - Disable Postfix Network Listeningvia /etc/postfix/main.cfKPostfix network listening should be enabled or disabled for as appropriate. CCE-15018-5:Section: 3.11.1.1 - Select Postfix as Mail Server SoftwareFThe postfix package should be installed or uninstalled as appropriate. CCE-14068-1GThe sendmail package should be installed or uninstalled as appropriate. CCE-14495-6-Section: 3.5.2.10 - Use Only Approved Ciphers via /etc/ssh/sshd_configapproved ciphers+Appropriate ciphers should be used for SSH. CCE-14491-5@Section: 3.5.2.9 - Do Not Allow Users to Set Environment Optionsallowed / not allowedYUsers should be allowed or not allowed to set environment options for SSH as appropriate. CCE-14716-5<Section: 3.5.2.3 - Set Idle Timeout Interval for User Loginsnumber of messagesIThe SSH 'keep alive' message count should be set to an appropriate value. CCE-14061-6/Section: 3.4.3 - Disable at service if Possible via chkconfig;The at daemon should be enabled or disabled as appropriate. CCE-14466-7.Section: 3.3.9.3 - Disable Zeroconf NetworkingAZeroconf networking should be enabled or disabled as appropriate. CCE-14054-1$Section: 3.3.4 - ISDN Support (isdn)HThe isdn4k-utils package should installed or uninstalled as appropriate. CCE-14825-44Section: 3.3.14.3 - Disable Bluetooth Kernel ModulesFBluetooth kernel modules should be enabled or disabled as appropriate. CCE-14948-49Section: 2.6.2.4.14 - Make auditd configuration immutable&via /etc/audit/audit.rules or auditctlaudit enabled / audit disabledTAuditing should be configured to make auditd configuration immutable as appropriate. CCE-14692-8_Section: 2.6.2.4.13 - Ensure auditd Collects Information on Kernel Module Loading and UnloadingbAuditing should be configured to record kernel module loading and unloading events as appropriate. CCE-14688-6LSection: 2.6.2.4.12 - Audit All Administrator and Security Personnel ActionsjAuditing should be configured to record administrator and security personnel action events as appropriate. CCE-14824-7FSection: 2.6.2.4.11 - Audit for Files and Programs Deleted by the UserXAuditing should be configured to record file and program deletion events as appropriate. CCE-14820-57Section: 2.6.2.4.10 - Audit for Exporting Data to MediaSAuditing should be configured to record data export to media events as appropriate. CCE-14569-8=Section: 2.6.2.4.9 - Audit for the Use of Privileged CommandsRAuditing should be configured to record use of privileged commands as appropriate. CCE-14296-8DSection: 2.6.2.4.8 - Audit for Unauthorized Attempts to Access Files]Auditing should be configured to record unauthorized attempts to access files as appropriate. CCE-14917-9OSection: 2.6.2.4.7 - Audit Discretionary Access Control Permissions for ChangeskAuditing should be configured to record changes to discretionary access control permissions as appropriate. CCE-14058-29Section: 2.6.2.4.6 - Audit Process and Session initiation]Auditing should be configured to record process and session initiation events as appropriate. CCE-14679-52Section: 2.6.2.4.5 - Audit Logon and Logout EventsOAuditing should be configured to record logon and logout events as appropriate. CCE-14904-7USection: 2.6.2.4.4 - Record Events that Modify the System s Mandatory Access ControlsiAuditing should be configured to record changes to the system's mandatory access controls as appropriate. CCE-14821-3OSection: 2.6.2.4.3 - Record Events that Modify the System s Network EnvironmentaAuditing should be configured to record changes to the system network environment as appropriate. CCE-14816-3ESection: 2.6.2.4.2 - Record Events that Modify User/Group InformationbAuditing should be configured to record user/group information modification events as appropriate. CCE-14829-6ISection: 2.6.2.4.1 - Records Events that Modify Date and Time InformationYAuditing should be configured to record date and time modification events as appropriate. CCE-14051-7VSection: 2.6.2.3 - Enable < Auditing for Processes which Start Prior to the Audit Daemon via grub.conf`The kernel arguments should enable or disable auditing early in the boot process as appropriate. CCE-15026-8+Section: 2.5.7.4 - Disable Support for TIPC via /etc/modprobe.conf2Disable or enable support for TIPC as appropriate. CCE-14911-2*Section: 2.5.7.3 - Disable Support for RDS1Disable or enable support for RDS as appropriate. CCE-14027-7+Section: 2.5.7.2 - Disable Support for SCTP2Disable or enable support for SCTP as appropriate. CCE-14132-5+Section: 2.5.7.1 - Disable Support for DCCP2Disable or enable support for DCCP as appropriate. CCE-14268-70Section: 2.5.5.3.1 - Change the Default PoliciesACCEPT / DROP / QUEUE /RETURNJThe default policy for iptables INPUT table should be set as appropriate. CCE-14264-6CSection: 2.5.1.3 - Ensure System is Not Acting as a Network Sniffervia /proc/net/packetAThe system should act as a network sniffer or not as appropriate. CCE-15013-61Section: 2.4.5 - Check for Unlabeled Device Filesincludes / does not includeYThe system includes or does not include any device files with the unlabeled SELinux type. CCE-14991-41Section: 2.3.5.6.1 - Configure GUI Screen Locking:(1) via gconftool-2 (2) via /etc/gconf/gconf.xml.mandatoryThe screen blanking function of the gnome desktop screensaver should be enabled or disabled as appropriate as a mandatory setting for all users. CCE-14735-5The screen lock (password protection) function of the gnome desktop screensaver should be enabled or disabled as appropriate as a mandatory setting for all users. CCE-14023-6pThe gnome desktop screensaver should be enabled or disabled as appropriate as a mandatory setting for all users. CCE-14604-3?Section: 2.3.4.4 - Ensure that Users Have Sensible Umask Valuesvia /etc/profileGThe default umask for all users should be set correctly in /etc/profile CCE-14847-8tDEPRECATED in favor of CCE-14107-7. Was: The default umask for all users should be set correctly in /etc/login.defs% CCE-14860-1 via /etc/login.defJThe default umask for all users should be set correctly in /etc/login.defs CCE-14107-7NSection: 2.3.4.1.2 - Ensure that no dangerous directories exist in root's pathvia echo $PATHIncludes / does not includexThe PATH variable for root includes or does not include any world-writable or group-writable directories as appropriate. CCE-14957-5BSection: 2.2.3.4a - Find Unauthorized SUID/SGID System Executablesvia findJ(1) set of files to review (2) description of which files should be setgidyFiles with the setgid attribute enabled should be reviewed as appropriate to determine whether that condition is correct. CCE-14970-8BSection: 2.2.3.4b - Find Unauthorized SUID/SGID System ExecutablesJ(1) set of files to review (2) description of which files should be setuidyFiles with the setuid attribute enabled should be reviewed as appropriate to determine whether that condition is correct. CCE-14340-4'Section: 2.3.3.6 - Limit Password Reusenumber of passwords=The "password reuse" policy should meet minimum requirements. CCE-14939-3@Section: 2.3.3.5 - Upgrade Password Hashing Algorithm to SHA-512hashing algorithmCThe password hashing algorithm should be configured as appropriate. CCE-14063-2Section: 2.3.3.1.1 - via PAMThe password strength parameters should require new passwords to differ from old ones by the appropriate minimum number of characters. CCE-14701-7>Section: 2.3.1.8 - Remove Legacy + Entries from Password Files via /etc/shadowGNIS file inclusions should be set appropriately in the /etc/shadow file CCE-14071-5FNIS file inclusions should be set appropriately in the /etc/group file CCE-14675-3ISection: 2.3.1.5.2 - Verify that All Account Password Hashes are Shadowedvia /etc/passwordshadowed / not shadowed\Password hashes are shadowed or not shadowed for all accounts in /etc/passwd as appropriate. CCE-14300-8SSection: 2.2.3.6 - Verify that All World-Writable Directories Have Proper OwnershipFAll world-writable directories should be owned by an appropriate user. CCE-14794-2@Section: 2.2.2.5 - Disable Mounting of Uncommon Filesystem Typesv(1) via /etc/modprobe.conf (2) via configuration file in /etc/modprobe.d (3) via MODPROBE_OPTIONS environment variableISupport for udf filesystems should be enabeld or disabled as appropriate. CCE-14871-8NSupport for squashfs filesystems should be enabeld or disabled as appropriate. CCE-14118-4KSupport for jffs2 filesystems should be enabeld or disabled as appropriate. CCE-14853-6MSupport for hfsplus filesystems should be enabeld or disabled as appropriate. CCE-14093-9ISupport for hfs filesystems should be enabeld or disabled as appropriate. CCE-15087-0NSupport for freevxfs filesystems should be enabeld or disabled as appropriate. CCE-14457-6LSupport for cramfs filesystems should be enabeld or disabled as appropriate. CCE-14089-7.Section: 2.2.1.4 - Bind-mount /var/tmp to /tmpE/var/tmp should be configured on an appropriate filesystem partition. CCE-14584-72Section: 2.2.1.3.2 - Add noexec Option to /dev/shm=The noexec option should be enabled or disabled for /dev/shm. CCE-14703-32Section: 2.2.1.3.2 - Add nosuid Option to /dev/shm=The nosuid option should be enabled or disabled for /dev/shm. CCE-14306-5.Section: 2.2.1.3.1 - Add noexec Option to /tmpHThe noexec option should be enabled or disabled as appropriate for /tmp. CCE-14927-8.Section: 2.2.1.3.1 - Add nosuid Option to /tmpIThe nosuid option should be enabled or disabled as appropriate for /tmp. CCE-14940-15Section: 2.1.3.2 - Verify Package Integrity Using RPMvia rpmverify / don't verifyUAll installed software packages verify or do not verify against the package database. CCE-14931-0TSection: 2.1.2.3.4 - Ensure Package Signature Checking is Not Disabled For Any Repos!via all files in /etc/yum.repos.dactivated / deactivatedmPackage signature checking should be activated or deactivated as appropriate for all configured repositories. CCE-14813-0LSection: 2.1.2.3.3 - Ensure Package Signature Checking is Globally Activated /etc/yum.confVPackage signature checking should be globally activated or deactivated as appropriate. CCE-14914-6ISection: 2.1.2.1.1 - Ensure that GPG Key for Red Hat Network is InstalledRThe GPG Key for Red Hat Network should be installed or uninstalled as appropriate. CCE-14440-2jSection: 2.1.1.1.5 - Create Separate Partition or Logical Volume for /home if Using Local Home DirectoriesB/home should be configured on an appropriate filesystem partition. CCE-14559-9SSection: 2.1.1.1.4 - Create Separate Partition or Logical Volume for /var/log/auditK/var/log/audit should be configured on an appropriate filesystem partition. CCE-14171-3MSection: 2.1.1.1.3 - Create Separate Partition or Logical Volume for /var/logE/var/log should be configured on an appropriate filesystem partition. CCE-14011-1ISection: 2.1.1.1.2 - Create Separate Partition or Logical Volume for /varA/var should be configured on an appropriate filesystem partition. CCE-14777-7ISection: 2.1.1.1.1 - Create Separate Partition or Logical Volume for /tmpA/tmp should be configured on an appropriate filesystem partition. CCE-14161-41Section: 2.2.1.3.2 - Add nodev Option to /dev/shm<The nodev option should be enabled or disabled for /dev/shm. CCE-15007-8-Section: 2.2.1.3.1 - Add nodev Option to /tmpGThe nodev option should be enabled or disabled as appropriate for /tmp. CCE-14412-1!via pam_cracklib via pam_passwdqcaThe minimum number of special characters required for new passwords should be set as appropriate. CCE-14122-6number of lower charactersdThe minimum number of lower case characters required for new passwords should be set as appropriate. CCE-14712-4number of upper charactersdThe minimum number of upper case characters required for new passwords should be set as appropriate. CCE-14672-0number of digitsUThe minimum number of digits required for new passwords should be set as appropr< iate. CCE-14113-5DEPRECATED in favor of CCE-14113-5, CCE-14672-0, CCE-14712-4, CCE-14122-6. Was: The password strength should meet minimum requirements JLfNSA "Guide to the Secure Configuration of Red Hat Enterprise Linux 5" - Revision 4, September 14, 2010Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Microsoft Office 2010 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940User Configuration\Administrative Templates\Microsoft Office 2010\Smart Documents (Word, Excel)\Completely disable the Smart Documents feature in Word and Excel HKEY_CURRENT_USER\software\policies\microsoft\office\common\smart taguThe "Completely disable the Smart Documents feature in Word and Excel" common setting should be configured correctly. CCE-13094-8User Configuration\Administrative Templates\Microsoft Office 2010\Smart Documents (Word, Excel)\Disable Smart Document's use of manifests HKEY_CURRENT_USER\software\policies\microsoft\office\common\smart tag^The "Disable Smart Document's use of manifests" common setting should be configured correctly. CCE-13240-7User Configuration\Administrative Templates\Microsoft Outlook 2010\Security\Trust Center\Allow hyperlinks in suspected phishing e-mail messages HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\maillThe "Allow hyperlinks in suspected phishing e-mail messages" Outlook setting should be configured correctly. CCE-12466-9User Configuration\Administrative Templates\Microsoft Outlook 2010\Security\Trust Center\Security setting for macros HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\securityQThe "Security setting for macros" Outlook setting should be configured correctly. CCE-12810-8User Configuration\Administrative Templates\Microsoft Outlook 2010\Security\Trust Center\Apply macro security settings to macros, add-ins and additional actions HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\security}The "Apply macro security settings to macros, add-ins and additional actions" Outlook setting should be configured correctly. CCE-13707-5User Configuration\Administrative Templates\Microsoft Outlook 2010\Security\Trust Center\Turn off Data Execution Prevention HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\securityXThe "Turn off Data Execution Prevention" Outlook setting should be configured correctly. CCE-13132-6User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Security\Trust Center\Protected View\Do not open files in unsafe locations in Protected View HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\security\protectedviewjThe "Do not open files in unsafe locations in Protected View" Word setting should be configured correctly. CCE-13815-6User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Security\Trust Center\Protected View\Open files on local Intranet UNC in Protected View HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\security\protectedvieweThe "Open files on local Intranet UNC in Protected View" Word setting should be configured correctly. CCE-14210-9User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Security\Trust Center\Protected View\Do not open files from the Internet zone in Protected View HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\security\protectedviewmThe "Do not open files from the Internet zone in Protected View" Word setting should be configured correctly. CCE-13677-0User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Security\Trust Center\Protected View\Turn off Protected View for attachments opened from Outlook HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\security\protectedviewnThe "Turn off Protected View for attachments opened from Outlook" Word setting should be configured correctly. CCE-12265-5User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Security\Trust Center\Protected View\Set document behavior if file validation fails HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\security\filevalidationaThe "Set document behavior if file validation fails" Word setting should be configured correctly. CCE-13287-8User Configuration\Administrative Templates\Microsoft OneNote 2010\OneNote Options\Note Flags\Show dimmed tagged notes in the Tags Summary task pane HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\onenote\options\otherlThe "Show dimmed tagged notes in the Tags Summary task pane" OneNote setting should be configured correctly. CCE-11513-9User Configuration\Administrative Templates\Microsoft OneNote 2010\OneNote Options\Note Flags\Copy items when moving them HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\onenote\options\otherQThe "Copy items when moving them" OneNote setting should be configured correctly. CCE-14394-1User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\Save\File locations\User Templates HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\saveDThe "User Templates" Project setting should be configured correctly. CCE-13996-4User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\Save\File locations\Projects HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\save>The "Projects" Project setting should be configured correctly. CCE-13074-0User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Spelling\General HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\spelling=The "General" Outlook setting should be configured correctly. CCE-13858-6User Configuration\Administrative Templates\Microsoft OneNote 2010\OneNote Options\Save\Percentage of unused disk space to allow in sections HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\onenote\options\savejThe "Percentage of unused disk space to allow in sections" OneNote setting should be configured correctly. CCE-11896-8User Configuration\Administrative Templates\Microsoft OneNote 2010\OneNote Options\Save\Enable ability to optimize OneNote files... HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\onenote\options\saveaThe "Enable ability to optimize OneNote files..." OneNote setting should be configured correctly. CCE-12024-6User Configuration\Administrative Templates\Microsoft OneNote 2010\OneNote Options\Save\Notebook Root HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\onenote\options\saveCThe "Notebook Root" OneNote setting should be configured correctly. CCE-12394-3User Configuration\Administrative Templates\Microsoft OneNote 2010\OneNote Options\Save\Location of unfiled notes section HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\onenote\options\pathsWThe "Location of unfiled notes section" OneNote setting should be configured correctly. CCE-14399-0User Configuration\Administrative Templates\Microsoft OneNote 2010\OneNote Options\Save\Location of Backup Folder HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\onenote\options\pathsOThe "Location of Backup Folder" OneNote setting should be configured correctly. CCE-13363-7User Configuration\Administrative Templates\Microsoft OneNote 2010\OneNote Options\Spelling\OneNote Spelling Options HKEY_CURRENT_USER\software\policies\microsoft\shared tools\proofing tools\1.0\officeFThe "OneNote Spelling Options" setting should be configured correctly. CCE-13198-7 User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Security\Trust Center\Protected View\Open files on local Intranet UNC in Protected View HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\security\protectedviewkThe "Open files on local Intranet UNC in Protected View" PowerPoint setting should be configured correctly. CCE-14102-8User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Security\Trust Center\Protected View\Turn off Protected View for attachments opened from O< utlook HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\security\protectedviewtThe "Turn off Protected View for attachments opened from Outlook" PowerPoint setting should be configured correctly. CCE-14427-9 User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Security\Trust Center\Protected View\Set document behavior if file validation fails HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\security\filevalidationgThe "Set document behavior if file validation fails" PowerPoint setting should be configured correctly. CCE-13247-2User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Security\Trust Center\Protected View\Do not open files from the Internet zone in Protected View HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\security\protectedviewsThe "Do not open files from the Internet zone in Protected View" PowerPoint setting should be configured correctly. CCE-12107-9User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Security\Trust Center\Protected View\Do not open files in unsafe locations in Protected View HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\security\protectedviewpThe "Do not open files in unsafe locations in Protected View" PowerPoint setting should be configured correctly. CCE-12678-9User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\Calendar Options\Planner Options\Meeting Planner HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\calendarEThe "Meeting Planner" Outlook setting should be configured correctly. CCE-13368-6User Configuration\Administrative Templates\Microsoft Office 2010\Business Data\Database\Set the database default instances limit HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\business data\limits\database\items]The "Set the database default instances limit" common setting should be configured correctly. CCE-14321-4User Configuration\Administrative Templates\Microsoft Office 2010\Business Data\Database\Set maximum database timeout limit HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\business data\limits\database\timeoutWThe "Set maximum database timeout limit" common setting should be configured correctly. CCE-13890-9User Configuration\Administrative Templates\Microsoft Office 2010\Business Data\Database\Set the database default timeout HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\business data\limits\database\timeoutUThe "Set the database default timeout" common setting should be configured correctly. CCE-12488-3User Configuration\Administrative Templates\Microsoft Office 2010\Business Data\Database\Set maximum database instances limit HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\business data\limits\database\itemsYThe "Set maximum database instances limit" common setting should be configured correctly. CCE-12234-1Computer Configuration\Administrative Templates\Microsoft Visio 2010 (Machine)\Open Hyperlinks to documents in Windows Internet Explorer HKEY_LOCAL_MACHINE\software\policies\classes\visio.drawing.11uThe "Open Hyperlinks to documents in Windows Internet Explorer" machine Visio setting should be configured correctly. CCE-13719-0User Configuration\Administrative Templates\Microsoft InfoPath 2010\Security\Trust Center\Trusted Locations\Trusted Location #4 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\infopath\security\trusted locations\location4XThe "Trust Center: Trusted Location #4" InfoPath setting should be configured correctly. CCE-12603-7User Configuration\Administrative Templates\Microsoft InfoPath 2010\Security\Trust Center\Trusted Locations\Trusted Location #6 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\infopath\security\trusted locations\location6XThe "Trust Center: Trusted Location #6" InfoPath setting should be configured correctly. CCE-13208-4User Configuration\Administrative Templates\Microsoft InfoPath 2010\Security\Trust Center\Trusted Locations\Trusted Location #11 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\infopath\security\trusted locations\location11YThe "Trust Center: Trusted Location #11" InfoPath setting should be configured correctly. CCE-12803-3User Configuration\Administrative Templates\Microsoft InfoPath 2010\Security\Trust Center\Trusted Locations\Trusted Location #2 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\infopath\security\trusted locations\location2XThe "Trust Center: Trusted Location #2" InfoPath setting should be configured correctly. CCE-13521-0User Configuration\Administrative Templates\Microsoft InfoPath 2010\Security\Trust Center\Trusted Locations\Trusted Location #12 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\infopath\security\trusted locations\location12YThe "Trust Center: Trusted Location #12" InfoPath setting should be configured correctly. CCE-11552-7User Configuration\Administrative Templates\Microsoft InfoPath 2010\Security\Trust Center\Trusted Locations\Trusted Location #1 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\infopath\security\trusted locations\location1XThe "Trust Center: Trusted Location #1" InfoPath setting should be configured correctly. CCE-13588-9User Configuration\Administrative Templates\Microsoft InfoPath 2010\Security\Trust Center\Trusted Locations\Trusted Location #15 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\infopath\security\trusted locations\location15YThe "Trust Center: Trusted Location #15" InfoPath setting should be configured correctly. CCE-11738-2User Configuration\Administrative Templates\Microsoft InfoPath 2010\Security\Trust Center\Trusted Locations\Trusted Location #20 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\infopath\security\trusted locations\location20YThe "Trust Center: Trusted Location #20" InfoPath setting should be configured correctly. CCE-12475-0User Configuration\Administrative Templates\Microsoft InfoPath 2010\Security\Trust Center\Trusted Locations\Trusted Location #19 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\infopath\security\trusted locations\location19YThe "Trust Center: Trusted Location #19" InfoPath setting should be configured correctly. CCE-13252-2User Configuration\Administrative Templates\Microsoft InfoPath 2010\Security\Trust Center\Trusted Locations\Trusted Location #5 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\infopath\security\trusted locations\location5XThe "Trust Center: Trusted Location #5" InfoPath setting should be configured correctly. CCE-13836-2User Configuration\Administrative Templates\Microsoft InfoPath 2010\Security\Trust Center\Trusted Locations\Trusted Location #10 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\infopath\security\trusted locations\location10YThe "Trust Center: Trusted Location #10" InfoPath setting should be configured correctly. CCE-12536-9User Configuration\Administrative Templates\Microsoft InfoPath 2010\Security\Trust Center\Trusted Locations\Trusted Location #7 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\infopath\security\trusted locations\location7XThe "Trust Center: Trusted Location #7" InfoPath setting should be configured correctly. CCE-12852-0User Configuration\Administrative Templates\Microsoft InfoPath 2010\Security\Trust Center\Trusted Locations\Trusted Location #3 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\infopath\security\trusted locations\location3XThe "Trust Center: Trusted Location #3" InfoPath setting should be configured correctly. CCE-11670-7User Configuration\Administrative Templates\Microsoft InfoPath 2010\Security\Trust Center\Trusted Locations\Trusted Location #13 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\infopath\security\trusted locations\location13YThe "Trust Center: Trusted Location #13" InfoPath setting should be configured correctly. CCE-12069-1User Configuration\Administr< ative Templates\Microsoft InfoPath 2010\Security\Trust Center\Trusted Locations\Trusted Location #14 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\infopath\security\trusted locations\location14YThe "Trust Center: Trusted Location #14" InfoPath setting should be configured correctly. CCE-14228-1User Configuration\Administrative Templates\Microsoft InfoPath 2010\Security\Trust Center\Trusted Locations\Trusted Location #9 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\infopath\security\trusted locations\location9XThe "Trust Center: Trusted Location #9" InfoPath setting should be configured correctly. CCE-13062-5User Configuration\Administrative Templates\Microsoft InfoPath 2010\Security\Trust Center\Trusted Locations\Trusted Location #8 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\infopath\security\trusted locations\location8XThe "Trust Center: Trusted Location #8" InfoPath setting should be configured correctly. CCE-12455-2User Configuration\Administrative Templates\Microsoft InfoPath 2010\Security\Trust Center\Trusted Locations\Trusted Location #17 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\infopath\security\trusted locations\location17YThe "Trust Center: Trusted Location #17" InfoPath setting should be configured correctly. CCE-12421-4User Configuration\Administrative Templates\Microsoft InfoPath 2010\Security\Trust Center\Trusted Locations\Trusted Location #18 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\infopath\security\trusted locations\location18YThe "Trust Center: Trusted Location #18" InfoPath setting should be configured correctly. CCE-12307-5User Configuration\Administrative Templates\Microsoft InfoPath 2010\Security\Trust Center\Trusted Locations\Trusted Location #16 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\infopath\security\trusted locations\location16YThe "Trust Center: Trusted Location #16" InfoPath setting should be configured correctly. CCE-12876-9User Configuration\Administrative Templates\Microsoft OneNote 2010\OneNote Options\E-mail\Allow OneNote e-mail attachments HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\onenote\optionsVThe "Allow OneNote e-mail attachments" OneNote setting should be configured correctly. CCE-13520-2User Configuration\Administrative Templates\Microsoft OneNote 2010\OneNote Options\E-mail\Attach embedded files to the email message as separate files HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\onenote\optionsrThe "Attach embedded files to the email message as separate files" OneNote setting should be configured correctly. CCE-11666-5User Configuration\Administrative Templates\Microsoft OneNote 2010\OneNote Options\E-mail\Add signature to OneNote email messages HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\onenote\options\other]The "Add signature to OneNote email messages" OneNote setting should be configured correctly. CCE-13484-1User Configuration\Administrative Templates\Microsoft OneNote 2010\OneNote Options\E-mail\Use this signature for OneNote email HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\onenote\options\otherZThe "Use this signature for OneNote email" OneNote setting should be configured correctly. CCE-14893-2User Configuration\Administrative Templates\Microsoft Office 2010\Contact Card\Configure presence icons HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\imMThe "Configure presence icons" common setting should be configured correctly. CCE-14715-7User Configuration\Administrative Templates\Microsoft Office 2010\Contact Card\Remove Organization tab HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\contactcardLThe "Remove Organization tab" common setting should be configured correctly. CCE-12772-0User Configuration\Administrative Templates\Microsoft Office 2010\Contact Card\Remove Member Of tab HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\contactcardIThe "Remove Member Of tab" common setting should be configured correctly. CCE-13990-7User Configuration\Administrative Templates\Microsoft Office 2010\Contact Card\Do not display Hover Menu HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\contactcardNThe "Do not display Hover Menu" common setting should be configured correctly. CCE-12209-3User Configuration\Administrative Templates\Microsoft Office 2010\Contact Card\Do not display photograph HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\commonNThe "Do not display photograph" common setting should be configured correctly. CCE-14711-6User Configuration\Administrative Templates\Microsoft Office 2010\Contact Card\Display legacy GAL dialog HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\contactcardNThe "Display legacy GAL dialog" common setting should be configured correctly. CCE-11536-0User Configuration\Administrative Templates\Microsoft Office 2010\Microsoft Save As PDF and XPS add-ins\Disable inclusion of document properties in PDF and XPS output HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\fixedformatsThe "Disable inclusion of document properties in PDF and XPS output" common setting should be configured correctly. CCE-12410-7User Configuration\Administrative Templates\Microsoft Office 2010\Microsoft Save As PDF and XPS add-ins\Enforce PDF compliance with ISO 19005-1 (PDF/A) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\fixedformatdThe "Enforce PDF compliance with ISO 19005-1 (PDF/A)" common setting should be configured correctly. CCE-14288-5User Configuration\Administrative Templates\Microsoft Office 2010\Microsoft Save As PDF and XPS add-ins\Disable Microsoft Save As PDF and XPS add-ins HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\fixedformatbThe "Disable Microsoft Save As PDF and XPS add-ins" common setting should be configured correctly. CCE-12243-2User Configuration\Administrative Templates\Microsoft InfoPath 2010\InfoPath Options\General\Number of documents in the Recent documents list HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\infopath\designer file mrugThe "Number of documents in the Recent documents list" InfoPath setting should be configured correctly. CCE-13143-3User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\Interface\Project Guide settings\Display Project Guide HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\interfaceKThe "Display Project Guide" Project setting should be configured correctly. CCE-12996-5User Configuration\Administrative Templates\Microsoft Excel 2010\Disable Items in User Interface\Predefined\Disable shortcut keys HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\disabledshortcutkeyscheckboxesIThe "Disable shortcut keys" Excel setting should be configured correctly. CCE-12830-6User Configuration\Administrative Templates\Microsoft Excel 2010\Disable Items in User Interface\Predefined\Disable commands HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\disabledcmdbaritemscheckboxesDThe "Disable commands" Excel setting should be configured correctly. CCE-14799-1User Configuration\Administrative Templates\Microsoft Outlook 2010\Search Folders\Do not create default Search Folders when users start Outlook HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\setupsThe "Do not create default Search Folders when users start Outlook" Outlook setting should be configured correctly. CCE-13297-7User Configuration\Administrative Templates\Microsoft Outlook 2010\Search Folders\Keep Search Folders offline HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\generalQThe "Keep Search Folders offline" Outlook setting should be configured correctly. CCE-11553-5User Configuration\Administrative Templates\Microsoft Outlook 2010\Search Folders\Maximum Number of Online Search Folders per mailbox HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\generaliThe "Maximum Number of Online Search Folders per < mailbox" Outlook setting should be configured correctly. CCE-12134-3User Configuration\Administrative Templates\Microsoft Outlook 2010\Search Folders\Keep Search Folders in Exchange online HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\general\The "Keep Search Folders in Exchange online" Outlook setting should be configured correctly. CCE-14429-5User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\View\Default Project Currency HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\viewNThe "Default Project Currency" Project setting should be configured correctly. CCE-13486-6User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\View\Default View HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\viewBThe "Default View" Project setting should be configured correctly. CCE-13775-2User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\View\Project Summary Task HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\viewJThe "Project Summary Task" Project setting should be configured correctly. CCE-14120-0User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\View\Date Format HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\viewAThe "Date Format" Project setting should be configured correctly. CCE-14529-2User Configuration\Administrative Templates\Microsoft Publisher 2010\Publisher Options\Save\Save AutoRecover info every (minutes) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\publisher\preferences]The "Save AutoRecover info every (minutes)" Publisher setting should be configured correctly. CCE-12495-8User Configuration\Administrative Templates\Microsoft Publisher 2010\Publisher Options\Save\Allow background saves HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\publisher\preferencesNThe "Allow background saves" Publisher setting should be configured correctly. CCE-13638-2User Configuration\Administrative Templates\Microsoft Publisher 2010\Publisher Options\Advanced\Set default text flow direction HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\publisher\preferencesWThe "Set default text flow direction" Publisher setting should be configured correctly. CCE-13808-1User Configuration\Administrative Templates\Microsoft Publisher 2010\Publisher Options\Advanced\Turn off drag preview HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\publisher\preferencesMThe "Turn off drag preview" Publisher setting should be configured correctly. CCE-13742-2User Configuration\Administrative Templates\Microsoft Publisher 2010\Publisher Options\Advanced\Set maximum number of MRU items to display HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\publisher\file mrubThe "Set maximum number of MRU items to display" Publisher setting should be configured correctly. CCE-12463-6User Configuration\Administrative Templates\Microsoft Publisher 2010\Publisher Options\Advanced\Send entire publication as a single JPEG image HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\publisher\internetfThe "Send entire publication as a single JPEG image" Publisher setting should be configured correctly. CCE-14077-2User Configuration\Administrative Templates\Microsoft Publisher 2010\Publisher Options\Advanced\Automatically hyphenate in new text boxes HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\publisher\preferencesaThe "Automatically hyphenate in new text boxes" Publisher setting should be configured correctly. CCE-13961-8User Configuration\Administrative Templates\Microsoft Publisher 2010\Publisher Options\Advanced\Automatically switch keyboard to match the language of surrounding text HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\publisher\preferencesThe "Automatically switch keyboard to match the language of surrounding text" Publisher setting should be configured correctly. CCE-14215-8User Configuration\Administrative Templates\Microsoft Publisher 2010\Publisher Options\Advanced\Use Chinese font sizes HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\publisher\preferencesNThe "Use Chinese font sizes" Publisher setting should be configured correctly. CCE-14241-4User Configuration\Administrative Templates\Microsoft Publisher 2010\Publisher Options\Advanced\When selecting, automatically select entire word HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\publisher\preferenceshThe "When selecting, automatically select entire word" Publisher setting should be configured correctly. CCE-12649-0User Configuration\Administrative Templates\Microsoft Publisher 2010\Publisher Options\Advanced\Show ScreenTips on objects HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\publisher\preferencesRThe "Show ScreenTips on objects" Publisher setting should be configured correctly. CCE-13898-2User Configuration\Administrative Templates\Microsoft Publisher 2010\Publisher Options\Advanced\Enable incremental publish to Web HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\publisher\internetYThe "Enable incremental publish to Web" Publisher setting should be configured correctly. CCE-13547-5User Configuration\Administrative Templates\Microsoft Publisher 2010\Publisher Options\Advanced\Allow text to be dragged and dropped HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\publisher\preferences\The "Allow text to be dragged and dropped" Publisher setting should be configured correctly. CCE-13633-3User Configuration\Administrative Templates\Microsoft Publisher 2010\Publisher Options\Advanced\Use XPS-enhanced print path HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\publisher\preferencesSThe "Use XPS-enhanced print path" Publisher setting should be configured correctly. CCE-13067-4User Configuration\Administrative Templates\Microsoft Publisher 2010\Publisher Options\Advanced\Prompt user when reapplying a style HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\publisher\preferences[The "Prompt user when reapplying a style" Publisher setting should be configured correctly. CCE-12963-5User Configuration\Administrative Templates\Microsoft Publisher 2010\Publisher Options\Advanced\When formatting, automatically format entire word HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\publisher\preferencesiThe "When formatting, automatically format entire word" Publisher setting should be configured correctly. CCE-14087-1User Configuration\Administrative Templates\Microsoft Publisher 2010\Publisher Options\Advanced\Automatically substitute font for missing East Asian characters HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\publisher\preferenceswThe "Automatically substitute font for missing East Asian characters" Publisher setting should be configured correctly. CCE-13950-1User Configuration\Administrative Templates\Microsoft Publisher 2010\Publisher Options\L_Proofing\Check spelling as you type HKEY_CURRENT_USER\software\policies\microsoft\shared tools\proofing tools\1.0\officeHThe "Check spelling as you type" setting should be configured correctly. CCE-13401-5User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\Edit\View options for time units in 'Project1'\Minutes HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\edit=The "Minutes" Project setting should be configured correctly. CCE-12880-1User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\Edit\View options for time units in 'Project1'\Add space before label HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\editLThe "Add space before label" Project setting should be configured correctly. CCE-12423-0User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\Edit\View options for time units in 'Project1'\Months HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\edit< <The "Months" Project setting should be configured correctly. CCE-12807-4User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\Edit\View options for time units in 'Project1'\Years HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\edit;The "Years" Project setting should be configured correctly. CCE-13337-1User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\Edit\View options for time units in 'Project1'\Weeks HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\edit;The "Weeks" Project setting should be configured correctly. CCE-14126-7User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\Edit\View options for time units in 'Project1'\Hours HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\edit;The "Hours" Project setting should be configured correctly. CCE-11961-0User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\Edit\View options for time units in 'Project1'\Days HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\edit:The "Days" Project setting should be configured correctly. CCE-12909-8User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\Save\Auto Save Options\Save Interval HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\saveCThe "Save Interval" Project setting should be configured correctly. CCE-13130-0User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\Save\Auto Save Options\Auto Save every HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\saveEThe "Auto Save every" Project setting should be configured correctly. CCE-12149-1User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\Save\Auto Save Options\Prompt before saving HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\saveJThe "Prompt before saving" Project setting should be configured correctly. CCE-14212-5User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\Save\Auto Save Options\Save Active Project only HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\saveNThe "Save Active Project only" Project setting should be configured correctly. CCE-12395-0User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Proofing\AutoFormat as you type\AutoFit body text to placeholder HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\optionsYThe "AutoFit body text to placeholder" PowerPoint setting should be configured correctly. CCE-13673-9User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Proofing\AutoFormat as you type\AutoFit title text to placeholder HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\optionsZThe "AutoFit title text to placeholder" PowerPoint setting should be configured correctly. CCE-14677-9User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Proofing\AutoFormat as you type\Replace straight quotes with smart quotes HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\optionsbThe "Replace straight quotes with smart quotes" PowerPoint setting should be configured correctly. CCE-12256-4User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Security\Warn before printing, saving or sending a file that contains tracked changes or comments HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vprefThe "Warn before printing, saving or sending a file that contains tracked changes or comments" Word setting should be configured correctly. CCE-12532-8User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Security\Turn off file validation HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\security\filevalidationKThe "Turn off file validation" Word setting should be configured correctly. CCE-14525-0User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Security\Make hidden markup visible HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vprefMThe "Make hidden markup visible" Word setting should be configured correctly. CCE-12250-7User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Security\Store random number to improve merge accuracy HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vpref`The "Store random number to improve merge accuracy" Word setting should be configured correctly. CCE-13750-5 User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\E-mail Options\Advanced E-mail Options\Desktop Alert\Do not display New Mail alert for users HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\preferences]The "Do not display New Mail alert for users" Outlook setting should be configured correctly. CCE-14503-7User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\E-mail Options\Advanced E-mail Options\Desktop Alert\Specify opacity of Desktop Alert HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\desktopalertsUThe "Specify opacity of Desktop Alert" common setting should be configured correctly. CCE-12447-9User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\E-mail Options\Advanced E-mail Options\Desktop Alert\Specify opacity at start of fade in HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\desktopalertsXThe "Specify opacity at start of fade in" common setting should be configured correctly. CCE-13321-5"User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\E-mail Options\Advanced E-mail Options\Desktop Alert\Specify duration of Desktop Alert before fade (in milliseconds) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\desktopalertstThe "Specify duration of Desktop Alert before fade (in milliseconds)" common setting should be configured correctly. CCE-12794-4$User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\E-mail Options\Advanced E-mail Options\Desktop Alert\Specify duration of Desktop Alert on mouse over (in milliseconds) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\desktopalertsvThe "Specify duration of Desktop Alert on mouse over (in milliseconds)" common setting should be configured correctly. CCE-13974-1User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\E-mail Options\Advanced E-mail Options\Desktop Alert\Specify duration of fade in (in milliseconds) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\desktopalertsbThe "Specify duration of fade in (in milliseconds)" common setting should be configured correctly. CCE-12442-0User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\E-mail Options\Advanced E-mail Options\Desktop Alert\Specify duration of fade out (in milliseconds) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\desktopalertscThe "Specify duration of fade out (in milliseconds)" common setting should be configured correctly. CCE-13283-7 User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\E-mail Options\Advanced E-mail Options\Desktop Alert\Specify default location of Desktop Alert HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\desktopalerts^The "Specify default location of Desktop Alert" common setting should be configured correctly. CCE-12639-1User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\E-mail Options\Rely on CSS for font formatting HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\mailsettingsTThe "Rely on CSS for font formatting" common setting should be configured co< rrectly. CCE-13636-6User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Mail Format\International Options\English message headers and flags HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\preferencesWThe "English message headers and flags" Outlook setting should be configured correctly. CCE-13522-8User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Mail Format\International Options\Encoding for outgoing messages HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\mshtml\internationalTThe "Encoding for outgoing messages" Outlook setting should be configured correctly. CCE-12352-1User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Mail Format\International Options\Euro encoding for outgoing messages HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\mshtml\internationalYThe "Euro encoding for outgoing messages" Outlook setting should be configured correctly. CCE-14391-7User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Mail Format\International Options\Disable Internationalized Domain Names (IDN) in Outlook HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\generalmThe "Disable Internationalized Domain Names (IDN) in Outlook" Outlook setting should be configured correctly. CCE-14270-3User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Mail Format\International Options\Auto-select encoding for outgoing messages HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\mshtml\international`The "Auto-select encoding for outgoing messages" Outlook setting should be configured correctly. CCE-12457-8User Configuration\Administrative Templates\Microsoft Access 2010\Disable Items in User Interface\Custom\Disable shortcut keys HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\access\disabledshortcutkeyslistJThe "Disable shortcut keys" Access setting should be configured correctly. CCE-13935-2User Configuration\Administrative Templates\Microsoft Access 2010\Disable Items in User Interface\Custom\Disable commands HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\access\disabledcmdbaritemslistEThe "Disable commands" Access setting should be configured correctly. CCE-13857-8User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Security\Cryptography\Set parameters for CNG context HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\security\cryptoWThe "Set parameters for CNG context" PowerPoint setting should be configured correctly. CCE-12582-3User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Security\Cryptography\Configure CNG cipher chaining mode HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\security\crypto[The "Configure CNG cipher chaining mode" PowerPoint setting should be configured correctly. CCE-14552-4User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Security\Cryptography\Specify CNG hash algorithm HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\security\cryptoSThe "Specify CNG hash algorithm" PowerPoint setting should be configured correctly. CCE-12797-7User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Security\Cryptography\Specify encryption compatibility HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\security\cryptoYThe "Specify encryption compatibility" PowerPoint setting should be configured correctly. CCE-12617-7User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Security\Cryptography\Specify CNG salt length HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\security\cryptoPThe "Specify CNG salt length" PowerPoint setting should be configured correctly. CCE-12998-1User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Security\Cryptography\Set CNG cipher algorithm HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\security\cryptoQThe "Set CNG cipher algorithm" PowerPoint setting should be configured correctly. CCE-11489-2User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Security\Cryptography\Specify CNG random number generator algorithm HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\security\cryptofThe "Specify CNG random number generator algorithm" PowerPoint setting should be configured correctly. CCE-13917-0User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Security\Cryptography\Set CNG password spin count HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\security\cryptoTThe "Set CNG password spin count" PowerPoint setting should be configured correctly. CCE-13708-3User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Security\Cryptography\Use new key on password change HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\security\cryptoWThe "Use new key on password change" PowerPoint setting should be configured correctly. CCE-11649-1User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Security\Cryptography\Set CNG cipher key length HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\security\cryptoRThe "Set CNG cipher key length" PowerPoint setting should be configured correctly. CCE-12937-9User Configuration\Administrative Templates\Microsoft OneNote 2010\OneNote Options\Pen\Disable scratch out HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\onenote\options\penIThe "Disable scratch out" OneNote setting should be configured correctly. CCE-13795-0User Configuration\Administrative Templates\Microsoft OneNote 2010\OneNote Options\Pen\Show Tablet PC Input Panel on OneNote pages HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\onenote\options\penaThe "Show Tablet PC Input Panel on OneNote pages" OneNote setting should be configured correctly. CCE-14661-3User Configuration\Administrative Templates\Microsoft OneNote 2010\OneNote Options\Pen\Use pen pressure sensitivity HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\onenote\options\penRThe "Use pen pressure sensitivity" OneNote setting should be configured correctly. CCE-13404-9User Configuration\Administrative Templates\Microsoft OneNote 2010\OneNote Options\Pen\Automatically switch between Pen and Selection Tool HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\onenote\options\peniThe "Automatically switch between Pen and Selection Tool" OneNote setting should be configured correctly. CCE-13924-6User Configuration\Administrative Templates\Microsoft OneNote 2010\OneNote Options\Pen\Create all new pages with rule lines HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\onenote\options\penZThe "Create all new pages with rule lines" OneNote setting should be configured correctly. CCE-12371-1User Configuration\Administrative Templates\Microsoft Publisher 2010\Security\Trust Center\Require that application add-ins are signed by Trusted Publisher HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\publisher\securityxThe "Require that application add-ins are signed by Trusted Publisher" Publisher setting should be configured correctly. CCE-12489-1User Configuration\Administrative Templates\Microsoft Publisher 2010\Security\Trust Center\Turn off Data Execution Prevention HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\publisher\securityZThe "Turn off Data Execution Prevention" Publisher setting should be configured correctly. CCE-13906-3User Configuration\Administrative Templates\Microsoft Publisher 2010\Security\Trust Center\Block application add-ins loading HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\publisher\securityYThe "Block application add-ins loading" < Publisher setting should be configured correctly. CCE-14150-7User Configuration\Administrative Templates\Microsoft Publisher 2010\Security\Trust Center\Disable Trust Bar Notification for unsigned application add-ins HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\publisher\securitywThe "Disable Trust Bar Notification for unsigned application add-ins" Publisher setting should be configured correctly. CCE-13388-4User Configuration\Administrative Templates\Microsoft Publisher 2010\Security\Trust Center\VBA Macro Notification Settings HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\publisher\securityWThe "VBA Macro Notification Settings" Publisher setting should be configured correctly. CCE-12155-8User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Mail Format\Do not allow signatures for e-mail messages HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\mailsettings`The "Do not allow signatures for e-mail messages" common setting should be configured correctly. CCE-13601-0Computer Configuration\Administrative Templates\Microsoft Office 2010 (Machine)\Miscellaneous\Prevent document inspectors from running HKEY_LOCAL_MACHINE\software\policies\microsoft\office\14.0\common\disableddocinspectorseThe "Prevent document inspectors from running" machine common setting should be configured correctly. CCE-11672-3Computer Configuration\Administrative Templates\Microsoft Office 2010 (Machine)\Miscellaneous\File Previewing HKEY_LOCAL_MACHINE\software\policies\microsoft\office\14.0\common\disabledpreviewhandlersLThe "File Previewing" machine common setting should be configured correctly. CCE-13941-0Computer Configuration\Administrative Templates\Microsoft Office 2010 (Machine)\Miscellaneous\Open Directly in Office Client Application HKEY_LOCAL_MACHINE\software\policies\microsoft\office\14.0\common\fileiogThe "Open Directly in Office Client Application" machine common setting should be configured correctly. CCE-12346-3Computer Configuration\Administrative Templates\Microsoft Office 2010 (Machine)\Miscellaneous\Set the max size of the Office Document Cache HKEY_LOCAL_MACHINE\software\policies\microsoft\office\14.0\common\fileiojThe "Set the max size of the Office Document Cache" machine common setting should be configured correctly. CCE-13167-2Computer Configuration\Administrative Templates\Microsoft Office 2010 (Machine)\Miscellaneous\Age out documents older than n days HKEY_LOCAL_MACHINE\software\policies\microsoft\office\14.0\common\fileio`The "Age out documents older than n days" machine common setting should be configured correctly. CCE-14704-1User Configuration\Administrative Templates\Microsoft Access 2010\Miscellaneous\Default file format HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\access\settingsHThe "Default file format" Access setting should be configured correctly. CCE-12811-6User Configuration\Administrative Templates\Microsoft Access 2010\Miscellaneous\Do not prompt to convert older databases HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\access\settings]The "Do not prompt to convert older databases" Access setting should be configured correctly. CCE-12871-0User Configuration\Administrative Templates\Microsoft Access 2010\Miscellaneous\Never cache data HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\access\settingsEThe "Never cache data" Access setting should be configured correctly. CCE-14359-4User Configuration\Administrative Templates\Microsoft Access 2010\Miscellaneous\Clear cache on close HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\access\settingsIThe "Clear cache on close" Access setting should be configured correctly. CCE-13129-2User Configuration\Administrative Templates\Microsoft Access 2010\Miscellaneous\Use Access 2007 compatible cache HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\access\settingsUThe "Use Access 2007 compatible cache" Access setting should be configured correctly. CCE-13561-6User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Proofing\Check grammar with spelling HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vprefNThe "Check grammar with spelling" Word setting should be configured correctly. CCE-11796-0User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Proofing\Mark grammar errors as you type HKEY_CURRENT_USER\software\policies\microsoft\shared tools\proofing toolsMThe "Mark grammar errors as you type" setting should be configured correctly. CCE-12666-4User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Proofing\Show readability statistics HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vprefNThe "Show readability statistics" Word setting should be configured correctly. CCE-12743-1User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Proofing\Delay before starting background spelling checker HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\optionsdThe "Delay before starting background spelling checker" Word setting should be configured correctly. CCE-13331-4User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Proofing\Delay before starting other proofing tools HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options]The "Delay before starting other proofing tools" Word setting should be configured correctly. CCE-13963-4User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Proofing\Writing style HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vpref@The "Writing style" Word setting should be configured correctly. CCE-13671-3User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Proofing\Do not enable additional actions in the right-click menu HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\optionskThe "Do not enable additional actions in the right-click menu" Word setting should be configured correctly. CCE-14611-8User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Display\Object anchors HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vprefAThe "Object anchors" Word setting should be configured correctly. CCE-11781-2User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Display\Paragraph marks HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vprefBThe "Paragraph marks" Word setting should be configured correctly. CCE-13789-3User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Display\Show highlighter marks HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\optionsIThe "Show highlighter marks" Word setting should be configured correctly. CCE-12241-6User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Display\Print document properties HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vprsuLThe "Print document properties" Word setting should be configured correctly. CCE-14039-2User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Display\Hidden text HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vpref>The "Hidden text" Word setting should be configured correctly. CCE-14278-6User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Display\Print drawings created in Word HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vprsuQThe "Print drawings created in Word" Word setting should be configured correctly. CCE-11706-9User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Display\Show document tooltips on hover HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vprefRThe "Show document tooltips on hover" Word setting should be configured correctly. CCE-14155-6User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Display\Update linked data before < printing HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vprsuUThe "Update linked data before printing" Word setting should be configured correctly. CCE-13395-9User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Display\Tab characters HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vprefAThe "Tab characters" Word setting should be configured correctly. CCE-14192-9User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Display\Show white space between pages in Print Layout view HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vpreffThe "Show white space between pages in Print Layout view" Word setting should be configured correctly. CCE-14779-3User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Display\Update fields before printing HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vprsuPThe "Update fields before printing" Word setting should be configured correctly. CCE-11653-3User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Display\Optional hyphens HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vprefCThe "Optional hyphens" Word setting should be configured correctly. CCE-13149-0User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Display\Optional breaks HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vprefBThe "Optional breaks" Word setting should be configured correctly. CCE-12611-0User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Display\Spaces HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vpref9The "Spaces" Word setting should be configured correctly. CCE-12793-6User Configuration\Administrative Templates\Microsoft PowerPoint 2010\Broadcast\Broadcast Services\Configure broadcast service 8 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\broadcast\servers\7VThe "Configure broadcast service 8" PowerPoint setting should be configured correctly. CCE-11782-0User Configuration\Administrative Templates\Microsoft PowerPoint 2010\Broadcast\Broadcast Services\Configure broadcast service 3 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\broadcast\servers\2VThe "Configure broadcast service 3" PowerPoint setting should be configured correctly. CCE-13884-2User Configuration\Administrative Templates\Microsoft PowerPoint 2010\Broadcast\Broadcast Services\Configure broadcast service 1 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\broadcast\servers\0VThe "Configure broadcast service 1" PowerPoint setting should be configured correctly. CCE-13609-3User Configuration\Administrative Templates\Microsoft PowerPoint 2010\Broadcast\Broadcast Services\Configure broadcast service 5 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\broadcast\servers\4VThe "Configure broadcast service 5" PowerPoint setting should be configured correctly. CCE-14635-7User Configuration\Administrative Templates\Microsoft PowerPoint 2010\Broadcast\Broadcast Services\Configure broadcast service 10 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\broadcast\servers\9WThe "Configure broadcast service 10" PowerPoint setting should be configured correctly. CCE-13500-4User Configuration\Administrative Templates\Microsoft PowerPoint 2010\Broadcast\Broadcast Services\Configure broadcast service 7 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\broadcast\servers\6VThe "Configure broadcast service 7" PowerPoint setting should be configured correctly. CCE-12983-3User Configuration\Administrative Templates\Microsoft PowerPoint 2010\Broadcast\Broadcast Services\Configure broadcast service 9 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\broadcast\servers\8VThe "Configure broadcast service 9" PowerPoint setting should be configured correctly. CCE-12866-0User Configuration\Administrative Templates\Microsoft PowerPoint 2010\Broadcast\Broadcast Services\Configure broadcast service 2 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\broadcast\servers\1VThe "Configure broadcast service 2" PowerPoint setting should be configured correctly. CCE-12540-1User Configuration\Administrative Templates\Microsoft PowerPoint 2010\Broadcast\Broadcast Services\Configure broadcast service 4 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\broadcast\servers\3VThe "Configure broadcast service 4" PowerPoint setting should be configured correctly. CCE-12701-9User Configuration\Administrative Templates\Microsoft PowerPoint 2010\Broadcast\Broadcast Services\Configure broadcast service 6 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\broadcast\servers\5VThe "Configure broadcast service 6" PowerPoint setting should be configured correctly. CCE-13196-1User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Advanced\File Locations\My Shapes HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\application=The "My Shapes" Visio setting should be configured correctly. CCE-13042-7User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Advanced\File Locations\Templates HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\application=The "Templates" Visio setting should be configured correctly. CCE-14868-4User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Advanced\File Locations\Favorites Stencil Name HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\applicationJThe "Favorites Stencil Name" Visio setting should be configured correctly. CCE-11719-2User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Advanced\File Locations\Drawings HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\application<The "Drawings" Visio setting should be configured correctly. CCE-13423-9User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Advanced\File Locations\Start-up HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\application<The "Start-up" Visio setting should be configured correctly. CCE-14316-4User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Advanced\File Locations\Add-ons HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\application;The "Add-ons" Visio setting should be configured correctly. CCE-12720-9User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Advanced\File Locations\Stencils HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\application<The "Stencils" Visio setting should be configured correctly. CCE-13832-1User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Advanced\File Locations\Help HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\application8The "Help" Visio setting should be configured correctly. CCE-12614-4User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\Security\Enable untrusted intranet zone access to Project server HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\securitymThe "Enable untrusted intranet zone access to Project server" Project setting should be configured correctly. CCE-13962-6User Configuration\Administrative Templates\Microsoft Office 2010\Tools | Options | Spelling\Proofing Data Collection\Improve Proofing Tools HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\ptwatsonKThe "Improve Proofing Tools" common setting should be configured correctly. CCE-13275-3User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Mail Format\Stationery and Fonts\Stationery Fonts HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\mailsettingsEThe "Stationery Fonts" common setting should be configured correctly. CCE-12356-2User Configuration\Ad< ministrative Templates\Microsoft Outlook 2010\InfoPath Integration\Do not promote InfoPath forms properties into Outlook properties HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\infopathwThe "Do not promote InfoPath forms properties into Outlook properties" InfoPath setting should be configured correctly. CCE-14127-5User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Security\Trust Center\Trusted Locations\Disable all trusted locations HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\security\trusted locationsQThe "Disable all trusted locations" Excel setting should be configured correctly. CCE-14524-3User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Security\Trust Center\Trusted Locations\Trusted Location #10 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\security\trusted locations\location10VThe "Trust Center: Trusted Location #10" Excel setting should be configured correctly. CCE-14375-0User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Security\Trust Center\Trusted Locations\Trusted Location #3 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\security\trusted locations\location3UThe "Trust Center: Trusted Location #3" Excel setting should be configured correctly. CCE-12936-1User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Security\Trust Center\Trusted Locations\Trusted Location #17 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\security\trusted locations\location17VThe "Trust Center: Trusted Location #17" Excel setting should be configured correctly. CCE-14819-7User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Security\Trust Center\Trusted Locations\Trusted Location #1 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\security\trusted locations\location1UThe "Trust Center: Trusted Location #1" Excel setting should be configured correctly. CCE-13223-3User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Security\Trust Center\Trusted Locations\Trusted Location #14 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\security\trusted locations\location14VThe "Trust Center: Trusted Location #14" Excel setting should be configured correctly. CCE-12762-1User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Security\Trust Center\Trusted Locations\Trusted Location #9 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\security\trusted locations\location9UThe "Trust Center: Trusted Location #9" Excel setting should be configured correctly. CCE-11624-4User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Security\Trust Center\Trusted Locations\Trusted Location #2 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\security\trusted locations\location2UThe "Trust Center: Trusted Location #2" Excel setting should be configured correctly. CCE-14086-3User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Security\Trust Center\Trusted Locations\Trusted Location #18 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\security\trusted locations\location18VThe "Trust Center: Trusted Location #18" Excel setting should be configured correctly. CCE-14329-7User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Security\Trust Center\Trusted Locations\Trusted Location #12 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\security\trusted locations\location12VThe "Trust Center: Trusted Location #12" Excel setting should be configured correctly. CCE-13685-3User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Security\Trust Center\Trusted Locations\Allow Trusted Locations on the network HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\security\trusted locationsZThe "Allow Trusted Locations on the network" Excel setting should be configured correctly. CCE-13047-6User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Security\Trust Center\Trusted Locations\Trusted Location #4 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\security\trusted locations\location4UThe "Trust Center: Trusted Location #4" Excel setting should be configured correctly. CCE-12277-0User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Security\Trust Center\Trusted Locations\Trusted Location #20 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\security\trusted locations\location20VThe "Trust Center: Trusted Location #20" Excel setting should be configured correctly. CCE-11512-1User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Security\Trust Center\Trusted Locations\Trusted Location #19 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\security\trusted locations\location19VThe "Trust Center: Trusted Location #19" Excel setting should be configured correctly. CCE-13334-8User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Security\Trust Center\Trusted Locations\Trusted Location #13 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\security\trusted locations\location13VThe "Trust Center: Trusted Location #13" Excel setting should be configured correctly. CCE-12566-6User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Security\Trust Center\Trusted Locations\Trusted Location #7 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\security\trusted locations\location7UThe "Trust Center: Trusted Location #7" Excel setting should be configured correctly. CCE-13428-8User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Security\Trust Center\Trusted Locations\Trusted Location #11 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\security\trusted locations\location11VThe "Trust Center: Trusted Location #11" Excel setting should be configured correctly. CCE-14034-3User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Security\Trust Center\Trusted Locations\Trusted Location #16 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\security\trusted locations\location16VThe "Trust Center: Trusted Location #16" Excel setting should be configured correctly. CCE-13991-5User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Security\Trust Center\Trusted Locations\Trusted Location #6 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\security\trusted locations\location6UThe "Trust Center: Trusted Location #6" Excel setting should be configured correctly. CCE-14029-3User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Security\Trust Center\Trusted Locations\Trusted Location #8 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\security\trusted locations\location8UThe "Trust Center: Trusted Location #8" Excel setting should be configured correctly. CCE-12017-0User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Security\Trust Center\Trusted Locations\Trusted Location #5 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\security\trusted locations\location5UThe "Trust Center: Trusted Location #5" Excel setting should be configured correctly. CCE-13068-2User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Security\Trust Center\Trusted Locations\Trusted Location #15 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\security\trusted locations\location15VThe "Trust Center: Trusted Location #15" Excel setting should be configured correctly. CCE-12813-2User Configuration\Administrative Templates\Microsoft PowerPoint 2010\Broadcast\Disable programmatic access HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\broadcastTThe "Disable programmatic access" PowerPoint setting should be configu< red correctly. CCE-14761-1User Configuration\Administrative Templates\Microsoft PowerPoint 2010\Broadcast\Prevent access to user-specified services HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\broadcastbThe "Prevent access to user-specified services" PowerPoint setting should be configured correctly. CCE-12814-0User Configuration\Administrative Templates\Microsoft PowerPoint 2010\Broadcast\Disable default service HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\broadcastPThe "Disable default service" PowerPoint setting should be configured correctly. CCE-11595-6Computer Configuration\Administrative Templates\Microsoft InfoPath 2010 (Machine)\Security\Windows Internet Explorer Feature Control Opt-In HKEY_LOCAL_MACHINE\software\policies\microsoft\office\14.0\infopath\securityoThe "Windows Internet Explorer Feature Control Opt-In" machine InfoPath setting should be configured correctly. CCE-13131-8Computer Configuration\Administrative Templates\Microsoft InfoPath 2010 (Machine)\Security\InfoPath APTCA Assembly Allowable List Enforcement HKEY_LOCAL_MACHINE\software\policies\microsoft\office\14.0\infopath\securityqThe "InfoPath APTCA Assembly Allowable List Enforcement" machine InfoPath setting should be configured correctly. CCE-13853-7Computer Configuration\Administrative Templates\Microsoft InfoPath 2010 (Machine)\Security\InfoPath APTCA Assembly allowable list HKEY_LOCAL_MACHINE\software\policies\microsoft\office\14.0\infopath\security\aptcaeThe "InfoPath APTCA Assembly allowable list" machine InfoPath setting should be configured correctly. CCE-14232-3User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Customize Ribbon\Display Developer tab in the Ribbon HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\optionsVThe "Display Developer tab in the Ribbon" Word setting should be configured correctly. CCE-13279-5User Configuration\Administrative Templates\Microsoft Office 2010\Tools | Options | Spelling\Flag Repeated Words HKEY_CURRENT_USER\software\policies\microsoft\shared tools\proofing tools\1.0\officeAThe "Flag Repeated Words" setting should be configured correctly. CCE-11626-9User Configuration\Administrative Templates\Microsoft Office 2010\Tools | Options | Spelling\Ignore words in UPPERCASE HKEY_CURRENT_USER\software\policies\microsoft\shared tools\proofing tools\1.0\officeGThe "Ignore words in UPPERCASE" setting should be configured correctly. CCE-13987-3User Configuration\Administrative Templates\Microsoft Office 2010\Tools | Options | Spelling\French Language Options HKEY_CURRENT_USER\software\policies\microsoft\shared tools\proofing tools\1.0\officeEThe "French Language Options" setting should be configured correctly. CCE-14517-7User Configuration\Administrative Templates\Microsoft Office 2010\Tools | Options | Spelling\German: Use post-reform rules HKEY_CURRENT_USER\software\policies\microsoft\shared tools\proofing tools\spellingKThe "German: Use post-reform rules" setting should be configured correctly. CCE-13919-6User Configuration\Administrative Templates\Microsoft Office 2010\Tools | Options | Spelling\Process compound nouns HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vprefIThe "Process compound nouns" Word setting should be configured correctly. CCE-14455-0User Configuration\Administrative Templates\Microsoft Office 2010\Tools | Options | Spelling\Ignore Internet and file addresses HKEY_CURRENT_USER\software\policies\microsoft\shared tools\proofing tools\1.0\officePThe "Ignore Internet and file addresses" setting should be configured correctly. CCE-13863-6User Configuration\Administrative Templates\Microsoft Office 2010\Tools | Options | Spelling\Allow accented uppercase in French HKEY_CURRENT_USER\software\policies\microsoft\shared tools\proofing tools\1.0\officePThe "Allow accented uppercase in French" setting should be configured correctly. CCE-13519-4User Configuration\Administrative Templates\Microsoft Office 2010\Tools | Options | Spelling\Combine aux verb/adj. HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vprefHThe "Combine aux verb/adj." Word setting should be configured correctly. CCE-13527-7User Configuration\Administrative Templates\Microsoft Office 2010\Tools | Options | Spelling\Hebrew mode HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options>The "Hebrew mode" Word setting should be configured correctly. CCE-13338-9User Configuration\Administrative Templates\Microsoft Office 2010\Tools | Options | Spelling\Arabic modes HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vpref?The "Arabic modes" Word setting should be configured correctly. CCE-14033-5User Configuration\Administrative Templates\Microsoft Office 2010\Tools | Options | Spelling\Ignore words with numbers HKEY_CURRENT_USER\software\policies\microsoft\shared tools\proofing tools\1.0\officeGThe "Ignore words with numbers" setting should be configured correctly. CCE-12373-7User Configuration\Administrative Templates\Microsoft InfoPath 2010\Disable Items in User Interface\Predefined\Disable commands HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\infopath\disabledcmdbaritemscheckboxesGThe "Disable commands" InfoPath setting should be configured correctly. CCE-14598-7User Configuration\Administrative Templates\Microsoft InfoPath 2010\Disable Items in User Interface\Predefined\Disable shortcut keys HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\infopath\disabledshortcutkeyscheckboxesLThe "Disable shortcut keys" InfoPath setting should be configured correctly. CCE-14080-6User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Customize Ribbon\Display Developer tab in the Ribbon HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\optionsWThe "Display Developer tab in the Ribbon" Excel setting should be configured correctly. CCE-13133-4User Configuration\Administrative Templates\Microsoft Office 2010\Tools | Options | General | Web Options...\Disable customer-submitted templates downloads from Office.com HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\internetsThe "Disable customer-submitted templates downloads from Office.com" common setting should be configured correctly. CCE-12717-5User Configuration\Administrative Templates\Microsoft Office 2010\Tools | Options | General | Web Options...\Disable training practice downloads from Office.com HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\internethThe "Disable training practice downloads from Office.com" common setting should be configured correctly. CCE-14656-3User Configuration\Administrative Templates\Microsoft Office 2010\Tools | Options | General | Web Options...\Prevents users from uploading document templates to the Office.com Community. HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\internetThe "Prevents users from uploading document templates to the Office.com Community." common setting should be configured correctly. CCE-13894-1User Configuration\Administrative Templates\Microsoft Office 2010\Tools | Options | General | Web Options...\Disable Clip Art and Media downloads from the client and from Office.com HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\internet}The "Disable Clip Art and Media downloads from the client and from Office.com" common setting should be configured correctly. CCE-11843-0User Configuration\Administrative Templates\Microsoft Office 2010\Tools | Options | General | Web Options...\Disable access to updates, add-ins, and patches on Office.com HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\internetrThe "Disable access to updates, add-ins, and patches on Office.com" common setting should be configured correctly. CCE-14686-0User Configuration\Administrative Templates\Microsoft Office 2010\Tools | Options | General | Web Options...\Disable template downloads from the client and from Office.com HKEY_CURRENT_USER\software\polic< ies\microsoft\office\14.0\common\internetsThe "Disable template downloads from the client and from Office.com" common setting should be configured correctly. CCE-14076-4User Configuration\Administrative Templates\Microsoft Office 2010\Manage Restricted Permissions\Prevent users from changing permissions on rights managed content HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\drmvThe "Prevent users from changing permissions on rights managed content" common setting should be configured correctly. CCE-12152-5User Configuration\Administrative Templates\Microsoft Office 2010\Manage Restricted Permissions\Always expand groups in Office when restricting permission for documents HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\drm\autoexpanddls}The "Always expand groups in Office when restricting permission for documents" common setting should be configured correctly. CCE-12171-5User Configuration\Administrative Templates\Microsoft Office 2010\Manage Restricted Permissions\Always require users to connect to verify permission HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\drmiThe "Always require users to connect to verify permission" common setting should be configured correctly. CCE-14356-0User Configuration\Administrative Templates\Microsoft Office 2010\Manage Restricted Permissions\Active Directory timeout for querying one entry for group expansion HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\drm\autoexpanddlsxThe "Active Directory timeout for querying one entry for group expansion" common setting should be configured correctly. CCE-13864-4User Configuration\Administrative Templates\Microsoft Office 2010\Manage Restricted Permissions\Disable Microsoft Passport service for content with restricted permission HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\drm~The "Disable Microsoft Passport service for content with restricted permission" common setting should be configured correctly. CCE-12221-8User Configuration\Administrative Templates\Microsoft Office 2010\Manage Restricted Permissions\Additional permissions request URL HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\drmWThe "Additional permissions request URL" common setting should be configured correctly. CCE-13093-0User Configuration\Administrative Templates\Microsoft Office 2010\Manage Restricted Permissions\Allow users with earlier versions of Office to read with browsers... HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\drmyThe "Allow users with earlier versions of Office to read with browsers..." common setting should be configured correctly. CCE-13535-0User Configuration\Administrative Templates\Microsoft Office 2010\Manage Restricted Permissions\Never allow users to specify groups when restricting permission for documents HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\drmThe "Never allow users to specify groups when restricting permission for documents" common setting should be configured correctly. CCE-12528-6User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Right-to-left\Layout Options HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\calendarDThe "Layout Options" Outlook setting should be configured correctly. CCE-13663-0User Configuration\Administrative Templates\Microsoft Outlook 2010\Account Settings\SharePoint Lists\Do not roam users' SharePoint lists HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\wssYThe "Do not roam users' SharePoint lists" Outlook setting should be configured correctly. CCE-13589-7User Configuration\Administrative Templates\Microsoft Outlook 2010\Account Settings\SharePoint Lists\Override published sync interval HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\wssVThe "Override published sync interval" Outlook setting should be configured correctly. CCE-13650-7User Configuration\Administrative Templates\Microsoft Outlook 2010\Account Settings\SharePoint Lists\Do not allow Sharepoint-Outlook integration HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\wssaThe "Do not allow Sharepoint-Outlook integration" Outlook setting should be configured correctly. CCE-14589-6User Configuration\Administrative Templates\Microsoft Outlook 2010\Account Settings\SharePoint Lists\Sharepoint folder sync interval HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\preferencesUThe "Sharepoint folder sync interval" Outlook setting should be configured correctly. CCE-11685-5User Configuration\Administrative Templates\Microsoft Outlook 2010\Account Settings\SharePoint Lists\Define custom label for SharePoint store HKEY_CURRENT_USER\software\policies\microsoft\office\common\offline\options]The "Define custom label for SharePoint store" common setting should be configured correctly. CCE-12722-5User Configuration\Administrative Templates\Microsoft Outlook 2010\Account Settings\SharePoint Lists\Default SharePoint lists HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\accountsNThe "Default SharePoint lists" Outlook setting should be configured correctly. CCE-12932-0User Configuration\Administrative Templates\Microsoft Outlook 2010\Account Settings\SharePoint Lists\Log SharePoint sync requests and responses HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\mail`The "Log SharePoint sync requests and responses" Outlook setting should be configured correctly. CCE-12309-1User Configuration\Administrative Templates\Microsoft Outlook 2010\Account Settings\SharePoint Lists\Modify number of changed items included in SharePoint client page download HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\preferencesThe "Modify number of changed items included in SharePoint client page download" Outlook setting should be configured correctly. CCE-12314-1User Configuration\Administrative Templates\Microsoft Outlook 2010\Folder Home Pages for Outlook Special Folders\Calendar Folder Home Page HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\webview\calendarOThe "Calendar Folder Home Page" Outlook setting should be configured correctly. CCE-14827-0User Configuration\Administrative Templates\Microsoft Outlook 2010\Folder Home Pages for Outlook Special Folders\RSS Folder Home Page HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\webview\rssJThe "RSS Folder Home Page" Outlook setting should be configured correctly. CCE-14290-1User Configuration\Administrative Templates\Microsoft Outlook 2010\Folder Home Pages for Outlook Special Folders\Tasks Folder Home Page HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\webview\tasksLThe "Tasks Folder Home Page" Outlook setting should be configured correctly. CCE-13585-5User Configuration\Administrative Templates\Microsoft Outlook 2010\Folder Home Pages for Outlook Special Folders\Outbox Folder Home Page HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\webview\outboxMThe "Outbox Folder Home Page" Outlook setting should be configured correctly. CCE-14323-0User Configuration\Administrative Templates\Microsoft Outlook 2010\Folder Home Pages for Outlook Special Folders\Journal Folder Home Page HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\webview\journalNThe "Journal Folder Home Page" Outlook setting should be configured correctly. CCE-13362-9User Configuration\Administrative Templates\Microsoft Outlook 2010\Folder Home Pages for Outlook Special Folders\Sent Items Folder Home Page HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\webview\sent mailQThe "Sent Items Folder Home Page" Outlook setting should be configured correctly. CCE-14299-2User Configuration\Administrative Templates\Microsoft Outlook 2010\Folder Home Pages for Outlook Special Folders\Contacts Folder Home Page HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\webview\contactsOThe "Contacts Folder Home Page" < Outlook setting should be configured correctly. CCE-12472-7User Configuration\Administrative Templates\Microsoft Outlook 2010\Folder Home Pages for Outlook Special Folders\Deleted Items Folder Home Page HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\webview\deleted itemsTThe "Deleted Items Folder Home Page" Outlook setting should be configured correctly. CCE-14016-0User Configuration\Administrative Templates\Microsoft Outlook 2010\Folder Home Pages for Outlook Special Folders\Drafts Folder Home Page HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\webview\draftsMThe "Drafts Folder Home Page" Outlook setting should be configured correctly. CCE-14949-2User Configuration\Administrative Templates\Microsoft Outlook 2010\Folder Home Pages for Outlook Special Folders\Inbox Folder Home Page HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\webview\inboxLThe "Inbox Folder Home Page" Outlook setting should be configured correctly. CCE-13960-0User Configuration\Administrative Templates\Microsoft Outlook 2010\Folder Home Pages for Outlook Special Folders\Notes Folder Home Page HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\webview\notesLThe "Notes Folder Home Page" Outlook setting should be configured correctly. CCE-13052-6User Configuration\Administrative Templates\Microsoft Outlook 2010\Folder Home Pages for Outlook Special Folders\Do not allow Home Page URL to be set in folder Properties HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\webviewoThe "Do not allow Home Page URL to be set in folder Properties" Outlook setting should be configured correctly. CCE-13793-5User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\Notes Options\Notes appearance HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\noteFThe "Notes appearance" Outlook setting should be configured correctly. CCE-12987-4User Configuration\Administrative Templates\Microsoft Office 2010\Customizable Error Messages\Default button text HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\generalHThe "Default button text" common setting should be configured correctly. CCE-13118-5User Configuration\Administrative Templates\Microsoft Office 2010\Customizable Error Messages\List of error messages to customize HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\customizablealertsXThe "List of error messages to customize" common setting should be configured correctly. CCE-14579-7User Configuration\Administrative Templates\Microsoft Office 2010\Customizable Error Messages\Default save prompt text HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\generalMThe "Default save prompt text" common setting should be configured correctly. CCE-11602-0User Configuration\Administrative Templates\Microsoft Office 2010\Customizable Error Messages\Base URL HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\general=The "Base URL" common setting should be configured correctly. CCE-12896-7User Configuration\Administrative Templates\Microsoft Access 2010\Tools | Security\Modal Trust Decision Only HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\access\securityNThe "Modal Trust Decision Only" Access setting should be configured correctly. CCE-14539-1User Configuration\Administrative Templates\Microsoft Office 2010\Tools | AutoCorrect Options... (Excel, PowerPoint and Access)\Show AutoCorrect Options buttons HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\autocorrectUThe "Show AutoCorrect Options buttons" common setting should be configured correctly. CCE-14030-1User Configuration\Administrative Templates\Microsoft Office 2010\Tools | AutoCorrect Options... (Excel, PowerPoint and Access)\Correct accidental use of cAPS LOCK key HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\autocorrect\The "Correct accidental use of cAPS LOCK key" common setting should be configured correctly. CCE-12862-9User Configuration\Administrative Templates\Microsoft Office 2010\Tools | AutoCorrect Options... (Excel, PowerPoint and Access)\Capitalize names of days HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\autocorrectMThe "Capitalize names of days" common setting should be configured correctly. CCE-13724-0User Configuration\Administrative Templates\Microsoft Office 2010\Tools | AutoCorrect Options... (Excel, PowerPoint and Access)\Capitalize first letter of sentence HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\autocorrectXThe "Capitalize first letter of sentence" common setting should be configured correctly. CCE-13464-3User Configuration\Administrative Templates\Microsoft Office 2010\Tools | AutoCorrect Options... (Excel, PowerPoint and Access)\Correct TWo INitial CApitals HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\autocorrectQThe "Correct TWo INitial CApitals" common setting should be configured correctly. CCE-14784-3User Configuration\Administrative Templates\Microsoft Office 2010\Tools | AutoCorrect Options... (Excel, PowerPoint and Access)\Replace text as you type HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\autocorrectMThe "Replace text as you type" common setting should be configured correctly. CCE-12187-1User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Security\Cryptography\Set CNG cipher key length HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\security\cryptoMThe "Set CNG cipher key length" Excel setting should be configured correctly. CCE-12575-7User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Security\Cryptography\Set CNG cipher algorithm HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\security\cryptoLThe "Set CNG cipher algorithm" Excel setting should be configured correctly. CCE-12690-4User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Security\Cryptography\Specify CNG random number generator algorithm HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\security\cryptoaThe "Specify CNG random number generator algorithm" Excel setting should be configured correctly. CCE-12843-9User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Security\Cryptography\Configure CNG cipher chaining mode HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\security\cryptoVThe "Configure CNG cipher chaining mode" Excel setting should be configured correctly. CCE-12665-6User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Security\Cryptography\Set CNG password spin count HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\security\cryptoOThe "Set CNG password spin count" Excel setting should be configured correctly. CCE-11967-7User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Security\Cryptography\Use new key on password change HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\security\cryptoRThe "Use new key on password change" Excel setting should be configured correctly. CCE-13682-0User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Security\Cryptography\Specify CNG salt length HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\security\cryptoKThe "Specify CNG salt length" Excel setting should be configured correctly. CCE-14368-5User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Security\Cryptography\Specify encryption compatibility HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\security\cryptoTThe "Specify encryption compatibility" Excel setting should be configured correctly. CCE-12613-6User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Security\Cryptography\Set parameters for CNG context HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\security\cryptoRThe "Set parameters for CNG context" Excel set< ting should be configured correctly. CCE-13168-0User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Security\Cryptography\Specify CNG hash algorithm HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\security\cryptoNThe "Specify CNG hash algorithm" Excel setting should be configured correctly. CCE-13396-7User Configuration\Administrative Templates\Microsoft OneNote 2010\OneNote Options\Security\Trust Center\Turn off Data Execution Prevention HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\onenote\securityXThe "Turn off Data Execution Prevention" OneNote setting should be configured correctly. CCE-12911-4User Configuration\Administrative Templates\Microsoft Office 2010\Document Information Panel\Offline Mode for Document Information Panel HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\documentinformationpanel`The "Offline Mode for Document Information Panel" common setting should be configured correctly. CCE-11572-5User Configuration\Administrative Templates\Microsoft Office 2010\Document Information Panel\Disable Document Information Panel HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\documentinformationpanelWThe "Disable Document Information Panel" common setting should be configured correctly. CCE-14882-5User Configuration\Administrative Templates\Microsoft Office 2010\Document Information Panel\Document Information Panel Beaconing UI HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\documentinformationpanel\The "Document Information Panel Beaconing UI" common setting should be configured correctly. CCE-11939-6User Configuration\Administrative Templates\Microsoft Project 2010\Miscellaneous\Most Recently Used Template List Length HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\general\The "Most Recently Used Template List Length" common setting should be configured correctly. CCE-13634-1User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\Web Options...\Files\Check if Word is the default editor for all other Web pages HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\internetpThe "Check if Word is the default editor for all other Web pages" common setting should be configured correctly. CCE-12780-3User Configuration\Administrative Templates\Microsoft Outlook 2010\Security\Cryptography\Signature Status dialog box\Promote Level 2 errors as errors, not warnings HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\securitydThe "Promote Level 2 errors as errors, not warnings" Outlook setting should be configured correctly. CCE-11692-1User Configuration\Administrative Templates\Microsoft Outlook 2010\Security\Cryptography\Signature Status dialog box\Attachment Secure Temporary Folder HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\securityXThe "Attachment Secure Temporary Folder" Outlook setting should be configured correctly. CCE-11802-6User Configuration\Administrative Templates\Microsoft Outlook 2010\Security\Cryptography\Signature Status dialog box\Missing CRLs HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\securityBThe "Missing CRLs" Outlook setting should be configured correctly. CCE-12227-5User Configuration\Administrative Templates\Microsoft Outlook 2010\Security\Cryptography\Signature Status dialog box\Retrieving CRLs (Certificate Revocation Lists) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\securitydThe "Retrieving CRLs (Certificate Revocation Lists)" Outlook setting should be configured correctly. CCE-12202-8User Configuration\Administrative Templates\Microsoft Outlook 2010\Security\Cryptography\Signature Status dialog box\Missing root certificates HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\securityOThe "Missing root certificates" Outlook setting should be configured correctly. CCE-13755-4User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Formulas\R1C1 reference style HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\options\binaryoptionsHThe "R1C1 reference style" Excel setting should be configured correctly. CCE-14919-5User Configuration\Administrative Templates\Microsoft PowerPoint 2010\Customizable Error Messages\List of error messages to customize HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\customizablealerts\The "List of error messages to customize" PowerPoint setting should be configured correctly. CCE-11701-0User Configuration\Administrative Templates\Microsoft Outlook 2010\Miscellaneous\PST Settings\Legacy PST: Size to disable adding new content HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\pstdThe "Legacy PST: Size to disable adding new content" Outlook setting should be configured correctly. CCE-14072-3User Configuration\Administrative Templates\Microsoft Outlook 2010\Miscellaneous\PST Settings\Large PST: Absolute maximum size HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\pstVThe "Large PST: Absolute maximum size" Outlook setting should be configured correctly. CCE-13885-9User Configuration\Administrative Templates\Microsoft Outlook 2010\Miscellaneous\PST Settings\Preferred PST Mode (Unicode/ANSI) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlookWThe "Preferred PST Mode (Unicode/ANSI)" Outlook setting should be configured correctly. CCE-12370-3User Configuration\Administrative Templates\Microsoft Outlook 2010\Miscellaneous\PST Settings\Default location for PST files HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlookTThe "Default location for PST files" Outlook setting should be configured correctly. CCE-13098-9User Configuration\Administrative Templates\Microsoft Outlook 2010\Miscellaneous\PST Settings\Legacy PST: Absolute maximum size HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\pstWThe "Legacy PST: Absolute maximum size" Outlook setting should be configured correctly. CCE-13466-8User Configuration\Administrative Templates\Microsoft Outlook 2010\Miscellaneous\PST Settings\Large PST: Size to disable adding new content HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\pstcThe "Large PST: Size to disable adding new content" Outlook setting should be configured correctly. CCE-14036-8User Configuration\Administrative Templates\Microsoft Outlook 2010\Miscellaneous\PST Settings\Permanently remove all deleted content from PST and OST files HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\pstsThe "Permanently remove all deleted content from PST and OST files" Outlook setting should be configured correctly. CCE-12006-3User Configuration\Administrative Templates\Microsoft Outlook 2010\Miscellaneous\PST Settings\Prevent users from adding PSTs to Outlook profiles and/or prevent using Sharing-Exclusive PSTs HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlookThe "Prevent users from adding PSTs to Outlook profiles and/or prevent using Sharing-Exclusive PSTs" Outlook setting should be configured correctly. CCE-13053-4User Configuration\Administrative Templates\Microsoft Outlook 2010\Miscellaneous\PST Settings\Default location for OST files HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlookTThe "Default location for OST files" Outlook setting should be configured correctly. CCE-13372-8User Configuration\Administrative Templates\Microsoft Outlook 2010\Miscellaneous\PST Settings\Do not send meeting forward notifications HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\calendar_The "Do not send meeting forward notifications" Outlook setting should be configured correctly. CCE-14004-6User Configuration\Administrative Templates\Microsoft Outlook 2010\Miscellaneous\PST Settings\Upgrade only the default store HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\setupTThe "Upgrade only the default store" Outlook setting should be configured correctly. CCE-14494-9User Configuration\Admin< istrative Templates\Microsoft Outlook 2010\Miscellaneous\PST Settings\Prevent users from adding new content to existing PST files HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\pstqThe "Prevent users from adding new content to existing PST files" Outlook setting should be configured correctly. CCE-12311-7User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Advanced\Web Options...\General\Load pictures from Web pages not created in Excel HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\interneteThe "Load pictures from Web pages not created in Excel" Excel setting should be configured correctly. CCE-12671-4User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Proofing\AutoFormat as you type\Replace as you type\Fractions (1/2) with fraction character HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\assistZThe "Fractions (1/2) with fraction character" Word setting should be configured correctly. CCE-14508-6User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Proofing\AutoFormat as you type\Replace as you type\First line indent HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\assistDThe "First line indent" Word setting should be configured correctly. CCE-13447-8User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Proofing\AutoFormat as you type\Replace as you type\Symbol characters (--) with symbols HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\assistVThe "Symbol characters (--) with symbols" Word setting should be configured correctly. CCE-13877-6User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Proofing\AutoFormat as you type\Replace as you type\*Bold* and _italic_ with real formatting HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\assist[The "*Bold* and _italic_ with real formatting" Word setting should be configured correctly. CCE-11878-6User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Proofing\AutoFormat as you type\Replace as you type\Dash-like characters HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\assistGThe "Dash-like characters" Word setting should be configured correctly. CCE-11650-9User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Proofing\AutoFormat as you type\Replace as you type\Ordinals (1st) with superscript HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\assistRThe "Ordinals (1st) with superscript" Word setting should be configured correctly. CCE-14346-1User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Proofing\AutoFormat as you type\Replace as you type\Straight quotes with smart quotes HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\assistTThe "Straight quotes with smart quotes" Word setting should be configured correctly. CCE-13452-8User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Belarusian HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages?The "Belarusian" common setting should be configured correctly. CCE-12300-0User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Edo HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages8The "Edo" common setting should be configured correctly. CCE-13186-2 User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Serbian (Latin, Bosnia and Herzegovina) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages\The "Serbian (Latin, Bosnia and Herzegovina)" common setting should be configured correctly. CCE-12947-8User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Nepali (Nepal) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesCThe "Nepali (Nepal)" common setting should be configured correctly. CCE-12823-1User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Persian HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages<The "Persian" common setting should be configured correctly. CCE-13865-1User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Arabic (U.A.E.) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesDThe "Arabic (U.A.E.)" common setting should be configured correctly. CCE-13384-3User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Divehi HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages;The "Divehi" common setting should be configured correctly. CCE-13475-9User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Czech HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages:The "Czech" common setting should be configured correctly. CCE-13872-7User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Bengali (India) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesDThe "Bengali (India)" common setting should be configured correctly. CCE-14142-4User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\English (Australia) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesHThe "English (Australia)" common setting should be configured correctly. CCE-14283-6User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Pashto HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages;The "Pashto" common setting should be configured correctly. CCE-12785-2User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Arabic (Iraq) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesBThe "Arabic (Iraq)" common setting should be configured correctly. CCE-13757-0User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Arabic (Libya) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesCThe "Arabic (Libya)" common setting should be configured correctly. CCE-11910-7User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Norwegian (Bokml) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesGThe "Norwegian (Bokml)" common setting should be configured correctly. CCE-12875-1User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\English (South Africa) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesKThe "English (South Africa)" common setting should be configured correctly. CCE-14074-9User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Arabic (Oman) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledla< nguagesBThe "Arabic (Oman)" common setting should be configured correctly. CCE-12946-0User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Ibibio HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages;The "Ibibio" common setting should be configured correctly. CCE-12884-3User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Quechua (Peru) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesCThe "Quechua (Peru)" common setting should be configured correctly. CCE-13552-5User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Norwegian (Nynorsk) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesHThe "Norwegian (Nynorsk)" common setting should be configured correctly. CCE-11541-0User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Malayalam HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages>The "Malayalam" common setting should be configured correctly. CCE-12230-9User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\French (Belgium) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesEThe "French (Belgium)" common setting should be configured correctly. CCE-14956-7User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Kashmiri (Arabic) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesFThe "Kashmiri (Arabic)" common setting should be configured correctly. CCE-12652-4User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Spanish (Colombia) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesGThe "Spanish (Colombia)" common setting should be configured correctly. CCE-13882-6User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\French (Senegal) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesEThe "French (Senegal)" common setting should be configured correctly. CCE-13763-8User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Frisian (Netherlands) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesJThe "Frisian (Netherlands)" common setting should be configured correctly. CCE-13007-0User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Hindi HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages:The "Hindi" common setting should be configured correctly. CCE-14018-6User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\French (Congo (DRC)) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesIThe "French (Congo (DRC))" common setting should be configured correctly. CCE-14410-5User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Manipuri HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages=The "Manipuri" common setting should be configured correctly. CCE-12967-6User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Mapudungun HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages?The "Mapudungun" common setting should be configured correctly. CCE-12484-2User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Luxembourgish (Luxembourg) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesOThe "Luxembourgish (Luxembourg)" common setting should be configured correctly. CCE-14436-0User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\German (Germany) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesEThe "German (Germany)" common setting should be configured correctly. CCE-13603-6User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Sindhi (Arabic) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesDThe "Sindhi (Arabic)" common setting should be configured correctly. CCE-12503-9User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\French (Morocco) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesEThe "French (Morocco)" common setting should be configured correctly. CCE-13434-6User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\English (Caribbean) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesHThe "English (Caribbean)" common setting should be configured correctly. CCE-14902-1User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Serbian (Cyrillic, Montenegro) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesSThe "Serbian (Cyrillic, Montenegro)" common setting should be configured correctly. CCE-12363-8User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Galician HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages=The "Galician" common setting should be configured correctly. CCE-12366-1User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Sami, Northern (Sweden) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesLThe "Sami, Northern (Sweden)" common setting should be configured correctly. CCE-12259-8User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Arabic (Bahrain) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesEThe "Arabic (Bahrain)" common setting should be configured correctly. CCE-14538-3User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Kyrgyz HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages;The "Kyrgyz" common setting should be configured correctly. CCE-13112-8User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Hebrew (Israel) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesDThe "Hebrew (Israel)" common setting should be configured correctly. CCE-12270-5User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Somali HKEY_CURRENT_USER\software\polici< es\microsoft\office\14.0\common\languageresources\enabledlanguages;The "Somali" common setting should be configured correctly. CCE-13912-1User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\English (Singapore) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesHThe "English (Singapore)" common setting should be configured correctly. CCE-13003-9User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\French (Luxembourg) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesHThe "French (Luxembourg)" common setting should be configured correctly. CCE-12338-0User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Bulgarian HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages>The "Bulgarian" common setting should be configured correctly. CCE-13891-7User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\German (Austria) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesEThe "German (Austria)" common setting should be configured correctly. CCE-12109-5User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Dutch (Belgium) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesDThe "Dutch (Belgium)" common setting should be configured correctly. CCE-12669-8User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Spanish (Ecuador) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesFThe "Spanish (Ecuador)" common setting should be configured correctly. CCE-13212-6User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\English (U.K.) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesCThe "English (U.K.)" common setting should be configured correctly. CCE-12100-4User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\French (Mali) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesBThe "French (Mali)" common setting should be configured correctly. CCE-14786-8User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\English (New Zealand) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesJThe "English (New Zealand)" common setting should be configured correctly. CCE-12362-0User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\English (Zimbabwe) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesGThe "English (Zimbabwe)" common setting should be configured correctly. CCE-12172-3 User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Bosnian (Latin, Bosnia and Herzegovina) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages\The "Bosnian (Latin, Bosnia and Herzegovina)" common setting should be configured correctly. CCE-13507-9User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Romansh (Switzerland) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesJThe "Romansh (Switzerland)" common setting should be configured correctly. CCE-14668-8User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Latvian HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages<The "Latvian" common setting should be configured correctly. CCE-12224-2User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Lower Sorbian HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesBThe "Lower Sorbian" common setting should be configured correctly. CCE-12758-9User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\French (Cote d'Ivoire) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesKThe "French (Cote d'Ivoire)" common setting should be configured correctly. CCE-13790-1User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Arabic (Lebanon) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesEThe "Arabic (Lebanon)" common setting should be configured correctly. CCE-14788-4User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\K'iche HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages;The "K'iche" common setting should be configured correctly. CCE-12075-8User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Chinese (Taiwan) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesEThe "Chinese (Taiwan)" common setting should be configured correctly. CCE-14462-6User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Nepali (India) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesCThe "Nepali (India)" common setting should be configured correctly. CCE-12326-5User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\isiZulu HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages<The "isiZulu" common setting should be configured correctly. CCE-12162-4User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Italian (Switzerland) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesJThe "Italian (Switzerland)" common setting should be configured correctly. CCE-14020-2User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Cherokee HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages=The "Cherokee" common setting should be configured correctly. CCE-13644-0User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\English (Malaysia) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesGThe "English (Malaysia)" common setting should be configured correctly. CCE-12674-8User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\English (India) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesDThe "English (India)" common setting should be configured correctly. CCE-12655-7User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Ed< iting Languages\Enabled Editing Languages\Marathi HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages<The "Marathi" common setting should be configured correctly. CCE-13732-3User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Serbian (Cyrillic, Bosnia and Herzegovina) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages_The "Serbian (Cyrillic, Bosnia and Herzegovina)" common setting should be configured correctly. CCE-14749-6User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Russian (Russia) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesEThe "Russian (Russia)" common setting should be configured correctly. CCE-12499-0User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Spanish (Mexico) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesEThe "Spanish (Mexico)" common setting should be configured correctly. CCE-12132-7User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Arabic (Kuwait) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesDThe "Arabic (Kuwait)" common setting should be configured correctly. CCE-13541-8User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Basque HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages;The "Basque" common setting should be configured correctly. CCE-12788-6User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Faeroese HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages=The "Faeroese" common setting should be configured correctly. CCE-14502-9User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\German (Switzerland) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesIThe "German (Switzerland)" common setting should be configured correctly. CCE-13948-5User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Sami, Northern (Finland) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesMThe "Sami, Northern (Finland)" common setting should be configured correctly. CCE-13678-8User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Japanese HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages=The "Japanese" common setting should be configured correctly. CCE-13183-9User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Sami, Northern (Norway) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesLThe "Sami, Northern (Norway)" common setting should be configured correctly. CCE-14493-1User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\English (Jamaica) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesFThe "English (Jamaica)" common setting should be configured correctly. CCE-12385-1User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Serbian (Cyrillic, Serbia) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesOThe "Serbian (Cyrillic, Serbia)" common setting should be configured correctly. CCE-14185-3User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Irish (Ireland) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesDThe "Irish (Ireland)" common setting should be configured correctly. CCE-13756-2User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Gujarati HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages=The "Gujarati" common setting should be configured correctly. CCE-12642-5User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Spanish (Chile) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesDThe "Spanish (Chile)" common setting should be configured correctly. CCE-14273-7User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Khmer HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages:The "Khmer" common setting should be configured correctly. CCE-12467-7User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Sesotho sa Leboa HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesEThe "Sesotho sa Leboa" common setting should be configured correctly. CCE-14124-2User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\German (Liechtenstein) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesKThe "German (Liechtenstein)" common setting should be configured correctly. CCE-12981-7User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Latin HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages:The "Latin" common setting should be configured correctly. CCE-12864-5User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Slovenian HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages>The "Slovenian" common setting should be configured correctly. CCE-12433-9User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Croatian (Croatia) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesGThe "Croatian (Croatia)" common setting should be configured correctly. CCE-13572-3User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Sami, Lule (Norway) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesHThe "Sami, Lule (Norway)" common setting should be configured correctly. CCE-14144-0User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Corsican HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages=The "Corsican" common setting should be configured correctly. CCE-13349-6User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Burmese (Myanmar) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesFThe "Burmese (Myanmar)" common setting should be configured correctly. CCE-14562-3User Configura< tion\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Malay (Malaysia) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesEThe "Malay (Malaysia)" common setting should be configured correctly. CCE-14727-2User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Breton HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages;The "Breton" common setting should be configured correctly. CCE-12837-1User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Oromo HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages:The "Oromo" common setting should be configured correctly. CCE-14918-7User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Indonesian HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages?The "Indonesian" common setting should be configured correctly. CCE-12756-3User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Serbian (Cyrillic, Serbia and Montenegro (Former)) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesgThe "Serbian (Cyrillic, Serbia and Montenegro (Former))" common setting should be configured correctly. CCE-13199-5User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Filipino HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages=The "Filipino" common setting should be configured correctly. CCE-12318-2User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Occitan HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages<The "Occitan" common setting should be configured correctly. CCE-14397-4User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Spanish (Costa Rica) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesIThe "Spanish (Costa Rica)" common setting should be configured correctly. CCE-12826-4User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Arabic (Qatar) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesCThe "Arabic (Qatar)" common setting should be configured correctly. CCE-14723-1User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\isiXhosa HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages=The "isiXhosa" common setting should be configured correctly. CCE-12213-5User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Polish HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages;The "Polish" common setting should be configured correctly. CCE-13100-3User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Greenlandic HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages@The "Greenlandic" common setting should be configured correctly. CCE-12544-3User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\French (Reunion) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesEThe "French (Reunion)" common setting should be configured correctly. CCE-12228-3User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\French (Switzerland) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesIThe "French (Switzerland)" common setting should be configured correctly. CCE-11521-2User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Italian (Italy) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesDThe "Italian (Italy)" common setting should be configured correctly. CCE-13360-3User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Lao HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages8The "Lao" common setting should be configured correctly. CCE-13620-0User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Albanian HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages=The "Albanian" common setting should be configured correctly. CCE-11970-1User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\English (Canada) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesEThe "English (Canada)" common setting should be configured correctly. CCE-12834-8User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\German (Luxembourg) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesHThe "German (Luxembourg)" common setting should be configured correctly. CCE-14585-4User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Sami, Inari (Finland) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesJThe "Sami, Inari (Finland)" common setting should be configured correctly. CCE-13819-8User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Icelandic HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages>The "Icelandic" common setting should be configured correctly. CCE-11684-8User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\English (U.S.) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesCThe "English (U.S.)" common setting should be configured correctly. CCE-14674-6User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\English (Philippines) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesJThe "English (Philippines)" common setting should be configured correctly. CCE-12406-5User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Arabic (Syria) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesCThe "Arabic (Syria)" common setting should be configured correctly. CCE-14548-2User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Punjabi (Pakistan) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesGThe "Punjabi (Pakistan)" common setting should be configured correctly. CCE-11546-9< User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Estonian HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages=The "Estonian" common setting should be configured correctly. CCE-13811-5User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Chinese (Macao S.A.R.) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesKThe "Chinese (Macao S.A.R.)" common setting should be configured correctly. CCE-12934-6User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Arabic (Jordan) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesDThe "Arabic (Jordan)" common setting should be configured correctly. CCE-13415-5User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\French (West Indies) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesIThe "French (West Indies)" common setting should be configured correctly. CCE-13018-7User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Hausa (Latin) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesBThe "Hausa (Latin)" common setting should be configured correctly. CCE-12765-4User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Kinyarwanda HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages@The "Kinyarwanda" common setting should be configured correctly. CCE-14706-6User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Dari HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages9The "Dari" common setting should be configured correctly. CCE-14151-5User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Mohawk HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages;The "Mohawk" common setting should be configured correctly. CCE-12622-7User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Sami, Southern (Norway) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesLThe "Sami, Southern (Norway)" common setting should be configured correctly. CCE-13341-3User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Sanskrit HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages=The "Sanskrit" common setting should be configured correctly. CCE-13651-5User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Sami, Lule (Sweden) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesHThe "Sami, Lule (Sweden)" common setting should be configured correctly. CCE-14280-2User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\French (France) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesDThe "French (France)" common setting should be configured correctly. CCE-14104-4User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Arabic (Morocco) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesEThe "Arabic (Morocco)" common setting should be configured correctly. CCE-13217-5User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Bashkir HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages<The "Bashkir" common setting should be configured correctly. CCE-14929-4User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Arabic (Tunisia) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesEThe "Arabic (Tunisia)" common setting should be configured correctly. CCE-13117-7User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\English (Trinidad and Tobago) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesRThe "English (Trinidad and Tobago)" common setting should be configured correctly. CCE-13830-5User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Portuguese (Portugal) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesJThe "Portuguese (Portugal)" common setting should be configured correctly. CCE-12534-4User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Punjabi HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages<The "Punjabi" common setting should be configured correctly. CCE-14234-9User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Spanish (Bolivia) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesFThe "Spanish (Bolivia)" common setting should be configured correctly. CCE-11590-7User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\English (Indonesia) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesHThe "English (Indonesia)" common setting should be configured correctly. CCE-13441-1User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Malay (Brunei Darussalam) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesNThe "Malay (Brunei Darussalam)" common setting should be configured correctly. CCE-12424-8User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Guarani HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages<The "Guarani" common setting should be configured correctly. CCE-12515-3User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Arabic (Saudi Arabia) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesJThe "Arabic (Saudi Arabia)" common setting should be configured correctly. CCE-12409-9User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Maltese HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages<The "Maltese" common setting should be configured correctly. CCE-12695-3User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\French (Canada) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesDThe "French (Canada)" common setting sh< ould be configured correctly. CCE-11924-8User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Kanuri HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages;The "Kanuri" common setting should be configured correctly. CCE-13501-2User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Finnish HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages<The "Finnish" common setting should be configured correctly. CCE-12735-7User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Chinese (PRC) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesBThe "Chinese (PRC)" common setting should be configured correctly. CCE-14137-4User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Kashmiri (Devanagari) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesJThe "Kashmiri (Devanagari)" common setting should be configured correctly. CCE-12574-0User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Portuguese (Brazil) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesHThe "Portuguese (Brazil)" common setting should be configured correctly. CCE-13684-6User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Slovak HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages;The "Slovak" common setting should be configured correctly. CCE-12615-1User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Arabic (Egypt) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesCThe "Arabic (Egypt)" common setting should be configured correctly. CCE-12727-4User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Catalan HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages<The "Catalan" common setting should be configured correctly. CCE-12742-3User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Kannada HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages<The "Kannada" common setting should be configured correctly. CCE-13056-7User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Spanish (Argentina) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesHThe "Spanish (Argentina)" common setting should be configured correctly. CCE-12317-4User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Spanish (Dominican Republic) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesQThe "Spanish (Dominican Republic)" common setting should be configured correctly. CCE-12523-7User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Chinese (Singapore) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesHThe "Chinese (Singapore)" common setting should be configured correctly. CCE-13623-4User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Azeri (Cyrillic) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesEThe "Azeri (Cyrillic)" common setting should be configured correctly. CCE-11897-6User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\French (Monaco) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesDThe "French (Monaco)" common setting should be configured correctly. CCE-13315-7User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\English (Ireland) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesFThe "English (Ireland)" common setting should be configured correctly. CCE-12361-2User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Danish HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages;The "Danish" common setting should be configured correctly. CCE-13861-0User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\English (Hong Kong S.A.R.) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesOThe "English (Hong Kong S.A.R.)" common setting should be configured correctly. CCE-13166-4User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Croatian (Bosnia and Herzegovina) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesVThe "Croatian (Bosnia and Herzegovina)" common setting should be configured correctly. CCE-13770-3User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Mongolian (Cyrillic) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesIThe "Mongolian (Cyrillic)" common setting should be configured correctly. CCE-14742-1User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Quechua (Ecuador) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesFThe "Quechua (Ecuador)" common setting should be configured correctly. CCE-13207-6User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Sinhala HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages<The "Sinhala" common setting should be configured correctly. CCE-13773-7User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\French (Cameroon) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesFThe "French (Cameroon)" common setting should be configured correctly. CCE-13239-9User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Oriya HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages:The "Oriya" common setting should be configured correctly. CCE-14275-2User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Inuktitut (Syllabics) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesJThe "Inuktitut (Syllabics)" common setting should be configured correctly. CCE-12445-3User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Dutch (Netherlands) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\language< resources\enabledlanguagesHThe "Dutch (Netherlands)" common setting should be configured correctly. CCE-14245-5User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Sindhi (Devanagari) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesHThe "Sindhi (Devanagari)" common setting should be configured correctly. CCE-12770-4User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Hungarian HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages>The "Hungarian" common setting should be configured correctly. CCE-13762-0User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\French (Haiti) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesCThe "French (Haiti)" common setting should be configured correctly. CCE-13792-7User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Konkani HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages<The "Konkani" common setting should be configured correctly. CCE-12550-0User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Azeri (Latin) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesBThe "Azeri (Latin)" common setting should be configured correctly. CCE-13369-4User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Macedonian (FYROM) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesGThe "Macedonian (FYROM)" common setting should be configured correctly. CCE-13604-4User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Bosnian (Cyrillic, Bosnia and Herzegovina) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages_The "Bosnian (Cyrillic, Bosnia and Herzegovina)" common setting should be configured correctly. CCE-12199-6User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Lithuanian HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages?The "Lithuanian" common setting should be configured correctly. CCE-12734-0User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Spanish (Honduras) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesGThe "Spanish (Honduras)" common setting should be configured correctly. CCE-13681-2User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Arabic (Algeria) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesEThe "Arabic (Algeria)" common setting should be configured correctly. CCE-11586-5User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Serbian (Latin, Montenegro) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesPThe "Serbian (Latin, Montenegro)" common setting should be configured correctly. CCE-12588-0User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\English (Belize) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesEThe "English (Belize)" common setting should be configured correctly. CCE-14168-9User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Sami, Skolt (Finland) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesJThe "Sami, Skolt (Finland)" common setting should be configured correctly. CCE-12396-8User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Mongolian (Traditional Mongolian) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesVThe "Mongolian (Traditional Mongolian)" common setting should be configured correctly. CCE-13701-8User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Setswana HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages=The "Setswana" common setting should be configured correctly. CCE-14426-1User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Arabic (Yemen) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesCThe "Arabic (Yemen)" common setting should be configured correctly. CCE-12883-5User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Hawaiian HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages=The "Hawaiian" common setting should be configured correctly. CCE-13849-5User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Fulfulde HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages=The "Fulfulde" common setting should be configured correctly. CCE-14187-9User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Papiamentu HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages?The "Papiamentu" common setting should be configured correctly. CCE-12942-9User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Spanish (Guatemala) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesHThe "Spanish (Guatemala)" common setting should be configured correctly. CCE-14260-4User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Romanian (Romania) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesGThe "Romanian (Romania)" common setting should be configured correctly. CCE-13330-6User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Sami, Southern (Sweden) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesLThe "Sami, Southern (Sweden)" common setting should be configured correctly. CCE-12809-0User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Igbo HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages9The "Igbo" common setting should be configured correctly. CCE-12216-8User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Quechua (Bolivia) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesFThe "Quechua (Bolivia)" common setting should be configured correctly. CCE-12355-4User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Langu< ages\Enabled Editing Languages\Serbian (Latin, Serbia) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesLThe "Serbian (Latin, Serbia)" common setting should be configured correctly. CCE-12490-9User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Georgian HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages=The "Georgian" common setting should be configured correctly. CCE-11993-3User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Serbian (Latin, Serbia and Montenegro (Former)) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesdThe "Serbian (Latin, Serbia and Montenegro (Former))" common setting should be configured correctly. CCE-12349-7User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Korean HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages;The "Korean" common setting should be configured correctly. CCE-12310-9User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Inuktitut (Latin) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesFThe "Inuktitut (Latin)" common setting should be configured correctly. CCE-14602-7User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Armenian (Armenia) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesGThe "Armenian (Armenia)" common setting should be configured correctly. CCE-13250-6User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Spanish (El Salvador) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesJThe "Spanish (El Salvador)" common setting should be configured correctly. CCE-13457-7User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Chinese (Hong Kong S.A.R.) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesOThe "Chinese (Hong Kong S.A.R.)" common setting should be configured correctly. CCE-13038-5User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Kazakh HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages;The "Kazakh" common setting should be configured correctly. CCE-14605-0User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Gaelic (United Kingdom) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesLThe "Gaelic (United Kingdom)" common setting should be configured correctly. CCE-12195-4User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Romanian (Moldova) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesGThe "Romanian (Moldova)" common setting should be configured correctly. CCE-13419-7User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Bengali (Bangladesh) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesIThe "Bengali (Bangladesh)" common setting should be configured correctly. CCE-12323-2User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Russian (Moldova) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesFThe "Russian (Moldova)" common setting should be configured correctly. CCE-14662-1User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Assamese (India) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesEThe "Assamese (India)" common setting should be configured correctly. CCE-12430-5User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Alsatian HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages=The "Alsatian" common setting should be configured correctly. CCE-12140-0User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Amharic HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages<The "Amharic" common setting should be configured correctly. CCE-13292-8User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Maori HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages:The "Maori" common setting should be configured correctly. CCE-12624-3User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Greek HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages:The "Greek" common setting should be configured correctly. CCE-12760-5User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Afrikaans HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages>The "Afrikaans" common setting should be configured correctly. CCE-12303-4User Configuration\Administrative Templates\Microsoft Publisher 2010\Disable Items in User Interface\Custom\Disable commands HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\publisher\disabledcmdbaritemslistHThe "Disable commands" Publisher setting should be configured correctly. CCE-13114-4User Configuration\Administrative Templates\Microsoft Word 2010\Disable Items in User Interface\Predefined\Disable shortcut keys HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\disabledshortcutkeyscheckboxesHThe "Disable shortcut keys" Word setting should be configured correctly. CCE-12776-1User Configuration\Administrative Templates\Microsoft Word 2010\Disable Items in User Interface\Predefined\Disable commands HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\disabledcmdbaritemscheckboxesCThe "Disable commands" Word setting should be configured correctly. CCE-12964-3User Configuration\Administrative Templates\Microsoft PowerPoint 2010\Miscellaneous\Disable Slide Update HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\slide librariesMThe "Disable Slide Update" PowerPoint setting should be configured correctly. CCE-13219-1User Configuration\Administrative Templates\Microsoft Publisher 2010\Publisher Options\General\Show the New template gallery when starting Publisher HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\publisher\preferencesmThe "Show the New template gallery when starting Publisher" Publisher setting should be configured correctly. CCE-12113-7User Configuration\Administrative Templates\Microsoft Office 2010\Tools | Options | General | Service Options...\Online Content\Online content options HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\internetKThe "Online content options" common setting should be configured correctly. CCE-14105-1User Configuration\Administrative Templates\Microsoft InfoPath 2010\InfoPath Options\Advanced\Disable Common Langu< age Runtime errors when filling out forms HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\infopath\form debuggingtThe "Disable Common Language Runtime errors when filling out forms" InfoPath setting should be configured correctly. CCE-14357-8User Configuration\Administrative Templates\Microsoft InfoPath 2010\InfoPath Options\Advanced\AutoRecover Interval HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\infopathKThe "AutoRecover Interval" InfoPath setting should be configured correctly. CCE-14808-0User Configuration\Administrative Templates\Microsoft InfoPath 2010\InfoPath Options\Advanced\Enable AutoRecover HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\infopathIThe "Enable AutoRecover" InfoPath setting should be configured correctly. CCE-12156-6User Configuration\Administrative Templates\Microsoft SharePoint Designer 2010\Downloading Framework Components\Set download location for Microsoft .NET Framework 3.5 SP1 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\commonoThe "Set download location for Microsoft .NET Framework 3.5 SP1" common setting should be configured correctly. CCE-14547-4User Configuration\Administrative Templates\Microsoft SharePoint Designer 2010\Downloading Framework Components\Hide missing component download hyperlinks HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common_The "Hide missing component download hyperlinks" common setting should be configured correctly. CCE-12110-3User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\Journal Options\Journal entry options HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\journalKThe "Journal entry options" Outlook setting should be configured correctly. CCE-14730-6User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\Journal Options\Automatically journal these items HKEY_CURRENT_USER\software\policies\microsoft\shared tools\outlook\journaling\task requestWThe "Automatically journal these items" Outlook setting should be configured correctly. CCE-13147-4User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\Journal Options\Do not record listed Outlook items in Journal HKEY_CURRENT_USER\software\policies\microsoft\shared tools\outlook\journaling\e-mail messagecThe "Do not record listed Outlook items in Journal" Outlook setting should be configured correctly. CCE-12050-1User Configuration\Administrative Templates\Microsoft Office 2010\Miscellaneous\Workflow Cache\Workflow Cache 10 HKEY_CURRENT_USER\software\policies\microsoft\office\common\workflow\cache\workflow10FThe "Workflow Cache 10" common setting should be configured correctly. CCE-13285-2User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Yakut HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages:The "Yakut" common setting should be configured correctly. CCE-12505-4User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Trust Center\Protected View\Unsafe Location #17 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\security\protectedview\locations\location17HThe "Unsafe Location #17" common setting should be configured correctly. CCE-14337-0User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Uzbek (Cyrillic) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesEThe "Uzbek (Cyrillic)" common setting should be configured correctly. CCE-14983-1User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Trust Center\Protected View\Unsafe Location #4 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\security\protectedview\locations\location4GThe "Unsafe Location #4" common setting should be configured correctly. CCE-14014-5User Configuration\Administrative Templates\Microsoft Office 2010\Collaboration Settings\Default message text for a review request...\With a simple Web discussions link HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\reviewcycleWThe "With a simple Web discussions link" common setting should be configured correctly. CCE-12859-5User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Trust Center\Protected View\Unsafe Location #14 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\security\protectedview\locations\location14HThe "Unsafe Location #14" common setting should be configured correctly. CCE-13141-7User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Trust Center\Protected View\Unsafe Location #19 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\security\protectedview\locations\location19HThe "Unsafe Location #19" common setting should be configured correctly. CCE-13154-0User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Trust Center\Protected View\Unsafe Location #5 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\security\protectedview\locations\location5GThe "Unsafe Location #5" common setting should be configured correctly. CCE-14319-8User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Spanish (Uruguay) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesFThe "Spanish (Uruguay)" common setting should be configured correctly. CCE-14196-0User Configuration\Administrative Templates\Microsoft Office 2010\Collaboration Settings\Default message text for a reply...\With just an attachment HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\reviewcycleLThe "With just an attachment" common setting should be configured correctly. CCE-12542-7User Configuration\Administrative Templates\Microsoft Office 2010\IME (Japanese)\Turn off saving auto-tuning data to file HKEY_CURRENT_USER\software\policies\microsoft\ime\imejp\14.0\msimeVThe "Turn off saving auto-tuning data to file" setting should be configured correctly. CCE-11792-9User Configuration\Administrative Templates\Microsoft Office 2010\IME (Japanese)\Turn off Outlook name dictionaries HKEY_CURRENT_USER\software\policies\microsoft\ime\shared\14.0\mapiPThe "Turn off Outlook name dictionaries" setting should be configured correctly. CCE-12599-7User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Trust Center\Protected View\Unsafe Location #16 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\security\protectedview\locations\location16HThe "Unsafe Location #16" common setting should be configured correctly. CCE-14310-7User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Trust Center\Trusted Location #7 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\security\trusted locations\all applications\location7VThe "Trust Center: Trusted Location #7" common setting should be configured correctly. CCE-12236-6User Configuration\Administrative Templates\Microsoft Office 2010\Global Options\Customize\Turn off all user customizations HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\toolbars\onenoteUThe "Turn off all user customizations" common setting should be configured correctly. CCE-13578-0User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Trust Center\Protected View\Unsafe Location #3 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\security\protectedview\locations\location3GThe "Unsafe Location #3" common setting should be configured correctly. CCE-13101-1User Configuration\Administrative Templates\Microsoft Office 2010\Global Options\Customize\Turn off user customizations via UI HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\toolbars\outlook< XThe "Turn off user customizations via UI" common setting should be configured correctly. CCE-14258-8User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Yiddish HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages<The "Yiddish" common setting should be configured correctly. CCE-11886-9User Configuration\Administrative Templates\Microsoft Office 2010\Collaboration Settings\Default message text for a reply...\With a simple Web discussions link HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\reviewcycle CCE-12491-7User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Trust Center\Trusted Location #12 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\security\trusted locations\all applications\location12WThe "Trust Center: Trusted Location #12" common setting should be configured correctly. CCE-14046-7User Configuration\Administrative Templates\Microsoft Office 2010\Miscellaneous\Workflow Cache\Workflow Cache 15 HKEY_CURRENT_USER\software\policies\microsoft\office\common\workflow\cache\workflow15FThe "Workflow Cache 15" common setting should be configured correctly. CCE-14528-4User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Trust Center\Trusted Location #2 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\security\trusted locations\all applications\location2VThe "Trust Center: Trusted Location #2" common setting should be configured correctly. CCE-13194-6User Configuration\Administrative Templates\Microsoft Office 2010\Disable Items in User Interface\Tooltip for disabled toolbar buttons and menu items HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\toolbarshThe "Tooltip for disabled toolbar buttons and menu items" common setting should be configured correctly. CCE-12031-1User Configuration\Administrative Templates\Microsoft Office 2010\Miscellaneous\Use system font instead of the Office default UI font HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\generaljThe "Use system font instead of the Office default UI font" common setting should be configured correctly. CCE-12969-2User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Yi (PRC) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages=The "Yi (PRC)" common setting should be configured correctly. CCE-14342-0User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Spanish (Paraguay) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesGThe "Spanish (Paraguay)" common setting should be configured correctly. CCE-12357-0User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Tamazight (Latin, Algeria) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesOThe "Tamazight (Latin, Algeria)" common setting should be configured correctly. CCE-14380-0User Configuration\Administrative Templates\Microsoft Office 2010\Improved Error Reporting\Stop reporting error messages HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\alertsRThe "Stop reporting error messages" common setting should be configured correctly. CCE-13758-8User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Urdu HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages9The "Urdu" common setting should be configured correctly. CCE-13376-9User Configuration\Administrative Templates\Microsoft Office 2010\Collaboration Settings\Default message text for a review request...\With a Web discussions link HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\reviewcyclePThe "With a Web discussions link" common setting should be configured correctly. CCE-14487-3User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Spanish (Nicaragua) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesHThe "Spanish (Nicaragua)" common setting should be configured correctly. CCE-14327-1User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Tibetan (PRC) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesBThe "Tibetan (PRC)" common setting should be configured correctly. CCE-14038-4User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Tigrigna (Eritrea) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesGThe "Tigrigna (Eritrea)" common setting should be configured correctly. CCE-11926-3User Configuration\Administrative Templates\Microsoft Office 2010\Disable Items in User Interface\Turn off screen clipping HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\insert media\screenshotMThe "Turn off screen clipping" common setting should be configured correctly. CCE-12607-8User Configuration\Administrative Templates\Microsoft Office 2010\Shared paths\User templates path HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\generalHThe "User templates path" common setting should be configured correctly. CCE-13593-9User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Swedish (Finland) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesFThe "Swedish (Finland)" common setting should be configured correctly. CCE-14657-1User Configuration\Administrative Templates\Microsoft Office 2010\IME (Japanese)\Turn off saving input history data for predictive input to file HKEY_CURRENT_USER\software\policies\microsoft\ime\imejp\14.0\msimemThe "Turn off saving input history data for predictive input to file" setting should be configured correctly. CCE-13453-6User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Trust Center\Trusted Location #3 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\security\trusted locations\all applications\location3VThe "Trust Center: Trusted Location #3" common setting should be configured correctly. CCE-11805-9User Configuration\Administrative Templates\Microsoft Office 2010\IME (Japanese)\Turn off custom dictionary HKEY_CURRENT_USER\software\policies\microsoft\ime\shared\14.0HThe "Turn off custom dictionary" setting should be configured correctly. CCE-14482-4User Configuration\Administrative Templates\Microsoft Office 2010\Global Options\Use ClearType HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\commonBThe "Use ClearType" common setting should be configured correctly. CCE-13730-7User Configuration\Administrative Templates\Microsoft Office 2010\Shared paths\Web Query dialog box home page HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\optionsRThe "Web Query dialog box home page" Excel setting should be configured correctly. CCE-12899-1User Configuration\Administrative Templates\Microsoft Office 2010\Shared paths\User queries path HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\generalFThe "User queries path" common setting should be configured correctly. CCE-14110-1User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Uzbek (Latin) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesBThe "Uzbek (Latin)" common setting should be configured correctly.< CCE-12821-5User Configuration\Administrative Templates\Microsoft Office 2010\IME (Japanese)\Turn on misconversion logging for misconversion report HKEY_CURRENT_USER\software\policies\microsoft\ime\shared\14.0dThe "Turn on misconversion logging for misconversion report" setting should be configured correctly. CCE-13099-7User Configuration\Administrative Templates\Microsoft Office 2010\Tools | Options | Spelling\Use auto-change list HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vprefGThe "Use auto-change list" Word setting should be configured correctly. CCE-12950-2User Configuration\Administrative Templates\Microsoft Office 2010\Web Archives\Web Archive encoding HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\internetIThe "Web Archive encoding" common setting should be configured correctly. CCE-14483-2User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Syriac HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages;The "Syriac" common setting should be configured correctly. CCE-14373-5User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Venda HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages:The "Venda" common setting should be configured correctly. CCE-12610-2User Configuration\Administrative Templates\Microsoft Office 2010\Miscellaneous\Suppress recommended settings dialog HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\generalYThe "Suppress recommended settings dialog" common setting should be configured correctly. CCE-14797-5User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Yoruba HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages;The "Yoruba" common setting should be configured correctly. CCE-14836-1User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Trust Center\Trusted Location #4 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\security\trusted locations\all applications\location4VThe "Trust Center: Trusted Location #4" common setting should be configured correctly. CCE-12905-6User Configuration\Administrative Templates\Microsoft Office 2010\Server Settings\Turn on file synchronization via SOAP over HTTP HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\internetdThe "Turn on file synchronization via SOAP over HTTP" common setting should be configured correctly. CCE-13036-9User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Trust Center\Protected View\Unsafe Location #1 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\security\protectedview\locations\location1GThe "Unsafe Location #1" common setting should be configured correctly. CCE-11565-9User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Trust Center\Trusted Location #10 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\security\trusted locations\all applications\location10WThe "Trust Center: Trusted Location #10" common setting should be configured correctly. CCE-13715-8User Configuration\Administrative Templates\Microsoft Office 2010\Miscellaneous\Workflow Cache\Workflow Cache 11 HKEY_CURRENT_USER\software\policies\microsoft\office\common\workflow\cache\workflow11FThe "Workflow Cache 11" common setting should be configured correctly. CCE-13626-7User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Tsonga HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages;The "Tsonga" common setting should be configured correctly. CCE-13895-8User Configuration\Administrative Templates\Microsoft Office 2010\Miscellaneous\Workflow Cache\Workflow Cache 7 HKEY_CURRENT_USER\software\policies\microsoft\office\common\workflow\cache\workflow7EThe "Workflow Cache 7" common setting should be configured correctly. CCE-12893-4User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Trust Center\Trusted Location #18 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\security\trusted locations\all applications\location18WThe "Trust Center: Trusted Location #18" common setting should be configured correctly. CCE-13997-2User Configuration\Administrative Templates\Microsoft Office 2010\Collaboration Settings\When choosing 'Send for Review...' HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\generalWThe "When choosing 'Send for Review...'" common setting should be configured correctly. CCE-12391-9User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Trust Center\Protected View\Unsafe Location #9 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\security\protectedview\locations\location9GThe "Unsafe Location #9" common setting should be configured correctly. CCE-12095-6User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Specify minimum XAdES level for digital signature generation HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\signaturesqThe "Specify minimum XAdES level for digital signature generation" common setting should be configured correctly. CCE-13348-8User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Trust Center\Protected View\Unsafe Location #11 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\security\protectedview\locations\location11HThe "Unsafe Location #11" common setting should be configured correctly. CCE-11956-0User Configuration\Administrative Templates\Microsoft Office 2010\IME (Japanese)\Turn off SharePoint dictionary HKEY_CURRENT_USER\software\policies\microsoft\ime\shared\14.0\sharepointdictLThe "Turn off SharePoint dictionary" setting should be configured correctly. CCE-13838-8User Configuration\Administrative Templates\Microsoft Office 2010\Contact Card\Turn off click to IM option HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\imPThe "Turn off click to IM option" common setting should be configured correctly. CCE-13986-5User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Specify timestamp server name HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\signaturesRThe "Specify timestamp server name" common setting should be configured correctly. CCE-14392-5User Configuration\Administrative Templates\Microsoft Office 2010\Miscellaneous\Workflow Cache\Workflow Cache 14 HKEY_CURRENT_USER\software\policies\microsoft\office\common\workflow\cache\workflow14FThe "Workflow Cache 14" common setting should be configured correctly. CCE-14401-4User Configuration\Administrative Templates\Microsoft Office 2010\IME (Japanese)\Turn off predictive input HKEY_CURRENT_USER\software\policies\microsoft\ime\imejp\14.0\msimeGThe "Turn off predictive input" setting should be configured correctly. CCE-12773-8User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Spanish (Venezuela) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesHThe "Spanish (Venezuela)" common setting should be configured correctly. CCE-14330-5User Configuration\Administrative Templates\Microsoft Office 2010\IME (Japanese)\Turn off Internet search integration HKEY_CURRENT_USER\software\policies\microsoft\ime\shared\14.0RThe "Turn off Internet search integration" setting should be configured correctly. CCE-12189-7User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Tamil HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\lang< uageresources\enabledlanguages:The "Tamil" common setting should be configured correctly. CCE-13022-9User Configuration\Administrative Templates\Microsoft Office 2010\Tools | Options | Spelling\Suggest from main dictionary only HKEY_CURRENT_USER\software\policies\microsoft\shared tools\proofing tools\1.0\officeOThe "Suggest from main dictionary only" setting should be configured correctly. CCE-12570-8User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Turn off error reporting for files that fail file validation HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\security\filevalidationqThe "Turn off error reporting for files that fail file validation" common setting should be configured correctly. CCE-14557-3User Configuration\Administrative Templates\Microsoft Office 2010\Miscellaneous\Workflow Cache\Workflow Cache 9 HKEY_CURRENT_USER\software\policies\microsoft\office\common\workflow\cache\workflow9EThe "Workflow Cache 9" common setting should be configured correctly. CCE-13529-3User Configuration\Administrative Templates\Microsoft Office 2010\Collaboration Settings\Default message text for a review request...\With a simple Web discussions link and an attachment HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\reviewcycleiThe "With a simple Web discussions link and an attachment" common setting should be configured correctly. CCE-14243-0User Configuration\Administrative Templates\Microsoft Office 2010\IME (Japanese)\Turn off Open Extended Dictionary HKEY_CURRENT_USER\software\policies\microsoft\ime\shared\14.0\openextendeddictOThe "Turn off Open Extended Dictionary" setting should be configured correctly. CCE-14031-9User Configuration\Administrative Templates\Microsoft Office 2010\Shared paths\Workgroup templates path HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\generalMThe "Workgroup templates path" common setting should be configured correctly. CCE-12174-9User Configuration\Administrative Templates\Microsoft Office 2010\Miscellaneous\Workflow Cache\Workflow Cache 12 HKEY_CURRENT_USER\software\policies\microsoft\office\common\workflow\cache\workflow12FThe "Workflow Cache 12" common setting should be configured correctly. CCE-12223-4User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Spanish (Panama) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesEThe "Spanish (Panama)" common setting should be configured correctly. CCE-13008-8User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Trust Center\Trusted Location #17 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\security\trusted locations\all applications\location17WThe "Trust Center: Trusted Location #17" common setting should be configured correctly. CCE-13320-7User Configuration\Administrative Templates\Microsoft Office 2010\Tools | Options | General | Web Options...\Files\Use long file names whenever possible HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\internetZThe "Use long file names whenever possible" common setting should be configured correctly. CCE-13442-9User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Trust Center\Protected View\Unsafe Location #18 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\security\protectedview\locations\location18HThe "Unsafe Location #18" common setting should be configured correctly. CCE-14464-2User Configuration\Administrative Templates\Microsoft Office 2010\Miscellaneous\Web Folders: Managing pairs of Web pages and folders HKEY_CURRENT_USER\software\policies\microsoft\windows\currentversion\explorerbThe "Web Folders: Managing pairs of Web pages and folders" setting should be configured correctly. CCE-12781-1User Configuration\Administrative Templates\Microsoft Office 2010\Collaboration Settings\Default message text for a reply...\With just a simple Web discussions link HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\reviewcycle\The "With just a simple Web discussions link" common setting should be configured correctly. CCE-12687-0User Configuration\Administrative Templates\Microsoft Office 2010\Collaboration Settings\Default message text for a review request...\With a Web discussions link and an attachment HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\reviewcyclebThe "With a Web discussions link and an attachment" common setting should be configured correctly. CCE-13274-6User Configuration\Administrative Templates\Microsoft Office 2010\Manage Restricted Permissions\Specify Permission Policy Path HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\drmSThe "Specify Permission Policy Path" common setting should be configured correctly. CCE-13096-3User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Uyghur (PRC) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesAThe "Uyghur (PRC)" common setting should be configured correctly. CCE-11696-2User Configuration\Administrative Templates\Microsoft Office 2010\Tools | Options | General | Web Options...\Browsers\Target monitor HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\internetCThe "Target monitor" common setting should be configured correctly. CCE-14780-1User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Thai HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages9The "Thai" common setting should be configured correctly. CCE-12316-6User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Tatar HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages:The "Tatar" common setting should be configured correctly. CCE-13224-1User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Trust Center\Trusted Location #9 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\security\trusted locations\all applications\location9VThe "Trust Center: Trusted Location #9" common setting should be configured correctly. CCE-13011-2User Configuration\Administrative Templates\Microsoft Office 2010\Manage Restricted Permissions\Turn off Information Rights Management user interface HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\drmjThe "Turn off Information Rights Management user interface" common setting should be configured correctly. CCE-13229-0User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Turn off PDF encryption setting UI HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\fixedformatWThe "Turn off PDF encryption setting UI" common setting should be configured correctly. CCE-13506-1User Configuration\Administrative Templates\Microsoft Office 2010\Miscellaneous\Workflow Cache\Workflow Cache 6 HKEY_CURRENT_USER\software\policies\microsoft\office\common\workflow\cache\workflow6EThe "Workflow Cache 6" common setting should be configured correctly. CCE-12564-1User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Swahili HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages<The "Swahili" common setting should be configured correctly. CCE-13076-5User Configuration\Administrative Templates\Microsoft Office 2010\Collaboration Settings\Default message text for a review request...\With a link and an attachment HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\reviewcycleRThe "With a link and an attachment" common setting should be configured correctly. CCE-13947-7User Configuration\Administrative Templates\Micr< osoft Office 2010\Security Settings\Trust Center\Protected View\Unsafe Location #10 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\security\protectedview\locations\location10HThe "Unsafe Location #10" common setting should be configured correctly. CCE-13216-7User Configuration\Administrative Templates\Microsoft Office 2010\Document Information Panel\Trust Local Solution HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\documentinformationpanel\trustsolutionIThe "Trust Local Solution" common setting should be configured correctly. CCE-12478-4User Configuration\Administrative Templates\Microsoft Office 2010\Miscellaneous\Workflow Cache\Workflow Cache 5 HKEY_CURRENT_USER\software\policies\microsoft\office\common\workflow\cache\workflow5EThe "Workflow Cache 5" common setting should be configured correctly. CCE-14607-6User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Trust Center\Trusted Location #8 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\security\trusted locations\all applications\location8VThe "Trust Center: Trusted Location #8" common setting should be configured correctly. CCE-12802-5User Configuration\Administrative Templates\Microsoft Office 2010\Tools | Options | General | Web Options...\Files\Update links on save HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\internetIThe "Update links on save" common setting should be configured correctly. CCE-11895-0User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Spanish (United States) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesLThe "Spanish (United States)" common setting should be configured correctly. CCE-14175-4User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Spanish (Puerto Rico) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesJThe "Spanish (Puerto Rico)" common setting should be configured correctly. CCE-12738-1User Configuration\Administrative Templates\Microsoft Office 2010\Contact Card\Turn off click to telephone HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\imPThe "Turn off click to telephone" common setting should be configured correctly. CCE-13398-3User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Upper Sorbian HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesBThe "Upper Sorbian" common setting should be configured correctly. CCE-12175-6User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Trust Center\Protected View\Unsafe Location #15 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\security\protectedview\locations\location15HThe "Unsafe Location #15" common setting should be configured correctly. CCE-12023-8User Configuration\Administrative Templates\Microsoft Office 2010\Miscellaneous\Workflow Cache\Workflow Cache 8 HKEY_CURRENT_USER\software\policies\microsoft\office\common\workflow\cache\workflow8EThe "Workflow Cache 8" common setting should be configured correctly. CCE-14736-3User Configuration\Administrative Templates\Microsoft Office 2010\Contact Card\Turn off presence integration HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\imRThe "Turn off presence integration" common setting should be configured correctly. CCE-12851-2User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Trust Center\Protected View\Unsafe Location #20 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\security\protectedview\locations\location20HThe "Unsafe Location #20" common setting should be configured correctly. CCE-13670-5User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Swedish (Sweden) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesEThe "Swedish (Sweden)" common setting should be configured correctly. CCE-13314-0User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Trust Center\Protected View\Unsafe Location #6 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\security\protectedview\locations\location6GThe "Unsafe Location #6" common setting should be configured correctly. CCE-13661-4User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Turkmen HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages<The "Turkmen" common setting should be configured correctly. CCE-14451-9User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Trust Center\Trusted Location #15 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\security\trusted locations\all applications\location15WThe "Trust Center: Trusted Location #15" common setting should be configured correctly. CCE-13418-9User Configuration\Administrative Templates\Microsoft Office 2010\Collaboration Settings\Default message text for a reply...\With a Web discussions link HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\reviewcycle CCE-12941-1User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Trust Center\Trusted Location #13 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\security\trusted locations\all applications\location13WThe "Trust Center: Trusted Location #13" common setting should be configured correctly. CCE-12206-9User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Trust Center\Trusted Location #14 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\security\trusted locations\all applications\location14WThe "Trust Center: Trusted Location #14" common setting should be configured correctly. CCE-12626-8User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Trust Center\Trusted Location #6 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\security\trusted locations\all applications\location6VThe "Trust Center: Trusted Location #6" common setting should be configured correctly. CCE-12382-8User Configuration\Administrative Templates\Microsoft Office 2010\Miscellaneous\Workflow Cache\Workflow Cache 1 HKEY_CURRENT_USER\software\policies\microsoft\office\common\workflow\cache\workflow1EThe "Workflow Cache 1" common setting should be configured correctly. CCE-11931-3User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Vietnamese HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages?The "Vietnamese" common setting should be configured correctly. CCE-13254-8User Configuration\Administrative Templates\Microsoft Office 2010\Shared paths\Workgroup building blocks path HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\generalSThe "Workgroup building blocks path" common setting should be configured correctly. CCE-13558-2User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Trust Center\Trusted Location #16 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\security\trusted locations\all applications\location16WThe "Trust Center: Trusted Location #16" common setting should be configured correctly. CCE-12601-1User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Trust Center\Protected View\Unsafe Location #12 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\security\protectedview\locations\location12HThe "Unsafe Location #12" common setting should be configured correctly. CCE-12978-3User Configuration\A< dministrative Templates\Microsoft Office 2010\Manage Restricted Permissions\URL for location of document templates displayed when applications do not recognize rights-managed documents HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\drmThe "URL for location of document templates displayed when applications do not recognize rights-managed documents" common setting should be configured correctly. CCE-14338-8User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Trust Center\Trusted Location #5 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\security\trusted locations\all applications\location5VThe "Trust Center: Trusted Location #5" common setting should be configured correctly. CCE-12872-8User Configuration\Administrative Templates\Microsoft Office 2010\Miscellaneous\Use Office 2003 New Document dialog box HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\general\The "Use Office 2003 New Document dialog box" common setting should be configured correctly. CCE-11760-6User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Trust Center\Protected View\Unsafe Location #2 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\security\protectedview\locations\location2GThe "Unsafe Location #2" common setting should be configured correctly. CCE-12805-8User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Spanish (Spain) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesDThe "Spanish (Spain)" common setting should be configured correctly. CCE-12275-4User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Sutu (South Africa) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesHThe "Sutu (South Africa)" common setting should be configured correctly. CCE-12320-8User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Trust Center\Protected View\Unsafe Location #13 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\security\protectedview\locations\location13HThe "Unsafe Location #13" common setting should be configured correctly. CCE-13165-6User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Wolof HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages:The "Wolof" common setting should be configured correctly. CCE-11683-0User Configuration\Administrative Templates\Microsoft Office 2010\Signing\Suppress external signature services menu item HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\signaturescThe "Suppress external signature services menu item" common setting should be configured correctly. CCE-14512-8User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Ukrainian HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages>The "Ukrainian" common setting should be configured correctly. CCE-13743-0User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Trust Center\Protected View\Unsafe Location #8 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\security\protectedview\locations\location8GThe "Unsafe Location #8" common setting should be configured correctly. CCE-12979-1User Configuration\Administrative Templates\Microsoft Office 2010\Signing\Suppress Office Signing Providers HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\signaturesVThe "Suppress Office Signing Providers" common setting should be configured correctly. CCE-11996-6User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Trust Center\Trusted Location #11 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\security\trusted locations\all applications\location11WThe "Trust Center: Trusted Location #11" common setting should be configured correctly. CCE-13983-2User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Trust Center\Trusted Location #19 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\security\trusted locations\all applications\location19WThe "Trust Center: Trusted Location #19" common setting should be configured correctly. CCE-14812-2User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Tajik HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages:The "Tajik" common setting should be configured correctly. CCE-13567-3User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Tigrigna (Ethiopia) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesHThe "Tigrigna (Ethiopia)" common setting should be configured correctly. CCE-12512-0User Configuration\Administrative Templates\Microsoft Office 2010\Miscellaneous\Workflow Cache\Workflow Cache 4 HKEY_CURRENT_USER\software\policies\microsoft\office\common\workflow\cache\workflow4EThe "Workflow Cache 4" common setting should be configured correctly. CCE-12019-6User Configuration\Administrative Templates\Microsoft Office 2010\Miscellaneous\Workflow Cache\Workflow Cache 2 HKEY_CURRENT_USER\software\policies\microsoft\office\common\workflow\cache\workflow3EThe "Workflow Cache 2" common setting should be configured correctly. CCE-12593-0User Configuration\Administrative Templates\Microsoft Office 2010\Improved Error Reporting\Stop reporting non-critical errors HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\shipassertsWThe "Stop reporting non-critical errors" common setting should be configured correctly. CCE-13689-5User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Trust Center\Protected View\Unsafe Location #7 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\security\protectedview\locations\location7GThe "Unsafe Location #7" common setting should be configured correctly. CCE-13312-4User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Tamazight (Arabic, Morocco) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesPThe "Tamazight (Arabic, Morocco)" common setting should be configured correctly. CCE-13532-7User Configuration\Administrative Templates\Microsoft Office 2010\Office Live Workspace\Turn Off Office Live Workspace Integration HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\officeliveworkspace_The "Turn Off Office Live Workspace Integration" common setting should be configured correctly. CCE-12165-7User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Trust Center\Trusted Location #1 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\security\trusted locations\all applications\location1VThe "Trust Center: Trusted Location #1" common setting should be configured correctly. CCE-12437-0User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Suppress hyperlink warnings HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\securityPThe "Suppress hyperlink warnings" common setting should be configured correctly. CCE-12966-8User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Turkish HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages<The "Turkish" common setting should be configured correctly. CCE-13526-9User Configuration\Administrative Templates\Microsoft Office 2010\Language set< tings\Editing Languages\Enabled Editing Languages\Telugu HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages;The "Telugu" common setting should be configured correctly. CCE-12141-8User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Trust Center\Trusted Location #20 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\security\trusted locations\all applications\location20WThe "Trust Center: Trusted Location #20" common setting should be configured correctly. CCE-13932-9User Configuration\Administrative Templates\Microsoft Office 2010\Miscellaneous\Workflow Cache\Workflow Cache 13 HKEY_CURRENT_USER\software\policies\microsoft\office\common\workflow\cache\workflow13FThe "Workflow Cache 13" common setting should be configured correctly. CCE-13138-3User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Welsh HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguages:The "Welsh" common setting should be configured correctly. CCE-13085-6User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Enabled Editing Languages\Spanish (Peru) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresources\enabledlanguagesCThe "Spanish (Peru)" common setting should be configured correctly. CCE-12680-5User Configuration\Administrative Templates\Microsoft Office 2010\IME (Japanese)\Do not include Non-Publishing Standard Glyph in the candidate list HKEY_CURRENT_USER\software\policies\microsoft\ime\imejp\14.0\msimepThe "Do not include Non-Publishing Standard Glyph in the candidate list" setting should be configured correctly. CCE-13235-7User Configuration\Administrative Templates\Microsoft Office 2010\IME (Japanese)\Set update interval for Outlook Contacts Dictionary HKEY_CURRENT_USER\software\policies\microsoft\imejp\14.0\wswordcomment\plugins\mapiaThe "Set update interval for Outlook Contacts Dictionary" setting should be configured correctly. CCE-12854-6User Configuration\Administrative Templates\Microsoft Office 2010\IME (Japanese)\Set comment fields for Outlook Global Address List Dictionary HKEY_CURRENT_USER\software\policies\microsoft\imejp\14.0\wswordcomment\plugins\mapikThe "Set comment fields for Outlook Global Address List Dictionary" setting should be configured correctly. CCE-13850-3User Configuration\Administrative Templates\Microsoft Office 2010\IME (Japanese)\Restrict character code range of conversion HKEY_CURRENT_USER\software\policies\microsoft\ime\imejp\14.0\msimeYThe "Restrict character code range of conversion" setting should be configured correctly. CCE-13964-2User Configuration\Administrative Templates\Microsoft Office 2010\IME (Japanese)\Set update interval for Outlook Global Address List Dictionary HKEY_CURRENT_USER\software\policies\microsoft\imejp\14.0\wswordcomment\plugins\mapilThe "Set update interval for Outlook Global Address List Dictionary" setting should be configured correctly. CCE-13200-1User Configuration\Administrative Templates\Microsoft Office 2010\IME (Japanese)\Set comment fields for Outlook Contacts Dictionary HKEY_CURRENT_USER\software\policies\microsoft\imejp\14.0\wswordcomment\plugins\mapi`The "Set comment fields for Outlook Contacts Dictionary" setting should be configured correctly. CCE-12538-5User Configuration\Administrative Templates\Microsoft Word 2010\Miscellaneous\Do not use online machine translation HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\research\translationZThe "Do not use online machine translation" common setting should be configured correctly. CCE-14423-8User Configuration\Administrative Templates\Microsoft Word 2010\Miscellaneous\Volume preference HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\optionsDThe "Volume preference" Word setting should be configured correctly. CCE-14250-5User Configuration\Administrative Templates\Microsoft Word 2010\Miscellaneous\Disable MRU list in font dropdown HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\optionsTThe "Disable MRU list in font dropdown" Word setting should be configured correctly. CCE-12125-1User Configuration\Administrative Templates\Microsoft Word 2010\Miscellaneous\Alternate revision bar position in printed document HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\optionsfThe "Alternate revision bar position in printed document" Word setting should be configured correctly. CCE-13556-6User Configuration\Administrative Templates\Microsoft Word 2010\Miscellaneous\Tools | Compare and Merge Documents, Legal blackline HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vprefgThe "Tools | Compare and Merge Documents, Legal blackline" Word setting should be configured correctly. CCE-13873-5User Configuration\Administrative Templates\Microsoft Word 2010\Miscellaneous\Use online translation dictionaries HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\research\translationXThe "Use online translation dictionaries" common setting should be configured correctly. CCE-13992-3User Configuration\Administrative Templates\Microsoft Office 2010\Help\Office.com HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\internet?The "Office.com" common setting should be configured correctly. CCE-13710-9User Configuration\Administrative Templates\Microsoft Outlook 2010\Form Region Settings\Locked form regions HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\addins\lockedformregionsIThe "Locked form regions" Outlook setting should be configured correctly. CCE-12667-2User Configuration\Administrative Templates\Microsoft Outlook 2010\Form Region Settings\Configure form regions permissions HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\addinsXThe "Configure form regions permissions" Outlook setting should be configured correctly. CCE-12985-8User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Display Language\Display menus and dialog boxes in HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresourcesVThe "Display menus and dialog boxes in" common setting should be configured correctly. CCE-11776-2User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Display Language\Change or delete link to language pack download site HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresourcesiThe "Change or delete link to language pack download site" common setting should be configured correctly. CCE-12138-4User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Display Language\Display help in HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresourcesDThe "Display help in" common setting should be configured correctly. CCE-13151-6User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Display Language\Change or delete link to the proofing tools download site HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresourcesnThe "Change or delete link to the proofing tools download site" common setting should be configured correctly. CCE-12028-7User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Security\Trust Center\Turn off trusted documents HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\security\trusted documentsSThe "Turn off trusted documents" PowerPoint setting should be configured correctly. CCE-14612-6User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Security\Trust Center\Set maximum number of trusted documents HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\security\trusted documents`The "Set maximum number of trusted documents" PowerPoint setting should be configured correctly. CCE-12874-4User Configurati< on\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Security\Trust Center\Disable all application add-ins HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\securityXThe "Disable all application add-ins" PowerPoint setting should be configured correctly. CCE-14790-0User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Security\Trust Center\Turn off Data Execution Prevention HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\security[The "Turn off Data Execution Prevention" PowerPoint setting should be configured correctly. CCE-12254-9User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Security\Trust Center\Trust access to Visual Basic Project HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\security]The "Trust access to Visual Basic Project" PowerPoint setting should be configured correctly. CCE-11735-8User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Security\Trust Center\Require that application add-ins are signed by Trusted Publisher HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\securityyThe "Require that application add-ins are signed by Trusted Publisher" PowerPoint setting should be configured correctly. CCE-12203-6 User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Security\Trust Center\Disable Trust Bar Notification for unsigned application add-ins and block them HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\securityThe "Disable Trust Bar Notification for unsigned application add-ins and block them" PowerPoint setting should be configured correctly. CCE-12525-2User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Security\Trust Center\Set maximum number of trust records to preserve HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\security\trusted documentshThe "Set maximum number of trust records to preserve" PowerPoint setting should be configured correctly. CCE-12451-1User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Security\Trust Center\VBA Macro Notification Settings HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\securityXThe "VBA Macro Notification Settings" PowerPoint setting should be configured correctly. CCE-13123-5User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Security\Trust Center\Turn off Trusted Documents on the network HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\security\trusted documentsbThe "Turn off Trusted Documents on the network" PowerPoint setting should be configured correctly. CCE-12348-9User Configuration\Administrative Templates\Microsoft OneNote 2010\OneNote Options\Display\Vertical scroll bar appears on left HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\onenote\options\otherYThe "Vertical scroll bar appears on left" OneNote setting should be configured correctly. CCE-14446-9User Configuration\Administrative Templates\Microsoft OneNote 2010\OneNote Options\Display\Page tabs appear on the left HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\onenote\options\otherRThe "Page tabs appear on the left" OneNote setting should be configured correctly. CCE-14320-6User Configuration\Administrative Templates\Microsoft OneNote 2010\OneNote Options\Display\Show Note Containers HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\onenote\options\otherJThe "Show Note Containers" OneNote setting should be configured correctly. CCE-12658-1User Configuration\Administrative Templates\Microsoft OneNote 2010\OneNote Options\Display\Navigation bar appears on the right HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\onenote\options\otherYThe "Navigation bar appears on the right" OneNote setting should be configured correctly. CCE-14682-9User Configuration\Administrative Templates\Microsoft Publisher 2010\Miscellaneous\Add double quotes in Hebrew alphabet numbering HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\publisher\preferencesfThe "Add double quotes in Hebrew alphabet numbering" Publisher setting should be configured correctly. CCE-13825-5User Configuration\Administrative Templates\Microsoft Publisher 2010\Miscellaneous\Prompt user to setup printer HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\publisher\preferencesTThe "Prompt user to setup printer" Publisher setting should be configured correctly. CCE-14750-4User Configuration\Administrative Templates\Microsoft Office 2010\Tools | Options | General | Web Options...\Files\Open Office documents as read/write while browsing HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\internetgThe "Open Office documents as read/write while browsing" common setting should be configured correctly. CCE-14832-0User Configuration\Administrative Templates\Microsoft Office 2010\Tools | Options | General | Web Options...\Files\Open Office document directly in Office application HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\internethThe "Open Office document directly in Office application" common setting should be configured correctly. CCE-12053-5User Configuration\Administrative Templates\Microsoft Office 2010\Tools | Options | General | Web Options...\Files\Organize supporting files in a folder HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\internetZThe "Organize supporting files in a folder" common setting should be configured correctly. CCE-11507-1User Configuration\Administrative Templates\Microsoft Office 2010\Tools | Options | General | Web Options...\Files\Check if Office is the default editor for Web pages created in Office HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\internetzThe "Check if Office is the default editor for Web pages created in Office" common setting should be configured correctly. CCE-12087-3User Configuration\Administrative Templates\Microsoft InfoPath 2010\InfoPath Options\East Asian Language Find\Match cho-on used for vowels HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\infopath\feSThe "Match cho-on used for vowels" InfoPath setting should be configured correctly. CCE-13776-0User Configuration\Administrative Templates\Microsoft InfoPath 2010\InfoPath Options\East Asian Language Find\Match full/half width forms HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\infopath\feRThe "Match full/half width forms" InfoPath setting should be configured correctly. CCE-12247-3User Configuration\Administrative Templates\Microsoft InfoPath 2010\InfoPath Options\East Asian Language Find\Set EA line breaking HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\infopath\designer\feKThe "Set EA line breaking" InfoPath setting should be configured correctly. CCE-13333-0User Configuration\Administrative Templates\Microsoft InfoPath 2010\InfoPath Options\East Asian Language Find\Match minus, dash, cho HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\infopath\feMThe "Match minus, dash, cho" InfoPath setting should be configured correctly. CCE-13458-5User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Customize Ribbon\Display Developer tab in the Ribbon HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\optionsYThe "Display Developer tab in the Ribbon" Outlook setting should be configured correctly. CCE-13103-7User Configuration\Administrative Templates\Microsoft Outlook 2010\Security\Security Form Settings\Attachment Security\Display Level 1 attachments HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\securityQThe "Display Level 1 attachments" Outlook setting should be configured correctly. CCE-14802-3User Configuration\Administrative Templates\Microsoft Outlook 2010\Security\Security Form Settings\Attachment Security\Remove file extensions blocked as Level 1 HKEY_CURRENT_USER\softw< are\policies\microsoft\office\14.0\outlook\security_The "Remove file extensions blocked as Level 1" Outlook setting should be configured correctly. CCE-13121-9User Configuration\Administrative Templates\Microsoft Outlook 2010\Security\Security Form Settings\Attachment Security\Do not prompt about Level 1 attachments when closing an item HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\securityrThe "Do not prompt about Level 1 attachments when closing an item" Outlook setting should be configured correctly. CCE-12197-0User Configuration\Administrative Templates\Microsoft Outlook 2010\Security\Security Form Settings\Attachment Security\Remove file extensions blocked as Level 2 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\security_The "Remove file extensions blocked as Level 2" Outlook setting should be configured correctly. CCE-13004-7User Configuration\Administrative Templates\Microsoft Outlook 2010\Security\Security Form Settings\Attachment Security\Allow users to demote attachments to Level 2 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\securitybThe "Allow users to demote attachments to Level 2" Outlook setting should be configured correctly. CCE-13559-0User Configuration\Administrative Templates\Microsoft Outlook 2010\Security\Security Form Settings\Attachment Security\Do not prompt about Level 1 attachments when sending an item HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\securityrThe "Do not prompt about Level 1 attachments when sending an item" Outlook setting should be configured correctly. CCE-13450-2User Configuration\Administrative Templates\Microsoft Outlook 2010\Security\Security Form Settings\Attachment Security\Add file extensions to block as Level 2 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\security]The "Add file extensions to block as Level 2" Outlook setting should be configured correctly. CCE-14037-6User Configuration\Administrative Templates\Microsoft Outlook 2010\Security\Security Form Settings\Attachment Security\Display OLE package objects HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\securityQThe "Display OLE package objects" Outlook setting should be configured correctly. CCE-11682-2User Configuration\Administrative Templates\Microsoft Outlook 2010\Security\Security Form Settings\Attachment Security\Add file extensions to block as Level 1 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\security]The "Add file extensions to block as Level 1" Outlook setting should be configured correctly. CCE-11655-8JUser Configuration\Administrative Templates\Microsoft Office 2010\Office 2010 Converters\Block opening of pre-release versions of file formats new to PowerPoint 2010 through the Compatibility Pack for Office 2010 and PowerPoint 2010 Converter HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\security\fileblockThe "Block opening of pre-release versions of file formats new to PowerPoint 2010 through the Compatibility Pack for Office 2010 and PowerPoint 2010 Converter" PowerPoint setting should be configured correctly. CCE-14239-8;User Configuration\Administrative Templates\Microsoft Office 2010\Office 2010 Converters\Block opening of pre-release versions of file formats new to Excel 2010 through the Compatibility Pack for Office 2010 and Excel 2010 Converter HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\security\fileblockThe "Block opening of pre-release versions of file formats new to Excel 2010 through the Compatibility Pack for Office 2010 and Excel 2010 Converter" Excel setting should be configured correctly. CCE-14865-0UUser Configuration\Administrative Templates\Microsoft Office 2010\Office 2010 Converters\Block opening of pre-release versions of file formats new to Word 2010 through the Compatibility Pack for Office 2010 and Word 2010 Open XML/Word 97-2003 Format Converter HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\security\fileblockThe "Block opening of pre-release versions of file formats new to Word 2010 through the Compatibility Pack for Office 2010 and Word 2010 Open XML/Word 97-2003 Format Converter" Word setting should be configured correctly. CCE-12225-9User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\File Locations\Default File Location HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\optionsHThe "Default File Location" Word setting should be configured correctly. CCE-11816-6User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\File Locations\Startup HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options:The "Startup" Word setting should be configured correctly. CCE-12294-5User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\File Locations\AutoRecover files HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\optionsDThe "AutoRecover files" Word setting should be configured correctly. CCE-13598-8User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\File Locations\Tools HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options8The "Tools" Word setting should be configured correctly. CCE-13181-3User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\File Locations\Clipart pictures HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\optionsCThe "Clipart pictures" Word setting should be configured correctly. CCE-12403-2User Configuration\Administrative Templates\Microsoft InfoPath 2010\Miscellaneous\Enter URL of location where template parts are stored HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\infopath\designerlThe "Enter URL of location where template parts are stored" InfoPath setting should be configured correctly. CCE-13965-9User Configuration\Administrative Templates\Microsoft InfoPath 2010\Miscellaneous\Turn off InfoPath Designer mode HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\infopath\designerVThe "Turn off InfoPath Designer mode" InfoPath setting should be configured correctly. CCE-14406-3User Configuration\Administrative Templates\Microsoft InfoPath 2010\Miscellaneous\Disable Microsoft InfoPath Filler Control HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\infopath\editor\activexcontrol`The "Disable Microsoft InfoPath Filler Control" InfoPath setting should be configured correctly. CCE-14641-5User Configuration\Administrative Templates\Microsoft InfoPath 2010\Miscellaneous\Allow users to turn on and off printing of background colors. HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\infopath\internet explorer\maintThe "Allow users to turn on and off printing of background colors." InfoPath setting should be configured correctly. CCE-14012-9User Configuration\Administrative Templates\Microsoft InfoPath 2010\Miscellaneous\Email Forms Beaconing UI HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\infopath\securityOThe "Email Forms Beaconing UI" InfoPath setting should be configured correctly. CCE-12381-0User Configuration\Administrative Templates\Microsoft InfoPath 2010\InfoPath Options\Design\Enter text direction for new forms HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\infopath\designerYThe "Enter text direction for new forms" InfoPath setting should be configured correctly. CCE-14189-5User Configuration\Administrative Templates\Microsoft OneNote 2010\OneNote Options\Versions and Recyle Bin\Days back to keep in version history HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\onenote\options\versionsZThe "Days back to keep in version history" OneNote setting should be configured correctly. CCE-14372-7User Configuration\Administrative Templates\Microsoft OneNote 2010\OneNote Options\Versions and Recyle Bin\Days of hourly versions not to prune after Days Back HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\onenote\options\versionsjThe "Days of hourly versions not to pr< une after Days Back" OneNote setting should be configured correctly. CCE-13342-1User Configuration\Administrative Templates\Microsoft OneNote 2010\OneNote Options\Versions and Recyle Bin\Days back to keep items in recycle bin HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\onenote\options\versions\The "Days back to keep items in recycle bin" OneNote setting should be configured correctly. CCE-12857-9User Configuration\Administrative Templates\Microsoft OneNote 2010\OneNote Options\Versions and Recyle Bin\Do not prune versions over time HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\onenote\options\versionsUThe "Do not prune versions over time" OneNote setting should be configured correctly. CCE-12591-4User Configuration\Administrative Templates\Microsoft OneNote 2010\OneNote Options\Versions and Recyle Bin\Turn off Versions and Notebook Recycle Bin in shared notebooks HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\onenote\options\versionstThe "Turn off Versions and Notebook Recycle Bin in shared notebooks" OneNote setting should be configured correctly. CCE-13277-9User Configuration\Administrative Templates\Microsoft OneNote 2010\OneNote Options\Versions and Recyle Bin\Maximum number of once-per-day version history items kept HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\onenote\options\versionsoThe "Maximum number of once-per-day version history items kept" OneNote setting should be configured correctly. CCE-13504-6User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\Calendar Options\Schedule View\Prevent Other Department Calendar from appearing HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\wunderbarfThe "Prevent Other Department Calendar from appearing" Outlook setting should be configured correctly. CCE-13177-1 User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\Calendar Options\Schedule View\Turn off auto-switching from vertical to horizontal layout HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\wunderbarpThe "Turn off auto-switching from vertical to horizontal layout" Outlook setting should be configured correctly. CCE-13595-4User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\Calendar Options\Schedule View\Do not allow horizontal calendar view HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\calendar[The "Do not allow horizontal calendar view" Outlook setting should be configured correctly. CCE-12751-4User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\Calendar Options\Schedule View\Prevent Reporting Line Group Calendar from appearing HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\wunderbarjThe "Prevent Reporting Line Group Calendar from appearing" Outlook setting should be configured correctly. CCE-12283-8User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\Calendar Options\Schedule View\Turn off sharing recommendation HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\calendarUThe "Turn off sharing recommendation" Outlook setting should be configured correctly. CCE-11909-9User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\Calendar Options\Schedule View\Prevent My Department Calendar from appearing HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\wunderbarcThe "Prevent My Department Calendar from appearing" Outlook setting should be configured correctly. CCE-13290-2User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\Calendar Options\Schedule View\Turn off Legacy Group Calendar migration HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\wunderbar^The "Turn off Legacy Group Calendar migration" Outlook setting should be configured correctly. CCE-13048-4 User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\Calendar Options\Schedule View\Turn off auto-switching from horizontal to vertical layout HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\wunderbarpThe "Turn off auto-switching from horizontal to vertical layout" Outlook setting should be configured correctly. CCE-13652-3User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Proofing\AutoCorrect Options\Straight quotes with smart quotes HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\autoformat as you typeUThe "Straight quotes with smart quotes" Visio setting should be configured correctly. CCE-12976-7User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Proofing\AutoCorrect Options\Hyphens with dash HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\autoformat as you typeEThe "Hyphens with dash" Visio setting should be configured correctly. CCE-12377-8User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Proofing\AutoCorrect Options\Fractions with fraction character HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\autoformat as you typeUThe "Fractions with fraction character" Visio setting should be configured correctly. CCE-14745-4User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Proofing\AutoCorrect Options\Ordinals with superscript HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\autoformat as you typeMThe "Ordinals with superscript" Visio setting should be configured correctly. CCE-12901-5User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Proofing\AutoCorrect Options\Smiley faces and arrows with special symbols HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\autoformat as you type`The "Smiley faces and arrows with special symbols" Visio setting should be configured correctly. CCE-13440-3User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Mail Setup\Dial-up options HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\mailEThe "Dial-up options" Outlook setting should be configured correctly. CCE-12931-2User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Mail Setup\Mail account options HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\mailJThe "Mail account options" Outlook setting should be configured correctly. CCE-12364-6User Configuration\Administrative Templates\Microsoft Outlook 2010\Account Settings\Exchange\Offline Address Book\Use only OAB v4 HKEY_CURRENT_USER\software\policies\microsoft\exchange\exchange provider=The "Use only OAB v4" setting should be configured correctly. CCE-12513-8User Configuration\Administrative Templates\Microsoft Outlook 2010\Account Settings\Exchange\Offline Address Book\Turn off Hierarchical Address Book department selection HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlookmThe "Turn off Hierarchical Address Book department selection" Outlook setting should be configured correctly. CCE-13860-2User Configuration\Administrative Templates\Microsoft Outlook 2010\Account Settings\Exchange\Offline Address Book\Turn off Hierarchical Address Book HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlookXThe "Turn off Hierarchical Address Book" Outlook setting should be configured correctly. CCE-13325-6User Configuration\Administrative Templates\Microsoft Outlook 2010\Account Settings\Exchange\Offline Address Book\Offline Address Book: Prompt before Downloading Full OAB HKEY_CURRENT_USER\software\policies\microsoft\exchange\exchange providerfThe "Offline Address Book: Prompt before Downloading Full OAB" setting should be configured correctly. CCE-14912-0User Configuration\Administrative Templates\Microsoft Outlook 2010\Account Settings\Exchange\Offline Address Book\Display option for downloading OAB changes sinc< e last Send/Receive HKEY_CURRENT_USER\software\policies\microsoft\exchange\exchange providerpThe "Display option for downloading OAB changes since last Send/Receive" setting should be configured correctly. CCE-12128-5User Configuration\Administrative Templates\Microsoft Outlook 2010\Account Settings\Exchange\Offline Address Book\Offline Address Book: Limit number of incremental OAB downloads HKEY_CURRENT_USER\software\policies\microsoft\exchange\exchange providermThe "Offline Address Book: Limit number of incremental OAB downloads" setting should be configured correctly. CCE-14500-3User Configuration\Administrative Templates\Microsoft Outlook 2010\Account Settings\Exchange\Offline Address Book\Return e-mail alias if it exactly matches the provided e-mail address when searching OAB HKEY_CURRENT_USER\software\policies\microsoft\exchange\exchange providerThe "Return e-mail alias if it exactly matches the provided e-mail address when searching OAB" setting should be configured correctly. CCE-14203-4User Configuration\Administrative Templates\Microsoft Outlook 2010\Account Settings\Exchange\Offline Address Book\Turn off Hierarchical Address Book search HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook_The "Turn off Hierarchical Address Book search" Outlook setting should be configured correctly. CCE-13110-2User Configuration\Administrative Templates\Microsoft Outlook 2010\Account Settings\Exchange\Offline Address Book\Offline Address Book: Limit manual OAB downloads HKEY_CURRENT_USER\software\policies\microsoft\exchange\exchange provider^The "Offline Address Book: Limit manual OAB downloads" setting should be configured correctly. CCE-11619-4User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Advanced\Web Options...\General\Show slide animation while browsing HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\internet\The "Show slide animation while browsing" PowerPoint setting should be configured correctly. CCE-13579-8User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Advanced\Web Options...\General\Slide navigation HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\internetIThe "Slide navigation" PowerPoint setting should be configured correctly. CCE-12820-7User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Advanced\Web Options...\General\Resize graphics to fit browser window HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\internet^The "Resize graphics to fit browser window" PowerPoint setting should be configured correctly. CCE-12578-1User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Security\Trust Center\Disable Trust Bar Notification for unsigned application add-ins and block them HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\securityThe "Disable Trust Bar Notification for unsigned application add-ins and block them" Word setting should be configured correctly. CCE-13705-9User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Security\Trust Center\Turn off Trusted Documents on the network HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\security\trusted documents\The "Turn off Trusted Documents on the network" Word setting should be configured correctly. CCE-14053-3User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Security\Trust Center\Turn off trusted documents HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\security\trusted documentsMThe "Turn off trusted documents" Word setting should be configured correctly. CCE-14249-7User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Security\Trust Center\VBA Macro Notification Settings HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\securityRThe "VBA Macro Notification Settings" Word setting should be configured correctly. CCE-13182-1User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Security\Trust Center\Set maximum number of trust records to preserve HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\security\trusted documentsbThe "Set maximum number of trust records to preserve" Word setting should be configured correctly. CCE-13887-5User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Security\Trust Center\Turn off Data Execution Prevention HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\securityUThe "Turn off Data Execution Prevention" Word setting should be configured correctly. CCE-12577-3User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Security\Trust Center\Set maximum number of trusted documents HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\security\trusted documentsZThe "Set maximum number of trusted documents" Word setting should be configured correctly. CCE-14035-0User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Security\Trust Center\Require that application add-ins are signed by Trusted Publisher HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\securitysThe "Require that application add-ins are signed by Trusted Publisher" Word setting should be configured correctly. CCE-13268-8User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Security\Trust Center\Disable all application add-ins HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\securityRThe "Disable all application add-ins" Word setting should be configured correctly. CCE-13769-5User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Security\Trust Center\Scan encrypted macros in Word Open XML documents HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\securitycThe "Scan encrypted macros in Word Open XML documents" Word setting should be configured correctly. CCE-13294-4User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Security\Trust Center\Trust access to Visual Basic Project HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\securityWThe "Trust access to Visual Basic Project" Word setting should be configured correctly. CCE-12368-7User Configuration\Administrative Templates\Microsoft OneNote 2010\OneNote Options\Password\Disallows add-ons access to password protected sections HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\onenote\securitymThe "Disallows add-ons access to password protected sections" OneNote setting should be configured correctly. CCE-14531-8User Configuration\Administrative Templates\Microsoft OneNote 2010\OneNote Options\Password\Lock password protected sections as soon as I navigate away from them HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\onenote\security{The "Lock password protected sections as soon as I navigate away from them" OneNote setting should be configured correctly. CCE-12207-7User Configuration\Administrative Templates\Microsoft OneNote 2010\OneNote Options\Password\Lock password protected sections after user hasn't worked on them for a time HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\onenote\securityThe "Lock password protected sections after user hasn't worked on them for a time" OneNote setting should be configured correctly. CCE-11550-1User Configuration\Administrative Templates\Microsoft OneNote 2010\OneNote Options\Password\Disable password protected sections HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\onenote\generalYThe "Disable password protected sections" OneNote setting should be configured correctly. CCE-14314-9User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\Smart cut and paste\Adjust paragraph spacing on paste HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vprefTThe "Adjust paragraph spacing on paste" Word setting should be configured correctly. CCE-11803-4User Configuration\Administrative Templates\Microsoft Word 2010\W< ord Options\Advanced\Smart cut and paste\Adjust sentence and word spacing automatically HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vprefaThe "Adjust sentence and word spacing automatically" Word setting should be configured correctly. CCE-14717-3User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\Smart cut and paste\Merge pasted lists with surrounding lists HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vpref\The "Merge pasted lists with surrounding lists" Word setting should be configured correctly. CCE-11680-6User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\Smart cut and paste\Smart style behavior HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vprefGThe "Smart style behavior" Word setting should be configured correctly. CCE-12041-0User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\Smart cut and paste\Adjust table formatting and alignment on paste HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vprefaThe "Adjust table formatting and alignment on paste" Word setting should be configured correctly. CCE-12552-6User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\Smart cut and paste\Adjust formatting when pasting from Microsoft Excel HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vpreffThe "Adjust formatting when pasting from Microsoft Excel" Word setting should be configured correctly. CCE-12992-4User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\Smart cut and paste\Merge formatting when pasting from PowerPoint HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vpref`The "Merge formatting when pasting from PowerPoint" Word setting should be configured correctly. CCE-13875-0-User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Security\Trust Center\File Block Settings\PowerPoint 2007 and later presentations, shows, templates, themes and add-in files HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\security\fileblockThe "PowerPoint 2007 and later presentations, shows, templates, themes and add-in files" PowerPoint setting should be configured correctly. CCE-11830-7User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Security\Trust Center\File Block Settings\OpenDocument Presentation files HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\security\fileblockXThe "OpenDocument Presentation files" PowerPoint setting should be configured correctly. CCE-14382-6User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Security\Trust Center\File Block Settings\Legacy converters for PowerPoint HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\security\fileblockYThe "Legacy converters for PowerPoint" PowerPoint setting should be configured correctly. CCE-13722-4User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Security\Trust Center\File Block Settings\Graphic Filters HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\security\fileblockHThe "Graphic Filters" PowerPoint setting should be configured correctly. CCE-13336-3User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Security\Trust Center\File Block Settings\PowerPoint beta files HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\security\fileblockNThe "PowerPoint beta files" PowerPoint setting should be configured correctly. CCE-13430-4User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Security\Trust Center\File Block Settings\Web Pages HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\security\fileblockBThe "Web Pages" PowerPoint setting should be configured correctly. CCE-14467-5User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Security\Trust Center\File Block Settings\Microsoft Office Open XML converters for PowerPoint HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\security\fileblocklThe "Microsoft Office Open XML converters for PowerPoint" PowerPoint setting should be configured correctly. CCE-13302-5User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Security\Trust Center\File Block Settings\PowerPoint beta converters HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\security\fileblockSThe "PowerPoint beta converters" PowerPoint setting should be configured correctly. CCE-12093-1User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Security\Trust Center\File Block Settings\Outline files HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\security\fileblockFThe "Outline files" PowerPoint setting should be configured correctly. CCE-13402-3User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Security\Trust Center\File Block Settings\PowerPoint 97-2003 presentations, shows, templates and add-in files HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\security\fileblock|The "PowerPoint 97-2003 presentations, shows, templates and add-in files" PowerPoint setting should be configured correctly. CCE-14523-5User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Security\Trust Center\File Block Settings\Set default file block behavior HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\security\fileblockXThe "Set default file block behavior" PowerPoint setting should be configured correctly. CCE-13970-9User Configuration\Administrative Templates\Microsoft Outlook 2010\Account Settings\Exchange\Prevent copying or moving items between accounts HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlookfThe "Prevent copying or moving items between accounts" Outlook setting should be configured correctly. CCE-13150-8User Configuration\Administrative Templates\Microsoft Outlook 2010\Account Settings\Exchange\Configure Outlook Anywhere user interface options HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\rpcgThe "Configure Outlook Anywhere user interface options" Outlook setting should be configured correctly. CCE-12547-6User Configuration\Administrative Templates\Microsoft Outlook 2010\Account Settings\Exchange\Exchange Unicode Mode - Silent OST format change HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\emspfThe "Exchange Unicode Mode - Silent OST format change" Outlook setting should be configured correctly. CCE-13152-4User Configuration\Administrative Templates\Microsoft Outlook 2010\Account Settings\Exchange\Do not validate personal Contact Groups when sending e-mail messages HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\mailzThe "Do not validate personal Contact Groups when sending e-mail messages" Outlook setting should be configured correctly. CCE-13335-5User Configuration\Administrative Templates\Microsoft Outlook 2010\Account Settings\Exchange\Enable RPC encryption HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\rpcKThe "Enable RPC encryption" Outlook setting should be configured correctly. CCE-13674-7User Configuration\Administrative Templates\Microsoft Outlook 2010\Account Settings\Exchange\Do not allow an OST file to be created HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\ost\The "Do not allow an OST file to be created" Outlook setting should be configured correctly. CCE-13233-2User Configuration\Administrative Templates\Microsoft Outlook 2010\Account Settings\Exchange\Automatically configure profile based on Active Directory Primary SMTP address HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\autodiscoverThe "Automatically configure < profile based on Active Directory Primary SMTP address" Outlook setting should be configured correctly. CCE-13667-1User Configuration\Administrative Templates\Microsoft Outlook 2010\Account Settings\Exchange\Cached Exchange low bandwidth threshold HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\rpc]The "Cached Exchange low bandwidth threshold" Outlook setting should be configured correctly. CCE-11504-8User Configuration\Administrative Templates\Microsoft Outlook 2010\Account Settings\Exchange\Specify exceptions for DisableCrossAccountCopy HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlookdThe "Specify exceptions for DisableCrossAccountCopy" Outlook setting should be configured correctly. CCE-13714-1User Configuration\Administrative Templates\Microsoft Outlook 2010\Account Settings\Exchange\Synchronizing data in shared folders HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\cached modeZThe "Synchronizing data in shared folders" Outlook setting should be configured correctly. CCE-13278-7User Configuration\Administrative Templates\Microsoft Outlook 2010\Account Settings\Exchange\Do not display Folder Size button on folder properties dialog box HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlookwThe "Do not display Folder Size button on folder properties dialog box" Outlook setting should be configured correctly. CCE-12372-9User Configuration\Administrative Templates\Microsoft Outlook 2010\Account Settings\Exchange\Do not allow users to change permissions on folders HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\foldersiThe "Do not allow users to change permissions on folders" Outlook setting should be configured correctly. CCE-13778-6User Configuration\Administrative Templates\Microsoft Outlook 2010\Account Settings\Exchange\Exchange Unicode Mode - Ignore OST Format HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\emsp_The "Exchange Unicode Mode - Ignore OST Format" Outlook setting should be configured correctly. CCE-14888-2User Configuration\Administrative Templates\Microsoft Outlook 2010\Account Settings\Exchange\Restrict legacy Exchange account HKEY_CURRENT_USER\software\policies\microsoft\exchangeNThe "Restrict legacy Exchange account" setting should be configured correctly. CCE-12768-8User Configuration\Administrative Templates\Microsoft Outlook 2010\Account Settings\Exchange\Authentication with Exchange Server HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\securityYThe "Authentication with Exchange Server" Outlook setting should be configured correctly. CCE-13241-5User Configuration\Administrative Templates\Microsoft Outlook 2010\Account Settings\Exchange\Set maximum number of Exchange accounts per profile HKEY_CURRENT_USER\software\policies\microsoft\exchangeaThe "Set maximum number of Exchange accounts per profile" setting should be configured correctly. CCE-13083-1User Configuration\Administrative Templates\Microsoft Outlook 2010\Account Settings\Exchange\Exchange Unicode Mode - Turn off ANSI mode HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\emsp`The "Exchange Unicode Mode - Turn off ANSI mode" Outlook setting should be configured correctly. CCE-12537-7User Configuration\Administrative Templates\Microsoft Outlook 2010\Account Settings\Exchange\Use legacy Change Password authentication dialog boxes HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\rpclThe "Use legacy Change Password authentication dialog boxes" Outlook setting should be configured correctly. CCE-13352-0User Configuration\Administrative Templates\Microsoft Outlook 2010\Security\Security Form Settings\Programmatic Security\Trusted Add-ins\Configure trusted add-ins HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\security\trustedaddinsOThe "Configure trusted add-ins" Outlook setting should be configured correctly. CCE-13357-9User Configuration\Administrative Templates\Microsoft Office 2010\Tools | Options | General | Web Options...\General\Rely on CSS for font formatting HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\internet CCE-13144-1User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\Edit\Hyperlink appearance in 'Project1'\Underline hyperlinks HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\editJThe "Underline hyperlinks" Project setting should be configured correctly. CCE-14347-9User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\Edit\Hyperlink appearance in 'Project1'\Hyperlink color HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\editEThe "Hyperlink color" Project setting should be configured correctly. CCE-13524-4User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\Edit\Hyperlink appearance in 'Project1'\Followed hyperlink color HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\editNThe "Followed hyperlink color" Project setting should be configured correctly. CCE-14689-4User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Save\Save Documents\Prompt for document properties on first save HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\application`The "Prompt for document properties on first save" Visio setting should be configured correctly. CCE-12501-3User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Save\Save Documents\Save Visio files as HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\applicationGThe "Save Visio files as" Visio setting should be configured correctly. CCE-12659-9User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Advanced\Display\Text HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\document8The "Text" Visio setting should be configured correctly. CCE-14332-1User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Advanced\Display\Angle HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\document9The "Angle" Visio setting should be configured correctly. CCE-14057-4User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Advanced\Display\Always offer 'Metric' and 'US units' for new blank drawings and stencils HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\application|The "Always offer 'Metric' and 'US units' for new blank drawings and stencils" Visio setting should be configured correctly. CCE-12856-1User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Advanced\Display\Duration HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\document<The "Duration" Visio setting should be configured correctly. CCE-13417-1User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Advanced\Display\Actions HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\application;The "Actions" Visio setting should be configured correctly. CCE-14650-6User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Advanced\Display\Stencil window ScreenTips HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\applicationMThe "Stencil window ScreenTips" Visio setting should be configured correctly. CCE-14364-4User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Advanced\Display\Prevent showing New screen on launch HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\applicationXThe "Prevent showing New screen on launch" Visio setting should be configured correctly. CCE-14218-2User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Advanced\Display\Specify ScreenTips to appear HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\applicationPThe "Specify ScreenTips to appear" Visio setting should be configured correctly. CCE-13687-9User Configuration\Administrative Templates\Microsoft Outlook < 2010\Account Settings\Exchange\Cached Exchange Mode\Disallow On Slow Connections Only Download Headers HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\cached modehThe "Disallow On Slow Connections Only Download Headers" Outlook setting should be configured correctly. CCE-14702-5User Configuration\Administrative Templates\Microsoft Outlook 2010\Account Settings\Exchange\Cached Exchange Mode\Do not sync in Cached Exchange mode when users click Send/Receive or F9 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\cached mode}The "Do not sync in Cached Exchange mode when users click Send/Receive or F9" Outlook setting should be configured correctly. CCE-14060-8User Configuration\Administrative Templates\Microsoft Outlook 2010\Account Settings\Exchange\Cached Exchange Mode\Use Cached Exchange Mode for new and existing Outlook profiles HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\cached modetThe "Use Cached Exchange Mode for new and existing Outlook profiles" Outlook setting should be configured correctly. CCE-13087-2User Configuration\Administrative Templates\Microsoft Outlook 2010\Account Settings\Exchange\Cached Exchange Mode\Download shared non-mail folders HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\cached modeVThe "Download shared non-mail folders" Outlook setting should be configured correctly. CCE-12279-6User Configuration\Administrative Templates\Microsoft Outlook 2010\Account Settings\Exchange\Cached Exchange Mode\Disallow Download Headers then Full Items HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\cached mode_The "Disallow Download Headers then Full Items" Outlook setting should be configured correctly. CCE-14920-3User Configuration\Administrative Templates\Microsoft Outlook 2010\Account Settings\Exchange\Cached Exchange Mode\Cached Exchange Mode (File | Cached Exchange Mode) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\cached modehThe "Cached Exchange Mode (File | Cached Exchange Mode)" Outlook setting should be configured correctly. CCE-12660-7User Configuration\Administrative Templates\Microsoft Outlook 2010\Account Settings\Exchange\Cached Exchange Mode\Enter maximum seconds to wait to sync changes HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\cached modecThe "Enter maximum seconds to wait to sync changes" Outlook setting should be configured correctly. CCE-12789-4User Configuration\Administrative Templates\Microsoft Outlook 2010\Account Settings\Exchange\Cached Exchange Mode\Disallow Download Headers HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\cached modeOThe "Disallow Download Headers" Outlook setting should be configured correctly. CCE-13631-7User Configuration\Administrative Templates\Microsoft Outlook 2010\Account Settings\Exchange\Cached Exchange Mode\Download Public Folder Favorites HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\cached modeVThe "Download Public Folder Favorites" Outlook setting should be configured correctly. CCE-13517-8User Configuration\Administrative Templates\Microsoft Outlook 2010\Account Settings\Exchange\Cached Exchange Mode\Disallow Download Full Items HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\cached modeRThe "Disallow Download Full Items" Outlook setting should be configured correctly. CCE-11927-1User Configuration\Administrative Templates\Microsoft Outlook 2010\Account Settings\Exchange\Cached Exchange Mode\Enter seconds to wait to upload changes to server HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\cached modegThe "Enter seconds to wait to upload changes to server" Outlook setting should be configured correctly. CCE-14659-7User Configuration\Administrative Templates\Microsoft Outlook 2010\Account Settings\Exchange\Cached Exchange Mode\Enter seconds to wait to download changes from server HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\cached modekThe "Enter seconds to wait to download changes from server" Outlook setting should be configured correctly. CCE-13525-1User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Other\Show Mini Toolbar on selection HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\toolbars\outlookSThe "Show Mini Toolbar on selection" common setting should be configured correctly. CCE-13203-5User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Other\Hide photo link HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\optionsEThe "Hide photo link" Outlook setting should be configured correctly. CCE-12919-7User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Other\Reading Pane HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\preferencesBThe "Reading Pane" Outlook setting should be configured correctly. CCE-12629-2User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Other\Empty the Deleted Items folder when Outlook closes HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\preferenceshThe "Empty the Deleted Items folder when Outlook closes" Outlook setting should be configured correctly. CCE-13126-8User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Other\Print dark categories HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\printingKThe "Print dark categories" Outlook setting should be configured correctly. CCE-13164-9User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Other\Do not download photos from the Active Directory HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\contactfThe "Do not download photos from the Active Directory" Outlook setting should be configured correctly. CCE-14353-7User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Other\Make Outlook the default program for E-mail, Contacts, and Calendar HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\generalyThe "Make Outlook the default program for E-mail, Contacts, and Calendar" Outlook setting should be configured correctly. CCE-14198-6User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Other\Do not display the reading pane HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\optionsUThe "Do not display the reading pane" Outlook setting should be configured correctly. CCE-12476-8User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Out of Office Assistant\Polling Out-of-office Web service HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\oofWThe "Polling Out-of-office Web service" Outlook setting should be configured correctly. CCE-13232-4User Configuration\Administrative Templates\Microsoft OneNote 2010\OneNote Options\Editing\Default Font Name HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\onenote\options\editingGThe "Default Font Name" OneNote setting should be configured correctly. CCE-13253-0User Configuration\Administrative Templates\Microsoft OneNote 2010\OneNote Options\Editing\Include link to source when pasting from the Internet HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\onenote\options\editingkThe "Include link to source when pasting from the Internet" OneNote setting should be configured correctly. CCE-13492-4User Configuration\Administrative Templates\Microsoft OneNote 2010\OneNote Options\Editing\Auto Bullet Recognition HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\onenote\options\editingMThe "Auto Bullet Recognition" OneNote setting should be configured correctly. CCE-13077-3User Configuration\Administrative Templates\Microsoft OneNote 2010\OneNote Options\Editing\Turn off auto calculator HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\onenote\options\editingNThe "Turn off auto calculator" OneNote setting should be configured correctly. CCE-13855-2User Confi< guration\Administrative Templates\Microsoft OneNote 2010\OneNote Options\Editing\Show Paste Options buttons HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\onenote\options\otherPThe "Show Paste Options buttons" OneNote setting should be configured correctly. CCE-14078-0User Configuration\Administrative Templates\Microsoft OneNote 2010\OneNote Options\Editing\Turn off link creation with [[ ]] HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\onenote\options\editingWThe "Turn off link creation with [[ ]]" OneNote setting should be configured correctly. CCE-13435-3User Configuration\Administrative Templates\Microsoft OneNote 2010\OneNote Options\Editing\Default Font Size HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\onenote\options\editingGThe "Default Font Size" OneNote setting should be configured correctly. CCE-12573-2User Configuration\Administrative Templates\Microsoft OneNote 2010\OneNote Options\Editing\Auto Numbering Recognition HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\onenote\options\editingPThe "Auto Numbering Recognition" OneNote setting should be configured correctly. CCE-13179-7User Configuration\Administrative Templates\Microsoft OneNote 2010\OneNote Options\Editing\Auto Keyboard Switching HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\onenote\options\languageMThe "Auto Keyboard Switching" OneNote setting should be configured correctly. CCE-14315-6User Configuration\Administrative Templates\Microsoft PowerPoint 2010\Miscellaneous\Server Settings\Turn off file synchronization via SOAP over HTTP HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\interneteThe "Turn off file synchronization via SOAP over HTTP" common setting should be configured correctly. CCE-14458-4User Configuration\Administrative Templates\Microsoft Access 2010\Customizable Error Messages\List of error messages to customize HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\access\customizablealertsXThe "List of error messages to customize" Access setting should be configured correctly. CCE-13191-2User Configuration\Administrative Templates\Microsoft Word 2010\Review Tab\Language | Set Proofing Language...\Detect language automatically HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vprefPThe "Detect language automatically" Word setting should be configured correctly. CCE-13489-0User Configuration\Administrative Templates\Microsoft InfoPath 2010\Security\Prevent users from allowing unsafe file types to be attached to forms HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\infopath\security|The "Prevent users from allowing unsafe file types to be attached to forms" InfoPath setting should be configured correctly. CCE-13473-4User Configuration\Administrative Templates\Microsoft InfoPath 2010\Security\Allow the use of ActiveX Custom Controls in InfoPath forms HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\infopathqThe "Allow the use of ActiveX Custom Controls in InfoPath forms" InfoPath setting should be configured correctly. CCE-12668-0User Configuration\Administrative Templates\Microsoft InfoPath 2010\Security\Disable opening forms with managed code from the Internet security zone HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\infopath\security~The "Disable opening forms with managed code from the Internet security zone" InfoPath setting should be configured correctly. CCE-12285-3User Configuration\Administrative Templates\Microsoft InfoPath 2010\Security\Disable opening of solutions from the Internet security zone HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\infopath\securitysThe "Disable opening of solutions from the Internet security zone" InfoPath setting should be configured correctly. CCE-13157-3User Configuration\Administrative Templates\Microsoft InfoPath 2010\Security\Beaconing UI for forms opened in InfoPath Filler ActiveX HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\infopath\securityoThe "Beaconing UI for forms opened in InfoPath Filler ActiveX" InfoPath setting should be configured correctly. CCE-12906-4User Configuration\Administrative Templates\Microsoft InfoPath 2010\Security\Display a warning that a form is digitally signed HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\infopath\securityhThe "Display a warning that a form is digitally signed" InfoPath setting should be configured correctly. CCE-12808-2User Configuration\Administrative Templates\Microsoft InfoPath 2010\Security\Beaconing UI for forms opened in InfoPath HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\infopath\security`The "Beaconing UI for forms opened in InfoPath" InfoPath setting should be configured correctly. CCE-12719-1User Configuration\Administrative Templates\Microsoft InfoPath 2010\Security\Block specific file types as attachments to forms HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\infopath\securityhThe "Block specific file types as attachments to forms" InfoPath setting should be configured correctly. CCE-13438-7User Configuration\Administrative Templates\Microsoft InfoPath 2010\Security\Control behavior for Microsoft SharePoint Foundation gradual upgrade HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\infopath\security{The "Control behavior for Microsoft SharePoint Foundation gradual upgrade" InfoPath setting should be configured correctly. CCE-12436-2User Configuration\Administrative Templates\Microsoft InfoPath 2010\Security\Disable fully trusted solutions full access to computer HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\infopath\securitynThe "Disable fully trusted solutions full access to computer" InfoPath setting should be configured correctly. CCE-12369-5User Configuration\Administrative Templates\Microsoft InfoPath 2010\Security\Allow file types as attachments to forms HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\infopath\security_The "Allow file types as attachments to forms" InfoPath setting should be configured correctly. CCE-12648-2User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Security\Force file extension to match file type HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\security[The "Force file extension to match file type" Excel setting should be configured correctly. CCE-14532-6User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Security\Scan encrypted macros in Excel Open XML workbooks HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\securityeThe "Scan encrypted macros in Excel Open XML workbooks" Excel setting should be configured correctly. CCE-12387-7User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Security\Perform file validation on pivot caches HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\security\filevalidation[The "Perform file validation on pivot caches" Excel setting should be configured correctly. CCE-12405-7User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Security\Turn off file validation HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\security\filevalidationLThe "Turn off file validation" Excel setting should be configured correctly. CCE-12324-0User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\Calendar Options\OFfice.com Sharing Service\Restrict level of calendar details users can publish HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\pubcaljThe "Restrict level of calendar details users can publish" Outlook setting should be configured correctly. CCE-13058-3User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\Calendar Options\OFfice.com Sharing Service\Restrict upload method HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\pubcalLThe "Restrict upload method" Outlook setting should be configured correctly. CCE-14129-1User Configuration\Administrative Tem< plates\Microsoft Outlook 2010\Outlook Options\Preferences\Calendar Options\OFfice.com Sharing Service\Prevent publishing to a DAV server HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\pubcalXThe "Prevent publishing to a DAV server" Outlook setting should be configured correctly. CCE-13555-8User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\Calendar Options\OFfice.com Sharing Service\Path to DAV server HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\pubcalHThe "Path to DAV server" Outlook setting should be configured correctly. CCE-13431-2User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\Calendar Options\OFfice.com Sharing Service\Publish interval HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\pubcalFThe "Publish interval" Outlook setting should be configured correctly. CCE-12379-4User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\Calendar Options\OFfice.com Sharing Service\Prevent publishing to Office.com HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\pubcalVThe "Prevent publishing to Office.com" Outlook setting should be configured correctly. CCE-13449-4User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\Calendar Options\OFfice.com Sharing Service\Access to published calendars HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\pubcalSThe "Access to published calendars" Outlook setting should be configured correctly. CCE-12427-1User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\General\Enable Live Preview HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\optionsGThe "Enable Live Preview" Excel setting should be configured correctly. CCE-12949-4User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\General\Default Sheets HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\optionsBThe "Default Sheets" Excel setting should be configured correctly. CCE-13406-4User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\General\Show all windows in the Taskbar HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\optionsSThe "Show all windows in the Taskbar" Excel setting should be configured correctly. CCE-13266-2User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\General\Show Mini Toolbar on selection HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\toolbars\excel CCE-14875-9User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\General\Font HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\options8The "Font" Excel setting should be configured correctly. CCE-12683-9User Configuration\Administrative Templates\Microsoft Outlook 2010\MIME to MAPI Conversion\Change the limit for the number of nested embedded messages HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\mailqThe "Change the limit for the number of nested embedded messages" Outlook setting should be configured correctly. CCE-13949-3User Configuration\Administrative Templates\Microsoft Outlook 2010\MIME to MAPI Conversion\Change the limit for the number of MIME headers HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\maileThe "Change the limit for the number of MIME headers" Outlook setting should be configured correctly. CCE-13768-7User Configuration\Administrative Templates\Microsoft Outlook 2010\MIME to MAPI Conversion\Change the limit for the number of MIME body parts HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\mailhThe "Change the limit for the number of MIME body parts" Outlook setting should be configured correctly. CCE-14441-0User Configuration\Administrative Templates\Microsoft Outlook 2010\MIME to MAPI Conversion\Change the limit for the number of recipients HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\mailcThe "Change the limit for the number of recipients" Outlook setting should be configured correctly. CCE-13951-9User Configuration\Administrative Templates\Microsoft Outlook 2010\MIME to MAPI Conversion\Change the limit for the number of characters in Friendly Name HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\mailtThe "Change the limit for the number of characters in Friendly Name" Outlook setting should be configured correctly. CCE-14065-7User Configuration\Administrative Templates\Microsoft Outlook 2010\Security\Automatic Picture Download Settings\Block Trusted Zones HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\mailIThe "Block Trusted Zones" Outlook setting should be configured correctly. CCE-12621-9User Configuration\Administrative Templates\Microsoft Outlook 2010\Security\Automatic Picture Download Settings\Automatically download content for e-mail from people in Safe Senders and Safe Recipients Lists HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\mailThe "Automatically download content for e-mail from people in Safe Senders and Safe Recipients Lists" Outlook setting should be configured correctly. CCE-14610-0User Configuration\Administrative Templates\Microsoft Outlook 2010\Security\Automatic Picture Download Settings\Include Internet in Safe Zones for Automatic Picture Download HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\mailsThe "Include Internet in Safe Zones for Automatic Picture Download" Outlook setting should be configured correctly. CCE-14157-2User Configuration\Administrative Templates\Microsoft Outlook 2010\Security\Automatic Picture Download Settings\Display pictures and external content in HTML e-mail HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\mailjThe "Display pictures and external content in HTML e-mail" Outlook setting should be configured correctly. CCE-13002-1User Configuration\Administrative Templates\Microsoft Outlook 2010\Security\Automatic Picture Download Settings\Include Intranet in Safe Zones for Automatic Picture Download HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\mailsThe "Include Intranet in Safe Zones for Automatic Picture Download" Outlook setting should be configured correctly. CCE-12126-9User Configuration\Administrative Templates\Microsoft Outlook 2010\Security\Automatic Picture Download Settings\Do not permit download of content from safe zones HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\mailgThe "Do not permit download of content from safe zones" Outlook setting should be configured correctly. CCE-12644-1User Configuration\Administrative Templates\Microsoft OneNote 2010\OneNote Options\Other\Set UNC interval to poll for changes on file servers HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\onenote\options\savejThe "Set UNC interval to poll for changes on file servers" OneNote setting should be configured correctly. CCE-14518-5User Configuration\Administrative Templates\Microsoft OneNote 2010\OneNote Options\Other\Turn off OneNote auto-linked note taking HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\onenote\options\linkednotes^The "Turn off OneNote auto-linked note taking" OneNote setting should be configured correctly. CCE-13070-8User Configuration\Administrative Templates\Microsoft OneNote 2010\OneNote Options\Other\SharePoint sync interval for notebooks stored on SharePoint HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\onenote\options\saveqThe "SharePoint sync interval for notebooks stored on SharePoint" OneNote setting should be configured correctly. CCE-14409-7User Configuration\Administrative Templates\Microsoft OneNote 2010\OneNote Options\Other\Disable OCR HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\onenote\options\otherAThe "Disable OCR" OneNote sett< ing should be configured correctly. CCE-14478-2User Configuration\Administrative Templates\Microsoft OneNote 2010\OneNote Options\Other\Embedded Files Blocked Extensions HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\onenote\options\embeddedfileopenoptionsWThe "Embedded Files Blocked Extensions" OneNote setting should be configured correctly. CCE-13533-5User Configuration\Administrative Templates\Microsoft OneNote 2010\OneNote Options\Other\Number of days before warning that server is inaccessible HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\onenote\options\synchronizationoThe "Number of days before warning that server is inaccessible" OneNote setting should be configured correctly. CCE-12897-5User Configuration\Administrative Templates\Microsoft OneNote 2010\OneNote Options\Other\Disable OneNote Screen Clippings HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\onenote\options\otherVThe "Disable OneNote Screen Clippings" OneNote setting should be configured correctly. CCE-13211-8User Configuration\Administrative Templates\Microsoft OneNote 2010\OneNote Options\Other\Disable OneNote screen clipping notifications HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\onenote\options\othercThe "Disable OneNote screen clipping notifications" OneNote setting should be configured correctly. CCE-13433-8User Configuration\Administrative Templates\Microsoft OneNote 2010\OneNote Options\Other\Load a notebook on first boot HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\onenote\options\otherSThe "Load a notebook on first boot" OneNote setting should be configured correctly. CCE-13286-0User Configuration\Administrative Templates\Microsoft OneNote 2010\OneNote Options\Other\Add OneNote icon to notification area HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\onenote\options\other[The "Add OneNote icon to notification area" OneNote setting should be configured correctly. CCE-14222-4User Configuration\Administrative Templates\Microsoft OneNote 2010\OneNote Options\Other\Disable embedded files HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\onenote\optionsLThe "Disable embedded files" OneNote setting should be configured correctly. CCE-12281-2User Configuration\Administrative Templates\Microsoft OneNote 2010\OneNote Options\Other\Default unit of measurement used in OneNote HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\onenote\options\otheraThe "Default unit of measurement used in OneNote" OneNote setting should be configured correctly. CCE-13477-5User Configuration\Administrative Templates\Microsoft Office 2010\Tools | Options | General | Web Options...\Browsers\Allow PNG as an output format HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\internetRThe "Allow PNG as an output format" common setting should be configured correctly. CCE-13571-5User Configuration\Administrative Templates\Microsoft Office 2010\Tools | Options | General | Web Options...\Browsers\Rely on VML for displaying graphics in browsers HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\internetdThe "Rely on VML for displaying graphics in browsers" common setting should be configured correctly. CCE-12211-9User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Advanced\Set number of places in the Recent Places list HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\place mrugThe "Set number of places in the Recent Places list" PowerPoint setting should be configured correctly. CCE-14128-3User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Advanced\Maximum number of undos HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\optionsPThe "Maximum number of undos" PowerPoint setting should be configured correctly. CCE-13713-3User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Advanced\Allow text to be dragged and dropped HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\options]The "Allow text to be dragged and dropped" PowerPoint setting should be configured correctly. CCE-12698-7User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Advanced\Show menu on right mouse click HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\optionsWThe "Show menu on right mouse click" PowerPoint setting should be configured correctly. CCE-13426-2User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Advanced\Show vertical ruler HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\optionsLThe "Show vertical ruler" PowerPoint setting should be configured correctly. CCE-12556-7User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Advanced\Set default number of documents in the Recent Documents list HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\file mruuThe "Set default number of documents in the Recent Documents list" PowerPoint setting should be configured correctly. CCE-12707-6User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Advanced\Print inserted objects at printer resolution HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\optionseThe "Print inserted objects at printer resolution" PowerPoint setting should be configured correctly. CCE-14456-8User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Advanced\Show popup toolbar HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\optionsKThe "Show popup toolbar" PowerPoint setting should be configured correctly. CCE-13172-2User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Advanced\Show all windows in the Taskbar HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\optionsXThe "Show all windows in the Taskbar" PowerPoint setting should be configured correctly. CCE-12267-1User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Advanced\Print in background HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\optionsLThe "Print in background" PowerPoint setting should be configured correctly. CCE-11786-1User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Advanced\End with black slide HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\optionsMThe "End with black slide" PowerPoint setting should be configured correctly. CCE-12245-7User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Advanced\Use smart cut and paste HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\optionsPThe "Use smart cut and paste" PowerPoint setting should be configured correctly. CCE-14339-6User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Advanced\When selecting, automatically select entire word HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\optionsiThe "When selecting, automatically select entire word" PowerPoint setting should be configured correctly. CCE-12929-6User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Advanced\Print TrueType fonts as graphics HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\optionsYThe "Print TrueType fonts as graphics" PowerPoint setting should be configured correctly. CCE-12766-2User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Security\Trust Center\File Block Settings\Plain text files HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\security\fileblockCThe "Plain text files" Word setting should be configured correctly. CCE-12239-0User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Security\Trust Center\File Block Settings\Word 97 binary documents and templates HKEY_CURRENT_USER\software\policies\< microsoft\office\14.0\word\security\fileblockYThe "Word 97 binary documents and templates" Word setting should be configured correctly. CCE-13262-1User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Security\Trust Center\File Block Settings\Word beta files HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\security\fileblockBThe "Word beta files" Word setting should be configured correctly. CCE-13548-3User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Security\Trust Center\File Block Settings\Word 6.0 binary documents and templates HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\security\fileblockZThe "Word 6.0 binary documents and templates" Word setting should be configured correctly. CCE-12715-9User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Security\Trust Center\File Block Settings\Word XP binary documents and templates HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\security\fileblockYThe "Word XP binary documents and templates" Word setting should be configured correctly. CCE-13565-7User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Security\Trust Center\File Block Settings\Word beta converters HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\security\fileblockGThe "Word beta converters" Word setting should be configured correctly. CCE-13323-1User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Security\Trust Center\File Block Settings\Web pages HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\security\fileblock<The "Web pages" Word setting should be configured correctly. CCE-12153-3User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Security\Trust Center\File Block Settings\OpenDocument Text files HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\security\fileblockJThe "OpenDocument Text files" Word setting should be configured correctly. CCE-13057-5User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Security\Trust Center\File Block Settings\Word 2003 binary documents and templates HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\security\fileblock[The "Word 2003 binary documents and templates" Word setting should be configured correctly. CCE-12612-8User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Security\Trust Center\File Block Settings\Word 2 and earlier binary documents and templates HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\security\fileblockdThe "Word 2 and earlier binary documents and templates" Word setting should be configured correctly. CCE-14333-9User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Security\Trust Center\File Block Settings\Word 95 binary documents and templates HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\security\fileblockYThe "Word 95 binary documents and templates" Word setting should be configured correctly. CCE-11535-2User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Security\Trust Center\File Block Settings\Set default file block behavior HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\security\fileblockRThe "Set default file block behavior" Word setting should be configured correctly. CCE-13774-5User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Security\Trust Center\File Block Settings\Office Open XML converters for Word HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\security\fileblockVThe "Office Open XML converters for Word" Word setting should be configured correctly. CCE-12769-6User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Security\Trust Center\File Block Settings\Word 2000 binary documents and templates HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\security\fileblock[The "Word 2000 binary documents and templates" Word setting should be configured correctly. CCE-12995-7User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Security\Trust Center\File Block Settings\Word 2003 and plain XML documents HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\security\fileblockTThe "Word 2003 and plain XML documents" Word setting should be configured correctly. CCE-13311-6User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Security\Trust Center\File Block Settings\Word 2007 and later binary documents and templates HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\security\fileblockeThe "Word 2007 and later binary documents and templates" Word setting should be configured correctly. CCE-13680-4User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Security\Trust Center\File Block Settings\RTF files HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\security\fileblock<The "RTF files" Word setting should be configured correctly. CCE-12278-8User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Security\Trust Center\File Block Settings\Legacy converters for Word HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\security\fileblockMThe "Legacy converters for Word" Word setting should be configured correctly. CCE-14247-1User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Security\Trust Center\File Block Settings\Word 2007 and later documents and templates HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\security\fileblock^The "Word 2007 and later documents and templates" Word setting should be configured correctly. CCE-12091-5User Configuration\Administrative Templates\Microsoft Outlook 2010\Account Settings\RSS Feeds\Download full text of articles as HTML attachments HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\rsshThe "Download full text of articles as HTML attachments" Outlook setting should be configured correctly. CCE-14770-2User Configuration\Administrative Templates\Microsoft Outlook 2010\Account Settings\RSS Feeds\Default RSS Feeds HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\accountsGThe "Default RSS Feeds" Outlook setting should be configured correctly. CCE-12748-0User Configuration\Administrative Templates\Microsoft Outlook 2010\Account Settings\RSS Feeds\Do not roam users' RSS Feeds HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\rssRThe "Do not roam users' RSS Feeds" Outlook setting should be configured correctly. CCE-13382-7User Configuration\Administrative Templates\Microsoft Outlook 2010\Account Settings\RSS Feeds\Override published sync interval HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\rss CCE-13703-4User Configuration\Administrative Templates\Microsoft Outlook 2010\Account Settings\RSS Feeds\Turn off RSS feature HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\rssJThe "Turn off RSS feature" Outlook setting should be configured correctly. CCE-13446-0User Configuration\Administrative Templates\Microsoft Outlook 2010\Account Settings\RSS Feeds\Automatically download enclosures HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\rssWThe "Automatically download enclosures" Outlook setting should be configured correctly. CCE-13111-0User Configuration\Administrative Templates\Microsoft Outlook 2010\Account Settings\RSS Feeds\Synchronize Outlook RSS Feeds with Common Feed List HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\rssiThe "Synchronize Outlook RSS Feeds with Common Feed List" Outlook setting should be configured correctly. CCE-13174-8User Configuration\Administrative Templates\Microsoft Outlook 2010\Account Settings\RSS Feeds\Run rules on RSS items HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\rssLThe "Run rules on RSS items" Outlook setting should be configured correc< tly. CCE-12940-3User Configuration\Administrative Templates\Microsoft Office 2010\Instant Messaging Integration\Active Directory/person name action integration\Customize Active Directory search field for manager lookup HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\personamenuoThe "Customize Active Directory search field for manager lookup" common setting should be configured correctly. CCE-12521-1User Configuration\Administrative Templates\Microsoft Office 2010\Instant Messaging Integration\Active Directory/person name action integration\Customize Active Directory search field for mobile phone lookup HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\personamenutThe "Customize Active Directory search field for mobile phone lookup" common setting should be configured correctly. CCE-12290-3User Configuration\Administrative Templates\Microsoft Office 2010\Instant Messaging Integration\Active Directory/person name action integration\Customize Active Directory search field for office location lookup HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\personamenuwThe "Customize Active Directory search field for office location lookup" common setting should be configured correctly. CCE-12302-6User Configuration\Administrative Templates\Microsoft Office 2010\Instant Messaging Integration\Active Directory/person name action integration\Disable Active Directory lookups for the person name action HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\personamenupThe "Disable Active Directory lookups for the person name action" common setting should be configured correctly. CCE-12801-7User Configuration\Administrative Templates\Microsoft Office 2010\Instant Messaging Integration\Active Directory/person name action integration\Customize Active Directory search field for e-mail address lookup HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\personamenuvThe "Customize Active Directory search field for e-mail address lookup" common setting should be configured correctly. CCE-14005-3!User Configuration\Administrative Templates\Microsoft Office 2010\Instant Messaging Integration\Active Directory/person name action integration\Customize Active Directory search field for primary telephone lookup HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\personamenuyThe "Customize Active Directory search field for primary telephone lookup" common setting should be configured correctly. CCE-14008-7User Configuration\Administrative Templates\Microsoft Office 2010\Instant Messaging Integration\Active Directory/person name action integration\Customize Active Directory search field for home phone lookup HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\personamenurThe "Customize Active Directory search field for home phone lookup" common setting should be configured correctly. CCE-12471-9User Configuration\Administrative Templates\Microsoft Office 2010\Downloading Framework Components\Hide missing component download hyperlinks HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common CCE-12928-8User Configuration\Administrative Templates\Microsoft Office 2010\Downloading Framework Components\Set download location for Workflow component HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\commonaThe "Set download location for Workflow component" common setting should be configured correctly. CCE-13424-7User Configuration\Administrative Templates\Microsoft Office 2010\Downloading Framework Components\Set download location for Microsoft .NET Framework 2.0 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\commonkThe "Set download location for Microsoft .NET Framework 2.0" common setting should be configured correctly. CCE-14516-9User Configuration\Administrative Templates\Microsoft Office 2010\Downloading Framework Components\Set download location for Microsoft .NET Framework 2.0 Language Pack HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\commonyThe "Set download location for Microsoft .NET Framework 2.0 Language Pack" common setting should be configured correctly. CCE-14906-2User Configuration\Administrative Templates\Microsoft Office 2010\Signing\Key Usage Filtering HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\generalHThe "Key Usage Filtering" common setting should be configured correctly. CCE-13019-5User Configuration\Administrative Templates\Microsoft Office 2010\Signing\Legacy format signatures HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\signaturesMThe "Legacy format signatures" common setting should be configured correctly. CCE-14301-6User Configuration\Administrative Templates\Microsoft Office 2010\Signing\Set default image directory HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\signaturesPThe "Set default image directory" common setting should be configured correctly. CCE-14208-3User Configuration\Administrative Templates\Microsoft Office 2010\Signing\EKU filtering HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\signaturesBThe "EKU filtering" common setting should be configured correctly. CCE-12957-7User Configuration\Administrative Templates\Microsoft Office 2010\Microsoft Clip Organizer\Prevent users from importing new clips HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\clip organizerTThe "Prevent users from importing new clips" setting should be configured correctly. CCE-13481-7User Configuration\Administrative Templates\Microsoft Office 2010\Microsoft Clip Organizer\Hide 'My Collections' HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\clip organizerCThe "Hide 'My Collections'" setting should be configured correctly. CCE-12468-5User Configuration\Administrative Templates\Microsoft Office 2010\Microsoft Clip Organizer\Prevent access to online clip art HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\clip organizerOThe "Prevent access to online clip art" setting should be configured correctly. CCE-13551-7User Configuration\Administrative Templates\Microsoft Office 2010\Microsoft Clip Organizer\Search for clip art based on this language HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\clip organizerXThe "Search for clip art based on this language" setting should be configured correctly. CCE-12335-6User Configuration\Administrative Templates\Microsoft Office 2010\Microsoft Clip Organizer\Enable preview of sound and motion on Terminal Server HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\clip organizercThe "Enable preview of sound and motion on Terminal Server" setting should be configured correctly. CCE-12849-6User Configuration\Administrative Templates\Microsoft Office 2010\Microsoft Clip Organizer\Clip Organizer Online URL HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\clip organizerGThe "Clip Organizer Online URL" setting should be configured correctly. CCE-13581-4User Configuration\Administrative Templates\Microsoft Office 2010\Microsoft Clip Organizer\Prevent changes to primary collection HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\clip organizerSThe "Prevent changes to primary collection" setting should be configured correctly. CCE-13587-1User Configuration\Administrative Templates\Microsoft Office 2010\Microsoft Clip Organizer\Disable menu item: File | Add Clips To Organizer | From Scanner or Camera HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\clip organizerwThe "Disable menu item: File | Add Clips To Organizer | From Scanner or Camera" setting should be configured correctly. CCE-13840-4User Configuration\Administrative Templates\Microsoft Office 2010\Microsoft Clip Organizer\Hide 'Office Collections' HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\clip organizerGThe "Hide 'Office Collections'" setting should be configured correctly. CCE-13480-9User Configuration\Administrative Templates\Microsoft Office 2010\Microsoft Clip Organizer\Hide 'Shared Collections' HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\clip< organizerGThe "Hide 'Shared Collections'" setting should be configured correctly. CCE-13460-1User Configuration\Administrative Templates\Microsoft Outlook 2010\Disable Items in User Interface\Predefined\Disable Quick Steps Gallery HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\optionsQThe "Disable Quick Steps Gallery" Outlook setting should be configured correctly. CCE-12619-3User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Save\Offline Editing\Save checked-out files to HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\applicationMThe "Save checked-out files to" Visio setting should be configured correctly. CCE-12861-1User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Other\Advanced\Reminder Options\Reminders HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\reminders?The "Reminders" Outlook setting should be configured correctly. CCE-14180-4User Configuration\Administrative Templates\Microsoft Access 2010\Application Settings\Security\Trust Center\Require that application add-ins are signed by Trusted Publisher HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\access\securityuThe "Require that application add-ins are signed by Trusted Publisher" Access setting should be configured correctly. CCE-13220-9User Configuration\Administrative Templates\Microsoft Access 2010\Application Settings\Security\Trust Center\Disable all application add-ins HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\access\securityTThe "Disable all application add-ins" Access setting should be configured correctly. CCE-14916-1User Configuration\Administrative Templates\Microsoft Access 2010\Application Settings\Security\Trust Center\Disable Trust Bar Notification for unsigned application add-ins and block them HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\access\securityThe "Disable Trust Bar Notification for unsigned application add-ins and block them" Access setting should be configured correctly. CCE-13868-5User Configuration\Administrative Templates\Microsoft Access 2010\Application Settings\Security\Trust Center\Set maximum number of trust records to preserve HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\access\security\trusted documentsdThe "Set maximum number of trust records to preserve" Access setting should be configured correctly. CCE-13014-6User Configuration\Administrative Templates\Microsoft Access 2010\Application Settings\Security\Trust Center\Turn off Trusted Documents on the network HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\access\security\trusted documents^The "Turn off Trusted Documents on the network" Access setting should be configured correctly. CCE-13471-8User Configuration\Administrative Templates\Microsoft Access 2010\Application Settings\Security\Trust Center\Set maximum number of trusted documents HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\access\security\trusted documents\The "Set maximum number of trusted documents" Access setting should be configured correctly. CCE-13459-3User Configuration\Administrative Templates\Microsoft Access 2010\Application Settings\Security\Trust Center\Turn off Data Execution Prevention HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\access\securityWThe "Turn off Data Execution Prevention" Access setting should be configured correctly. CCE-13222-5User Configuration\Administrative Templates\Microsoft Access 2010\Application Settings\Security\Trust Center\Turn off trusted documents HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\access\security\trusted documentsOThe "Turn off trusted documents" Access setting should be configured correctly. CCE-13027-8User Configuration\Administrative Templates\Microsoft Access 2010\Application Settings\Security\Trust Center\VBA Macro Notification Settings HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\access\securityTThe "VBA Macro Notification Settings" Access setting should be configured correctly. CCE-14895-7User Configuration\Administrative Templates\Microsoft SharePoint Workspace 2010\Groove Server Manager Valid Link Security HKEY_CURRENT_USER\software\policies\microsoft\office\groovelThe "Groove Server Manager Valid Link Security" SharePoint Workspace setting should be configured correctly. CCE-13225-8User Configuration\Administrative Templates\Microsoft SharePoint Workspace 2010\Prefer IPv4 HKEY_CURRENT_USER\software\policies\microsoft\office\grooveNThe "Prefer IPv4" SharePoint Workspace setting should be configured correctly. CCE-12597-1User Configuration\Administrative Templates\Microsoft SharePoint Workspace 2010\Set maximum number of proxy connection failures HKEY_CURRENT_USER\software\policies\microsoft\office\grooverThe "Set maximum number of proxy connection failures" SharePoint Workspace setting should be configured correctly. CCE-14099-6User Configuration\Administrative Templates\Microsoft SharePoint Workspace 2010\Enable IPv6 HKEY_CURRENT_USER\software\policies\microsoft\office\grooveNThe "Enable IPv6" SharePoint Workspace setting should be configured correctly. CCE-13276-1User Configuration\Administrative Templates\Microsoft SharePoint Workspace 2010\Prohibit Groove workspaces and Shared Folders HKEY_CURRENT_USER\software\policies\microsoft\office\groovepThe "Prohibit Groove workspaces and Shared Folders" SharePoint Workspace setting should be configured correctly. CCE-13700-0User Configuration\Administrative Templates\Microsoft SharePoint Workspace 2010\List of blocked Groove relay servers HKEY_CURRENT_USER\software\policies\microsoft\office\groovegThe "List of blocked Groove relay servers" SharePoint Workspace setting should be configured correctly. CCE-14728-0User Configuration\Administrative Templates\Microsoft SharePoint Workspace 2010\SharePoint Workspace Account Configuration Code Required HKEY_CURRENT_USER\software\policies\microsoft\office\groove{The "SharePoint Workspace Account Configuration Code Required" SharePoint Workspace setting should be configured correctly. CCE-14743-9User Configuration\Administrative Templates\Microsoft Office 2010\Microsoft Office Document Cache\Open documents from Office Document Cache first HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\internetdThe "Open documents from Office Document Cache first" common setting should be configured correctly. CCE-12422-2User Configuration\Administrative Templates\Microsoft Office 2010\Microsoft Office Document Cache\Office document cache location HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\fileioSThe "Office document cache location" common setting should be configured correctly. CCE-14636-5User Configuration\Administrative Templates\Microsoft Office 2010\Microsoft Office Document Cache\Check-out to local disk HKEY_CURRENT_USER\software\policies\microsoft\office\common\offline\optionsLThe "Check-out to local disk" common setting should be configured correctly. CCE-12111-1User Configuration\Administrative Templates\Microsoft Office 2010\Microsoft Office Document Cache\Delete files from Office Document Cache HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\fileio\The "Delete files from Office Document Cache" common setting should be configured correctly. CCE-13072-4User Configuration\Administrative Templates\Microsoft Word 2010\Disable Items in User Interface\Custom\Disable commands HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\disabledcmdbaritemslist CCE-13953-5User Configuration\Administrative Templates\Microsoft Word 2010\Disable Items in User Interface\Custom\Disable shortcut keys HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\disabledshortcutkeyslist CCE-14676-1User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Advanced\Shape Search\Search results HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\applicationBThe "Search results" Visio setting should be configured correctly. CCE-14404< -8User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Advanced\Shape Search\Open results new window HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\applicationKThe "Open results new window" Visio setting should be configured correctly. CCE-13907-1User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Advanced\Shape Search\Show Shape Search pane HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\applicationJThe "Show Shape Search pane" Visio setting should be configured correctly. CCE-13706-7User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Advanced\Shape Search\Search for: HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\application?The "Search for:" Visio setting should be configured correctly. CCE-13184-7User Configuration\Administrative Templates\Microsoft Office 2010\Global Options\Customize\Shared Workspace\Define Shared Workspace URL's\Site 1: HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\sharepointtracking\name05The "Site 1:" setting should be configured correctly. CCE-13436-1User Configuration\Administrative Templates\Microsoft Office 2010\Shared paths\Set Workgroup path for label page size update files HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\generalhThe "Set Workgroup path for label page size update files" common setting should be configured correctly. CCE-11975-0User Configuration\Administrative Templates\Microsoft Office 2010\Shared paths\Shared themes path HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\generalGThe "Shared themes path" common setting should be configured correctly. CCE-12194-7User Configuration\Administrative Templates\Microsoft Office 2010\Shared paths\Set User path for the label page size update files HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\generalgThe "Set User path for the label page size update files" common setting should be configured correctly. CCE-13078-1User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\E-mail Options\Tracking Options\Options HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\preferences=The "Options" Outlook setting should be configured correctly. CCE-12365-3User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\E-mail Options\Tracking Options\Turn off Send and Track feature HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\flaggingUThe "Turn off Send and Track feature" Outlook setting should be configured correctly. CCE-13546-7User Configuration\Administrative Templates\Microsoft Office 2010\File Open/Save dialog box\Restricted Browsing\Activate Restricted Browsing HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\open find\restrictedbrowse\optinQThe "Activate Restricted Browsing" common setting should be configured correctly. CCE-13686-1User Configuration\Administrative Templates\Microsoft Office 2010\File Open/Save dialog box\Restricted Browsing\Approve Locations HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\open find\restrictedbrowseFThe "Approve Locations" common setting should be configured correctly. CCE-13752-1Computer Configuration\Administrative Templates\Microsoft Office 2010 (Machine)\Security Settings\Disable Package Repair HKEY_LOCAL_MACHINE\software\policies\microsoft\office\14.0\common\openxmlformatSThe "Disable Package Repair" machine common setting should be configured correctly. CCE-12636-7Computer Configuration\Administrative Templates\Microsoft Office 2010 (Machine)\Security Settings\Disable Password Caching HKEY_LOCAL_MACHINE\software\policies\microsoft\office\14.0\common\securityUThe "Disable Password Caching" machine common setting should be configured correctly. CCE-12559-1Computer Configuration\Administrative Templates\Microsoft Office 2010 (Machine)\Security Settings\Graphics filter import HKEY_LOCAL_MACHINE\software\policies\microsoft\office\common\security\allowlists\graphicsfilterimportSThe "Graphics filter import" machine common setting should be configured correctly. CCE-13260-5Computer Configuration\Administrative Templates\Microsoft Office 2010 (Machine)\Security Settings\Disable VBA for Office applications HKEY_LOCAL_MACHINE\software\policies\microsoft\office\14.0\common`The "Disable VBA for Office applications" machine common setting should be configured correctly. CCE-12960-1User Configuration\Administrative Templates\Microsoft InfoPath 2010\InfoPath e-mail forms\Control behavior when opening InfoPath e-mail forms containing code or script HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\infopath\securityThe "Control behavior when opening InfoPath e-mail forms containing code or script" InfoPath setting should be configured correctly. CCE-12388-5User Configuration\Administrative Templates\Microsoft InfoPath 2010\InfoPath e-mail forms\Disable export InfoPath e-mail forms HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\infopath[The "Disable export InfoPath e-mail forms" InfoPath setting should be configured correctly. CCE-11457-9User Configuration\Administrative Templates\Microsoft InfoPath 2010\InfoPath e-mail forms\Disable dynamic caching of the form template in InfoPath e-mail forms HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\infopath\deployment|The "Disable dynamic caching of the form template in InfoPath e-mail forms" InfoPath setting should be configured correctly. CCE-14515-1User Configuration\Administrative Templates\Microsoft InfoPath 2010\InfoPath e-mail forms\Disable exporting InfoPath e-mail forms to Excel HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\infopathgThe "Disable exporting InfoPath e-mail forms to Excel" InfoPath setting should be configured correctly. CCE-14200-0User Configuration\Administrative Templates\Microsoft InfoPath 2010\InfoPath e-mail forms\Disable e-mail forms running in restricted security level HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\infopath\securitypThe "Disable e-mail forms running in restricted security level" InfoPath setting should be configured correctly. CCE-14549-0User Configuration\Administrative Templates\Microsoft InfoPath 2010\InfoPath e-mail forms\Disable sending form template with e-mail forms HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\infopath\deploymentfThe "Disable sending form template with e-mail forms" InfoPath setting should be configured correctly. CCE-14069-9User Configuration\Administrative Templates\Microsoft InfoPath 2010\InfoPath e-mail forms\Disable sending InfoPath 2003 Forms as e-mail forms HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\infopathjThe "Disable sending InfoPath 2003 Forms as e-mail forms" InfoPath setting should be configured correctly. CCE-13356-1User Configuration\Administrative Templates\Microsoft InfoPath 2010\InfoPath e-mail forms\Disable e-mail forms from the Internet security zone HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\infopath\securitykThe "Disable e-mail forms from the Internet security zone" InfoPath setting should be configured correctly. CCE-12507-0User Configuration\Administrative Templates\Microsoft InfoPath 2010\InfoPath e-mail forms\Disable e-mail forms from the Intranet security zone HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\infopath\securitykThe "Disable e-mail forms from the Intranet security zone" InfoPath setting should be configured correctly. CCE-13309-0User Configuration\Administrative Templates\Microsoft InfoPath 2010\InfoPath e-mail forms\Disable e-mail forms from the Full Trust security zone HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\infopath\securitymThe "Disable e-mail forms from the Full Trust security zone" InfoPath setting should be configured correctly. CCE-13695-2User Configuration\Administrative Templates\Microsoft InfoPath 2010\InfoPath e-mail forms\Disable merging < InfoPath e-mail forms HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\infopath\The "Disable merging InfoPath e-mail forms" InfoPath setting should be configured correctly. CCE-14879-1User Configuration\Administrative Templates\Microsoft InfoPath 2010\InfoPath e-mail forms\Disable InfoPath e-mail forms in Outlook HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\mail^The "Disable InfoPath e-mail forms in Outlook" Outlook setting should be configured correctly. CCE-11459-5Computer Configuration\Administrative Templates\Microsoft PowerPoint 2010 (Machine)\Converters\Turn on an external converter as the default for a file extension HKEY_LOCAL_MACHINE\software\policies\microsoft\office\14.0\powerpoint\presentation converters\defaultsThe "Turn on an external converter as the default for a file extension" machine PowerPoint setting should be configured correctly. CCE-13511-1User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Security\Trust Center\Trusted Locations\Disable all trusted locations HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\security\trusted locationsPThe "Disable all trusted locations" Word setting should be configured correctly. CCE-13911-3User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Security\Trust Center\Trusted Locations\Trusted Location #8 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\security\trusted locations\location8TThe "Trust Center: Trusted Location #8" Word setting should be configured correctly. CCE-13367-8User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Security\Trust Center\Trusted Locations\Trusted Location #18 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\security\trusted locations\location18UThe "Trust Center: Trusted Location #18" Word setting should be configured correctly. CCE-13653-1User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Security\Trust Center\Trusted Locations\Trusted Location #5 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\security\trusted locations\location5TThe "Trust Center: Trusted Location #5" Word setting should be configured correctly. CCE-12177-2User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Security\Trust Center\Trusted Locations\Trusted Location #12 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\security\trusted locations\location12UThe "Trust Center: Trusted Location #12" Word setting should be configured correctly. CCE-14055-8User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Security\Trust Center\Trusted Locations\Trusted Location #19 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\security\trusted locations\location19UThe "Trust Center: Trusted Location #19" Word setting should be configured correctly. CCE-13903-0User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Security\Trust Center\Trusted Locations\Trusted Location #3 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\security\trusted locations\location3TThe "Trust Center: Trusted Location #3" Word setting should be configured correctly. CCE-11963-6User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Security\Trust Center\Trusted Locations\Trusted Location #4 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\security\trusted locations\location4TThe "Trust Center: Trusted Location #4" Word setting should be configured correctly. CCE-12970-0User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Security\Trust Center\Trusted Locations\Trusted Location #1 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\security\trusted locations\location1TThe "Trust Center: Trusted Location #1" Word setting should be configured correctly. CCE-13566-5User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Security\Trust Center\Trusted Locations\Trusted Location #14 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\security\trusted locations\location14UThe "Trust Center: Trusted Location #14" Word setting should be configured correctly. CCE-13300-9User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Security\Trust Center\Trusted Locations\Trusted Location #11 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\security\trusted locations\location11UThe "Trust Center: Trusted Location #11" Word setting should be configured correctly. CCE-13816-4User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Security\Trust Center\Trusted Locations\Trusted Location #13 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\security\trusted locations\location13UThe "Trust Center: Trusted Location #13" Word setting should be configured correctly. CCE-12438-8User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Security\Trust Center\Trusted Locations\Trusted Location #20 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\security\trusted locations\location20UThe "Trust Center: Trusted Location #20" Word setting should be configured correctly. CCE-13741-4User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Security\Trust Center\Trusted Locations\Trusted Location #15 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\security\trusted locations\location15UThe "Trust Center: Trusted Location #15" Word setting should be configured correctly. CCE-12767-0User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Security\Trust Center\Trusted Locations\Trusted Location #6 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\security\trusted locations\location6TThe "Trust Center: Trusted Location #6" Word setting should be configured correctly. CCE-13959-2User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Security\Trust Center\Trusted Locations\Trusted Location #9 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\security\trusted locations\location9TThe "Trust Center: Trusted Location #9" Word setting should be configured correctly. CCE-12704-3User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Security\Trust Center\Trusted Locations\Trusted Location #16 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\security\trusted locations\location16UThe "Trust Center: Trusted Location #16" Word setting should be configured correctly. CCE-12059-2User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Security\Trust Center\Trusted Locations\Trusted Location #17 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\security\trusted locations\location17UThe "Trust Center: Trusted Location #17" Word setting should be configured correctly. CCE-14297-6User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Security\Trust Center\Trusted Locations\Trusted Location #2 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\security\trusted locations\location2TThe "Trust Center: Trusted Location #2" Word setting should be configured correctly. CCE-13994-9User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Security\Trust Center\Trusted Locations\Trusted Location #10 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\security\trusted locations\location10UThe "Trust Center: Trusted Location #10" Word setting should be configured correctly. CCE-12972-6User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Security\Trust Center\Trusted Locations\Trusted Location #7 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\security\trusted locations\location7TThe "Trust Center: Trusted Location #7" Word setting should be configured correctly. CCE-12481-8User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Security\Trust Center\Tru< sted Locations\Allow Trusted Locations on the network HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\security\trusted locationsYThe "Allow Trusted Locations on the network" Word setting should be configured correctly. CCE-12927-0User Configuration\Administrative Templates\Microsoft Office 2010\Microsoft Office Picture Manager\Disable File Types association dialog box on first launch HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\oisgThe "Disable File Types association dialog box on first launch" setting should be configured correctly. CCE-11811-7User Configuration\Administrative Templates\Microsoft Office 2010\Collaboration Settings\Default message text for a review request...\Only containing a link HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\reviewcycleKThe "Only containing a link" common setting should be configured correctly. CCE-13000-5User Configuration\Administrative Templates\Microsoft Office 2010\Collaboration Settings\Default message text for a review request...\Only containing an attachment HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\reviewcycleRThe "Only containing an attachment" common setting should be configured correctly. CCE-13880-0User Configuration\Administrative Templates\Microsoft Visio 2010\Disable Items in User Interface\Predefined\Disable commands HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\disabledcmdbaritemscheckboxesDThe "Disable commands" Visio setting should be configured correctly. CCE-14131-7User Configuration\Administrative Templates\Microsoft Visio 2010\Disable Items in User Interface\Predefined\Disable shortcut keys HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\disabledshortcutkeyscheckboxesIThe "Disable shortcut keys" Visio setting should be configured correctly. CCE-13134-2User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\General\Enable Live Preview HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\optionsLThe "Enable Live Preview" PowerPoint setting should be configured correctly. CCE-14754-6User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\General\Show Mini Toolbar on selection HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\toolbars\powerpoint CCE-12458-6User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Security\Trust Center\Protected View\Open files on local Intranet UNC in Protected View HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\security\protectedviewfThe "Open files on local Intranet UNC in Protected View" Excel setting should be configured correctly. CCE-14204-2User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Security\Trust Center\Protected View\Turn off Protected View for attachments opened from Outlook HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\security\protectedviewoThe "Turn off Protected View for attachments opened from Outlook" Excel setting should be configured correctly. CCE-11753-1User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Security\Trust Center\Protected View\Do not open files from the Internet zone in Protected View HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\security\protectedviewnThe "Do not open files from the Internet zone in Protected View" Excel setting should be configured correctly. CCE-13024-5User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Security\Trust Center\Protected View\Set document behavior if file validation fails HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\security\filevalidationbThe "Set document behavior if file validation fails" Excel setting should be configured correctly. CCE-14828-8User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Security\Trust Center\Protected View\Do not open files in unsafe locations in Protected View HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\security\protectedviewkThe "Do not open files in unsafe locations in Protected View" Excel setting should be configured correctly. CCE-12183-0User Configuration\Administrative Templates\Microsoft PowerPoint 2010\Disable Items in User Interface\Predefined\Hide built in table styles HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\optionsSThe "Hide built in table styles" PowerPoint setting should be configured correctly. CCE-13503-8User Configuration\Administrative Templates\Microsoft PowerPoint 2010\Disable Items in User Interface\Predefined\Disable shortcut keys HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\disabledshortcutkeyscheckboxesNThe "Disable shortcut keys" PowerPoint setting should be configured correctly. CCE-14687-8User Configuration\Administrative Templates\Microsoft PowerPoint 2010\Disable Items in User Interface\Predefined\Disable commands HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\disabledcmdbaritemscheckboxesIThe "Disable commands" PowerPoint setting should be configured correctly. CCE-12188-9User Configuration\Administrative Templates\Microsoft Office 2010\Contact Card\Contact Tab\Replace Label - Calendar HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\contactcardMThe "Replace Label - Calendar" common setting should be configured correctly. CCE-12331-5User Configuration\Administrative Templates\Microsoft Office 2010\Contact Card\Contact Tab\Replace Label - Home HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\contactcardIThe "Replace Label - Home" common setting should be configured correctly. CCE-14148-1User Configuration\Administrative Templates\Microsoft Office 2010\Contact Card\Contact Tab\Move Location Line HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\contactcardGThe "Move Location Line" common setting should be configured correctly. CCE-13900-6User Configuration\Administrative Templates\Microsoft Office 2010\Contact Card\Contact Tab\Replace MAPI property - "title,department" HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\contactcard_The "Replace MAPI property - "title,department"" common setting should be configured correctly. CCE-11979-2User Configuration\Administrative Templates\Microsoft Office 2010\Contact Card\Contact Tab\Replace AD attribute - "e-mail address" HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\contactcard\The "Replace AD attribute - "e-mail address"" common setting should be configured correctly. CCE-13069-0User Configuration\Administrative Templates\Microsoft Office 2010\Contact Card\Contact Tab\Replace Label - Title HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\contactcardJThe "Replace Label - Title" common setting should be configured correctly. CCE-14492-3User Configuration\Administrative Templates\Microsoft Office 2010\Contact Card\Contact Tab\Replace Label - Office HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\contactcardKThe "Replace Label - Office" common setting should be configured correctly. CCE-13740-6User Configuration\Administrative Templates\Microsoft Office 2010\Contact Card\Contact Tab\Replace MAPI property - "e-mail address" HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\contactcard]The "Replace MAPI property - "e-mail address"" common setting should be configured correctly. CCE-12469-3User Configuration\Administrative Templates\Microsoft Office 2010\Contact Card\Contact Tab\Replace MAPI property - "calendar free/busy information" HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\contactcardmThe "Replace MAPI property - "calendar free/busy information"" common setting should be configured correctly. CCE-13086-4User Configuration\Administrative Templates\Microsoft Office 2010\Contact Card\Contact Tab\Replace MAPI property - "location information" HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common< \contactcardcThe "Replace MAPI property - "location information"" common setting should be configured correctly. CCE-11894-3User Configuration\Administrative Templates\Microsoft Office 2010\Contact Card\Contact Tab\Replace Label - Mobile HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\contactcardKThe "Replace Label - Mobile" common setting should be configured correctly. CCE-14628-2User Configuration\Administrative Templates\Microsoft Office 2010\Contact Card\Contact Tab\Replace MAPI property - "home phone" HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\contactcardYThe "Replace MAPI property - "home phone"" common setting should be configured correctly. CCE-14049-1User Configuration\Administrative Templates\Microsoft Office 2010\Contact Card\Contact Tab\Replace MAPI property - "mobile phone" HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\contactcard[The "Replace MAPI property - "mobile phone"" common setting should be configured correctly. CCE-13243-1User Configuration\Administrative Templates\Microsoft Office 2010\Contact Card\Contact Tab\Replace AD attribute - "office location" HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\contactcard]The "Replace AD attribute - "office location"" common setting should be configured correctly. CCE-14522-7User Configuration\Administrative Templates\Microsoft Office 2010\Contact Card\Contact Tab\Replace Label - E-mail HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\contactcardKThe "Replace Label - E-mail" common setting should be configured correctly. CCE-11462-9User Configuration\Administrative Templates\Microsoft Office 2010\Contact Card\Contact Tab\Replace AD attribute - "title, department" HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\contactcard_The "Replace AD attribute - "title, department"" common setting should be configured correctly. CCE-11918-0User Configuration\Administrative Templates\Microsoft Office 2010\Contact Card\Contact Tab\Replace AD attribute - "calendar free/busy information" HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\contactcardlThe "Replace AD attribute - "calendar free/busy information"" common setting should be configured correctly. CCE-14013-7User Configuration\Administrative Templates\Microsoft Office 2010\Contact Card\Contact Tab\Replace AD attribute - "mobile phone" HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\contactcardZThe "Replace AD attribute - "mobile phone"" common setting should be configured correctly. CCE-14015-2User Configuration\Administrative Templates\Microsoft Office 2010\Contact Card\Contact Tab\Move Calendar Line HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\contactcardGThe "Move Calendar Line" common setting should be configured correctly. CCE-13301-7User Configuration\Administrative Templates\Microsoft Office 2010\Contact Card\Contact Tab\Replace Label - Work HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\contactcardIThe "Replace Label - Work" common setting should be configured correctly. CCE-13316-5User Configuration\Administrative Templates\Microsoft Office 2010\Contact Card\Contact Tab\Replace AD attribute - "work phone" HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\contactcardXThe "Replace AD attribute - "work phone"" common setting should be configured correctly. CCE-12351-3User Configuration\Administrative Templates\Microsoft Office 2010\Contact Card\Contact Tab\Replace AD attribute - "location information" HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\contactcardbThe "Replace AD attribute - "location information"" common setting should be configured correctly. CCE-13234-0User Configuration\Administrative Templates\Microsoft Office 2010\Contact Card\Contact Tab\Replace MAPI property - "work phone" HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\contactcardYThe "Replace MAPI property - "work phone"" common setting should be configured correctly. CCE-13720-8User Configuration\Administrative Templates\Microsoft Office 2010\Contact Card\Contact Tab\Replace MAPI property - "office location" HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\contactcard^The "Replace MAPI property - "office location"" common setting should be configured correctly. CCE-13957-6User Configuration\Administrative Templates\Microsoft Office 2010\Contact Card\Contact Tab\Replace Label - Location HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\contactcardMThe "Replace Label - Location" common setting should be configured correctly. CCE-13332-2User Configuration\Administrative Templates\Microsoft Office 2010\Contact Card\Contact Tab\Replace AD attribute - "home phone" HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\contactcardXThe "Replace AD attribute - "home phone"" common setting should be configured correctly. CCE-12710-0Computer Configuration\Administrative Templates\Microsoft Office 2010 (Machine)\Security Settings\IE Security\Local Machine Zone Lockdown Security HKEY_LOCAL_MACHINE\software\policies\microsoft\internet explorer\main\featurecontrol\feature_localmachine_lockdownZThe "Local Machine Zone Lockdown Security" machine setting should be configured correctly. CCE-13193-8Computer Configuration\Administrative Templates\Microsoft Office 2010 (Machine)\Security Settings\IE Security\Scripted Window Security Restrictions HKEY_LOCAL_MACHINE\software\policies\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions[The "Scripted Window Security Restrictions" machine setting should be configured correctly. CCE-14574-8Computer Configuration\Administrative Templates\Microsoft Office 2010 (Machine)\Security Settings\IE Security\Restrict File Download HKEY_LOCAL_MACHINE\software\policies\microsoft\internet explorer\main\featurecontrol\feature_restrict_filedownloadLThe "Restrict File Download" machine setting should be configured correctly. CCE-13709-1Computer Configuration\Administrative Templates\Microsoft Office 2010 (Machine)\Security Settings\IE Security\Mime Sniffing Safety Feature HKEY_LOCAL_MACHINE\software\policies\microsoft\internet explorer\main\featurecontrol\feature_mime_sniffingRThe "Mime Sniffing Safety Feature" machine setting should be configured correctly. CCE-13463-5Computer Configuration\Administrative Templates\Microsoft Office 2010 (Machine)\Security Settings\IE Security\Protection From Zone Elevation HKEY_LOCAL_MACHINE\software\policies\microsoft\internet explorer\main\featurecontrol\feature_zone_elevationTThe "Protection From Zone Elevation" machine setting should be configured correctly. CCE-12435-4Computer Configuration\Administrative Templates\Microsoft Office 2010 (Machine)\Security Settings\IE Security\Object Caching Protection HKEY_LOCAL_MACHINE\software\policies\microsoft\internet explorer\main\featurecontrol\feature_object_cachingOThe "Object Caching Protection" machine setting should be configured correctly. CCE-14358-6Computer Configuration\Administrative Templates\Microsoft Office 2010 (Machine)\Security Settings\IE Security\Navigate URL HKEY_LOCAL_MACHINE\software\policies\microsoft\internet explorer\main\featurecontrol\feature_validate_navigate_urlBThe "Navigate URL" machine setting should be configured correctly. CCE-13666-3Computer Configuration\Administrative Templates\Microsoft Office 2010 (Machine)\Security Settings\IE Security\Bind to object HKEY_LOCAL_MACHINE\software\policies\microsoft\internet explorer\main\featurecontrol\feature_safe_bindtoobjectDThe "Bind to object" machine setting should be configured correctly. CCE-14050-9Computer Configuration\Administrative Templates\Microsoft Office 2010 (Machine)\Security Settings\IE Security\Consistent Mime Handling HKEY_LOCAL_MACHINE\software\policies\microsoft\internet explorer\main\featurecontrol\feature_mime_handlingNThe "Consistent Mime Handling" machine setting should be configured correctly. CCE-14172-1Computer Configuration\Administra< tive Templates\Microsoft Office 2010 (Machine)\Security Settings\IE Security\Block popups HKEY_LOCAL_MACHINE\software\policies\microsoft\internet explorer\main\featurecontrol\feature_weboc_popupmanagementBThe "Block popups" machine setting should be configured correctly. CCE-14328-9Computer Configuration\Administrative Templates\Microsoft Office 2010 (Machine)\Security Settings\IE Security\Disable user name and password HKEY_LOCAL_MACHINE\software\policies\microsoft\internet explorer\main\featurecontrol\feature_http_username_password_disableTThe "Disable user name and password" machine setting should be configured correctly. CCE-14540-9Computer Configuration\Administrative Templates\Microsoft Office 2010 (Machine)\Security Settings\IE Security\Saved from URL HKEY_LOCAL_MACHINE\software\policies\microsoft\internet explorer\main\featurecontrol\feature_unc_savedfilecheckDThe "Saved from URL" machine setting should be configured correctly. CCE-14125-9Computer Configuration\Administrative Templates\Microsoft Office 2010 (Machine)\Security Settings\IE Security\Restrict ActiveX Install HKEY_LOCAL_MACHINE\software\policies\microsoft\internet explorer\main\featurecontrol\feature_restrict_activexinstallNThe "Restrict ActiveX Install" machine setting should be configured correctly. CCE-12359-6Computer Configuration\Administrative Templates\Microsoft Office 2010 (Machine)\Security Settings\IE Security\Add-on Management HKEY_LOCAL_MACHINE\software\policies\microsoft\internet explorer\main\featurecontrol\feature_addon_managementGThe "Add-on Management" machine setting should be configured correctly. CCE-13982-4Computer Configuration\Administrative Templates\Microsoft Office 2010 (Machine)\Security Settings\IE Security\Information Bar HKEY_LOCAL_MACHINE\software\policies\microsoft\internet explorer\main\featurecontrol\feature_securitybandEThe "Information Bar" machine setting should be configured correctly. CCE-12520-3User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\Contact Options\Determine order of sources for photos HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook[The "Determine order of sources for photos" Outlook setting should be configured correctly. CCE-12201-0User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\Contact Options\Turn off contact export HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlookMThe "Turn off contact export" Outlook setting should be configured correctly. CCE-13767-9User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\Contact Options\Show Contacts linking controls on all Forms HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\preferencesaThe "Show Contacts linking controls on all Forms" Outlook setting should be configured correctly. CCE-13528-5User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\Contact Options\Select the default setting for how to file new contacts HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\contactmThe "Select the default setting for how to file new contacts" Outlook setting should be configured correctly. CCE-12944-5User Configuration\Administrative Templates\Microsoft Excel 2010\File tab\Check Accessibility\Stop checking to ensure workbooks allow programmatic access HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\acccheckeroThe "Stop checking to ensure workbooks allow programmatic access" Excel setting should be configured correctly. CCE-12554-2User Configuration\Administrative Templates\Microsoft Excel 2010\File tab\Check Accessibility\Stop checking for merged cells HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\acccheckerRThe "Stop checking for merged cells" Excel setting should be configured correctly. CCE-13385-0User Configuration\Administrative Templates\Microsoft Excel 2010\File tab\Check Accessibility\Stop checking for alt text accessibility information HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\acccheckerhThe "Stop checking for alt text accessibility information" Excel setting should be configured correctly. CCE-13509-5User Configuration\Administrative Templates\Microsoft Excel 2010\File tab\Check Accessibility\Stop checking to ensure non-default sheet names HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\acccheckercThe "Stop checking to ensure non-default sheet names" Excel setting should be configured correctly. CCE-13444-5User Configuration\Administrative Templates\Microsoft Excel 2010\File tab\Check Accessibility\Stop checking for table header accessibility information HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\acccheckerlThe "Stop checking for table header accessibility information" Excel setting should be configured correctly. CCE-12429-7User Configuration\Administrative Templates\Microsoft Excel 2010\File tab\Check Accessibility\Stop checking for blank table rows used as formatting HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\acccheckeriThe "Stop checking for blank table rows used as formatting" Excel setting should be configured correctly. CCE-12412-3User Configuration\Administrative Templates\Microsoft Excel 2010\File tab\Check Accessibility\Stop checking to ensure hyperlink text is meaningful HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\acccheckerhThe "Stop checking to ensure hyperlink text is meaningful" Excel setting should be configured correctly. CCE-14248-9User Configuration\Administrative Templates\Microsoft Outlook 2010\Security\Security Form Settings\Outlook Security Mode HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\securityKThe "Outlook Security Mode" Outlook setting should be configured correctly. CCE-13324-9User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Proofing\AutoCorrect\Correct keyboard setting HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\assistKThe "Correct keyboard setting" Word setting should be configured correctly. CCE-12101-2User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Proofing\AutoCorrect\Capitalize first letter of sentence HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\assistVThe "Capitalize first letter of sentence" Word setting should be configured correctly. CCE-14897-3User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Proofing\AutoCorrect\Replace text as you type HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\assistKThe "Replace text as you type" Word setting should be configured correctly. CCE-12898-3User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Proofing\AutoCorrect\Capitalize names of days HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\assistKThe "Capitalize names of days" Word setting should be configured correctly. CCE-13842-0User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Proofing\AutoCorrect\Correct TWo INitial CApitals HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\assistOThe "Correct TWo INitial CApitals" Word setting should be configured correctly. CCE-14497-2User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Proofing\AutoCorrect\Correct accidental usage of cAPS LOCK key HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\assist\The "Correct accidental usage of cAPS LOCK key" Word setting should be configured correctly. CCE-14724-9User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Save\Disable AutoRepublish HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\optionsIThe "Disable AutoRepublish" Excel setting should be configured correctly. CCE-12144-2User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Save\Prompt for workbook properties HKEY_CURRE< NT_USER\software\policies\microsoft\office\14.0\excel\options\binaryoptionsRThe "Prompt for workbook properties" Excel setting should be configured correctly. CCE-13161-5User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Save\Default file format HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\optionsGThe "Default file format" Excel setting should be configured correctly. CCE-12877-7User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Save\Save AutoRecover info HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\optionsIThe "Save AutoRecover info" Excel setting should be configured correctly. CCE-13822-2User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Save\Keep the last AutoSaved versions of files for the next session HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\optionsrThe "Keep the last AutoSaved versions of files for the next session" Excel setting should be configured correctly. CCE-14663-9User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Save\AutoRecover time HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\optionsDThe "AutoRecover time" Excel setting should be configured correctly. CCE-14355-2User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Save\Save date and time values using ISO 8601 date format HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\optionshThe "Save date and time values using ISO 8601 date format" Excel setting should be configured correctly. CCE-12441-2User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Save\AutoRecover save location HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\optionsMThe "AutoRecover save location" Excel setting should be configured correctly. CCE-11502-2User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Save\Do not show AutoRepublish warning alert HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\options[The "Do not show AutoRepublish warning alert" Excel setting should be configured correctly. CCE-14256-2User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Save\Default file location HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\optionsIThe "Default file location" Excel setting should be configured correctly. CCE-13420-5User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Save\AutoRecover delay HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\optionsEThe "AutoRecover delay" Excel setting should be configured correctly. CCE-13989-9User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Save\Suppress file format compatibility dialog box for OpenDocument Spreadsheet format HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\optionsThe "Suppress file format compatibility dialog box for OpenDocument Spreadsheet format" Excel setting should be configured correctly. CCE-13381-9User Configuration\Administrative Templates\Microsoft Office 2010\Server Settings\AD attribute containing Personal Site URL HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\portal^The "AD attribute containing Personal Site URL" common setting should be configured correctly. CCE-14606-8User Configuration\Administrative Templates\Microsoft Office 2010\Server Settings\Disable the Office client from polling the SharePoint Server for published links HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\portalThe "Disable the Office client from polling the SharePoint Server for published links" common setting should be configured correctly. CCE-12860-3User Configuration\Administrative Templates\Microsoft Office 2010\Server Settings\Allow file synchronization via SOAP over HTTP only on domain networks HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\fileiozThe "Allow file synchronization via SOAP over HTTP only on domain networks" common setting should be configured correctly. CCE-13640-8User Configuration\Administrative Templates\Microsoft Office 2010\Server Settings\Length AD Attribute containing Personal Site URL HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\portaleThe "Length AD Attribute containing Personal Site URL" common setting should be configured correctly. CCE-14167-1User Configuration\Administrative Templates\Microsoft Office 2010\Server Settings\Folder name for Published Links HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\portalTThe "Folder name for Published Links" common setting should be configured correctly. CCE-12685-4User Configuration\Administrative Templates\Microsoft Office 2010\Server Settings\Disable the user from setting the Personal Site URL HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\portalhThe "Disable the user from setting the Personal Site URL" common setting should be configured correctly. CCE-13783-6User Configuration\Administrative Templates\Microsoft Office 2010\Server Settings\Frequency for polling the server to download published links HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\portalqThe "Frequency for polling the server to download published links" common setting should be configured correctly. CCE-13540-0Computer Configuration\Administrative Templates\Microsoft PowerPoint 2010 (Machine)\Miscellaneous\Open Hyperlinks to documents in Windows Internet Explorer HKEY_LOCAL_MACHINE\software\policies\classes\powerpoint.slideshowmacroenabled.12zThe "Open Hyperlinks to documents in Windows Internet Explorer" machine PowerPoint setting should be configured correctly. CCE-11613-7User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\Calendar Options\Hide Send Latest Version button HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\calendarUThe "Hide Send Latest Version button" Outlook setting should be configured correctly. CCE-14098-8User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\Calendar Options\Calendar week numbers HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\calendarKThe "Calendar week numbers" Outlook setting should be configured correctly. CCE-13313-2User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\Calendar Options\Use this response when you propose new meeting times HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\calendarjThe "Use this response when you propose new meeting times" Outlook setting should be configured correctly. CCE-12595-5User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\Calendar Options\Control Calendar Sharing HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\calendarNThe "Control Calendar Sharing" Outlook setting should be configured correctly. CCE-12496-6User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\Calendar Options\Work week HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\calendar?The "Work week" Outlook setting should be configured correctly. CCE-13318-1User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\Calendar Options\First week of year HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\calendarHThe "First week of year" Outlook setting should be configured correctly. CCE-12319-0User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\Calendar Options\Include appointments only within working hours HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\pubcaldThe "Include appointments only within working hours" Outlook setting should be configured correctly. CCE-13966-7User Configuration\Administrative Templates\Micros< oft Outlook 2010\Outlook Options\Preferences\Calendar Options\First day of the week HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\calendarKThe "First day of the week" Outlook setting should be configured correctly. CCE-12342-2User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\Calendar Options\Do not provide Click to Add feature in calendar HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\calendareThe "Do not provide Click to Add feature in calendar" Outlook setting should be configured correctly. CCE-12392-7User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\Calendar Options\Working hours HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\calendarCThe "Working hours" Outlook setting should be configured correctly. CCE-13124-3User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\Calendar Options\Calendar item defaults HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\calendarLThe "Calendar item defaults" Outlook setting should be configured correctly. CCE-13915-4User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\Calendar Options\Secondary calendar settings HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\calendarQThe "Secondary calendar settings" Outlook setting should be configured correctly. CCE-14152-3User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\Calendar Options\Do not display reminders on Calendar items by default HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\preferenceskThe "Do not display reminders on Calendar items by default" Outlook setting should be configured correctly. CCE-12524-5User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\Calendar Options\Send Internet meeting requests using iCalendar format HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\calendarkThe "Send Internet meeting requests using iCalendar format" Outlook setting should be configured correctly. CCE-13938-6User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\Calendar Options\Show details of private appointments HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\todobarZThe "Show details of private appointments" Outlook setting should be configured correctly. CCE-14408-9User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\Calendar Options\Do not regenerate meetings HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\calendarPThe "Do not regenerate meetings" Outlook setting should be configured correctly. CCE-14024-4User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\Calendar Options\Hide lucky days when using Rokuyou (Japanese) calendar HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\calendarlThe "Hide lucky days when using Rokuyou (Japanese) calendar" Outlook setting should be configured correctly. CCE-12569-0User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\Calendar Options\Allow attendees to propose new times for meetings you organize HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\calendartThe "Allow attendees to propose new times for meetings you organize" Outlook setting should be configured correctly. CCE-13249-8User Configuration\Administrative Templates\Microsoft SharePoint Designer 2010\Default Authoring Options\Default Secondary Schema HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\sharepoint designer\restrictionsZThe "Default Secondary Schema" SharePoint Designer setting should be configured correctly. CCE-12543-5User Configuration\Administrative Templates\Microsoft SharePoint Designer 2010\Default Authoring Options\Default New Page Type HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\sharepoint designerWThe "Default New Page Type" SharePoint Designer setting should be configured correctly. CCE-12415-6User Configuration\Administrative Templates\Microsoft SharePoint Designer 2010\Default Authoring Options\Default CSS Schema HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\sharepoint designer\restrictionsTThe "Default CSS Schema" SharePoint Designer setting should be configured correctly. CCE-14521-9User Configuration\Administrative Templates\Microsoft SharePoint Designer 2010\Default Authoring Options\Default New Page Type on SharePoint HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\sharepoint designereThe "Default New Page Type on SharePoint" SharePoint Designer setting should be configured correctly. CCE-11915-6User Configuration\Administrative Templates\Microsoft SharePoint Designer 2010\Default Authoring Options\Default Doctype HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\sharepoint designer\restrictionsQThe "Default Doctype" SharePoint Designer setting should be configured correctly. CCE-14484-0User Configuration\Administrative Templates\Microsoft Outlook 2010\Miscellaneous\Prevent MAPI services from being added HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\The "Prevent MAPI services from being added" Outlook setting should be configured correctly. CCE-12428-9User Configuration\Administrative Templates\Microsoft Outlook 2010\Miscellaneous\Managing Categories during e-mail exchanges HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\preferencesaThe "Managing Categories during e-mail exchanges" Outlook setting should be configured correctly. CCE-12151-7User Configuration\Administrative Templates\Microsoft Outlook 2010\Miscellaneous\Do not download rights permission license information for IRM e-mail during Exchange folder sync HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\drmThe "Do not download rights permission license information for IRM e-mail during Exchange folder sync" common setting should be configured correctly. CCE-12702-7User Configuration\Administrative Templates\Microsoft Outlook 2010\Miscellaneous\PAB Migration HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\setupCThe "PAB Migration" Outlook setting should be configured correctly. CCE-13655-6User Configuration\Administrative Templates\Microsoft Outlook 2010\Miscellaneous\Disable Windows event logging for Outlook add-ins HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\logginggThe "Disable Windows event logging for Outlook add-ins" Outlook setting should be configured correctly. CCE-12071-7User Configuration\Administrative Templates\Microsoft Outlook 2010\Miscellaneous\Disable VLV Browsing on LDAP servers HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\ldapZThe "Disable VLV Browsing on LDAP servers" Outlook setting should be configured correctly. CCE-14114-3User Configuration\Administrative Templates\Microsoft Outlook 2010\Miscellaneous\Prevent users from adding e-mail account types HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\optionsdThe "Prevent users from adding e-mail account types" Outlook setting should be configured correctly. CCE-12555-9User Configuration\Administrative Templates\Microsoft Outlook 2010\Miscellaneous\Extend Outlook Autosave to include encrypted e-mail messages HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\mailsettingsqThe "Extend Outlook Autosave to include encrypted e-mail messages" common setting should be configured correctly. CCE-13683-8User Configuration\Administrative Templates\Microsoft Outlook 2010\Miscellaneous\Do not display "Open this task" button for workflow tasks HKEY_CURRENT_USER\software\policies\microsoft\office\common\workflownThe "Do not display "Open this task" button for workflow tasks" common set< ting should be configured correctly. CCE-14165-5User Configuration\Administrative Templates\Microsoft Outlook 2010\Miscellaneous\Add new categories HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\preferencesHThe "Add new categories" Outlook setting should be configured correctly. CCE-14197-8User Configuration\Administrative Templates\Microsoft Outlook 2010\Miscellaneous\Turn off SharePoint Portal Server Colleague Import HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\portal\colleagueimportgThe "Turn off SharePoint Portal Server Colleague Import" common setting should be configured correctly. CCE-12160-8User Configuration\Administrative Templates\Microsoft Outlook 2010\Miscellaneous\Turn off fast people search HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\imPThe "Turn off fast people search" common setting should be configured correctly. CCE-12741-5User Configuration\Administrative Templates\Microsoft Outlook 2010\Miscellaneous\Automatically show the Outlook Attachment pane when adding attachment HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\mailsettingszThe "Automatically show the Outlook Attachment pane when adding attachment" common setting should be configured correctly. CCE-12480-0User Configuration\Administrative Templates\Microsoft Outlook 2010\Miscellaneous\Only show Auto Account Setup on first boot HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options`The "Only show Auto Account Setup on first boot" Outlook setting should be configured correctly. CCE-14890-8User Configuration\Administrative Templates\Microsoft Outlook 2010\Miscellaneous\Do not expand Contact Groups HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\mailRThe "Do not expand Contact Groups" Outlook setting should be configured correctly. CCE-13920-4User Configuration\Administrative Templates\Microsoft Outlook 2010\Miscellaneous\Prevent users from making changes to Outlook profiles HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\setupkThe "Prevent users from making changes to Outlook profiles" Outlook setting should be configured correctly. CCE-12529-4User Configuration\Administrative Templates\Microsoft Outlook 2010\Miscellaneous\Do not show unread message count on Windows Welcome screen HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlookpThe "Do not show unread message count on Windows Welcome screen" Outlook setting should be configured correctly. CCE-11937-0User Configuration\Administrative Templates\Microsoft Outlook 2010\Miscellaneous\Specify delay before sending people search request HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\imgThe "Specify delay before sending people search request" common setting should be configured correctly. CCE-13563-2User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Today Settings\URL for custom Outlook Today HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\todayRThe "URL for custom Outlook Today" Outlook setting should be configured correctly. CCE-14028-5User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Today Settings\Outlook Today availability HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\todayPThe "Outlook Today availability" Outlook setting should be configured correctly. CCE-14596-1User Configuration\Administrative Templates\Microsoft SharePoint Workspace 2010\Groove Server Manager\Groove Server Manager Name HKEY_CURRENT_USER\software\policies\microsoft\office\groove\manager]The "Groove Server Manager Name" SharePoint Workspace setting should be configured correctly. CCE-13218-3User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\Web Options...\Browser\Disable features not supported by specified browsers HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\internetgThe "Disable features not supported by specified browsers" Word setting should be configured correctly. CCE-13108-6User Configuration\Administrative Templates\Microsoft Excel 2010\Disable Items in User Interface\Custom\Disable commands HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\disabledcmdbaritemslist CCE-14145-7User Configuration\Administrative Templates\Microsoft Excel 2010\Disable Items in User Interface\Custom\Disable shortcut keys HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\disabledshortcutkeyslist CCE-13622-6User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\Task Options\Do not display Quick Contacts in the To-Do Bar HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\todobardThe "Do not display Quick Contacts in the To-Do Bar" Outlook setting should be configured correctly. CCE-14379-2User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\Task Options\To-Do Bar Date Navigators HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\todobarOThe "To-Do Bar Date Navigators" Outlook setting should be configured correctly. CCE-12448-7User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\Task Options\Do not display the To-Do Bar HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\todobarRThe "Do not display the To-Do Bar" Outlook setting should be configured correctly. CCE-12500-5User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\Task Options\Disable task list HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\todobarGThe "Disable task list" Outlook setting should be configured correctly. CCE-12026-1User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Customize Ribbon\Display Developer tab in the Ribbon HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\options\The "Display Developer tab in the Ribbon" PowerPoint setting should be configured correctly. CCE-13046-8User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Proofing\AutoFormat as you type\Automatically as you type\Match parentheses HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\assistDThe "Match parentheses" Word setting should be configured correctly. CCE-12939-5 User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Proofing\AutoFormat as you type\Automatically as you type\Format beginning of list item like the one before it HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\assistgThe "Format beginning of list item like the one before it" Word setting should be configured correctly. CCE-14693-6User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Proofing\AutoFormat as you type\Automatically as you type\Define styles based on your formatting HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\assistYThe "Define styles based on your formatting" Word setting should be configured correctly. CCE-12790-2User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Proofing\AutoFormat as you type\Automatically as you type\Set left indent on tabs and backspace HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\assistXThe "Set left indent on tabs and backspace" Word setting should be configured correctly. CCE-13031-0User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Proofing\AutoFormat as you type\Automatically as you type\Insert closing phrase to match memo style HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\assist\The "Insert closing phrase to match memo style" Word setting should be configured correctly. CCE-13487-4User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Proofing\AutoFormat as you type\Automatically as you type\Auto space HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\< options\assist=The "Auto space" Word setting should be configured correctly. CCE-13512-9User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Proofing\AutoFormat as you type\Automatically as you type\Insert closing phrase to match Japanese salutation HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\assisteThe "Insert closing phrase to match Japanese salutation" Word setting should be configured correctly. CCE-13851-1User Configuration\Administrative Templates\Microsoft Outlook 2010\Customizable Error Messages\List of error messages to customize HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\customizablealertsYThe "List of error messages to customize" Outlook setting should be configured correctly. CCE-13538-4User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Social Connector\Turn off Outlook Social Connector HKEY_CURRENT_USER\software\policies\microsoft\office\outlook\socialconnectorWThe "Turn off Outlook Social Connector" Outlook setting should be configured correctly. CCE-12959-3User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Social Connector\Block Global Address List synchronization HKEY_CURRENT_USER\software\policies\microsoft\office\outlook\socialconnector_The "Block Global Address List synchronization" Outlook setting should be configured correctly. CCE-14043-4User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Social Connector\Specify list of social network providers to load HKEY_CURRENT_USER\software\policies\microsoft\office\outlook\socialconnectorfThe "Specify list of social network providers to load" Outlook setting should be configured correctly. CCE-13347-0User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Social Connector\Block social network contact synchronization HKEY_CURRENT_USER\software\policies\microsoft\office\outlook\socialconnectorbThe "Block social network contact synchronization" Outlook setting should be configured correctly. CCE-13834-7User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Social Connector\Prevent social network connectivity HKEY_CURRENT_USER\software\policies\microsoft\office\outlook\socialconnectorYThe "Prevent social network connectivity" Outlook setting should be configured correctly. CCE-14775-1User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Social Connector\Specify activity feed synchronization interval HKEY_CURRENT_USER\software\policies\microsoft\office\outlook\socialconnectordThe "Specify activity feed synchronization interval" Outlook setting should be configured correctly. CCE-14304-0User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Social Connector\Block specific social network providers HKEY_CURRENT_USER\software\policies\microsoft\office\outlook\socialconnector]The "Block specific social network providers" Outlook setting should be configured correctly. CCE-14899-9User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Social Connector\Do not allow on-demand activity synchronization HKEY_CURRENT_USER\software\policies\microsoft\office\outlook\socialconnectoreThe "Do not allow on-demand activity synchronization" Outlook setting should be configured correctly. CCE-11989-1User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Social Connector\Do not download photos from Active Directory HKEY_CURRENT_USER\software\policies\microsoft\office\outlook\socialconnectorbThe "Do not download photos from Active Directory" Outlook setting should be configured correctly. CCE-12664-9User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Social Connector\Set GAL contact synchronization interval HKEY_CURRENT_USER\software\policies\microsoft\office\outlook\socialconnector^The "Set GAL contact synchronization interval" Outlook setting should be configured correctly. CCE-11820-8User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Social Connector\Block network activity synchronization HKEY_CURRENT_USER\software\policies\microsoft\office\outlook\socialconnector\The "Block network activity synchronization" Outlook setting should be configured correctly. CCE-13975-8User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Social Connector\Do not show social network info-bars HKEY_CURRENT_USER\software\policies\microsoft\office\outlook\socialconnectorZThe "Do not show social network info-bars" Outlook setting should be configured correctly. CCE-14064-0User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Advanced\Save/Open\Show file save warnings HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\applicationKThe "Show file save warnings" Visio setting should be configured correctly. CCE-12632-6User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Advanced\Save/Open\Show file open warnings HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\applicationKThe "Show file open warnings" Visio setting should be configured correctly. CCE-13630-9User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Advanced\Save/Open\Language for file conversion HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\applicationPThe "Language for file conversion" Visio setting should be configured correctly. CCE-12688-8User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Advanced\General Options\Open each ShapeSheet in the same window HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\document[The "Open each ShapeSheet in the same window" Visio setting should be configured correctly. CCE-14504-5User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Advanced\General Options\Put all settings in Windows registry HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\applicationXThe "Put all settings in Windows registry" Visio setting should be configured correctly. CCE-13716-6User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Advanced\General Options\Enable Automation events HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\applicationLThe "Enable Automation events" Visio setting should be configured correctly. CCE-13364-5User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Proofing\Check spelling as you type HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\optionsSThe "Check spelling as you type" PowerPoint setting should be configured correctly. CCE-13886-7User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Proofing\Use contextual spelling HKEY_CURRENT_USER\software\policies\microsoft\shared tools\proofing tools\1.0\officeEThe "Use contextual spelling" setting should be configured correctly. CCE-13837-0Computer Configuration\Administrative Templates\Microsoft Office 2010 (Machine)\Volume Activation\Use only Token Activation HKEY_LOCAL_MACHINE\software\policies\microsoft\officesoftwareprotectionplatformOThe "Use only Token Activation" machine setting should be configured correctly. CCE-12252-3Computer Configuration\Administrative Templates\Microsoft Office 2010 (Machine)\Volume Activation\Prevent Token Activation dialog from closing HKEY_LOCAL_MACHINE\software\policies\microsoft\officesoftwareprotectionplatformbThe "Prevent Token Activation dialog from closing" machine setting should be configured correctly. CCE-14556-5User Configuration\Administrative Templates\Microsoft InfoPath 2010\Disable Items in User Interface\Custom\Disable commands HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\infopath\disabledcmdbaritemslist CCE-13675-4User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\Interface\Show indicators and Option butons for\Deletions in the Name column HKEY_CURRENT_USER\software\policies\microsoft\office\< 14.0\ms project\options\interfaceRThe "Deletions in the Name column" Project setting should be configured correctly. CCE-13116-9User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\Interface\Show indicators and Option butons for\Edits to start and finish dates HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\interfaceUThe "Edits to start and finish dates" Project setting should be configured correctly. CCE-13754-7User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\Interface\Show indicators and Option butons for\Edits to work, units or duration HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\interfaceVThe "Edits to work, units or duration" Project setting should be configured correctly. CCE-14651-4User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\Interface\Show indicators and Option butons for\Resource Assigments HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\interfaceIThe "Resource Assigments" Project setting should be configured correctly. CCE-13361-1User Configuration\Administrative Templates\Microsoft Office 2010\Global Options\Customize\Large icons HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\toolbars@The "Large icons" common setting should be configured correctly. CCE-14370-1User Configuration\Administrative Templates\Microsoft Office 2010\Global Options\Customize\Show shortcut keys in ScreenTips HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\toolbarsUThe "Show shortcut keys in ScreenTips" common setting should be configured correctly. CCE-13646-5User Configuration\Administrative Templates\Microsoft Office 2010\Global Options\Customize\Allow roaming of all user customizations HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\toolbars]The "Allow roaming of all user customizations" common setting should be configured correctly. CCE-14252-1User Configuration\Administrative Templates\Microsoft Office 2010\Global Options\Customize\Disable UI extending from documents and templates HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\toolbars\publisherfThe "Disable UI extending from documents and templates" common setting should be configured correctly. CCE-13908-9User Configuration\Administrative Templates\Microsoft Office 2010\Global Options\Customize\List font names in their font HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\toolbarsRThe "List font names in their font" common setting should be configured correctly. CCE-12477-6User Configuration\Administrative Templates\Microsoft Office 2010\Global Options\Customize\Menu animations HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\toolbarsDThe "Menu animations" common setting should be configured correctly. CCE-12212-7User Configuration\Administrative Templates\Microsoft Office 2010\Global Options\Customize\Do not show ScreenTips on toolbars HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\toolbarsWThe "Do not show ScreenTips on toolbars" common setting should be configured correctly. CCE-13327-2User Configuration\Administrative Templates\Microsoft Publisher 2010\Security\Prompt to allow fatally corrupt files to open instead of blocking them HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\publisher~The "Prompt to allow fatally corrupt files to open instead of blocking them" Publisher setting should be configured correctly. CCE-12353-9User Configuration\Administrative Templates\Microsoft Publisher 2010\Security\Publisher Automation Security Level HKEY_CURRENT_USER\software\policies\microsoft\office\common\securityXThe "Publisher Automation Security Level" common setting should be configured correctly. CCE-12446-1User Configuration\Administrative Templates\Microsoft PowerPoint 2010\File Tab\Check Accessibility\Stop checking that slide titles exist HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\accchecker^The "Stop checking that slide titles exist" PowerPoint setting should be configured correctly. CCE-14349-5User Configuration\Administrative Templates\Microsoft PowerPoint 2010\File Tab\Check Accessibility\Stop checking to ensure presentations allow programmatic access HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\acccheckerxThe "Stop checking to ensure presentations allow programmatic access" PowerPoint setting should be configured correctly. CCE-12984-1User Configuration\Administrative Templates\Microsoft PowerPoint 2010\File Tab\Check Accessibility\Stop checking for media files which might need captions HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\acccheckerpThe "Stop checking for media files which might need captions" PowerPoint setting should be configured correctly. CCE-13570-7User Configuration\Administrative Templates\Microsoft PowerPoint 2010\File Tab\Check Accessibility\Stop checking to ensure a meaningful order of objects on slides HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\acccheckerxThe "Stop checking to ensure a meaningful order of objects on slides" PowerPoint setting should be configured correctly. CCE-14428-7User Configuration\Administrative Templates\Microsoft PowerPoint 2010\File Tab\Check Accessibility\Stop checking to ensure hyperlink text is meaningful HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\acccheckermThe "Stop checking to ensure hyperlink text is meaningful" PowerPoint setting should be configured correctly. CCE-14903-9User Configuration\Administrative Templates\Microsoft PowerPoint 2010\File Tab\Check Accessibility\Stop checking for alt text accessibility information HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\acccheckermThe "Stop checking for alt text accessibility information" PowerPoint setting should be configured correctly. CCE-12286-1User Configuration\Administrative Templates\Microsoft PowerPoint 2010\File Tab\Check Accessibility\Stop checking for merged and split cells HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\acccheckeraThe "Stop checking for merged and split cells" PowerPoint setting should be configured correctly. CCE-13180-5User Configuration\Administrative Templates\Microsoft PowerPoint 2010\File Tab\Check Accessibility\Stop checking to ensure each slide has a unique title HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\acccheckernThe "Stop checking to ensure each slide has a unique title" PowerPoint setting should be configured correctly. CCE-13465-0User Configuration\Administrative Templates\Microsoft PowerPoint 2010\File Tab\Check Accessibility\Stop checking for blank table rows and columns HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\acccheckergThe "Stop checking for blank table rows and columns" PowerPoint setting should be configured correctly. CCE-14823-9User Configuration\Administrative Templates\Microsoft PowerPoint 2010\File Tab\Check Accessibility\Stop checking for table header accessibility information HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\acccheckerqThe "Stop checking for table header accessibility information" PowerPoint setting should be configured correctly. CCE-12654-0User Configuration\Administrative Templates\Microsoft Access 2010\Application Settings\International\General Alignment HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\access\settingsFThe "General Alignment" Access setting should be configured correctly. CCE-12417-2User Configuration\Administrative Templates\Microsoft Access 2010\Application Settings\International\Cursor movement HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\access\settingsDThe "Cursor movement" Access setting should be configured correctly. CCE-13393-4User Configuration\Administrative Templates\Microsoft Access 2010\Application Settings\International\Default direction HKEY_CURRENT_USER\software\< policies\microsoft\office\14.0\access\settingsFThe "Default direction" Access setting should be configured correctly. CCE-14376-8User Configuration\Administrative Templates\Microsoft OneNote 2010\OneNote Options\Add-ins\Disable installed OneNote Add-ins HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\onenote\securityWThe "Disable installed OneNote Add-ins" OneNote setting should be configured correctly. CCE-13914-7User Configuration\Administrative Templates\Microsoft OneNote 2010\OneNote Options\Add-ins\Disable OneNote COM API HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\onenote\securityMThe "Disable OneNote COM API" OneNote setting should be configured correctly. CCE-12925-4User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Customize Ribbon\Display Developer tab in the Ribbon HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\applicationWThe "Display Developer tab in the Ribbon" Visio setting should be configured correctly. CCE-11815-8User Configuration\Administrative Templates\Microsoft Access 2010\Tools | Security\Workgroup Administrator...\Path to shared Workgroup information file for secured MDB files HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\access\access connectivity engine\enginestThe "Path to shared Workgroup information file for secured MDB files" Access setting should be configured correctly. CCE-12825-6User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\View\Calendar Type\Calendar Type HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\viewCThe "Calendar Type" Project setting should be configured correctly. CCE-13577-2User Configuration\Administrative Templates\Microsoft Outlook 2010\Account Settings\Internet Calendars\Do not include Internet Calendar integration in Outlook HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\webcalmThe "Do not include Internet Calendar integration in Outlook" Outlook setting should be configured correctly. CCE-14936-9User Configuration\Administrative Templates\Microsoft Outlook 2010\Account Settings\Internet Calendars\Disable roaming of Internet Calendars HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\webcal[The "Disable roaming of Internet Calendars" Outlook setting should be configured correctly. CCE-13632-5User Configuration\Administrative Templates\Microsoft Outlook 2010\Account Settings\Internet Calendars\Default Internet Calendar subscriptions HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\accounts]The "Default Internet Calendar subscriptions" Outlook setting should be configured correctly. CCE-14207-5User Configuration\Administrative Templates\Microsoft Outlook 2010\Account Settings\Internet Calendars\Override published sync interval HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\webcal CCE-12902-3User Configuration\Administrative Templates\Microsoft Outlook 2010\Account Settings\Internet Calendars\Automatically download attachments HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\webcalXThe "Automatically download attachments" Outlook setting should be configured correctly. CCE-12745-6User Configuration\Administrative Templates\Microsoft Access 2010\Application Settings\General\Number of documents in the Recent Documents list HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\access\settingseThe "Number of documents in the Recent Documents list" Access setting should be configured correctly. CCE-12440-4User Configuration\Administrative Templates\Microsoft Access 2010\Application Settings\General\Default database folder HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\access\settingsLThe "Default database folder" Access setting should be configured correctly. CCE-13969-1User Configuration\Administrative Templates\Microsoft Publisher 2010\Publisher Options\Customize Ribbon\Display Developer tab in the Ribbon HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\publisher\preferences[The "Display Developer tab in the Ribbon" Publisher setting should be configured correctly. CCE-14520-1User Configuration\Administrative Templates\Microsoft Word 2010\Japanese Find\Match minus/dash/cho-on HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vpreffuzJThe "Match minus/dash/cho-on" Word setting should be configured correctly. CCE-12315-8User Configuration\Administrative Templates\Microsoft Word 2010\Japanese Find\Match hiragana/katakana HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vpreffuzJThe "Match hiragana/katakana" Word setting should be configured correctly. CCE-12313-3User Configuration\Administrative Templates\Microsoft Word 2010\Japanese Find\Match ia/iya (piano/piyano) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vpreffuzNThe "Match ia/iya (piano/piyano)" Word setting should be configured correctly. CCE-12887-6User Configuration\Administrative Templates\Microsoft Word 2010\Japanese Find\Match case HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vpreffuz=The "Match case" Word setting should be configured correctly. CCE-13421-3User Configuration\Administrative Templates\Microsoft Word 2010\Japanese Find\Match di/zi, du/zu HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vpreffuzEThe "Match di/zi, du/zu" Word setting should be configured correctly. CCE-12333-1User Configuration\Administrative Templates\Microsoft Word 2010\Japanese Find\Match contractions (yo-on, sokuon) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vpreffuzUThe "Match contractions (yo-on, sokuon)" Word setting should be configured correctly. CCE-14070-7User Configuration\Administrative Templates\Microsoft Word 2010\Japanese Find\Match old kana forms HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vpreffuzGThe "Match old kana forms" Word setting should be configured correctly. CCE-13766-1User Configuration\Administrative Templates\Microsoft Word 2010\Japanese Find\Ignore punctuation characters HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vpreffuzPThe "Ignore punctuation characters" Word setting should be configured correctly. CCE-14697-7User Configuration\Administrative Templates\Microsoft Word 2010\Japanese Find\Match variant-form kanji (itaiji) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vpreffuzTThe "Match variant-form kanji (itaiji)" Word setting should be configured correctly. CCE-13800-8User Configuration\Administrative Templates\Microsoft Word 2010\Japanese Find\Match ba/va, ha/fa HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vpreffuzEThe "Match ba/va, ha/fa" Word setting should be configured correctly. CCE-12330-7User Configuration\Administrative Templates\Microsoft Word 2010\Japanese Find\Match se/she, ze/je HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vpreffuzFThe "Match se/she, ze/je" Word setting should be configured correctly. CCE-13354-6User Configuration\Administrative Templates\Microsoft Word 2010\Japanese Find\Match tsi/thi/chi, dhi/zi HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vpreffuzLThe "Match tsi/thi/chi, dhi/zi" Word setting should be configured correctly. CCE-12997-3User Configuration\Administrative Templates\Microsoft Word 2010\Japanese Find\Match cho-on used for vowels HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vpreffuzOThe "Match cho-on used for vowels" Word setting should be configured correctly. CCE-12304-2User Configuration\Administrative Templates\Microsoft Word 2010\Japanese Find\Ignore whitespace characters HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vpreffuzOThe "Ignore whitespace characters" Word setting should be configured correctly. CCE-13699-4User Configuration\Administrative Templates\Microsoft Word < 2010\Japanese Find\Match full/half width form HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vpreffuzMThe "Match full/half width form" Word setting should be configured correctly. CCE-13718-2User Configuration\Administrative Templates\Microsoft Word 2010\Japanese Find\Match ki/ku (tekisuto/tekusuto) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vpreffuzRThe "Match ki/ku (tekisuto/tekusuto)" Word setting should be configured correctly. CCE-11607-9User Configuration\Administrative Templates\Microsoft Word 2010\Japanese Find\Match 'repeat character' marks HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vpreffuzQThe "Match 'repeat character' marks" Word setting should be configured correctly. CCE-13265-4User Configuration\Administrative Templates\Microsoft Word 2010\Japanese Find\Match hyu/iyu, byu/vyu HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vpreffuzIThe "Match hyu/iyu, byu/vyu" Word setting should be configured correctly. CCE-13513-7User Configuration\Administrative Templates\Microsoft Word 2010\Collaboration Settings\Co-authoring\Prevent co-authoring HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\coauthoringGThe "Prevent co-authoring" Word setting should be configured correctly. CCE-12233-3User Configuration\Administrative Templates\Microsoft Word 2010\Collaboration Settings\Co-authoring\Do not automatically merge server and local document HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\coauthoringgThe "Do not automatically merge server and local document" Word setting should be configured correctly. CCE-13557-4User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\Customize Ribbon\Display Developer tab in the Ribbon HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\settingsYThe "Display Developer tab in the Ribbon" Project setting should be configured correctly. CCE-14348-7User Configuration\Administrative Templates\Microsoft InfoPath 2010\InfoPath Options\Ink\Enter milliseconds before recognizing handwriting HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\infopath\editorcommonfThe "Enter milliseconds before recognizing handwriting" common setting should be configured correctly. CCE-13827-1User Configuration\Administrative Templates\Microsoft InfoPath 2010\InfoPath Options\Ink\Display a warning dialog box that user is entering text in Ink entry mode HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\infopath\editorcommon~The "Display a warning dialog box that user is entering text in Ink entry mode" common setting should be configured correctly. CCE-12853-8User Configuration\Administrative Templates\Microsoft InfoPath 2010\InfoPath Options\Ink\Display a shaded ink guide for handwriting HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\infopath\editorcommon_The "Display a shaded ink guide for handwriting" common setting should be configured correctly. CCE-11562-6User Configuration\Administrative Templates\Microsoft InfoPath 2010\InfoPath Options\Ink\Ink Entry HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\infopath\editorcommon>The "Ink Entry" common setting should be configured correctly. CCE-11859-6User Configuration\Administrative Templates\Microsoft Project 2010\Security\Previous-version file formats HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\securitySThe "Previous-version file formats" Project setting should be configured correctly. CCE-13097-1User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\Calculation\Calculation options for 'Project1'\Inserted projects are calculated like summary tasks HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\calculationiThe "Inserted projects are calculated like summary tasks" Project setting should be configured correctly. CCE-11826-5User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\Calculation\Calculation options for 'Project1'\Actual costs are always calculated by Microsoft Project HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\calculationmThe "Actual costs are always calculated by Microsoft Project" Project setting should be configured correctly. CCE-13267-0User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\Calculation\Calculation options for 'Project1'\And move start of remaining parts back to status date HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\calculationkThe "And move start of remaining parts back to status date" Project setting should be configured correctly. CCE-12452-9User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\Calculation\Calculation options for 'Project1'\Updating task status updates resource status HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\calculationbThe "Updating task status updates resource status" Project setting should be configured correctly. CCE-12530-2User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\Calculation\Calculation options for 'Project1'\Tasks are critical if slack is less than or equal to HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\calculationjThe "Tasks are critical if slack is less than or equal to" Project setting should be configured correctly. CCE-12184-8User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\Calculation\Calculation options for 'Project1'\Move end of completed parts after status date back to status date HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\calculationwThe "Move end of completed parts after status date back to status date" Project setting should be configured correctly. CCE-13146-6User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\Calculation\Calculation options for 'Project1'\Edits to total task % complete will be spread to the status date HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\calculationvThe "Edits to total task % complete will be spread to the status date" Project setting should be configured correctly. CCE-14184-6User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\Calculation\Calculation options for 'Project1'\Calculate multiple critical paths HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\calculationWThe "Calculate multiple critical paths" Project setting should be configured correctly. CCE-13765-3User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\Calculation\Calculation options for 'Project1'\Default fixed costs accrual HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\calculationQThe "Default fixed costs accrual" Project setting should be configured correctly. CCE-13780-2User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\Calculation\Calculation options for 'Project1'\And move end of completed parts forward to status date HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\calculationlThe "And move end of completed parts forward to status date" Project setting should be configured correctly. CCE-13474-2User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\Calculation\Calculation options for 'Project1'\Edits to total actual cost will be spread to the status date HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\calculationrThe "Edits to total actual cost will be spread to the status date" Project setting should be configured correctly. CCE-11952-9"User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\Calculation\Calculation options for 'Project1'\Move start of remaining parts before status date forward to status date HKEY_CURRENT_USER\software\policies\microsoft\off< ice\14.0\ms project\options\calculation}The "Move start of remaining parts before status date forward to status date" Project setting should be configured correctly. CCE-14624-1User Configuration\Administrative Templates\Microsoft OneNote 2010\OneNote Options\Backup\Automatically back up my notebook... HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\onenote\options\saveZThe "Automatically back up my notebook..." OneNote setting should be configured correctly. CCE-14485-7User Configuration\Administrative Templates\Microsoft OneNote 2010\OneNote Options\Backup\Number of backup copies to keep HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\onenote\options\saveUThe "Number of backup copies to keep" OneNote setting should be configured correctly. CCE-14123-4User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\General\User Interface Options\Turn off Live Preview HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\applicationIThe "Turn off Live Preview" Visio setting should be configured correctly. CCE-13876-8User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\General\User Interface Options\Turn off Live Preview in the Shapes window HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\application^The "Turn off Live Preview in the Shapes window" Visio setting should be configured correctly. CCE-13659-8User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\General\User Interface Options\Do not show Mini Toolbar on selection of text HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\applicationaThe "Do not show Mini Toolbar on selection of text" Visio setting should be configured correctly. CCE-14473-3User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Security\Macro Security\Enable Microsoft Visual Basic for Applications project creation HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\applicationsThe "Enable Microsoft Visual Basic for Applications project creation" Visio setting should be configured correctly. CCE-12432-1User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Security\Macro Security\Load Microsoft Visual Basic for Applications projects from text HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\applicationsThe "Load Microsoft Visual Basic for Applications projects from text" Visio setting should be configured correctly. CCE-13206-8User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Security\Trust Center\Trusted Location #2 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\security\trusted locations\location2UThe "Trust Center: Trusted Location #2" Visio setting should be configured correctly. CCE-13791-9User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Security\Trust Center\Trusted Location #20 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\security\trusted locations\location20VThe "Trust Center: Trusted Location #20" Visio setting should be configured correctly. CCE-14178-8User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Security\Trust Center\Require that application add-ins are signed by Trusted Publisher HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\securitytThe "Require that application add-ins are signed by Trusted Publisher" Visio setting should be configured correctly. CCE-12558-3User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Security\Trust Center\Trusted Location #8 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\security\trusted locations\location8UThe "Trust Center: Trusted Location #8" Visio setting should be configured correctly. CCE-13414-8User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Security\Trust Center\Turn off Data Execution Prevention HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\securityVThe "Turn off Data Execution Prevention" Visio setting should be configured correctly. CCE-12358-8User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Security\Trust Center\Trusted Location #7 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\security\trusted locations\location7UThe "Trust Center: Trusted Location #7" Visio setting should be configured correctly. CCE-11790-3User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Security\Trust Center\Trusted Location #12 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\security\trusted locations\location12VThe "Trust Center: Trusted Location #12" Visio setting should be configured correctly. CCE-14886-6User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Security\Trust Center\Turn off Trusted Documents on the network HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\security\trusted documents]The "Turn off Trusted Documents on the network" Visio setting should be configured correctly. CCE-13055-9User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Security\Trust Center\Trusted Location #16 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\security\trusted locations\location16VThe "Trust Center: Trusted Location #16" Visio setting should be configured correctly. CCE-12297-8User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Security\Trust Center\Turn off trusted documents HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\security\trusted documentsNThe "Turn off trusted documents" Visio setting should be configured correctly. CCE-12218-4User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Security\Trust Center\Trusted Location #5 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\security\trusted locations\location5UThe "Trust Center: Trusted Location #5" Visio setting should be configured correctly. CCE-13988-1User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Security\Trust Center\Trusted Location #3 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\security\trusted locations\location3UThe "Trust Center: Trusted Location #3" Visio setting should be configured correctly. CCE-13390-0User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Security\Trust Center\Trusted Location #1 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\security\trusted locations\location1UThe "Trust Center: Trusted Location #1" Visio setting should be configured correctly. CCE-13010-4User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Security\Trust Center\Disable all trusted locations HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\security\trusted locationsQThe "Disable all trusted locations" Visio setting should be configured correctly. CCE-12526-0User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Security\Trust Center\Trusted Location #6 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\security\trusted locations\location6UThe "Trust Center: Trusted Location #6" Visio setting should be configured correctly. CCE-12122-8User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Security\Trust Center\Trusted Location #18 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\security\trusted locations\location18VThe "Trust Center: Trusted Location #18" Visio setting should be configured correctly. CCE-13403-1User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Security\Trust Center\Trusted Location #19 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\security\trusted locations\location19VThe "Trust Center: Trusted Location #19" Visio setting should be configured correctly. CCE-13665-5User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Optio< ns\Security\Trust Center\Trusted Location #11 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\security\trusted locations\location11VThe "Trust Center: Trusted Location #11" Visio setting should be configured correctly. CCE-13896-6User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Security\Trust Center\Trusted Location #10 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\security\trusted locations\location10VThe "Trust Center: Trusted Location #10" Visio setting should be configured correctly. CCE-12380-2User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Security\Trust Center\Trusted Location #9 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\security\trusted locations\location9UThe "Trust Center: Trusted Location #9" Visio setting should be configured correctly. CCE-12533-6User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Security\Trust Center\Set maximum number of trusted documents HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\security\trusted documents[The "Set maximum number of trusted documents" Visio setting should be configured correctly. CCE-11868-7User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Security\Trust Center\Trusted Location #15 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\security\trusted locations\location15VThe "Trust Center: Trusted Location #15" Visio setting should be configured correctly. CCE-13479-1User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Security\Trust Center\VBA Macro Notification Settings HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\securitySThe "VBA Macro Notification Settings" Visio setting should be configured correctly. CCE-12052-7User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Security\Trust Center\Trusted Location #13 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\security\trusted locations\location13VThe "Trust Center: Trusted Location #13" Visio setting should be configured correctly. CCE-13468-4User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Security\Trust Center\Trusted Location #4 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\security\trusted locations\location4UThe "Trust Center: Trusted Location #4" Visio setting should be configured correctly. CCE-13496-5User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Security\Trust Center\Trusted Location #17 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\security\trusted locations\location17VThe "Trust Center: Trusted Location #17" Visio setting should be configured correctly. CCE-13145-8User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Security\Trust Center\Disable all application add-ins HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\securitySThe "Disable all application add-ins" Visio setting should be configured correctly. CCE-14637-3User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Security\Trust Center\Set maximum number of trust records to preserve HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\security\trusted documentscThe "Set maximum number of trust records to preserve" Visio setting should be configured correctly. CCE-13409-8User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Security\Trust Center\Allow Trusted Locations on the network HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\security\trusted locationsZThe "Allow Trusted Locations on the network" Visio setting should be configured correctly. CCE-12616-9User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Security\Trust Center\Trusted Location #14 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\security\trusted locations\location14VThe "Trust Center: Trusted Location #14" Visio setting should be configured correctly. CCE-12651-6User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Security\Trust Center\Disable Trust Bar Notification for unsigned application add-ins and block them HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\securityThe "Disable Trust Bar Notification for unsigned application add-ins and block them" Visio setting should be configured correctly. CCE-12444-6User Configuration\Administrative Templates\Microsoft Outlook 2010\Security\Prevent users from customizing attachment security settings HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlookqThe "Prevent users from customizing attachment security settings" Outlook setting should be configured correctly. CCE-12962-7User Configuration\Administrative Templates\Microsoft Outlook 2010\Security\Disable 'Remember password' for Internet e-mail accounts HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\securitynThe "Disable 'Remember password' for Internet e-mail accounts" Outlook setting should be configured correctly. CCE-12618-5User Configuration\Administrative Templates\Microsoft Outlook 2010\Security\Do not automatically sign replies HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\securityWThe "Do not automatically sign replies" Outlook setting should be configured correctly. CCE-14219-0User Configuration\Administrative Templates\Microsoft Outlook 2010\Security\Allow Active X One Off Forms HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\securityRThe "Allow Active X One Off Forms" Outlook setting should be configured correctly. CCE-13784-4User Configuration\Administrative Templates\Microsoft Outlook 2010\Security\Configure Add-In Trust Level HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\securityRThe "Configure Add-In Trust Level" Outlook setting should be configured correctly. CCE-12816-5User Configuration\Administrative Templates\Microsoft Outlook 2010\Security\Prompt user to choose security settings if default settings fail HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\securityvThe "Prompt user to choose security settings if default settings fail" Outlook setting should be configured correctly. CCE-14866-8User Configuration\Administrative Templates\Microsoft Outlook 2010\Security\Use Protected View for attachments received from internal senders HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\securitywThe "Use Protected View for attachments received from internal senders" Outlook setting should be configured correctly. CCE-14476-6User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Do not allow expired certificates when validating signatures HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\signaturesqThe "Do not allow expired certificates when validating signatures" common setting should be configured correctly. CCE-14199-4User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Check OLE objects HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\com categoriesFThe "Check OLE objects" common setting should be configured correctly. CCE-13656-4User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Check ActiveX objects HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\com categoriesJThe "Check ActiveX objects" common setting should be configured correctly. CCE-12055-0User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Encryption type for password protected Office 97-2003 files HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\securitypThe "Encryption type for password protected Office 97-2003 files" common setting should be configured correctly. CCE-13030-2User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Load Controls in Forms3 HKEY_CURRENT_USER\softw< are\policies\microsoft\vba\securityEThe "Load Controls in Forms3" setting should be configured correctly. CCE-12146-7User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Set password rules level HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\security\passwordcomplexityMThe "Set password rules level" common setting should be configured correctly. CCE-14173-9User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Encrypt document properties HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\securityPThe "Encrypt document properties" common setting should be configured correctly. CCE-11532-9User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Disable VBA for Office applications HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\commonXThe "Disable VBA for Office applications" common setting should be configured correctly. CCE-11675-6User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Disable all Trust Bar notifications for security issues HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\trustcenterlThe "Disable all Trust Bar notifications for security issues" common setting should be configured correctly. CCE-13353-8User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Set password rules domain timeout HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\security\passwordcomplexityVThe "Set password rules domain timeout" common setting should be configured correctly. CCE-14471-7User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Prevent Word and Excel from loading managed code extensions HKEY_CURRENT_USER\software\policies\microsoft\office\common\smart tagpThe "Prevent Word and Excel from loading managed code extensions" common setting should be configured correctly. CCE-14561-5User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Automation Security HKEY_CURRENT_USER\software\policies\microsoft\office\common\securityHThe "Automation Security" common setting should be configured correctly. CCE-14658-9User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Set password hash format as ISO-compliant HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\security^The "Set password hash format as ISO-compliant" common setting should be configured correctly. CCE-14045-9User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Requested XAdES level for signature generation HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\signaturescThe "Requested XAdES level for signature generation" common setting should be configured correctly. CCE-13844-6User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Check OWC data source providers HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\com categoriesTThe "Check OWC data source providers" common setting should be configured correctly. CCE-13591-3User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Check Excel RTD servers HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\com categoriesLThe "Check Excel RTD servers" common setting should be configured correctly. CCE-12185-5User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Protect document metadata for password protected files HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\securitykThe "Protect document metadata for password protected files" common setting should be configured correctly. CCE-13204-3User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Set minimum password length HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\security\passwordcomplexityPThe "Set minimum password length" common setting should be configured correctly. CCE-13734-9User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Set timestamp server timeout HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\signaturesQThe "Set timestamp server timeout" common setting should be configured correctly. CCE-13878-4User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Require OCSP at signature generation time HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\signatures^The "Require OCSP at signature generation time" common setting should be configured correctly. CCE-13597-0User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Disable password to open UI HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\securityPThe "Disable password to open UI" common setting should be configured correctly. CCE-13658-0User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Check the XAdES portions of a digital signature HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\signaturesdThe "Check the XAdES portions of a digital signature" common setting should be configured correctly. CCE-13273-8User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Protect document metadata for rights managed Office Open XML Files HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\securitywThe "Protect document metadata for rights managed Office Open XML Files" common setting should be configured correctly. CCE-13998-0User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Encryption type for password protected Office Open XML files HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\securityqThe "Encryption type for password protected Office Open XML files" common setting should be configured correctly. CCE-11982-6User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\ActiveX Control Initialization HKEY_CURRENT_USER\software\policies\microsoft\office\common\securitySThe "ActiveX Control Initialization" common setting should be configured correctly. CCE-12689-6User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Select digital signature hashing algorithm HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\signatures_The "Select digital signature hashing algorithm" common setting should be configured correctly. CCE-12299-4User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Configure time stamping hashing algorithm HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\signatures^The "Configure time stamping hashing algorithm" common setting should be configured correctly. CCE-14166-3User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Do not include XAdES reference object in the manifest HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\signaturesjThe "Do not include XAdES reference object in the manifest" common setting should be configured correctly. CCE-14352-9User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Disable All ActiveX HKEY_CURRENT_USER\software\policies\microsoft\office\common\securityHThe "Disable All ActiveX" common setting should be configured correctly. CCE-14040-0User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Set signature verification level HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\signaturesUThe "Set signature verification level" common setting should be configured correctly. CCE-12539-3User Configuration\Administrative Templates\Microsoft Outlook 2010\Account Settings\IMAP\Turn on purge when switching folders HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\mailZThe "Turn on purge when switching folders" Outlook setting should be configured correctly. CCE-13153-2User Configuration\Administrat< ive Templates\Microsoft OneNote 2010\OneNote Options\Audio and Video\Specify number of bits to sample when recording HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\onenote\options\audioeThe "Specify number of bits to sample when recording" OneNote setting should be configured correctly. CCE-13455-1User Configuration\Administrative Templates\Microsoft OneNote 2010\OneNote Options\Audio and Video\Disable Linked Audio feature HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\onenote\options\audioRThe "Disable Linked Audio feature" OneNote setting should be configured correctly. CCE-13044-3User Configuration\Administrative Templates\Microsoft OneNote 2010\OneNote Options\Audio and Video\Specify rate to sample audio (bits/second) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\onenote\options\audio`The "Specify rate to sample audio (bits/second)" OneNote setting should be configured correctly. CCE-13739-8User Configuration\Administrative Templates\Microsoft OneNote 2010\OneNote Options\Audio and Video\Disable audio search HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\onenote\options\otherJThe "Disable audio search" OneNote setting should be configured correctly. CCE-13897-4User Configuration\Administrative Templates\Microsoft OneNote 2010\OneNote Options\Audio and Video\Choose default codec to be used for Video notebook HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\onenote\options\audiohThe "Choose default codec to be used for Video notebook" OneNote setting should be configured correctly. CCE-12229-1User Configuration\Administrative Templates\Microsoft OneNote 2010\OneNote Options\Audio and Video\Specify number of channels to record HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\onenote\options\audioZThe "Specify number of channels to record" OneNote setting should be configured correctly. CCE-12000-6User Configuration\Administrative Templates\Microsoft OneNote 2010\OneNote Options\Audio and Video\Rewind from start of paragraph by the following number of seconds HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\onenote\options\audiowThe "Rewind from start of paragraph by the following number of seconds" OneNote setting should be configured correctly. CCE-12829-8User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\Calculation\Calculation options for 'Project1'\Earned Value options for Project1\Default task Earned Value method HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\calculationVThe "Default task Earned Value method" Project setting should be configured correctly. CCE-12398-4#User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\Calculation\Calculation options for 'Project1'\Earned Value options for Project1\Baseline for Earned Value calculations HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\calculation\The "Baseline for Earned Value calculations" Project setting should be configured correctly. CCE-13649-9User Configuration\Administrative Templates\Microsoft SharePoint Designer 2010\Disable Items in User Interface\Custom\Disable commands HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\sharepoint designer\disabledcmdbaritemslistRThe "Disable commands" SharePoint Designer setting should be configured correctly. CCE-13612-7User Configuration\Administrative Templates\Microsoft Office 2010\Collaboration Settings\Co-authoring\Set document synchronization timeout HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\internetYThe "Set document synchronization timeout" common setting should be configured correctly. CCE-12676-3User Configuration\Administrative Templates\Microsoft Project 2010\Security\Trust Center\Turn off Data Execution Prevention HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\securityXThe "Turn off Data Execution Prevention" Project setting should be configured correctly. CCE-12696-1User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\Calendar\Use starting year for FY numbering HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\calendarXThe "Use starting year for FY numbering" Project setting should be configured correctly. CCE-12835-5User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\Calendar\Hours per week HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\calendarDThe "Hours per week" Project setting should be configured correctly. CCE-13284-5User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\Calendar\Hours per day HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\calendarCThe "Hours per day" Project setting should be configured correctly. CCE-12462-8User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\Calendar\Fiscal year starts in HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\calendarKThe "Fiscal year starts in" Project setting should be configured correctly. CCE-13187-0User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\Calendar\Week starts on HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\calendarDThe "Week starts on" Project setting should be configured correctly. CCE-14489-9User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\Calendar\Days per month HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\calendarDThe "Days per month" Project setting should be configured correctly. CCE-12021-2User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\Calendar\Default start time HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\calendarHThe "Default start time" Project setting should be configured correctly. CCE-14201-8User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\Calendar\Default end time HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\calendarFThe "Default end time" Project setting should be configured correctly. CCE-13159-9User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Proofing\AutoFormat as you type\Apply as you type\Headings HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\assist;The "Headings" Word setting should be configured correctly. CCE-13510-3User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Proofing\AutoFormat as you type\Apply as you type\Automatic bulleted lists HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\assistKThe "Automatic bulleted lists" Word setting should be configured correctly. CCE-13483-3User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Proofing\AutoFormat as you type\Apply as you type\Date style HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\assist=The "Date style" Word setting should be configured correctly. CCE-14430-3User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Proofing\AutoFormat as you type\Apply as you type\Automatic numbered lists HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\assistKThe "Automatic numbered lists" Word setting should be configured correctly. CCE-12833-0User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Proofing\AutoFormat as you type\Apply as you type\Border lines HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\assist?The "Border lines" Word setting should be configured correctly. CCE-14841-1User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Proofing\AutoFormat as you type\Apply as you type\Tables HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\assist9The "Tables" Word setting should be configured correctly. CCE-14276-0User Configurati< on\Administrative Templates\Microsoft Word 2010\Word Options\Proofing\AutoFormat as you type\Apply as you type\Closing style to letter closings HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\assistSThe "Closing style to letter closings" Word setting should be configured correctly. CCE-12620-1User Configuration\Administrative Templates\Microsoft Office 2010\Server Settings\SharePoint Server\Minimum time before starting Colleague recommendation scan HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\portal\colleagueimportoThe "Minimum time before starting Colleague recommendation scan" common setting should be configured correctly. CCE-12089-9User Configuration\Administrative Templates\Microsoft Office 2010\Server Settings\SharePoint Server\Maximum number of rows fetched per request while populating a lookup in the SharePoint list control HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\list\settingsThe "Maximum number of rows fetched per request while populating a lookup in the SharePoint list control" setting should be configured correctly. CCE-12210-1User Configuration\Administrative Templates\Microsoft Office 2010\Server Settings\SharePoint Server\Maximum number of days to scan from today to determine the user's colleagues for recommendation HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\portal\colleagueimportThe "Maximum number of days to scan from today to determine the user's colleagues for recommendation" common setting should be configured correctly. CCE-13637-4 User Configuration\Administrative Templates\Microsoft Office 2010\Server Settings\SharePoint Server\Enable Colleague Import Outlook Add-in to work with Microsoft SharePoint Server HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\portal\colleagueimportThe "Enable Colleague Import Outlook Add-in to work with Microsoft SharePoint Server" common setting should be configured correctly. CCE-13020-3User Configuration\Administrative Templates\Microsoft Office 2010\Server Settings\SharePoint Server\Minimum time to wait before rescanning the Outlook mailbox for new colleague recommendations HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\portal\colleagueimportThe "Minimum time to wait before rescanning the Outlook mailbox for new colleague recommendations" common setting should be configured correctly. CCE-13237-3User Configuration\Administrative Templates\Microsoft Office 2010\Server Settings\SharePoint Server\Maximum number of items to scan from today to determine the user's colleagues for recommendation HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\portal\colleagueimportThe "Maximum number of items to scan from today to determine the user's colleagues for recommendation" common setting should be configured correctly. CCE-14684-5)User Configuration\Administrative Templates\Microsoft Office 2010\Server Settings\SharePoint Server\Maximum number of recipients in an Outlook item to scan to determine the user's colleagues for recommendation HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\portal\colleagueimportThe "Maximum number of recipients in an Outlook item to scan to determine the user's colleagues for recommendation" common setting should be configured correctly. CCE-14534-2User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Save\Save AutoRecover info HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vprefHThe "Save AutoRecover info" Word setting should be configured correctly. CCE-13370-2User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Save\Keep the last AutoSaved versions of files for the next session HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\optionsqThe "Keep the last AutoSaved versions of files for the next session" Word setting should be configured correctly. CCE-12604-5User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Save\Do not display file format compatibility dialog box for OpenDocument text format HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\optionsThe "Do not display file format compatibility dialog box for OpenDocument text format" Word setting should be configured correctly. CCE-12464-4User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Save\Save As Open XML in Compatibility Mode HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\optionsYThe "Save As Open XML in Compatibility Mode" Word setting should be configured correctly. CCE-12208-5User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Save\Set default compatibility mode on file creation HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\optionsbThe "Set default compatibility mode on file creation" Word setting should be configured correctly. CCE-14325-5User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Save\Default file format HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\optionsFThe "Default file format" Word setting should be configured correctly. CCE-13009-6User Configuration\Administrative Templates\Microsoft Office 2010\Tools | Options | General | Web Options...\Encoding\Default or specific encoding HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\internetQThe "Default or specific encoding" common setting should be configured correctly. CCE-12747-2User Configuration\Administrative Templates\Microsoft InfoPath 2010\InfoPath Options\Spelling & Grammar\Hide spelling errors HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\infopath\proofingKThe "Hide spelling errors" InfoPath setting should be configured correctly. CCE-13796-8User Configuration\Administrative Templates\Microsoft Office 2010\Collaboration Settings\Outlook: 'send for review' HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\mailPThe "Outlook: 'send for review'" Outlook setting should be configured correctly. CCE-14416-2User Configuration\Administrative Templates\Microsoft Office 2010\Collaboration Settings\Max number of documents being reviewed using ad hoc review HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\reviewcycle\adhoc\docslotsoThe "Max number of documents being reviewed using ad hoc review" common setting should be configured correctly. CCE-13829-7User Configuration\Administrative Templates\Microsoft Office 2010\Collaboration Settings\Do not prompt users to share Excel workbooks when sending for review HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\optionsxThe "Do not prompt users to share Excel workbooks when sending for review" Excel setting should be configured correctly. CCE-12845-4User Configuration\Administrative Templates\Microsoft Office 2010\Collaboration Settings\Default subject for a review request HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\reviewcycleYThe "Default subject for a review request" common setting should be configured correctly. CCE-14302-4User Configuration\Administrative Templates\Microsoft Office 2010\Collaboration Settings\Prompt for sending reviewed document to author HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\generalcThe "Prompt for sending reviewed document to author" common setting should be configured correctly. CCE-14433-7User Configuration\Administrative Templates\Microsoft Office 2010\Collaboration Settings\Outlook: Ad hoc reviewing HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\mailOThe "Outlook: Ad hoc reviewing" Outlook setting should be configured correctly. CCE-13445-2User Configuration\Administrative Templates\Microsoft Office 2010\Collaboration Settings\Max number of documents being reviewed using 'send for review' HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\reviewcycle\docslotssThe "Max number of documents being reviewed using 'send for review'" common setting should be configured correctly. CCE-13270-4< User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\Junk E-mail\Trust e-mail from contacts HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\mailPThe "Trust e-mail from contacts" Outlook setting should be configured correctly. CCE-12912-2User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\Junk E-mail\Hide warnings about suspicious domain names in e-mail addresses HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\mailuThe "Hide warnings about suspicious domain names in e-mail addresses" Outlook setting should be configured correctly. CCE-14022-8User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\Junk E-mail\Permanently delete Junk E-mail HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\mailTThe "Permanently delete Junk E-mail" Outlook setting should be configured correctly. CCE-12921-3User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\Junk E-mail\Junk E-mail protection level HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\mailRThe "Junk E-mail protection level" Outlook setting should be configured correctly. CCE-14452-7User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\Junk E-mail\Add e-mail recipients to users' Safe Senders Lists HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\mailhThe "Add e-mail recipients to users' Safe Senders Lists" Outlook setting should be configured correctly. CCE-13462-7User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\Junk E-mail\Specify path to Safe Senders list HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\mailWThe "Specify path to Safe Senders list" Outlook setting should be configured correctly. CCE-14877-5User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\Junk E-mail\Specify path to Blocked Senders list HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\mailZThe "Specify path to Blocked Senders list" Outlook setting should be configured correctly. CCE-13272-0User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\Junk E-mail\Hide Junk Mail UI HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlookGThe "Hide Junk Mail UI" Outlook setting should be configured correctly. CCE-13359-5User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\Junk E-mail\Specify path to Safe Recipients list HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\mailZThe "Specify path to Safe Recipients list" Outlook setting should be configured correctly. CCE-12916-3User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\Junk E-mail\Overwrite or Append Junk Mail Import List HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\mail_The "Overwrite or Append Junk Mail Import List" Outlook setting should be configured correctly. CCE-13293-6User Configuration\Administrative Templates\Microsoft Publisher 2010\Disable Items in User Interface\Predefined\Disable commands HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\publisher\disabledcmdbaritemscheckboxes CCE-12167-3User Configuration\Administrative Templates\Microsoft Access 2010\Application Settings\Security\Cryptography\Configure CNG cipher chaining mode HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\access\security\cryptoWThe "Configure CNG cipher chaining mode" Access setting should be configured correctly. CCE-13721-6User Configuration\Administrative Templates\Microsoft Access 2010\Application Settings\Security\Cryptography\Specify CNG random number generator algorithm HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\access\security\cryptobThe "Specify CNG random number generator algorithm" Access setting should be configured correctly. CCE-13608-5User Configuration\Administrative Templates\Microsoft Access 2010\Application Settings\Security\Cryptography\Set parameters for CNG context HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\access\security\cryptoSThe "Set parameters for CNG context" Access setting should be configured correctly. CCE-12986-6User Configuration\Administrative Templates\Microsoft Access 2010\Application Settings\Security\Cryptography\Set CNG password spin count HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\access\security\cryptoPThe "Set CNG password spin count" Access setting should be configured correctly. CCE-13584-8User Configuration\Administrative Templates\Microsoft Access 2010\Application Settings\Security\Cryptography\Set CNG cipher key length HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\access\security\cryptoNThe "Set CNG cipher key length" Access setting should be configured correctly. CCE-14295-0User Configuration\Administrative Templates\Microsoft Access 2010\Application Settings\Security\Cryptography\Specify CNG salt length HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\access\security\cryptoLThe "Specify CNG salt length" Access setting should be configured correctly. CCE-12782-9User Configuration\Administrative Templates\Microsoft Access 2010\Application Settings\Security\Cryptography\Set CNG cipher algorithm HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\access\security\cryptoMThe "Set CNG cipher algorithm" Access setting should be configured correctly. CCE-13902-2User Configuration\Administrative Templates\Microsoft Access 2010\Application Settings\Security\Cryptography\Specify encryption compatibility HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\access\security\cryptoUThe "Specify encryption compatibility" Access setting should be configured correctly. CCE-12726-6User Configuration\Administrative Templates\Microsoft Access 2010\Application Settings\Security\Cryptography\Specify CNG hash algorithm HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\access\security\cryptoOThe "Specify CNG hash algorithm" Access setting should be configured correctly. CCE-12498-2User Configuration\Administrative Templates\Microsoft Project 2010\Security\Tools | Macro\Security Level HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\securityDThe "Security Level" Project setting should be configured correctly. CCE-14100-2User Configuration\Administrative Templates\Microsoft Access 2010\Application Settings\Security\Trust Center\Trusted Locations\Trusted Location #14 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\access\security\trusted locations\location14WThe "Trust Center: Trusted Location #14" Access setting should be configured correctly. CCE-13518-6User Configuration\Administrative Templates\Microsoft Access 2010\Application Settings\Security\Trust Center\Trusted Locations\Trusted Location #9 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\access\security\trusted locations\location9VThe "Trust Center: Trusted Location #9" Access setting should be configured correctly. CCE-12894-2User Configuration\Administrative Templates\Microsoft Access 2010\Application Settings\Security\Trust Center\Trusted Locations\Trusted Location #1 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\access\security\trusted locations\location1VThe "Trust Center: Trusted Location #1" Access setting should be configured correctly. CCE-14740-5User Configuration\Administrative Templates\Microsoft Access 2010\Application Settings\Security\Trust Center\Trusted Locations\Trusted Location #17 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\access\security\trusted locations\location17WThe "Trust Center: Trusted Location #17" Access setting should be configured correctly. CCE-12400-8User Configuration\Administrative Templates\Microsoft Access 2010\Application Se< ttings\Security\Trust Center\Trusted Locations\Trusted Location #8 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\access\security\trusted locations\location8VThe "Trust Center: Trusted Location #8" Access setting should be configured correctly. CCE-13690-3User Configuration\Administrative Templates\Microsoft Access 2010\Application Settings\Security\Trust Center\Trusted Locations\Trusted Location #6 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\access\security\trusted locations\location6VThe "Trust Center: Trusted Location #6" Access setting should be configured correctly. CCE-12731-6User Configuration\Administrative Templates\Microsoft Access 2010\Application Settings\Security\Trust Center\Trusted Locations\Trusted Location #15 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\access\security\trusted locations\location15WThe "Trust Center: Trusted Location #15" Access setting should be configured correctly. CCE-11480-1User Configuration\Administrative Templates\Microsoft Access 2010\Application Settings\Security\Trust Center\Trusted Locations\Trusted Location #12 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\access\security\trusted locations\location12WThe "Trust Center: Trusted Location #12" Access setting should be configured correctly. CCE-13693-7User Configuration\Administrative Templates\Microsoft Access 2010\Application Settings\Security\Trust Center\Trusted Locations\Trusted Location #10 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\access\security\trusted locations\location10WThe "Trust Center: Trusted Location #10" Access setting should be configured correctly. CCE-14221-6User Configuration\Administrative Templates\Microsoft Access 2010\Application Settings\Security\Trust Center\Trusted Locations\Trusted Location #2 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\access\security\trusted locations\location2VThe "Trust Center: Trusted Location #2" Access setting should be configured correctly. CCE-12982-5User Configuration\Administrative Templates\Microsoft Access 2010\Application Settings\Security\Trust Center\Trusted Locations\Trusted Location #11 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\access\security\trusted locations\location11WThe "Trust Center: Trusted Location #11" Access setting should be configured correctly. CCE-14162-2User Configuration\Administrative Templates\Microsoft Access 2010\Application Settings\Security\Trust Center\Trusted Locations\Trusted Location #18 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\access\security\trusted locations\location18WThe "Trust Center: Trusted Location #18" Access setting should be configured correctly. CCE-12411-5User Configuration\Administrative Templates\Microsoft Access 2010\Application Settings\Security\Trust Center\Trusted Locations\Trusted Location #4 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\access\security\trusted locations\location4VThe "Trust Center: Trusted Location #4" Access setting should be configured correctly. CCE-12675-5User Configuration\Administrative Templates\Microsoft Access 2010\Application Settings\Security\Trust Center\Trusted Locations\Trusted Location #7 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\access\security\trusted locations\location7VThe "Trust Center: Trusted Location #7" Access setting should be configured correctly. CCE-14789-2User Configuration\Administrative Templates\Microsoft Access 2010\Application Settings\Security\Trust Center\Trusted Locations\Trusted Location #16 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\access\security\trusted locations\location16WThe "Trust Center: Trusted Location #16" Access setting should be configured correctly. CCE-13021-1User Configuration\Administrative Templates\Microsoft Access 2010\Application Settings\Security\Trust Center\Trusted Locations\Trusted Location #3 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\access\security\trusted locations\location3VThe "Trust Center: Trusted Location #3" Access setting should be configured correctly. CCE-12608-6User Configuration\Administrative Templates\Microsoft Access 2010\Application Settings\Security\Trust Center\Trusted Locations\Trusted Location #19 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\access\security\trusted locations\location19WThe "Trust Center: Trusted Location #19" Access setting should be configured correctly. CCE-13642-4User Configuration\Administrative Templates\Microsoft Access 2010\Application Settings\Security\Trust Center\Trusted Locations\Disable all trusted locations HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\access\security\trusted locationsRThe "Disable all trusted locations" Access setting should be configured correctly. CCE-13937-8User Configuration\Administrative Templates\Microsoft Access 2010\Application Settings\Security\Trust Center\Trusted Locations\Trusted Location #20 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\access\security\trusted locations\location20WThe "Trust Center: Trusted Location #20" Access setting should be configured correctly. CCE-14324-8User Configuration\Administrative Templates\Microsoft Access 2010\Application Settings\Security\Trust Center\Trusted Locations\Allow Trusted Locations on the network HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\access\security\trusted locations[The "Allow Trusted Locations on the network" Access setting should be configured correctly. CCE-11855-4User Configuration\Administrative Templates\Microsoft Access 2010\Application Settings\Security\Trust Center\Trusted Locations\Trusted Location #5 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\access\security\trusted locations\location5VThe "Trust Center: Trusted Location #5" Access setting should be configured correctly. CCE-13155-7User Configuration\Administrative Templates\Microsoft Access 2010\Application Settings\Security\Trust Center\Trusted Locations\Trusted Location #13 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\access\security\trusted locations\location13WThe "Trust Center: Trusted Location #13" Access setting should be configured correctly. CCE-13568-1User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\General\Undo Levels HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\generalAThe "Undo Levels" Project setting should be configured correctly. CCE-13820-6User Configuration\Administrative Templates\Microsoft Office 2010\Miscellaneous\Prevent access to Web-based file storage HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\webservices]The "Prevent access to Web-based file storage" common setting should be configured correctly. CCE-13448-6User Configuration\Administrative Templates\Microsoft Office 2010\Miscellaneous\Disable Microsoft Office shared drawing code for metafile rendering HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\gelprefsxThe "Disable Microsoft Office shared drawing code for metafile rendering" common setting should be configured correctly. CCE-13956-8User Configuration\Administrative Templates\Microsoft Office 2010\Miscellaneous\Do not upload media files HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\internetNThe "Do not upload media files" common setting should be configured correctly. CCE-13192-0User Configuration\Administrative Templates\Microsoft Office 2010\Miscellaneous\Do not track document editing time HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\generalWThe "Do not track document editing time" common setting should be configured correctly. CCE-12253-1User Configuration\Administrative Templates\Microsoft Office 2010\Miscellaneous\Provide feedback with sound HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\generalPThe "Provide feedback with sound" common setting should be configured correctly. CCE-12222-6User Configuration\Administrative Templates\Microsoft Office 2010\Miscellaneous\Do not display paths< in alerts HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\generalSThe "Do not display paths in alerts" common setting should be configured correctly. CCE-14366-9User Configuration\Administrative Templates\Microsoft Office 2010\Miscellaneous\Change label of Save to SharePoint HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\sharepointintegrationWThe "Change label of Save to SharePoint" common setting should be configured correctly. CCE-11981-8User Configuration\Administrative Templates\Microsoft Office 2010\Miscellaneous\Do not emulate tabs with spaces when exporting HTML HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\internethThe "Do not emulate tabs with spaces when exporting HTML" common setting should be configured correctly. CCE-13735-6User Configuration\Administrative Templates\Microsoft Office 2010\Miscellaneous\Disable Microsoft Office shared drawing code for blip caching HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\gelprefsrThe "Disable Microsoft Office shared drawing code for blip caching" common setting should be configured correctly. CCE-14583-9User Configuration\Administrative Templates\Microsoft Office 2010\Miscellaneous\Hide the Learn more about SharePoint Hyperlink HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\sharepointintegrationcThe "Hide the Learn more about SharePoint Hyperlink" common setting should be configured correctly. CCE-12084-0User Configuration\Administrative Templates\Microsoft Office 2010\Miscellaneous\Disable hyperlinks to web templates in File | New and task panes HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\internetuThe "Disable hyperlinks to web templates in File | New and task panes" common setting should be configured correctly. CCE-13061-7User Configuration\Administrative Templates\Microsoft Office 2010\Miscellaneous\Change destination URL for SharePoint hyperlink HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\sharepointintegrationdThe "Change destination URL for SharePoint hyperlink" common setting should be configured correctly. CCE-12752-2User Configuration\Administrative Templates\Microsoft Office 2010\Miscellaneous\Enable Smart Resume HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\restore workspaceHThe "Enable Smart Resume" common setting should be configured correctly. CCE-11968-5User Configuration\Administrative Templates\Microsoft Office 2010\Miscellaneous\Do not use hardware graphics acceleration HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\gfxWThe "Do not use hardware graphics acceleration" setting should be configured correctly. CCE-12913-0User Configuration\Administrative Templates\Microsoft Office 2010\Miscellaneous\Home Workflow Library HKEY_CURRENT_USER\software\policies\microsoft\office\common\workflow\homeJThe "Home Workflow Library" common setting should be configured correctly. CCE-14941-9User Configuration\Administrative Templates\Microsoft Office 2010\Miscellaneous\Do not allow Save to Web integration HKEY_CURRENT_USER\software\policies\microsoft\office\common\webintegrationYThe "Do not allow Save to Web integration" common setting should be configured correctly. CCE-13803-2User Configuration\Administrative Templates\Microsoft Office 2010\Miscellaneous\Graphic filter legacy mode HKEY_CURRENT_USER\software\policies\microsoft\shared tools\graphics filtersHThe "Graphic filter legacy mode" setting should be configured correctly. CCE-12305-9User Configuration\Administrative Templates\Microsoft Office 2010\Miscellaneous\Control Blogging HKEY_CURRENT_USER\software\policies\microsoft\office\common\blogEThe "Control Blogging" common setting should be configured correctly. CCE-14163-0User Configuration\Administrative Templates\Microsoft Office 2010\Miscellaneous\Do not validate printers before using them HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\general_The "Do not validate printers before using them" common setting should be configured correctly. CCE-13711-7User Configuration\Administrative Templates\Microsoft Office 2010\Miscellaneous\Show Screen Tips HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\toolbarsEThe "Show Screen Tips" common setting should be configured correctly. CCE-13749-7User Configuration\Administrative Templates\Microsoft Office 2010\Miscellaneous\Increase the visibility of Accessibility Checker violations HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\commonpThe "Increase the visibility of Accessibility Checker violations" common setting should be configured correctly. CCE-13158-1User Configuration\Administrative Templates\Microsoft Office 2010\Miscellaneous\Enable Workflows on My Site HKEY_CURRENT_USER\software\policies\microsoft\office\common\workflow\homePThe "Enable Workflows on My Site" common setting should be configured correctly. CCE-13925-3User Configuration\Administrative Templates\Microsoft Office 2010\Miscellaneous\Disable web view in the Office file dialog boxes HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\filedialogwebviewsettingseThe "Disable web view in the Office file dialog boxes" common setting should be configured correctly. CCE-13092-2User Configuration\Administrative Templates\Microsoft Office 2010\Miscellaneous\Disallow Convert Document (Excel, PowerPoint, Word) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\generalhThe "Disallow Convert Document (Excel, PowerPoint, Word)" common setting should be configured correctly. CCE-13862-8User Configuration\Administrative Templates\Microsoft Office 2010\Miscellaneous\Set ScreenTip Language download location HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\uicaptions]The "Set ScreenTip Language download location" common setting should be configured correctly. CCE-14096-2User Configuration\Administrative Templates\Microsoft Office 2010\Miscellaneous\Print ticket safe mode HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\generalKThe "Print ticket safe mode" common setting should be configured correctly. CCE-12943-7User Configuration\Administrative Templates\Microsoft Office 2010\Miscellaneous\Disable Clipboard Toolbar triggers HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\generalWThe "Disable Clipboard Toolbar triggers" common setting should be configured correctly. CCE-11485-0User Configuration\Administrative Templates\Microsoft Office 2010\Miscellaneous\Show Paste Options button when content is pasted HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\generaleThe "Show Paste Options button when content is pasted" common setting should be configured correctly. CCE-13063-3User Configuration\Administrative Templates\Microsoft Office 2010\Miscellaneous\Most Recently Used Template List Length HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\general CCE-13244-9User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\E-mail Options\Advanced E-mail Options\Do not allow e-mail postmark functionality HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\mail`The "Do not allow e-mail postmark functionality" Outlook setting should be configured correctly. CCE-14792-6User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\E-mail Options\Advanced E-mail Options\When new items arrive HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\preferencesKThe "When new items arrive" Outlook setting should be configured correctly. CCE-12763-9User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\E-mail Options\Advanced E-mail Options\More save messages HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\preferencesHThe "More save messages" Outlook setting should be configured correctly. CCE-13704-2User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences< \E-mail Options\Advanced E-mail Options\When sending a message HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\generalLThe "When sending a message" Outlook setting should be configured correctly. CCE-12561-7User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\E-mail Options\Advanced E-mail Options\Save Messages HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\generalCThe "Save Messages" Outlook setting should be configured correctly. CCE-12749-8User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Security\Cryptography\Specify CNG random number generator algorithm HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\security\crypto`The "Specify CNG random number generator algorithm" Word setting should be configured correctly. CCE-13350-4User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Security\Cryptography\Set parameters for CNG context HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\security\cryptoQThe "Set parameters for CNG context" Word setting should be configured correctly. CCE-14289-3User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Security\Cryptography\Use new key on password change HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\security\cryptoQThe "Use new key on password change" Word setting should be configured correctly. CCE-14546-6User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Security\Cryptography\Set CNG cipher algorithm HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\security\cryptoKThe "Set CNG cipher algorithm" Word setting should be configured correctly. CCE-11887-7User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Security\Cryptography\Specify CNG hash algorithm HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\security\cryptoMThe "Specify CNG hash algorithm" Word setting should be configured correctly. CCE-12454-5User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Security\Cryptography\Specify encryption compatibility HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\security\cryptoSThe "Specify encryption compatibility" Word setting should be configured correctly. CCE-14396-6User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Security\Cryptography\Specify CNG salt length HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\security\cryptoJThe "Specify CNG salt length" Word setting should be configured correctly. CCE-14021-0User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Security\Cryptography\Set CNG password spin count HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\security\cryptoNThe "Set CNG password spin count" Word setting should be configured correctly. CCE-13984-0User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Security\Cryptography\Set CNG cipher key length HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\security\cryptoLThe "Set CNG cipher key length" Word setting should be configured correctly. CCE-13310-8User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Security\Cryptography\Configure CNG cipher chaining mode HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\security\cryptoUThe "Configure CNG cipher chaining mode" Word setting should be configured correctly. CCE-12425-5User Configuration\Administrative Templates\Microsoft Office 2010\Microsoft Office SmartArt\Error Severity Level HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\smartart graphicsIThe "Error Severity Level" common setting should be configured correctly. CCE-13831-3User Configuration\Administrative Templates\Microsoft Office 2010\Microsoft Office SmartArt\Disable built-in color variations HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\smartart graphicsVThe "Disable built-in color variations" common setting should be configured correctly. CCE-12713-4User Configuration\Administrative Templates\Microsoft Office 2010\Microsoft Office SmartArt\Log File Maximum Size HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\smartart graphicsJThe "Log File Maximum Size" common setting should be configured correctly. CCE-14783-5User Configuration\Administrative Templates\Microsoft Office 2010\Microsoft Office SmartArt\Disable Built-in Quick Styles HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\smartart graphicsRThe "Disable Built-in Quick Styles" common setting should be configured correctly. CCE-14987-2User Configuration\Administrative Templates\Microsoft Office 2010\Microsoft Office SmartArt\Log File Entries Number HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\smartart graphicsLThe "Log File Entries Number" common setting should be configured correctly. CCE-13807-3User Configuration\Administrative Templates\Microsoft Office 2010\Microsoft Office SmartArt\Disable built-in graphics HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\smartart graphicsNThe "Disable built-in graphics" common setting should be configured correctly. CCE-14331-3User Configuration\Administrative Templates\Microsoft Outlook 2010\Security\Security Form Settings\Programmatic Security\Configure Outlook object model prompt when accessing an address book HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\securityzThe "Configure Outlook object model prompt when accessing an address book" Outlook setting should be configured correctly. CCE-12322-4 User Configuration\Administrative Templates\Microsoft Outlook 2010\Security\Security Form Settings\Programmatic Security\Configure Outlook object model prompt when reading address information HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\security|The "Configure Outlook object model prompt when reading address information" Outlook setting should be configured correctly. CCE-14509-4User Configuration\Administrative Templates\Microsoft Outlook 2010\Security\Security Form Settings\Programmatic Security\Configure Outlook object model prompt when sending mail HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\securitymThe "Configure Outlook object model prompt when sending mail" Outlook setting should be configured correctly. CCE-12402-4&User Configuration\Administrative Templates\Microsoft Outlook 2010\Security\Security Form Settings\Programmatic Security\Configure Outlook object model prompt When accessing the Formula property of a UserProperty object HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\securityThe "Configure Outlook object model prompt When accessing the Formula property of a UserProperty object" Outlook setting should be configured correctly. CCE-14265-3User Configuration\Administrative Templates\Microsoft Outlook 2010\Security\Security Form Settings\Programmatic Security\Configure Outlook object model prompt when responding to meeting and task requests HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\securityThe "Configure Outlook object model prompt when responding to meeting and task requests" Outlook setting should be configured correctly. CCE-14634-0User Configuration\Administrative Templates\Microsoft Outlook 2010\Security\Security Form Settings\Programmatic Security\Configure Outlook object model prompt when executing Save As HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\securityrThe "Configure Outlook object model prompt when executing Save As" Outlook setting should be configured correctly. CCE-14587-0User Configuration\Administrative Templates\Microsoft Office 2010\Disable Items in User Interface\Disable commands under File tab | Help HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\disabledcmdbaritemscheckboxesYThe "Disable commands under File tab | Help" Word setting should be configure< d correctly. CCE-13358-7User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Mail Format\Internet Formatting\Message Format\Set message format HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\mailHThe "Set message format" Outlook setting should be configured correctly. CCE-12868-6User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\E-mail Options\Read signed e-mail as plain text HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\mailVThe "Read signed e-mail as plain text" Outlook setting should be configured correctly. CCE-13694-5User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\E-mail Options\Change CTRL+ENTER shortcut behavior HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\preferencesYThe "Change CTRL+ENTER shortcut behavior" Outlook setting should be configured correctly. CCE-12098-0User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\E-mail Options\Do not allow attachment previewing in Outlook HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\preferencescThe "Do not allow attachment previewing in Outlook" Outlook setting should be configured correctly. CCE-13248-0User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\E-mail Options\On replies and forwards HKEY_CURRENT_USER\software\policies\microsoft\office\common\mailsettingsLThe "On replies and forwards" common setting should be configured correctly. CCE-14771-0User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\E-mail Options\Read e-mail as plain text HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\mailOThe "Read e-mail as plain text" Outlook setting should be configured correctly. CCE-13156-5User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\E-mail Options\Configure Cross Folder Content in conversation view HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\conversationsiThe "Configure Cross Folder Content in conversation view" Outlook setting should be configured correctly. CCE-12958-5User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\E-mail Options\Do not use Conversation arrangement in Views HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\setupbThe "Do not use Conversation arrangement in Views" Outlook setting should be configured correctly. CCE-14293-5User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\E-mail Options\Message handling HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\mailFThe "Message handling" Outlook setting should be configured correctly. CCE-12535-1User Configuration\Administrative Templates\Microsoft Word 2010\Customizable Error Messages\List of error messages to customize HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\customizablealertsVThe "List of error messages to customize" Word setting should be configured correctly. CCE-13662-2User Configuration\Administrative Templates\Microsoft Word 2010\Miscellaneous\Server Settings\Turn off file synchronization via SOAP over HTTP HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\internet CCE-14119-2User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\General\General options for 'Project1'\Default standard rate HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\generalKThe "Default standard rate" Project setting should be configured correctly. CCE-13178-9User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\General\General options for 'Project1'\Default overtime rate HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\generalKThe "Default overtime rate" Project setting should be configured correctly. CCE-12759-7User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\General\General options for 'Project1'\Automatically add new resources and tasks HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\general_The "Automatically add new resources and tasks" Project setting should be configured correctly. CCE-13729-9User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\Save\Save Microsoft Project files as HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\saveUThe "Save Microsoft Project files as" Project setting should be configured correctly. CCE-11676-4User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Advanced\Editing Options\Select shapes partially within area HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\applicationWThe "Select shapes partially within area" Visio setting should be configured correctly. CCE-13981-6User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Advanced\Editing Options\Show more handles on hover HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\applicationNThe "Show more handles on hover" Visio setting should be configured correctly. CCE-13176-3User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Advanced\Editing Options\Zoom on roll with IntelliMouse HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\applicationRThe "Zoom on roll with IntelliMouse" Visio setting should be configured correctly. CCE-12397-6User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Advanced\Editing Options\Center selection on zoom HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\applicationLThe "Center selection on zoom" Visio setting should be configured correctly. CCE-13621-8User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Advanced\Editing Options\Enable live dynamics HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\applicationHThe "Enable live dynamics" Visio setting should be configured correctly. CCE-14001-2User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Advanced\Editing Options\Turn off transitions HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\applicationHThe "Turn off transitions" Visio setting should be configured correctly. CCE-13958-4User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Advanced\Editing Options\Turn off ShapeSheet Formula AutoComplete HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\application\The "Turn off ShapeSheet Formula AutoComplete" Visio setting should be configured correctly. CCE-13228-2User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Advanced\Editing Options\Enable AutoConnect HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\applicationFThe "Enable AutoConnect" Visio setting should be configured correctly. CCE-12383-6User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Advanced\Editing Options\Turn off smart delete behavior of connectors when deleting shapes HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\applicationuThe "Turn off smart delete behavior of connectors when deleting shapes" Visio setting should be configured correctly. CCE-12840-5User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Advanced\Editing Options\Enable connector splitting HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\applicationNThe "Enable connector splitting" Visio setting should be configured correctly. CCE-14136-6User Configuration\Administrative Templates\Microsoft Office 2010\Security Settings\Trust Center\Allow mix of policy and user locations HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\security\trusted locations[The "Allow mix < of policy and user locations" common setting should be configured correctly. CCE-12600-3User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Security\Trust Center\File Block Settings\Excel 3 worksheets HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\security\fileblockFThe "Excel 3 worksheets" Excel setting should be configured correctly. CCE-13107-8User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Security\Trust Center\File Block Settings\Dif and Sylk files HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\security\fileblockFThe "Dif and Sylk files" Excel setting should be configured correctly. CCE-13238-1User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Security\Trust Center\File Block Settings\Excel 2 macrosheets and add-in files HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\security\fileblockXThe "Excel 2 macrosheets and add-in files" Excel setting should be configured correctly. CCE-12923-9User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Security\Trust Center\File Block Settings\Excel 97-2003 workbooks and templates HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\security\fileblockYThe "Excel 97-2003 workbooks and templates" Excel setting should be configured correctly. CCE-12374-5User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Security\Trust Center\File Block Settings\Excel 4 workbooks HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\security\fileblockEThe "Excel 4 workbooks" Excel setting should be configured correctly. CCE-12560-9User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Security\Trust Center\File Block Settings\Excel 2007 and later workbooks and templates HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\security\fileblock`The "Excel 2007 and later workbooks and templates" Excel setting should be configured correctly. CCE-12590-6User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Security\Trust Center\File Block Settings\Excel 4 macrosheets and add-in files HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\security\fileblockXThe "Excel 4 macrosheets and add-in files" Excel setting should be configured correctly. CCE-12771-2User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Security\Trust Center\File Block Settings\XML files HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\security\fileblock=The "XML files" Excel setting should be configured correctly. CCE-14477-4User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Security\Trust Center\File Block Settings\Text files HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\security\fileblock>The "Text files" Excel setting should be configured correctly. CCE-12920-5User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Security\Trust Center\File Block Settings\Excel 4 worksheets HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\security\fileblockFThe "Excel 4 worksheets" Excel setting should be configured correctly. CCE-13205-0User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Security\Trust Center\File Block Settings\Excel 2007 and later add-in files HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\security\fileblockUThe "Excel 2007 and later add-in files" Excel setting should be configured correctly. CCE-12870-2User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Security\Trust Center\File Block Settings\Microsoft Office Open XML converters for Excel HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\security\fileblockbThe "Microsoft Office Open XML converters for Excel" Excel setting should be configured correctly. CCE-12605-2User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Security\Trust Center\File Block Settings\Excel 95 workbooks HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\security\fileblockFThe "Excel 95 workbooks" Excel setting should be configured correctly. CCE-12679-7User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Security\Trust Center\File Block Settings\Legacy converters for Excel HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\security\fileblockOThe "Legacy converters for Excel" Excel setting should be configured correctly. CCE-14017-8User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Security\Trust Center\File Block Settings\Microsoft Office query files HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\security\fileblockPThe "Microsoft Office query files" Excel setting should be configured correctly. CCE-13478-3User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Security\Trust Center\File Block Settings\Excel add-in files HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\security\fileblockFThe "Excel add-in files" Excel setting should be configured correctly. CCE-13944-4User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Security\Trust Center\File Block Settings\Offline cube files HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\security\fileblockFThe "Offline cube files" Excel setting should be configured correctly. CCE-14760-3User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Security\Trust Center\File Block Settings\Other data source files HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\security\fileblockKThe "Other data source files" Excel setting should be configured correctly. CCE-14840-3User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Security\Trust Center\File Block Settings\Excel 97-2003 add-in files HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\security\fileblockNThe "Excel 97-2003 add-in files" Excel setting should be configured correctly. CCE-11549-3User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Security\Trust Center\File Block Settings\Excel 2007 and later binary workbooks HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\security\fileblockYThe "Excel 2007 and later binary workbooks" Excel setting should be configured correctly. CCE-14365-1User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Security\Trust Center\File Block Settings\dBase III / IV files HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\security\fileblockHThe "dBase III / IV files" Excel setting should be configured correctly. CCE-13562-4User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Security\Trust Center\File Block Settings\Set default file block behavior HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\security\fileblockSThe "Set default file block behavior" Excel setting should be configured correctly. CCE-12951-0User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Security\Trust Center\File Block Settings\Excel 95-97 workbooks and templates HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\security\fileblockWThe "Excel 95-97 workbooks and templates" Excel setting should be configured correctly. CCE-14450-1User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Security\Trust Center\File Block Settings\Web pages and Excel 2003 XML spreadsheets HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\security\fileblock]The "Web pages and Excel 2003 XML spreadsheets" Excel setting should be configured correctly. CCE-12882-7User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Security\Trust Center\File Block Settings\Microsoft Office data connection files HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\< excel\security\fileblockZThe "Microsoft Office data connection files" Excel setting should be configured correctly. CCE-14721-5User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Security\Trust Center\File Block Settings\Excel 3 macrosheets and add-in files HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\security\fileblockXThe "Excel 3 macrosheets and add-in files" Excel setting should be configured correctly. CCE-12938-7User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Security\Trust Center\File Block Settings\OpenDocument Spreadsheet files HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\security\fileblockRThe "OpenDocument Spreadsheet files" Excel setting should be configured correctly. CCE-12135-0User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Security\Trust Center\File Block Settings\Excel 2 worksheets HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\security\fileblockFThe "Excel 2 worksheets" Excel setting should be configured correctly. CCE-14377-6User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Security\Trust Center\File Block Settings\Excel 2007 and later macro-enabled workbooks and templates HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\security\fileblocknThe "Excel 2007 and later macro-enabled workbooks and templates" Excel setting should be configured correctly. CCE-12892-6User Configuration\Administrative Templates\Microsoft Outlook 2010\Account Settings\E-mail\Prevent saving credentials for Basic Authentication policy HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlookpThe "Prevent saving credentials for Basic Authentication policy" Outlook setting should be configured correctly. CCE-13889-1User Configuration\Administrative Templates\Microsoft Outlook 2010\Account Settings\E-mail\Specify Offline Address Book path HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\cached modeWThe "Specify Offline Address Book path" Outlook setting should be configured correctly. CCE-14571-4User Configuration\Administrative Templates\Microsoft Outlook 2010\Account Settings\E-mail\Save multiple credentials for basic authentication HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlookhThe "Save multiple credentials for basic authentication" Outlook setting should be configured correctly. CCE-14233-1User Configuration\Administrative Templates\Microsoft Office 2010\Web Archives\PowerPoint: Save an additional version of the presentation for older browsers HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\internetThe "PowerPoint: Save an additional version of the presentation for older browsers" PowerPoint setting should be configured correctly. CCE-14019-4User Configuration\Administrative Templates\Microsoft Office 2010\Web Archives\PowerPoint: web page format compatibility HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\internetcThe "PowerPoint: web page format compatibility" PowerPoint setting should be configured correctly. CCE-14544-1User Configuration\Administrative Templates\Microsoft Office 2010\Web Archives\Default format for 'Publish' HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\internetQThe "Default format for 'Publish'" common setting should be configured correctly. CCE-13945-1User Configuration\Administrative Templates\Microsoft Office 2010\Web Archives\Allow Web Archives to be saved in any HTML encoding HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\internethThe "Allow Web Archives to be saved in any HTML encoding" common setting should be configured correctly. CCE-12231-7User Configuration\Administrative Templates\Microsoft Office 2010\Web Archives\Save new Web pages as Web archives HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\internetWThe "Save new Web pages as Web archives" common setting should be configured correctly. CCE-14505-2User Configuration\Administrative Templates\Microsoft Excel 2010\Customizable Error Messages\List of error messages to customize HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\customizablealertsWThe "List of error messages to customize" Excel setting should be configured correctly. CCE-13289-4User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Security\Turn off file validation HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\security\filevalidationQThe "Turn off file validation" PowerPoint setting should be configured correctly. CCE-13672-1User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Security\Make hidden markup visible HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\optionsSThe "Make hidden markup visible" PowerPoint setting should be configured correctly. CCE-12638-3User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Security\Scan encrypted macros in PowerPoint Open XML presentations HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\securitysThe "Scan encrypted macros in PowerPoint Open XML presentations" PowerPoint setting should be configured correctly. CCE-13054-2User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Security\Unblock automatic download of linked images HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\securitydThe "Unblock automatic download of linked images" PowerPoint setting should be configured correctly. CCE-12072-5User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Security\Run Programs HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\securityEThe "Run Programs" PowerPoint setting should be configured correctly. CCE-12721-7User Configuration\Administrative Templates\Microsoft Outlook 2010\Security\Cryptography\Message Formats HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\securityEThe "Message Formats" Outlook setting should be configured correctly. CCE-14206-7User Configuration\Administrative Templates\Microsoft Outlook 2010\Security\Cryptography\Message when Outlook cannot find the digital ID to decode a message HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\securityyThe "Message when Outlook cannot find the digital ID to decode a message" Outlook setting should be configured correctly. CCE-13383-5User Configuration\Administrative Templates\Microsoft Outlook 2010\Security\Cryptography\URL for S/MIME certificates HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\securityQThe "URL for S/MIME certificates" Outlook setting should be configured correctly. CCE-12407-3User Configuration\Administrative Templates\Microsoft Outlook 2010\Security\Cryptography\Run in FIPS compliant mode HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\securityPThe "Run in FIPS compliant mode" Outlook setting should be configured correctly. CCE-13967-5User Configuration\Administrative Templates\Microsoft Outlook 2010\Security\Cryptography\Signature Warning HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\securityGThe "Signature Warning" Outlook setting should be configured correctly. CCE-13251-4User Configuration\Administrative Templates\Microsoft Outlook 2010\Security\Cryptography\Ensure all S/MIME signed messages have a label HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\securitydThe "Ensure all S/MIME signed messages have a label" Outlook setting should be configured correctly. CCE-14381-8User Configuration\Administrative Templates\Microsoft Outlook 2010\Security\Cryptography\Do not check e-mail address against address of certificates being used HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\security|The "Do not check e-mail address against address of certificates being used" Outlook setting should be configured correc< tly. CCE-14601-9User Configuration\Administrative Templates\Microsoft Outlook 2010\Security\Cryptography\S/MIME receipt requests behavior HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\securityVThe "S/MIME receipt requests behavior" Outlook setting should be configured correctly. CCE-12276-2User Configuration\Administrative Templates\Microsoft Outlook 2010\Security\Cryptography\Request an S/MIME receipt for all S/MIME signed messages HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\securitynThe "Request an S/MIME receipt for all S/MIME signed messages" Outlook setting should be configured correctly. CCE-12746-4User Configuration\Administrative Templates\Microsoft Outlook 2010\Security\Cryptography\Send all signed messages as clear signed messages HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\securitygThe "Send all signed messages as clear signed messages" Outlook setting should be configured correctly. CCE-13073-2User Configuration\Administrative Templates\Microsoft Outlook 2010\Security\Cryptography\Encrypt all e-mail messages HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\securityQThe "Encrypt all e-mail messages" Outlook setting should be configured correctly. CCE-14759-5User Configuration\Administrative Templates\Microsoft Outlook 2010\Security\Cryptography\Do not provide Continue option on Encryption warning dialog boxes HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\securitywThe "Do not provide Continue option on Encryption warning dialog boxes" Outlook setting should be configured correctly. CCE-13582-2User Configuration\Administrative Templates\Microsoft Outlook 2010\Security\Cryptography\S/MIME interoperability with external clients: HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\securitydThe "S/MIME interoperability with external clients:" Outlook setting should be configured correctly. CCE-13280-3User Configuration\Administrative Templates\Microsoft Outlook 2010\Security\Cryptography\Required Certificate Authority HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\securityTThe "Required Certificate Authority" Outlook setting should be configured correctly. CCE-12493-3User Configuration\Administrative Templates\Microsoft Outlook 2010\Security\Cryptography\Always use TNEF formatting in S/MIME messages HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\securitycThe "Always use TNEF formatting in S/MIME messages" Outlook setting should be configured correctly. CCE-13095-5User Configuration\Administrative Templates\Microsoft Outlook 2010\Security\Cryptography\Replies or forwards to signed/encrypted messages are signed/encrypted HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\security{The "Replies or forwards to signed/encrypted messages are signed/encrypted" Outlook setting should be configured correctly. CCE-12367-9User Configuration\Administrative Templates\Microsoft Outlook 2010\Security\Cryptography\Enable Cryptography Icons HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\securityOThe "Enable Cryptography Icons" Outlook setting should be configured correctly. CCE-12486-7User Configuration\Administrative Templates\Microsoft Outlook 2010\Security\Cryptography\Minimum encryption settings HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\securityQThe "Minimum encryption settings" Outlook setting should be configured correctly. CCE-14608-4User Configuration\Administrative Templates\Microsoft Outlook 2010\Security\Cryptography\Sign all e-mail messages HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\securityNThe "Sign all e-mail messages" Outlook setting should be configured correctly. CCE-11740-8User Configuration\Administrative Templates\Microsoft Outlook 2010\Security\Cryptography\Do not display 'Publish to GAL' button HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\security\The "Do not display 'Publish to GAL' button" Outlook setting should be configured correctly. CCE-14592-0User Configuration\Administrative Templates\Microsoft Outlook 2010\Security\Cryptography\Fortezza certificate policies HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\securitySThe "Fortezza certificate policies" Outlook setting should be configured correctly. CCE-13256-3User Configuration\Administrative Templates\Microsoft Outlook 2010\Security\Cryptography\Require SuiteB algorithms for S/MIME operations HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\securityeThe "Require SuiteB algorithms for S/MIME operations" Outlook setting should be configured correctly. CCE-11780-4User Configuration\Administrative Templates\Microsoft Office 2010\Business Data\Web Service\Set web service default return size limit HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\business data\limits\wcf\size^The "Set web service default return size limit" common setting should be configured correctly. CCE-13412-2User Configuration\Administrative Templates\Microsoft Office 2010\Business Data\Web Service\Set web service default timeout HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\business data\limits\wcf\timeoutTThe "Set web service default timeout" common setting should be configured correctly. CCE-13113-6User Configuration\Administrative Templates\Microsoft Office 2010\Business Data\Web Service\Set maximum web service return size limit HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\business data\limits\wcf\size^The "Set maximum web service return size limit" common setting should be configured correctly. CCE-13328-0User Configuration\Administrative Templates\Microsoft Office 2010\Business Data\Web Service\Set maximum web service default timeout HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\business data\limits\wcf\timeout\The "Set maximum web service default timeout" common setting should be configured correctly. CCE-13291-0User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Advanced\Move selection after Enter HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\options\binaryoptionsNThe "Move selection after Enter" Excel setting should be configured correctly. CCE-14817-1User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Advanced\Automatically insert a decimal point HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\optionsXThe "Automatically insert a decimal point" Excel setting should be configured correctly. CCE-14973-2User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Advanced\Cut and copy objects with cells HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\options\binaryoptionsSThe "Cut and copy objects with cells" Excel setting should be configured correctly. CCE-13242-3User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Advanced\Show Paste Options button when content is pasted HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\general CCE-12148-3User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Advanced\Show control characters HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\optionsKThe "Show control characters" Excel setting should be configured correctly. CCE-12907-2User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Advanced\Comments HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\options\binaryoptions<The "Comments" Excel setting should be configured correctly. CCE-13835-4User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Advanced\Show names HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\options\binaryoptions>The "Show names" Excel setting should be configured correctly. CCE-13392-6User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Advanced\Ignore other applications HKEY_CUR< RENT_USER\software\policies\microsoft\office\14.0\excel\options\binaryoptionsMThe "Ignore other applications" Excel setting should be configured correctly. CCE-12470-1User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Advanced\Enable fill handle and cell drag-and-drop HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\options\binaryoptions]The "Enable fill handle and cell drag-and-drop" Excel setting should be configured correctly. CCE-13190-4User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Advanced\Set number of places in the Recent Places list HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\place mrubThe "Set number of places in the Recent Places list" Excel setting should be configured correctly. CCE-12581-5User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Advanced\Cursor movement HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\optionsCThe "Cursor movement" Excel setting should be configured correctly. CCE-12027-9User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Advanced\Enable AutoComplete for cell values HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\options\binaryoptionsWThe "Enable AutoComplete for cell values" Excel setting should be configured correctly. CCE-13549-1User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Advanced\Extend data range formats and formulas HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\optionsZThe "Extend data range formats and formulas" Excel setting should be configured correctly. CCE-14726-4User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Advanced\Enable automatic percent entry HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\options\binaryoptionsRThe "Enable automatic percent entry" Excel setting should be configured correctly. CCE-12956-9User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Advanced\Move selection after Enter direction HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\optionsXThe "Move selection after Enter direction" Excel setting should be configured correctly. CCE-14251-3User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Advanced\Show values HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\options\binaryoptions?The "Show values" Excel setting should be configured correctly. CCE-14083-0User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Advanced\Provide feedback with Animation HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\options\binaryoptionsSThe "Provide feedback with Animation" Excel setting should be configured correctly. CCE-11525-3User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Advanced\Show Formula bar in Normal View HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\options\binaryoptionsSThe "Show Formula bar in Normal View" Excel setting should be configured correctly. CCE-13979-0User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Advanced\Default sheet direction HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\optionsKThe "Default sheet direction" Excel setting should be configured correctly. CCE-11528-7User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Advanced\Alert before overwriting cells HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\options\binaryoptionsRThe "Alert before overwriting cells" Excel setting should be configured correctly. CCE-12360-4User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Advanced\Show Insert Options buttons HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\options\binaryoptionsOThe "Show Insert Options buttons" Excel setting should be configured correctly. CCE-11994-1User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Advanced\Microsoft Excel menu or Help key HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\optionsTThe "Microsoft Excel menu or Help key" Excel setting should be configured correctly. CCE-13064-1User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Advanced\Zoom on roll with IntelliMouse HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\options\binaryoptionsRThe "Zoom on roll with IntelliMouse" Excel setting should be configured correctly. CCE-14570-6User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Advanced\Show Formula bar in Full View HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\options\binaryoptionsQThe "Show Formula bar in Full View" Excel setting should be configured correctly. CCE-12404-0User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Advanced\Alternate startup file location HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\optionsSThe "Alternate startup file location" Excel setting should be configured correctly. CCE-12761-3User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Advanced\Ask to update automatic links HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\options\binaryoptionsQThe "Ask to update automatic links" Excel setting should be configured correctly. CCE-13296-9User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Advanced\Edit directly in cell HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\options\binaryoptionsIThe "Edit directly in cell" Excel setting should be configured correctly. CCE-13781-0User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Advanced\Transition navigation keys HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\options\binaryoptionsNThe "Transition navigation keys" Excel setting should be configured correctly. CCE-12977-5User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Advanced\Number of documents in the Recent Workbooks list HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\file mrudThe "Number of documents in the Recent Workbooks list" Excel setting should be configured correctly. CCE-14238-0User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Advanced\Function tooltips HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\options\binaryoptionsEThe "Function tooltips" Excel setting should be configured correctly. CCE-13590-5User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\Schedule\Scheduling options for 'Project1'\Split in-progress tasks HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\schedulingMThe "Split in-progress tasks" Project setting should be configured correctly. CCE-14242-2User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\Schedule\Scheduling options for 'Project1'\Show tasks schedule warnings HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\schedulingRThe "Show tasks schedule warnings" Project setting should be configured correctly. CCE-11775-4User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\Schedule\Scheduling options for 'Project1'\Show that tasks have estimated durations HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\scheduling^The "Show that tasks have estimated durations" Project setting should be configured correctly. CCE-13122-7User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\Schedule\Scheduling options for 'Project1'\Set default start date for new tasks HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\schedulingZThe "Set default start date for new tasks" Project setting should be configured correctly. CCE-12975-9User Configuration\Adminis< trative Templates\Microsoft Project 2010\Project Options\Schedule\Scheduling options for 'Project1'\Work is entered in HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\schedulingHThe "Work is entered in" Project setting should be configured correctly. CCE-14755-3User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\Schedule\Scheduling options for 'Project1'\Duration is entered in HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\schedulingLThe "Duration is entered in" Project setting should be configured correctly. CCE-11606-1User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\Schedule\Scheduling options for 'Project1'\Show tasks schedule suggestions HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\schedulingUThe "Show tasks schedule suggestions" Project setting should be configured correctly. CCE-14774-4User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\Schedule\Scheduling options for 'Project1'\Keep tasks on nearest working day HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\schedulingWThe "Keep tasks on nearest working day" Project setting should be configured correctly. CCE-12461-0User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\Schedule\Scheduling options for 'Project1'\Default task type HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\schedulingGThe "Default task type" Project setting should be configured correctly. CCE-13805-7User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\Schedule\Scheduling options for 'Project1'\Tasks will always honor their constraint dates HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\schedulingdThe "Tasks will always honor their constraint dates" Project setting should be configured correctly. CCE-13696-0User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\Schedule\Scheduling options for 'Project1'\New tasks have estimated durations HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\schedulingXThe "New tasks have estimated durations" Project setting should be configured correctly. CCE-12030-3User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\Schedule\Scheduling options for 'Project1'\New tasks HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\scheduling?The "New tasks" Project setting should be configured correctly. CCE-14343-8User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\Schedule\Scheduling options for 'Project1'\New tasks are effort driven HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\schedulingQThe "New tasks are effort driven" Project setting should be configured correctly. CCE-12571-6User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\Schedule\Scheduling options for 'Project1'\Update manually scheduled tasks when editing links HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\schedulinghThe "Update manually scheduled tasks when editing links" Project setting should be configured correctly. CCE-13408-0User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\Schedule\Scheduling options for 'Project1'\Autolink inserted or moved tasks HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\schedulingVThe "Autolink inserted or moved tasks" Project setting should be configured correctly. CCE-13443-7User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\Schedule\Scheduling options for 'Project1'\Tasks can be made inactive HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\schedulingPThe "Tasks can be made inactive" Project setting should be configured correctly. CCE-12586-4User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\Schedule\Scheduling options for 'Project1'\Set new tasks to be automatically scheduled HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\schedulingaThe "Set new tasks to be automatically scheduled" Project setting should be configured correctly. CCE-14067-3User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\Edit\Edit options for Microsoft Project\Move selection after enter HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\editPThe "Move selection after enter" Project setting should be configured correctly. CCE-14097-0User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\Edit\Edit options for Microsoft Project\Ask to update automatic links HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\editSThe "Ask to update automatic links" Project setting should be configured correctly. CCE-14747-0User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\Edit\Edit options for Microsoft Project\Allow cell drag and drop HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\editNThe "Allow cell drag and drop" Project setting should be configured correctly. CCE-14565-6User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\Edit\Edit options for Microsoft Project\Edit directly in cell HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\editKThe "Edit directly in cell" Project setting should be configured correctly. CCE-13930-3User Configuration\Administrative Templates\Microsoft Project 2010\Tools | Local Project Cache\Local Project Cache Size Limit in MB HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\settingsZThe "Local Project Cache Size Limit in MB" Project setting should be configured correctly. CCE-14006-1User Configuration\Administrative Templates\Microsoft Project 2010\Tools | Local Project Cache\Local Project Cache Location HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\settingsRThe "Local Project Cache Location" Project setting should be configured correctly. CCE-14527-6 User Configuration\Administrative Templates\Microsoft Word 2010\Review Tab\Chinese Conversion | Convert with Options\Use Taiwan, Hong Kong SAR and Macao SAR character variants HKEY_CURRENT_USER\software\policies\microsoft\shared tools\proofing tools\tcsc translatorhThe "Use Taiwan, Hong Kong SAR and Macao SAR character variants" setting should be configured correctly. CCE-12606-0User Configuration\Administrative Templates\Microsoft Word 2010\Review Tab\Chinese Conversion | Convert with Options\Convert common terms HKEY_CURRENT_USER\software\policies\microsoft\shared tools\proofing tools\tcsc translatorBThe "Convert common terms" setting should be configured correctly. CCE-12576-5User Configuration\Administrative Templates\Microsoft Word 2010\Review Tab\Chinese Conversion | Convert with Options\Translation direction HKEY_CURRENT_USER\software\policies\microsoft\shared tools\proofing tools\tcsc translatorCThe "Translation direction" setting should be configured correctly. CCE-13942-8User Configuration\Administrative Templates\Microsoft Office 2010\Graph settings\Chart Templates Server Location HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\general\charttemplatesTThe "Chart Templates Server Location" common setting should be configured correctly. CCE-14194-5User Configuration\Administrative Templates\Microsoft Office 2010\Graph settings\Enable MS Graph as Default Chart Tool in PowerPoint and Word HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\chartingqThe "Enable MS Graph as Default Chart Tool in PowerPoint and Word" common setting should be configured correctly. CCE-12579-9User Configuration\Administrative Templates\Microsoft Office 2010\Graph settings\Graph gallery path HKEY_CURRENT_USER\soft< ware\policies\microsoft\office\14.0\graph\options@The "Graph gallery path" setting should be configured correctly. CCE-14286-9User Configuration\Administrative Templates\Microsoft Office 2010\Tools | AutoCorrect Options... (Excel, PowerPoint and Access)\Additional Actions\More actions URL HKEY_CURRENT_USER\software\policies\microsoft\office\common\smart tagEThe "More actions URL" common setting should be configured correctly. CCE-13702-6User Configuration\Administrative Templates\Microsoft Office 2010\Tools | AutoCorrect Options... (Excel, PowerPoint and Access)\Additional Actions\Enable additional actions in Excel HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\optionsVThe "Enable additional actions in Excel" Excel setting should be configured correctly. CCE-14878-3User Configuration\Administrative Templates\Microsoft Office 2010\Tools | AutoCorrect Options... (Excel, PowerPoint and Access)\Additional Actions\Check for new actions URL HKEY_CURRENT_USER\software\policies\microsoft\office\common\smart tagNThe "Check for new actions URL" common setting should be configured correctly. CCE-13611-9User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Delegates\Store deleted items in owner's mailbox instead of delegate's mailbox HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\generalzThe "Store deleted items in owner's mailbox instead of delegate's mailbox" Outlook setting should be configured correctly. CCE-12645-8User Configuration\Administrative Templates\Microsoft Outlook 2010\Disable Items in User Interface\Custom\Disable command bar buttons and menu items HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\disabledcmdbaritemslist`The "Disable command bar buttons and menu items" Outlook setting should be configured correctly. CCE-14533-4User Configuration\Administrative Templates\Microsoft Outlook 2010\Disable Items in User Interface\Custom\Disable shortcut keys HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\disabledshortcutkeyslistKThe "Disable shortcut keys" Outlook setting should be configured correctly. CCE-13787-7User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\Calendar Options\Free/Busy Options\Internet Free/Busy Options HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\calendar\internet free/busyPThe "Internet Free/Busy Options" Outlook setting should be configured correctly. CCE-13801-6User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\Calendar Options\Free/Busy Options\Options HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\preferences CCE-12482-6User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\Calculation\Calculation options for Microsoft Project\Automatic Calculation HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\calculationKThe "Automatic Calculation" Project setting should be configured correctly. CCE-14311-5User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\Calculation\Calculation options for Microsoft Project\Calculate all open projects HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\calculationQThe "Calculate all open projects" Project setting should be configured correctly. CCE-11538-6User Configuration\Administrative Templates\Microsoft Office 2010\Privacy\Trust Center\Disable Opt-in Wizard on first run HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\generalWThe "Disable Opt-in Wizard on first run" common setting should be configured correctly. CCE-12238-2User Configuration\Administrative Templates\Microsoft Office 2010\Privacy\Trust Center\Automatically receive small updates to improve reliability HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\commonoThe "Automatically receive small updates to improve reliability" common setting should be configured correctly. CCE-13629-1User Configuration\Administrative Templates\Microsoft Office 2010\Privacy\Trust Center\Enable Customer Experience Improvement Program HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\commoncThe "Enable Customer Experience Improvement Program" common setting should be configured correctly. CCE-12509-6User Configuration\Administrative Templates\Microsoft Visio 2010\Disable Items in User Interface\Custom\Disable shortcut keys HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\disabledshortcutkeyslist CCE-12198-8User Configuration\Administrative Templates\Microsoft Visio 2010\Disable Items in User Interface\Custom\Disable commands HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\disabledcmdbaritemslist CCE-11644-2User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\Use sequence checking HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vprefHThe "Use sequence checking" Word setting should be configured correctly. CCE-13916-2User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\Show bookmarks HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vprefAThe "Show bookmarks" Word setting should be configured correctly. CCE-12844-7User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\Use the Insert key for paste HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\optionsOThe "Use the Insert key for paste" Word setting should be configured correctly. CCE-14362-8User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\Prompt before saving Normal template HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\optionsWThe "Prompt before saving Normal template" Word setting should be configured correctly. CCE-13728-1User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\Print on back of the sheet for duplex printing HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vprsuaThe "Print on back of the sheet for duplex printing" Word setting should be configured correctly. CCE-12341-4User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\Show drawings and text boxes on screen HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vprefYThe "Show drawings and text boxes on screen" Word setting should be configured correctly. CCE-12764-7User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\Show text animation HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\optionsFThe "Show text animation" Word setting should be configured correctly. CCE-11523-8User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\Allow accented uppercase in French HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vprefUThe "Allow accented uppercase in French" Word setting should be configured correctly. CCE-12418-0User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\Field shading HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vpref@The "Field shading" Word setting should be configured correctly. CCE-13848-7User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\Show text wrapped within the document window HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options_The "Show text wrapped within the document window" Word setting should be configured correctly. CCE-14806-4User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\IME TrueInLine HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\optionsAThe "IME TrueInLine" Word setting should be configured correctly. CCE-13032-8User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\Copy remotely stored files onto your computer, and update the remote fil< e when saving HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\optionsThe "Copy remotely stored files onto your computer, and update the remote file when saving" Word setting should be configured correctly. CCE-13698-6User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\Cursor visual selection HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vprefJThe "Cursor visual selection" Word setting should be configured correctly. CCE-13322-3User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\Document view HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vpref@The "Document view" Word setting should be configured correctly. CCE-12546-8User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\Scale content for A4 or 8.5'' x 11'' paper sizes HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\optionscThe "Scale content for A4 or 8.5'' x 11'' paper sizes" Word setting should be configured correctly. CCE-12443-8User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\Show measurements in width of characters HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options[The "Show measurements in width of characters" Word setting should be configured correctly. CCE-11783-8User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\Diacritics HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vpref=The "Diacritics" Word setting should be configured correctly. CCE-12133-5User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\Style area pane width in Draft and Outline views HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\optionscThe "Style area pane width in Draft and Outline views" Word setting should be configured correctly. CCE-13476-7User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\Show text boundaries HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vprefGThe "Show text boundaries" Word setting should be configured correctly. CCE-14419-6User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\Show all windows in the Taskbar HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\optionsRThe "Show all windows in the Taskbar" Word setting should be configured correctly. CCE-13456-9User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\Use draft quality HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vprsuDThe "Use draft quality" Word setting should be configured correctly. CCE-13669-7User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\Update automatic links at Open HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\optionsQThe "Update automatic links at Open" Word setting should be configured correctly. CCE-13692-9User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\Provide feedback with animation HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\optionsRThe "Provide feedback with animation" Word setting should be configured correctly. CCE-14622-5User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\Allow background saves HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\optionsIThe "Allow background saves" Word setting should be configured correctly. CCE-13343-9User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\Keep track of formatting HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\optionsKThe "Keep track of formatting" Word setting should be configured correctly. CCE-13043-5User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\Show picture placeholders HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vprefLThe "Show picture placeholders" Word setting should be configured correctly. CCE-12344-8User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\Use smart paragraph selection HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\optionsPThe "Use smart paragraph selection" Word setting should be configured correctly. CCE-13451-0User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\Use this color for diacritics HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vprefPThe "Use this color for diacritics" Word setting should be configured correctly. CCE-12416-4User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\Show pixels for HTML features HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\optionsPThe "Show pixels for HTML features" Word setting should be configured correctly. CCE-12492-5User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\Show field codes instead of their values HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vpref[The "Show field codes instead of their values" Word setting should be configured correctly. CCE-11503-0User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\Asian fonts also apply to Latin text HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\optionsWThe "Asian fonts also apply to Latin text" Word setting should be configured correctly. CCE-12777-9User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\Add double quote for Hebrew alphabet numbering HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vprefaThe "Add double quote for Hebrew alphabet numbering" Word setting should be configured correctly. CCE-14115-0User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\Mark formatting inconsistencies HKEY_CURRENT_USER\software\policies\microsoft\shared tools\proofing toolsMThe "Mark formatting inconsistencies" setting should be configured correctly. CCE-12890-0User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\IME Control Active HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\optionsEThe "IME Control Active" Word setting should be configured correctly. CCE-13001-3User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\Auto-Keyboard switching HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vprefJThe "Auto-Keyboard switching" Word setting should be configured correctly. CCE-14371-9User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\Show horizontal scroll bar HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\optionsMThe "Show horizontal scroll bar" Word setting should be configured correctly. CCE-14133-3User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\Type and replace HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vprefCThe "Type and replace" Word setting should be configured correctly. CCE-14111-9User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\Typing replaces selected text HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\optionsPThe "Typing replaces selected text" Word setting should be configured correctly. CCE-13201-9User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\Set number of places in the Recent Places list HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\place mruaThe "Set number of places in the Recent Places list" Word setting should be configured correctly. CCE-13202-7User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\Allow text to be dragged and dropped HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options< WThe "Allow text to be dragged and dropped" Word setting should be configured correctly. CCE-13060-9User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\Show vertical ruler in Print Layout view HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options[The "Show vertical ruler in Print Layout view" Word setting should be configured correctly. CCE-11766-3User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\Print in background HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\optionsFThe "Print in background" Word setting should be configured correctly. CCE-13413-0User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\Use CTRL + Click to follow hyperlink HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\optionsWThe "Use CTRL + Click to follow hyperlink" Word setting should be configured correctly. CCE-13624-2User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\Numeral HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vpref:The "Numeral" Word setting should be configured correctly. CCE-14732-2User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\Show vertical scroll bar HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\optionsKThe "Show vertical scroll bar" Word setting should be configured correctly. CCE-12971-8User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\Number of documents in the Recent Documents list HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\file mrucThe "Number of documents in the Recent Documents list" Word setting should be configured correctly. CCE-13854-5User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\Automatically create drawing canvas when inserting AutoShapes HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\optionspThe "Automatically create drawing canvas when inserting AutoShapes" Word setting should be configured correctly. CCE-14542-5User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\Left scroll bar HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vprefBThe "Left scroll bar" Word setting should be configured correctly. CCE-12420-6User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\Add Bi-Directional Marks when saving Text files HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vprefbThe "Add Bi-Directional Marks when saving Text files" Word setting should be configured correctly. CCE-12453-7User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\English Word 6.0/95 documents HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vprefPThe "English Word 6.0/95 documents" Word setting should be configured correctly. CCE-11548-5User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\Add control characters in Cut and Copy HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vprefYThe "Add control characters in Cut and Copy" Word setting should be configured correctly. CCE-13635-8User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\When selecting, automatically select entire word HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\optionscThe "When selecting, automatically select entire word" Word setting should be configured correctly. CCE-14360-2User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\Enable click and type HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\optionsHThe "Enable click and type" Word setting should be configured correctly. CCE-13943-6User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\Print pages in reverse order HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vprsuOThe "Print pages in reverse order" Word setting should be configured correctly. CCE-12643-3User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\Use draft font in Draft and Outline views HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\The "Use draft font in Draft and Outline views" Word setting should be configured correctly. CCE-13236-5User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\Show control characters HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vprefJThe "Show control characters" Word setting should be configured correctly. CCE-13399-1User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\Cursor movement HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vprefBThe "Cursor movement" Word setting should be configured correctly. CCE-12841-3User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\Confirm file format conversion on open HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\optionsYThe "Confirm file format conversion on open" Word setting should be configured correctly. CCE-12634-2User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\Month names HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vpref>The "Month names" Word setting should be configured correctly. CCE-12291-1User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\Print on front of the sheet for duplex printing HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vprsubThe "Print on front of the sheet for duplex printing" Word setting should be configured correctly. CCE-12527-8User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\Prompt to update style HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\optionsIThe "Prompt to update style" Word setting should be configured correctly. CCE-12306-7User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\Show measurements in units of HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\optionsPThe "Show measurements in units of" Word setting should be configured correctly. CCE-14872-6User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Advanced\Always create backup copy HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\optionsLThe "Always create backup copy" Word setting should be configured correctly. CCE-14864-3User Configuration\Administrative Templates\Microsoft Project 2010\Security\Cryptography\Set CNG cipher algorithm HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\security\cryptoNThe "Set CNG cipher algorithm" Project setting should be configured correctly. CCE-14734-8User Configuration\Administrative Templates\Microsoft Project 2010\Security\Cryptography\Set CNG password spin count HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\security\cryptoQThe "Set CNG password spin count" Project setting should be configured correctly. CCE-13866-9User Configuration\Administrative Templates\Microsoft Project 2010\Security\Cryptography\Configure CNG cipher chaining mode HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\security\cryptoXThe "Configure CNG cipher chaining mode" Project setting should be configured correctly. CCE-13142-5User Configuration\Administrative Templates\Microsoft Project 2010\Security\Cryptography\Specify CNG hash algorithm HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\security\cryptoPThe "Specify CNG hash algorithm" Project setting should be configured correctly. CCE-12589-8User Configuration\Administrative Templates\Microsoft Project 2010\Security\Cryptography\Set parameters for CNG context HKEY_CURRENT_USER\software\policies\microsoft\office\1< 4.0\ms project\security\cryptoTThe "Set parameters for CNG context" Project setting should be configured correctly. CCE-12340-6User Configuration\Administrative Templates\Microsoft Project 2010\Security\Cryptography\Set CNG cipher key length HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\security\cryptoOThe "Set CNG cipher key length" Project setting should be configured correctly. CCE-11827-3User Configuration\Administrative Templates\Microsoft Project 2010\Security\Cryptography\Specify CNG salt length HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\security\cryptoMThe "Specify CNG salt length" Project setting should be configured correctly. CCE-13777-8User Configuration\Administrative Templates\Microsoft Project 2010\Security\Cryptography\Specify CNG random number generator algorithm HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\security\cryptocThe "Specify CNG random number generator algorithm" Project setting should be configured correctly. CCE-14961-7User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\General\Enable Live Preview HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vprefFThe "Enable Live Preview" Word setting should be configured correctly. CCE-13387-6User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\General\Show Mini Toolbar on selection HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\toolbars\word CCE-13090-6User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\General\Open e-mail attachments in Full Screen Reading view HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vpreffThe "Open e-mail attachments in Full Screen Reading view" Word setting should be configured correctly. CCE-13263-9User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\Search Options\Prevent installation prompts when Windows Desktop Search component is not present HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\searchThe "Prevent installation prompts when Windows Desktop Search component is not present" Outlook setting should be configured correctly. CCE-13717-4User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\Search Options\Prevent clear signed message and attachment indexing HKEY_CURRENT_USER\software\policies\microsoft\windows\windows search\preferencesbThe "Prevent clear signed message and attachment indexing" setting should be configured correctly. CCE-12933-8User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\Search Options\Do not display hit highlights in search results HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\searcheThe "Do not display hit highlights in search results" Outlook setting should be configured correctly. CCE-13785-1User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\Search Options\Expand scope of searches HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\searchNThe "Expand scope of searches" Outlook setting should be configured correctly. CCE-13560-8User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\Search Options\Change color used to highlight search matches HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\searchcThe "Change color used to highlight search matches" Outlook setting should be configured correctly. CCE-13575-6User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\Search Options\Do not include the Online Archive in All Mail Item search HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\searchoThe "Do not include the Online Archive in All Mail Item search" Outlook setting should be configured correctly. CCE-13498-1User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\Search Options\Do not display search results as the user types HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\searcheThe "Do not display search results as the user types" Outlook setting should be configured correctly. CCE-14560-7User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Preferences\Search Options\Turn off automatic search index reconciliation HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\searchdThe "Turn off automatic search index reconciliation" Outlook setting should be configured correctly. CCE-12102-0User Configuration\Administrative Templates\Microsoft Word 2010\File Tab\Check Accessibility\Stop checking to ensure headings are succinct HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\accchecker`The "Stop checking to ensure headings are succinct" Word setting should be configured correctly. CCE-12033-7User Configuration\Administrative Templates\Microsoft Word 2010\File Tab\Check Accessibility\Stop checking to ensure heading styles do not skip style level HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\acccheckerqThe "Stop checking to ensure heading styles do not skip style level" Word setting should be configured correctly. CCE-12647-4User Configuration\Administrative Templates\Microsoft Word 2010\File Tab\Check Accessibility\Stop checking whether blank characters are used for formatting HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\acccheckerqThe "Stop checking whether blank characters are used for formatting" Word setting should be configured correctly. CCE-13798-4User Configuration\Administrative Templates\Microsoft Word 2010\File Tab\Check Accessibility\Stop checking whether objects are floating HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\accchecker]The "Stop checking whether objects are floating" Word setting should be configured correctly. CCE-13255-5User Configuration\Administrative Templates\Microsoft Word 2010\File Tab\Check Accessibility\Stop checking to ensure long documents use styles for structure HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\acccheckerrThe "Stop checking to ensure long documents use styles for structure" Word setting should be configured correctly. CCE-13725-7User Configuration\Administrative Templates\Microsoft Word 2010\File Tab\Check Accessibility\Stop checking to ensure documents allow programmatic access HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\acccheckernThe "Stop checking to ensure documents allow programmatic access" Word setting should be configured correctly. CCE-13841-2User Configuration\Administrative Templates\Microsoft Word 2010\File Tab\Check Accessibility\Stop checking to ensure styles have been used frequently HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\acccheckerkThe "Stop checking to ensure styles have been used frequently" Word setting should be configured correctly. CCE-13802-4User Configuration\Administrative Templates\Microsoft Word 2010\File Tab\Check Accessibility\Stop checking for image watermarks HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\acccheckerUThe "Stop checking for image watermarks" Word setting should be configured correctly. CCE-12048-5User Configuration\Administrative Templates\Microsoft Word 2010\File Tab\Check Accessibility\Stop checking to ensure hyperlink text is meaningful HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\acccheckergThe "Stop checking to ensure hyperlink text is meaningful" Word setting should be configured correctly. CCE-13488-2User Configuration\Administrative Templates\Microsoft Word 2010\File Tab\Check Accessibility\Stop checking for merged and split cells HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\accchecker[The "Stop checking for merged and split cells" Word setting should be configured correctly. CCE-14551-6User Configuration\Administrative Templates\Microsoft Word 2010\File Tab\Check< Accessibility\Stop checking for tables used for layout HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\accchecker[The "Stop checking for tables used for layout" Word setting should be configured correctly. CCE-14101-0User Configuration\Administrative Templates\Microsoft Word 2010\File Tab\Check Accessibility\Stop checking for alt text accessibility information HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\acccheckergThe "Stop checking for alt text accessibility information" Word setting should be configured correctly. CCE-14240-6User Configuration\Administrative Templates\Microsoft Word 2010\File Tab\Check Accessibility\Stop checking for table header accessibility information HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\acccheckerkThe "Stop checking for table header accessibility information" Word setting should be configured correctly. CCE-12459-4User Configuration\Administrative Templates\Microsoft Word 2010\File Tab\Check Accessibility\Stop checking for blank table rows and columns HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\acccheckeraThe "Stop checking for blank table rows and columns" Word setting should be configured correctly. CCE-13744-8User Configuration\Administrative Templates\Microsoft Publisher 2010\Publisher Options\Complex scripts\Use type and replace HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\publisher\preferencesLThe "Use type and replace" Publisher setting should be configured correctly. CCE-13616-8User Configuration\Administrative Templates\Microsoft Publisher 2010\Publisher Options\Complex scripts\Default Publisher direction HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\publisher\preferencesSThe "Default Publisher direction" Publisher setting should be configured correctly. CCE-13005-4User Configuration\Administrative Templates\Microsoft Publisher 2010\Publisher Options\Complex scripts\Use sequence checking HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\publisher\preferencesMThe "Use sequence checking" Publisher setting should be configured correctly. CCE-13697-8User Configuration\Administrative Templates\Microsoft Visio 2010\Miscellaneous\Email message for 'Send To' commands HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\applicationXThe "Email message for 'Send To' commands" Visio setting should be configured correctly. CCE-11949-5User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Security\Trust Center\Trusted Locations\Trusted Location #9 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\security\trusted locations\location9ZThe "Trust Center: Trusted Location #9" PowerPoint setting should be configured correctly. CCE-12327-3User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Security\Trust Center\Trusted Locations\Trusted Location #20 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\security\trusted locations\location20[The "Trust Center: Trusted Location #20" PowerPoint setting should be configured correctly. CCE-12450-3User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Security\Trust Center\Trusted Locations\Trusted Location #7 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\security\trusted locations\location7ZThe "Trust Center: Trusted Location #7" PowerPoint setting should be configured correctly. CCE-13411-4User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Security\Trust Center\Trusted Locations\Trusted Location #12 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\security\trusted locations\location12[The "Trust Center: Trusted Location #12" PowerPoint setting should be configured correctly. CCE-13106-0User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Security\Trust Center\Trusted Locations\Trusted Location #5 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\security\trusted locations\location5ZThe "Trust Center: Trusted Location #5" PowerPoint setting should be configured correctly. CCE-12867-8User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Security\Trust Center\Trusted Locations\Trusted Location #10 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\security\trusted locations\location10[The "Trust Center: Trusted Location #10" PowerPoint setting should be configured correctly. CCE-12836-3User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Security\Trust Center\Trusted Locations\Trusted Location #11 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\security\trusted locations\location11[The "Trust Center: Trusted Location #11" PowerPoint setting should be configured correctly. CCE-12434-7User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Security\Trust Center\Trusted Locations\Trusted Location #15 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\security\trusted locations\location15[The "Trust Center: Trusted Location #15" PowerPoint setting should be configured correctly. CCE-13599-6User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Security\Trust Center\Trusted Locations\Trusted Location #6 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\security\trusted locations\location6ZThe "Trust Center: Trusted Location #6" PowerPoint setting should be configured correctly. CCE-13764-6User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Security\Trust Center\Trusted Locations\Trusted Location #18 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\security\trusted locations\location18[The "Trust Center: Trusted Location #18" PowerPoint setting should be configured correctly. CCE-12744-9User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Security\Trust Center\Trusted Locations\Trusted Location #2 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\security\trusted locations\location2ZThe "Trust Center: Trusted Location #2" PowerPoint setting should be configured correctly. CCE-12904-9User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Security\Trust Center\Trusted Locations\Trusted Location #14 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\security\trusted locations\location14[The "Trust Center: Trusted Location #14" PowerPoint setting should be configured correctly. CCE-12272-1User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Security\Trust Center\Trusted Locations\Trusted Location #4 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\security\trusted locations\location4ZThe "Trust Center: Trusted Location #4" PowerPoint setting should be configured correctly. CCE-14623-3User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Security\Trust Center\Trusted Locations\Trusted Location #17 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\security\trusted locations\location17[The "Trust Center: Trusted Location #17" PowerPoint setting should be configured correctly. CCE-13625-9User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Security\Trust Center\Trusted Locations\Trusted Location #19 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\security\trusted locations\location19[The "Trust Center: Trusted Location #19" PowerPoint setting should be configured correctly. CCE-13812-3User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Security\Trust Center\Trusted Locations\Trusted Location #3 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\security\trusted locations\location3< ZThe "Trust Center: Trusted Location #3" PowerPoint setting should be configured correctly. CCE-12824-9User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Security\Trust Center\Trusted Locations\Disable all trusted locations HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\security\trusted locationsVThe "Disable all trusted locations" PowerPoint setting should be configured correctly. CCE-13523-6User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Security\Trust Center\Trusted Locations\Trusted Location #16 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\security\trusted locations\location16[The "Trust Center: Trusted Location #16" PowerPoint setting should be configured correctly. CCE-14665-4User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Security\Trust Center\Trusted Locations\Trusted Location #1 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\security\trusted locations\location1ZThe "Trust Center: Trusted Location #1" PowerPoint setting should be configured correctly. CCE-13628-3User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Security\Trust Center\Trusted Locations\Trusted Location #13 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\security\trusted locations\location13[The "Trust Center: Trusted Location #13" PowerPoint setting should be configured correctly. CCE-11969-3User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Security\Trust Center\Trusted Locations\Allow Trusted Locations on the network HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\security\trusted locations_The "Allow Trusted Locations on the network" PowerPoint setting should be configured correctly. CCE-13140-9User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Security\Trust Center\Trusted Locations\Trusted Location #8 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\security\trusted locations\location8ZThe "Trust Center: Trusted Location #8" PowerPoint setting should be configured correctly. CCE-14389-1User Configuration\Administrative Templates\Microsoft Outlook 2010\Meeting Workspace\Do not display Meeting Workspace button on the Meeting Request form HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\meetings\profileqThe "Do not display Meeting Workspace button on the Meeting Request form" setting should be configured correctly. CCE-14395-8User Configuration\Administrative Templates\Microsoft Outlook 2010\Meeting Workspace\Disable user entries to server list HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\meetings\profileQThe "Disable user entries to server list" setting should be configured correctly. CCE-14154-9User Configuration\Administrative Templates\Microsoft Outlook 2010\Meeting Workspace\Default servers and data for Meeting Workspaces HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\meetings\profile]The "Default servers and data for Meeting Workspaces" setting should be configured correctly. CCE-12130-1User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Mail\Compose Messages\Force selection of account before sending HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options_The "Force selection of account before sending" Outlook setting should be configured correctly. CCE-12386-9User Configuration\Administrative Templates\Microsoft PowerPoint 2010\Disable Items in User Interface\Custom\Disable commands HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\disabledcmdbaritemslist CCE-14135-8User Configuration\Administrative Templates\Microsoft PowerPoint 2010\Disable Items in User Interface\Custom\Disable shortcut keys HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\disabledshortcutkeyslist CCE-12474-3User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\Interface\Disable Internal ID Matching HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\interfaceRThe "Disable Internal ID Matching" Project setting should be configured correctly. CCE-12609-4User Configuration\Administrative Templates\Microsoft PowerPoint 2010\Collaboration Settings\Co-authoring\Prevent co-authoring HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\coauthoringMThe "Prevent co-authoring" PowerPoint setting should be configured correctly. CCE-14863-5User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Other\AutoArchive\Disable File|Archive HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\preferencesJThe "Disable File|Archive" Outlook setting should be configured correctly. CCE-13029-4User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Other\AutoArchive\AutoArchive Settings HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\preferencesJThe "AutoArchive Settings" Outlook setting should be configured correctly. CCE-11862-0User Configuration\Administrative Templates\Microsoft Outlook 2010\Security\Security Form Settings\Custom Form Security\Allow scripts in one-off Outlook forms HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\security\The "Allow scripts in one-off Outlook forms" Outlook setting should be configured correctly. CCE-14048-3User Configuration\Administrative Templates\Microsoft Outlook 2010\Security\Security Form Settings\Custom Form Security\Set Outlook object model custom actions execution prompt HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\securitynThe "Set Outlook object model custom actions execution prompt" Outlook setting should be configured correctly. CCE-13736-4User Configuration\Administrative Templates\Microsoft OneNote 2010\OneNote Options\Security\Cryptography\Specify CNG salt length HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\onenote\security\cryptoMThe "Specify CNG salt length" OneNote setting should be configured correctly. CCE-13340-5User Configuration\Administrative Templates\Microsoft OneNote 2010\OneNote Options\Security\Cryptography\Specify CNG random number generator algorithm HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\onenote\security\cryptocThe "Specify CNG random number generator algorithm" OneNote setting should be configured correctly. CCE-13929-5User Configuration\Administrative Templates\Microsoft OneNote 2010\OneNote Options\Security\Cryptography\Specify CNG hash algorithm HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\onenote\security\cryptoPThe "Specify CNG hash algorithm" OneNote setting should be configured correctly. CCE-12980-9User Configuration\Administrative Templates\Microsoft OneNote 2010\OneNote Options\Security\Cryptography\Set CNG cipher key length HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\onenote\security\cryptoOThe "Set CNG cipher key length" OneNote setting should be configured correctly. CCE-13771-1User Configuration\Administrative Templates\Microsoft OneNote 2010\OneNote Options\Security\Cryptography\Set parameters for CNG context HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\onenote\security\cryptoTThe "Set parameters for CNG context" OneNote setting should be configured correctly. CCE-13600-2User Configuration\Administrative Templates\Microsoft OneNote 2010\OneNote Options\Security\Cryptography\Specify encryption compatibility HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\onenote\security\cryptoVThe "Specify encryption compatibility" OneNote setting should be configured correctly. CCE-13041-9User Configuration\Administrative Templates\Microsoft OneNote 2010\OneNote Options\Security\Cryptography\Set CNG cipher algorithm HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\onenote\security\cryptoNThe "Set CNG cipher algorithm" OneNote setting should be co< nfigured correctly. CCE-14130-9User Configuration\Administrative Templates\Microsoft OneNote 2010\OneNote Options\Security\Cryptography\Set CNG password spin count HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\onenote\security\cryptoQThe "Set CNG password spin count" OneNote setting should be configured correctly. CCE-13397-5User Configuration\Administrative Templates\Microsoft OneNote 2010\OneNote Options\Security\Cryptography\Configure CNG cipher chaining mode HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\onenote\security\cryptoXThe "Configure CNG cipher chaining mode" OneNote setting should be configured correctly. CCE-13968-3User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Other\Advanced\Prevent saving sync conflicts HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlookSThe "Prevent saving sync conflicts" Outlook setting should be configured correctly. CCE-14422-0User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Other\Advanced\Do not allow folders in non-default stores to be set as folder home pages HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\securityThe "Do not allow folders in non-default stores to be set as folder home pages" Outlook setting should be configured correctly. CCE-13726-5User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Other\Advanced\Do not allow Outlook object model scripts to run for public folders HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\securityyThe "Do not allow Outlook object model scripts to run for public folders" Outlook setting should be configured correctly. CCE-14390-9User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Other\Advanced\Enable mail logging (troubleshooting) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\mail[The "Enable mail logging (troubleshooting)" Outlook setting should be configured correctly. CCE-13039-3User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Other\Advanced\Save RSS conflicts HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlookHThe "Save RSS conflicts" Outlook setting should be configured correctly. CCE-13934-5User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Other\Advanced\Turn on logging for all conflicts HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\optionsWThe "Turn on logging for all conflicts" Outlook setting should be configured correctly. CCE-14044-2User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Other\Advanced\Save calendar sync conflicts HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlookRThe "Save calendar sync conflicts" Outlook setting should be configured correctly. CCE-14303-2User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Other\Advanced\Use Unicode format when dragging e-mail message to file system HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\generaltThe "Use Unicode format when dragging e-mail message to file system" Outlook setting should be configured correctly. CCE-13380-1User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Other\Advanced\Do not allow Outlook object model scripts to run for shared folders HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\securityyThe "Do not allow Outlook object model scripts to run for shared folders" Outlook setting should be configured correctly. CCE-12865-2User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Other\Advanced\Minimize Outlook to the system tray HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\preferencesYThe "Minimize Outlook to the system tray" Outlook setting should be configured correctly. CCE-11978-4User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Other\Advanced\Warn before permanently deleting items HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\general\The "Warn before permanently deleting items" Outlook setting should be configured correctly. CCE-11893-5User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Mail Format\Internet Formatting\Outlook Rich Text options HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\mailOThe "Outlook Rich Text options" Outlook setting should be configured correctly. CCE-14117-6User Configuration\Administrative Templates\Microsoft Outlook 2010\Outlook Options\Mail Format\Internet Formatting\Plain text options HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\mailsettingsGThe "Plain text options" common setting should be configured correctly. CCE-12961-9User Configuration\Administrative Templates\Microsoft Office 2010\Services\Fax\Disallow custom cover sheet HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\services\faxPThe "Disallow custom cover sheet" common setting should be configured correctly. CCE-14235-6User Configuration\Administrative Templates\Microsoft Office 2010\Services\Fax\Disable Internet Fax feature HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\services\faxQThe "Disable Internet Fax feature" common setting should be configured correctly. CCE-14453-5User Configuration\Administrative Templates\Microsoft Office 2010\Instant Messaging Integration\Disable Create Rule item in the person name actions menu. HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\personamenunThe "Disable Create Rule item in the person name actions menu." common setting should be configured correctly. CCE-12779-5User Configuration\Administrative Templates\Microsoft Office 2010\Instant Messaging Integration\Disable the Online Status item in the person name actions menu. HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\personamenutThe "Disable the Online Status item in the person name actions menu." common setting should be configured correctly. CCE-13772-9User Configuration\Administrative Templates\Microsoft Office 2010\Instant Messaging Integration\Disable the Outlook Properties item in the person name actions menu. HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\personamenuyThe "Disable the Outlook Properties item in the person name actions menu." common setting should be configured correctly. CCE-13712-5User Configuration\Administrative Templates\Microsoft Office 2010\Instant Messaging Integration\Disable the Add/Open Outlook Contacts item in the person name actions menu. HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\personamenuThe "Disable the Add/Open Outlook Contacts item in the person name actions menu." common setting should be configured correctly. CCE-11836-4User Configuration\Administrative Templates\Microsoft Office 2010\Instant Messaging Integration\Disable person name actions for my messaging contacts in Word and Excel HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\personamenu|The "Disable person name actions for my messaging contacts in Word and Excel" common setting should be configured correctly. CCE-12935-3User Configuration\Administrative Templates\Microsoft Office 2010\Instant Messaging Integration\Disable the Free/Busy item in the person name actions menu. HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\personamenupThe "Disable the Free/Busy item in the person name actions menu." common setting should be configured correctly. CCE-14713-2User Configuration\Administrative Templates\Microsoft Office 2010\Instant Messaging Integration\Disable the Registered Person item in the person name actions menu. HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\personamenuxThe "Disable the Registered Person item in the person name actions menu." common setting should be configured correctly. CCE-13378-5User Configuration\Administ< rative Templates\Microsoft Office 2010\Instant Messaging Integration\Disable the Phone Number item in the person name actions menu. HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\personamenusThe "Disable the Phone Number item in the person name actions menu." common setting should be configured correctly. CCE-14066-5User Configuration\Administrative Templates\Microsoft Office 2010\Instant Messaging Integration\Disable the Messaging item in the person name actions menu. HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\personamenupThe "Disable the Messaging item in the person name actions menu." common setting should be configured correctly. CCE-11839-8User Configuration\Administrative Templates\Microsoft Office 2010\Instant Messaging Integration\Disable the Office Location item in the person name actions menu. HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\personamenuvThe "Disable the Office Location item in the person name actions menu." common setting should be configured correctly. CCE-14756-1User Configuration\Administrative Templates\Microsoft Office 2010\Instant Messaging Integration\Disable the Manager item in the person name actions menu. HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\personamenunThe "Disable the Manager item in the person name actions menu." common setting should be configured correctly. CCE-14106-9User Configuration\Administrative Templates\Microsoft Office 2010\Instant Messaging Integration\Disable all person name actions menu items HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\personamenu_The "Disable all person name actions menu items" common setting should be configured correctly. CCE-12280-4User Configuration\Administrative Templates\Microsoft Office 2010\Instant Messaging Integration\Disable the Send Mail item in the person name actions menu. HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\personamenupThe "Disable the Send Mail item in the person name actions menu." common setting should be configured correctly. CCE-12298-6User Configuration\Administrative Templates\Microsoft Office 2010\Instant Messaging Integration\Set refresh time for Calendar information for the person name action HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\personamenuyThe "Set refresh time for Calendar information for the person name action" common setting should be configured correctly. CCE-14507-8User Configuration\Administrative Templates\Microsoft Visio 2010\Visio Options\Save\Turn off CAD/DWG functionality HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\applicationRThe "Turn off CAD/DWG functionality" Visio setting should be configured correctly. CCE-14486-5User Configuration\Administrative Templates\Microsoft Office 2010\Language settings\Editing Languages\Primary Editing Language HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\languageresourcesMThe "Primary Editing Language" common setting should be configured correctly. CCE-12623-5User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\Schedule\Schedule options for Microsoft Project\Show assignment units as HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\schedulingNThe "Show assignment units as" Project setting should be configured correctly. CCE-13818-0User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\Schedule\Schedule options for Microsoft Project\Show scheduling messages HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\schedulingNThe "Show scheduling messages" Project setting should be configured correctly. CCE-14869-2User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Security\Trust Center\Turn off trusted documents HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\security\trusted documentsNThe "Turn off trusted documents" Excel setting should be configured correctly. CCE-12179-8User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Security\Trust Center\Disable Trust Bar Notification for unsigned application add-ins and block them HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\securityThe "Disable Trust Bar Notification for unsigned application add-ins and block them" Excel setting should be configured correctly. CCE-13761-2User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Security\Trust Center\Turn off Data Execution Prevention HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\securityVThe "Turn off Data Execution Prevention" Excel setting should be configured correctly. CCE-12641-7User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Security\Trust Center\Turn off Trusted Documents on the network HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\security\trusted documents]The "Turn off Trusted Documents on the network" Excel setting should be configured correctly. CCE-12673-0User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Security\Trust Center\Trust access to Visual Basic Project HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\securityXThe "Trust access to Visual Basic Project" Excel setting should be configured correctly. CCE-12214-3User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Security\Trust Center\Store macro in Personal Macro Workbook by default HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\options\binaryoptionseThe "Store macro in Personal Macro Workbook by default" Excel setting should be configured correctly. CCE-13641-6User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Security\Trust Center\VBA Macro Notification Settings HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\securitySThe "VBA Macro Notification Settings" Excel setting should be configured correctly. CCE-12426-3User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Security\Trust Center\Require that application add-ins are signed by Trusted Publisher HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\securitytThe "Require that application add-ins are signed by Trusted Publisher" Excel setting should be configured correctly. CCE-12798-5User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Security\Trust Center\Set maximum number of trust records to preserve HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\security\trusted documentscThe "Set maximum number of trust records to preserve" Excel setting should be configured correctly. CCE-13607-7User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Security\Trust Center\Disable all application add-ins HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\securitySThe "Disable all application add-ins" Excel setting should be configured correctly. CCE-14047-5User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Security\Trust Center\Set maximum number of trusted documents HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\security\trusted documents[The "Set maximum number of trusted documents" Excel setting should be configured correctly. CCE-13845-3User Configuration\Administrative Templates\Microsoft Excel 2010\Miscellaneous\Enable four-digit year display HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\optionsRThe "Enable four-digit year display" Excel setting should be configured correctly. CCE-14578-9User Configuration\Administrative Templates\Microsoft Excel 2010\Miscellaneous\Graph gallery path HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\graph\options CCE-12419-8User Configuration\Administrative Templates\Microsoft Excel 2010\Miscellaneous\Do not cache network files locally HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\optionsVThe "Do not cache networ< k files locally" Excel setting should be configured correctly. CCE-12329-9User Configuration\Administrative Templates\Microsoft Excel 2010\Miscellaneous\OLAP PivotTable User Defined Function (UDF) security setting HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\optionspThe "OLAP PivotTable User Defined Function (UDF) security setting" Excel setting should be configured correctly. CCE-14134-1User Configuration\Administrative Templates\Microsoft Office 2010\Global Options\Customize\Shared Workspace\Automatic Discovery HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\sharepointtrackingAThe "Automatic Discovery" setting should be configured correctly. CCE-12182-2User Configuration\Administrative Templates\Microsoft Office 2010\Global Options\Customize\Shared Workspace\Disable user from setting personal site as default location HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\portalpThe "Disable user from setting personal site as default location" common setting should be configured correctly. CCE-13416-3User Configuration\Administrative Templates\Microsoft Visio 2010\Customizable Error Messages\List of error messages to customize HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\visio\customizablealertsWThe "List of error messages to customize" Visio setting should be configured correctly. CCE-14003-8User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\General\General options for Microsoft Project\Set AutoFilter on for new projects HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\generalXThe "Set AutoFilter on for new projects" Project setting should be configured correctly. CCE-13871-9User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\General\General options for Microsoft Project\Recently used file list (MRU) HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\generalSThe "Recently used file list (MRU)" Project setting should be configured correctly. CCE-12786-0User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\General\General options for Microsoft Project\Prompt for project info for new projects HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\general^The "Prompt for project info for new projects" Project setting should be configured correctly. CCE-13317-3User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\General\General options for Microsoft Project\Open last file on startup HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\generalOThe "Open last file on startup" Project setting should be configured correctly. CCE-13843-8User Configuration\Administrative Templates\Microsoft Access 2010\Application Settings\Web Options...\General\Followed hyperlink color HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\access\internetMThe "Followed hyperlink color" Access setting should be configured correctly. CCE-12063-4User Configuration\Administrative Templates\Microsoft Access 2010\Application Settings\Web Options...\General\Underline hyperlinks HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\access\internetIThe "Underline hyperlinks" Access setting should be configured correctly. CCE-11891-9User Configuration\Administrative Templates\Microsoft Access 2010\Application Settings\Web Options...\General\Hyperlink color HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\access\internetDThe "Hyperlink color" Access setting should be configured correctly. CCE-13893-3User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Proofing\Autocorrect Options\Internet and network paths as hyperlinks HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\options\The "Internet and network paths as hyperlinks" Excel setting should be configured correctly. CCE-14307-3User Configuration\Administrative Templates\Microsoft Excel 2010\Excel Options\Proofing\Autocorrect Options\Include new rows and columns in table HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\optionsYThe "Include new rows and columns in table" Excel setting should be configured correctly. CCE-13852-9User Configuration\Administrative Templates\Microsoft InfoPath 2010\InfoPath Options\Advanced\Offline\Offline Mode status HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\infopath\editor\offlineJThe "Offline Mode status" InfoPath setting should be configured correctly. CCE-14778-5User Configuration\Administrative Templates\Microsoft InfoPath 2010\InfoPath Options\Advanced\Offline\Offline Mode cache size HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\infopath\editor\offlineNThe "Offline Mode cache size" InfoPath setting should be configured correctly. CCE-13583-0User Configuration\Administrative Templates\Microsoft InfoPath 2010\InfoPath Options\Advanced\Offline\Offline data cached per form template HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\infopath\editor\offline\The "Offline data cached per form template" InfoPath setting should be configured correctly. CCE-12847-0User Configuration\Administrative Templates\Microsoft OneNote 2010\OneNote Options\Send to OneNote\Disable Outlook send email to OneNote option HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\onenote\options\outlookandwebbThe "Disable Outlook send email to OneNote option" OneNote setting should be configured correctly. CCE-14762-9User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Track changes and compare\Ignore White Space HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vprefEThe "Ignore White Space" Word setting should be configured correctly. CCE-13210-0User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Track changes and compare\Compare resulting document HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vprefMThe "Compare resulting document" Word setting should be configured correctly. CCE-12261-4User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Track changes and compare\Deletions color HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vprefBThe "Deletions color" Word setting should be configured correctly. CCE-14294-3User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Track changes and compare\Balloons HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vpref;The "Balloons" Word setting should be configured correctly. CCE-14418-8User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Track changes and compare\Table compare colors HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vprefGThe "Table compare colors" Word setting should be configured correctly. CCE-11640-0User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Track changes and compare\Insertions color HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options\vprefCThe "Insertions color" Word setting should be configured correctly. CCE-13407-2User Configuration\Administrative Templates\Microsoft Excel 2010\Miscellaneous\Server Settings\Turn off file synchronization via SOAP over HTTP HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\internet CCE-14388-3User Configuration\Administrative Templates\Microsoft InfoPath 2010\Security\Trust Center\Disable all trusted locations HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\infopath\security\trusted locationsTThe "Disable all trusted locations" InfoPath setting should be configured correctly. CCE-12900-7User Configuration\Administrative Templates\Microsoft InfoPath 2010\Security\Trust Center\Require that application add-ins are signed by Trusted Publisher HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\infopath\securitywThe "Require that application add-ins are signed by Trusted Publisher" InfoPath setting < should be configured correctly. CCE-14318-0User Configuration\Administrative Templates\Microsoft InfoPath 2010\Security\Trust Center\Block cross-domain data form retrieval HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\infopath\security]The "Block cross-domain data form retrieval" InfoPath setting should be configured correctly. CCE-12930-4User Configuration\Administrative Templates\Microsoft InfoPath 2010\Security\Trust Center\Turn off Data Execution Prevention HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\infopath\securityYThe "Turn off Data Execution Prevention" InfoPath setting should be configured correctly. CCE-13173-0User Configuration\Administrative Templates\Microsoft InfoPath 2010\Security\Trust Center\Disable all application add-ins HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\infopath\securityVThe "Disable all application add-ins" InfoPath setting should be configured correctly. CCE-14062-4User Configuration\Administrative Templates\Microsoft InfoPath 2010\Security\Trust Center\Disable Trust Bar Notification for unsigned application add-ins HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\infopath\securityvThe "Disable Trust Bar Notification for unsigned application add-ins" InfoPath setting should be configured correctly. CCE-14469-1User Configuration\Administrative Templates\Microsoft Office 2010\Business Data\Synchronization\Set query processing timeout limit HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\business data\synchronizationWThe "Set query processing timeout limit" common setting should be configured correctly. CCE-13339-7User Configuration\Administrative Templates\Microsoft Office 2010\Business Data\Synchronization\Set the cleanup interval HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\business data\synchronizationMThe "Set the cleanup interval" common setting should be configured correctly. CCE-14603-5User Configuration\Administrative Templates\Microsoft Office 2010\Business Data\Synchronization\Set maximum sleep interval HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\business data\synchronizationOThe "Set maximum sleep interval" common setting should be configured correctly. CCE-12431-3User Configuration\Administrative Templates\Microsoft Office 2010\Business Data\Synchronization\Set refresh frequency limit HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\business data\synchronizationPThe "Set refresh frequency limit" common setting should be configured correctly. CCE-12076-6User Configuration\Administrative Templates\Microsoft Office 2010\Business Data\Synchronization\Set errors cleanup interval HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\business data\synchronizationPThe "Set errors cleanup interval" common setting should be configured correctly. CCE-11838-0User Configuration\Administrative Templates\Microsoft Office 2010\Business Data\Synchronization\Set maximum number of retries when synchronization fails HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\business data\synchronizationmThe "Set maximum number of retries when synchronization fails" common setting should be configured correctly. CCE-13913-9User Configuration\Administrative Templates\Microsoft Office 2010\Business Data\Synchronization\Set subscription refresh retry interval HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\business data\synchronization\The "Set subscription refresh retry interval" common setting should be configured correctly. CCE-14648-0User Configuration\Administrative Templates\Microsoft Office 2010\Business Data\Synchronization\Set query items limit HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\business data\synchronizationJThe "Set query items limit" common setting should be configured correctly. CCE-12263-0User Configuration\Administrative Templates\Microsoft Outlook 2010\Miscellaneous\Miscellaneous\Prevent shutdown if external references exist HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\shutdowncThe "Prevent shutdown if external references exist" Outlook setting should be configured correctly. CCE-13326-4User Configuration\Administrative Templates\Microsoft Outlook 2010\Miscellaneous\Miscellaneous\Configure fast shutdown behavior HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\shutdownVThe "Configure fast shutdown behavior" Outlook setting should be configured correctly. CCE-14753-8User Configuration\Administrative Templates\Microsoft Outlook 2010\Miscellaneous\Miscellaneous\Configure fast shutdown behavior for add-ins HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\outlook\options\shutdownbThe "Configure fast shutdown behavior for add-ins" Outlook setting should be configured correctly. CCE-12694-6User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\View\Show\Entry Bar HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\view?The "Entry Bar" Project setting should be configured correctly. CCE-14898-1User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\View\Show\Project Screentips HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\viewHThe "Project Screentips" Project setting should be configured correctly. CCE-13422-1User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\View\Show\OLE Link Indicators HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\viewIThe "OLE Link Indicators" Project setting should be configured correctly. CCE-13379-3User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\View\Show\Status Bar HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\view@The "Status Bar" Project setting should be configured correctly. CCE-13137-5User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\View\Show\Automatically add new items to the global project HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\viewgThe "Automatically add new items to the global project" Project setting should be configured correctly. CCE-14000-4User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\View\Show\Windows in Taskbar HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\viewHThe "Windows in Taskbar" Project setting should be configured correctly. CCE-12684-7User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\View\Show\Scroll Bars HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\viewAThe "Scroll Bars" Project setting should be configured correctly. CCE-12954-4User Configuration\Administrative Templates\Microsoft Excel 2010\Data Recovery\Do not show data extraction options when opening corrupt workbooks HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\excel\optionsvThe "Do not show data extraction options when opening corrupt workbooks" Excel setting should be configured correctly. CCE-12439-6User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\Interface\Project Guide settings for 'Project1'\Project Guide Content HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\interfaceKThe "Project Guide Content" Project setting should be configured correctly. CCE-14182-0User Configuration\Administrative Templates\Microsoft Project 2010\Project Options\Interface\Project Guide settings for 'Project1'\Project Guide Functionality and Layout page HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\ms project\options\interfaceaThe "Project Guide Functionality and Layout page" Project setting should be configured correctly. CCE-14642-3User Configuration\Administrative Templates\Microsoft Office 2010\File Open/Save dialog box\Places Bar Locations\Places Bar Location 2 HKEY_CURRENT_USER\software\policies\microsoft\of< fice\14.0\common\open find\adminaddedplaces\place1JThe "Places Bar Location 2" common setting should be configured correctly. CCE-13821-4User Configuration\Administrative Templates\Microsoft Office 2010\File Open/Save dialog box\Places Bar Locations\Places Bar Location 10 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\open find\adminaddedplaces\place9KThe "Places Bar Location 10" common setting should be configured correctly. CCE-14216-6User Configuration\Administrative Templates\Microsoft Office 2010\File Open/Save dialog box\Places Bar Locations\Places Bar Location 4 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\open find\adminaddedplaces\place3JThe "Places Bar Location 4" common setting should be configured correctly. CCE-12670-6User Configuration\Administrative Templates\Microsoft Office 2010\File Open/Save dialog box\Places Bar Locations\Places Bar Location 9 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\open find\adminaddedplaces\place8JThe "Places Bar Location 9" common setting should be configured correctly. CCE-13104-5User Configuration\Administrative Templates\Microsoft Office 2010\File Open/Save dialog box\Places Bar Locations\Places Bar Location 1 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\open find\adminaddedplaces\place0JThe "Places Bar Location 1" common setting should be configured correctly. CCE-14664-7User Configuration\Administrative Templates\Microsoft Office 2010\File Open/Save dialog box\Places Bar Locations\Places Bar Location 8 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\open find\adminaddedplaces\place7JThe "Places Bar Location 8" common setting should be configured correctly. CCE-14116-8User Configuration\Administrative Templates\Microsoft Office 2010\File Open/Save dialog box\Places Bar Locations\Places Bar Location 3 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\open find\adminaddedplaces\place2JThe "Places Bar Location 3" common setting should be configured correctly. CCE-13788-5User Configuration\Administrative Templates\Microsoft Office 2010\File Open/Save dialog box\Places Bar Locations\Places Bar Location 7 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\open find\adminaddedplaces\place6JThe "Places Bar Location 7" common setting should be configured correctly. CCE-12268-9User Configuration\Administrative Templates\Microsoft Office 2010\File Open/Save dialog box\Places Bar Locations\Places Bar Location 5 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\open find\adminaddedplaces\place4JThe "Places Bar Location 5" common setting should be configured correctly. CCE-12827-2User Configuration\Administrative Templates\Microsoft Office 2010\File Open/Save dialog box\Places Bar Locations\Places Bar Location 6 HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\open find\adminaddedplaces\place5JThe "Places Bar Location 6" common setting should be configured correctly. CCE-12301-8User Configuration\Administrative Templates\Microsoft Access 2010\Disable Items in User Interface\Predefined\Disable shortcut keys HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\access\disabledshortcutkeyscheckboxes CCE-13995-6User Configuration\Administrative Templates\Microsoft Access 2010\Disable Items in User Interface\Predefined\Disable commands HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\access\disabledcmdbaritemscheckboxes CCE-13391-8User Configuration\Administrative Templates\Microsoft SharePoint Designer 2010\Disable Items in User Interface\Predefined\Disable commands HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\sharepoint designer\disabledcmdbaritemscheckboxes CCE-14709-0User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Save\Save AutoRecover info HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\optionsNThe "Save AutoRecover info" PowerPoint setting should be configured correctly. CCE-14211-7User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Save\Default file format HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\optionsLThe "Default file format" PowerPoint setting should be configured correctly. CCE-12518-7User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Save\Disable Package For CD HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\securityOThe "Disable Package For CD" PowerPoint setting should be configured correctly. CCE-14536-7User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Save\Keep the last AutoSaved versions of files for the next session HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\optionswThe "Keep the last AutoSaved versions of files for the next session" PowerPoint setting should be configured correctly. CCE-13502-0User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Save\Suppress file format compatibility dialog box for OpenDocument Presentation format HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\optionsThe "Suppress file format compatibility dialog box for OpenDocument Presentation format" PowerPoint setting should be configured correctly. CCE-14442-8User Configuration\Administrative Templates\Microsoft PowerPoint 2010\PowerPoint Options\Save\Default file location HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\powerpoint\recentfolderlistNThe "Default file location" PowerPoint setting should be configured correctly. CCE-12740-7Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Internet Explorer 8 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Settings\Display settings\Link Colors\Prevent users from configuring the color of links that have not yet been clicked HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\SettingsThe "Prevent users from configuring the color of links that have not yet been clicked" current user setting should be configured correctly. CCE-15911-1User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Settings\Display settings\Link Colors\Prevent users from configuring the hover color HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\SettingsiThe "Prevent users from configuring the hover color" current user setting should be configured correctly. CCE-16770-0User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Settings\Display settings\Link Colors\Prevent users from configuring the color of links that have already been clicked HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\SettingsThe "Prevent users from configuring the color of links that have already been clicked" current user setting should be configured correctly. CCE-16515-9User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Settings\Display settings\Link Colors\Turn on the hover color option HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\SettingsYThe "Turn on the hover color option" current user setting should be configured correctly. CCE-16383-2User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page\Use HTTP 1.1 HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet SettingsGThe "Use HTTP 1.1" current user setting should be configured correctly. CCE-16916-9User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page\Allow third-party browser extensions HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main_The "Allow third-party browser extensions" current user setting should be configured correctly. CCE-16720-5User Configuration\Administrative Templates\Windows Co< mponents\Internet Explorer\Internet Control Panel\Advanced Page\Do not save encrypted pages to disk HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings^The "Do not save encrypted pages to disk" current user setting should be configured correctly. CCE-15973-1User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page\Use HTTP 1.1 through proxy connections HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet SettingsaThe "Use HTTP 1.1 through proxy connections" current user setting should be configured correctly. CCE-16606-6User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page\Turn on Caret Browsing support HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\CaretBrowsingYThe "Turn on Caret Browsing support" current user setting should be configured correctly. CCE-16742-9User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page\Turn off ClearType HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\MainMThe "Turn off ClearType" current user setting should be configured correctly. CCE-16725-4User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page\Play animations in web pages HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\MainWThe "Play animations in web pages" current user setting should be configured correctly. CCE-16920-1User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page\Check for server certificate revocation HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet SettingsbThe "Check for server certificate revocation" current user setting should be configured correctly. CCE-16592-8User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page\Automatically check for Internet Explorer updates HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\MainlThe "Automatically check for Internet Explorer updates" current user setting should be configured correctly. CCE-16899-7User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page\Do not allow resetting Internet Explorer settings HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control PanellThe "Do not allow resetting Internet Explorer settings" current user setting should be configured correctly. CCE-16908-6User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page\Empty Temporary Internet Files folder when browser is closed HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\CachewThe "Empty Temporary Internet Files folder when browser is closed" current user setting should be configured correctly. CCE-15940-0User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page\Turn off Encryption Support HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet SettingsVThe "Turn off Encryption Support" current user setting should be configured correctly. CCE-15938-4User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page\Allow software to run or install even if the signature is invalid HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Download|The "Allow software to run or install even if the signature is invalid" current user setting should be configured correctly. CCE-15932-7User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page\Check for signatures on downloaded programs HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\DownloadfThe "Check for signatures on downloaded programs" current user setting should be configured correctly. CCE-16056-4&User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page\Allow active content from CDs to run on user machines HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\SettingspThe "Allow active content from CDs to run on user machines" current user setting should be configured correctly. CCE-15924-4User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page\Play sounds in web pages HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\MainSThe "Play sounds in web pages" current user setting should be configured correctly. CCE-16801-3User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Sites: Include all network paths (UNCs) HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapkThe "Intranet Sites: Include all network paths (UNCs)" current user setting should be configured correctly. CCE-16049-9!User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Sites: Include all local (intranet) sites not listed in other zones HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapThe "Intranet Sites: Include all local (intranet) sites not listed in other zones" current user setting should be configured correctly. CCE-16120-8User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone Template HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Trusted Sites Lockdown Settings\Template PoliciesbThe "Locked-Down Trusted Sites Zone Template" current user setting should be configured correctly. CCE-16310-5User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone Template HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Restricted Sites Lockdown Settings\Template PolicieseThe "Locked-Down Restricted Sites Zone Template" current user setting should be configured correctly. CCE-16287-5User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Turn on automatic detection of the intranet HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapfThe "Turn on automatic detection of the intranet" current user setting should be configured correctly. CCE-16284-2User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone Template HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Local Machine Zone Settings\Template PoliciesVThe "Local Machine Zone Template" current user setting should be configured correctly. CCE-16124-0 User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone Template HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Intranet Lockdown Settings\Template Policies]The "Locked-Down Intranet Zone Template" current user setting should be configured correctly. CCE-16306-3User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Turn on Information bar notification for intranet content HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet SettingstThe "Turn on Information bar notification for intranet content" current user setting should be configured correctly. CCE-16273-5User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Securit< y Page\Site to Zone Assignment List HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet SettingsWThe "Site to Zone Assignment List" current user setting should be configured correctly. CCE-16259-4User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone Template HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Template PoliciesQThe "Internet Zone Template" current user setting should be configured correctly. CCE-15865-9User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone Template HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Local Machine Zone Lockdown Settings\Template PoliciesbThe "Locked-Down Local Machine Zone Template" current user setting should be configured correctly. CCE-16297-4User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone Template HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Intranet Settings\Template PoliciesQThe "Intranet Zone Template" current user setting should be configured correctly. CCE-16111-7User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone Template HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Trusted Sites Settings\Template PoliciesVThe "Trusted Sites Zone Template" current user setting should be configured correctly. CCE-15887-3 User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone Template HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Lockdown Settings\Template Policies]The "Locked-Down Internet Zone Template" current user setting should be configured correctly. CCE-16172-9User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Sites: Include all sites that bypass the proxy server HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapyThe "Intranet Sites: Include all sites that bypass the proxy server" current user setting should be configured correctly. CCE-16301-4User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Turn on Warn about Certificate Address Mismatch HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet SettingsjThe "Turn on Warn about Certificate Address Mismatch" current user setting should be configured correctly. CCE-15316-3User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone Template HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Restricted Sites Settings\Template PoliciesYThe "Restricted Sites Zone Template" current user setting should be configured correctly. CCE-15637-2User Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Object Caching Protection\Process List HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControlbThe "Object Caching Protection: Process List" current user setting should be configured correctly. CCE-15844-4User Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Object Caching Protection\All Processes HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHINGcThe "Object Caching Protection: All Processes" current user setting should be configured correctly. CCE-16214-9User Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Object Caching Protection\Internet Explorer Processes HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHINGqThe "Object Caching Protection: Internet Explorer Processes" current user setting should be configured correctly. CCE-15341-1Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\MK Protocol Security Restriction\All Processes HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOLeThe "MK Protocol Security Restriction: All Processes" machine setting should be configured correctly. CCE-16763-5Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\MK Protocol Security Restriction\Process List HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControldThe "MK Protocol Security Restriction: Process List" machine setting should be configured correctly. CCE-17005-0 Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Scripted Window Security Restrictions\All Processes HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONSjThe "Scripted Window Security Restrictions: All Processes" machine setting should be configured correctly. CCE-15928-5Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Scripted Window Security Restrictions\Process List HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControliThe "Scripted Window Security Restrictions: Process List" machine setting should be configured correctly. CCE-15923-6User Configuration\Administrative Templates\Windows Components\Internet Explorer\Browser menus\Hide Favorites menu HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\RestrictionsNThe "Hide Favorites menu" current user setting should be configured correctly. CCE-16052-3User Configuration\Administrative Templates\Windows Components\Internet Explorer\Browser menus\Tools menu: Disable Internet Options... menu option HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\RestrictionsnThe "Tools menu: Disable Internet Options... menu option" current user setting should be configured correctly. CCE-15927-7User Configuration\Administrative Templates\Windows Components\Internet Explorer\Browser menus\View menu: Disable Full Screen menu option HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\RestrictionseThe "View menu: Disable Full Screen menu option" current user setting should be configured correctly. CCE-15918-6User Configuration\Administrative Templates\Windows Components\Internet Explorer\Browser menus\File menu: Disable Save As... menu option HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\RestrictionsdThe "File menu: Disable Save As... menu option" current user setting should be configured correctly. CCE-15302-3User Configuration\Administrative Templates\Windows Components\Internet Explorer\Browser menus\File menu: Disable closing the browser and Explorer windows HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\RestrictionsvThe "File menu: Disable closing the browser and Explorer windows" current user setting should be configured correctly. CCE-16042-4User Configuration\Administrative Templates\Windows Components\Internet Explorer\Browser menus\Turn off Print Menu HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\RestrictionsNThe "Turn off Print Menu" current user setting should be configured correctly. CCE-15125-8User Configuration\Administrative Templates\Windows Components\Internet Explorer\Browser menus\View menu: Disable Source menu option HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions`The "View menu: Disable Source menu option" current user setting should be configured correctly. CCE-15808-9User Configuration\Administrative Templates\Windows Components\Internet Explorer\Browser menus\File menu: Disable Open < menu option HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions^The "File menu: Disable Open menu option" current user setting should be configured correctly. CCE-15955-8User Configuration\Administrative Templates\Windows Components\Internet Explorer\Browser menus\File menu: Disable Save As Web Page Complete HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Infodelivery\RestrictionsgThe "File menu: Disable Save As Web Page Complete" current user setting should be configured correctly. CCE-15905-3User Configuration\Administrative Templates\Windows Components\Internet Explorer\Browser menus\Help menu: Remove 'Send Feedback' menu option HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\RestrictionshThe "Help menu: Remove 'Send Feedback' menu option" current user setting should be configured correctly. CCE-15929-3User Configuration\Administrative Templates\Windows Components\Internet Explorer\Browser menus\Help menu: Remove 'Tour' menu option HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions_The "Help menu: Remove 'Tour' menu option" current user setting should be configured correctly. CCE-15131-6User Configuration\Administrative Templates\Windows Components\Internet Explorer\Browser menus\File menu: Disable New menu option HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions]The "File menu: Disable New menu option" current user setting should be configured correctly. CCE-15933-5User Configuration\Administrative Templates\Windows Components\Internet Explorer\Browser menus\Disable Context menu HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\RestrictionsOThe "Disable Context menu" current user setting should be configured correctly. CCE-15786-7User Configuration\Administrative Templates\Windows Components\Internet Explorer\Browser menus\Disable Open in New Window menu option HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\RestrictionsaThe "Disable Open in New Window menu option" current user setting should be configured correctly. CCE-16037-4User Configuration\Administrative Templates\Windows Components\Internet Explorer\Administrator Approved Controls\Menu Controls HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedControlsHThe "Menu Controls" current user setting should be configured correctly. CCE-15978-0User Configuration\Administrative Templates\Windows Components\Internet Explorer\Administrator Approved Controls\DHTML Edit Control HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedControlsMThe "DHTML Edit Control" current user setting should be configured correctly. CCE-15378-3User Configuration\Administrative Templates\Windows Components\Internet Explorer\Administrator Approved Controls\NetShow File Transfer Control HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedControlsXThe "NetShow File Transfer Control" current user setting should be configured correctly. CCE-16070-5User Configuration\Administrative Templates\Windows Components\Internet Explorer\Administrator Approved Controls\Microsoft Scriptlet Component HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedControlsXThe "Microsoft Scriptlet Component" current user setting should be configured correctly. CCE-16074-7User Configuration\Administrative Templates\Windows Components\Internet Explorer\Administrator Approved Controls\Microsoft Survey Control HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedControlsSThe "Microsoft Survey Control" current user setting should be configured correctly. CCE-16000-2User Configuration\Administrative Templates\Windows Components\Internet Explorer\Administrator Approved Controls\Investor HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedControlsCThe "Investor" current user setting should be configured correctly. CCE-15140-7User Configuration\Administrative Templates\Windows Components\Internet Explorer\Administrator Approved Controls\MSNBC HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedControls@The "MSNBC" current user setting should be configured correctly. CCE-15224-9User Configuration\Administrative Templates\Windows Components\Internet Explorer\Administrator Approved Controls\Audio/Video Player HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedControlsMThe "Audio/Video Player" current user setting should be configured correctly. CCE-15616-6User Configuration\Administrative Templates\Windows Components\Internet Explorer\Administrator Approved Controls\Carpoint HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedControlsCThe "Carpoint" current user setting should be configured correctly. CCE-15937-6User Configuration\Administrative Templates\Windows Components\Internet Explorer\Administrator Approved Controls\Shockwave Flash HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedControlsJThe "Shockwave Flash" current user setting should be configured correctly. CCE-15867-5User Configuration\Administrative Templates\Windows Components\Internet Explorer\Administrator Approved Controls\Microsoft Agent HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedControlsJThe "Microsoft Agent" current user setting should be configured correctly. CCE-16101-8User Configuration\Administrative Templates\Windows Components\Internet Explorer\Administrator Approved Controls\Microsoft Chat HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedControlsIThe "Microsoft Chat" current user setting should be configured correctly. CCE-15951-7User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Settings\Advanced settings\Signup Settings\Turn on Automatic Signup HKEY_CURRENT_USER\Software\Policies\Microsoft\IEAKSThe "Turn on Automatic Signup" current user setting should be configured correctly. CCE-15410-4Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Binary Behavior Security Restriction\Internet Explorer Processes HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BEHAVIORSwThe "Binary Behavior Security Restriction: Internet Explorer Processes" machine setting should be configured correctly. CCE-16376-6Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Binary Behavior Security Restriction\Process List HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControlhThe "Binary Behavior Security Restriction: Process List" machine setting should be configured correctly. CCE-15631-5Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Binary Behavior Security Restriction\Admin-approved behaviors HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet SettingsNThe "Admin-approved behaviors" machine setting should be configured correctly. CCE-16389-9Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Binary Behavior Security Restriction\All Processes HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BEHAVIORSiThe "Binary Behavior Security Restriction: All Processes" machine setting should be configured correctly. CCE-16112-5Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Disable the Privacy page HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Control PanelNThe "Disable the Privacy page" machine setting should be configured correctly. CCE-16068-9Computer Config< uration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Disable the Connections page HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Control PanelRThe "Disable the Connections page" machine setting should be configured correctly. CCE-16598-5Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Send internationalized domain names HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet SettingsYThe "Send internationalized domain names" machine setting should be configured correctly. CCE-16990-4Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Disable the General page HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Control PanelNThe "Disable the General page" machine setting should be configured correctly. CCE-16488-9Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Use UTF-8 for mailto links HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Protocols\MailtoPThe "Use UTF-8 for mailto links" machine setting should be configured correctly. CCE-16981-3Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Disable the Content page HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Control PanelNThe "Disable the Content page" machine setting should be configured correctly. CCE-16858-3Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Disable the Programs page HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Control PanelOThe "Disable the Programs page" machine setting should be configured correctly. CCE-16862-5Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Protection From Zone Elevation\All Processes HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATIONcThe "Protection From Zone Elevation: All Processes" machine setting should be configured correctly. CCE-16641-3Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Protection From Zone Elevation\Process List HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControlbThe "Protection From Zone Elevation: Process List" machine setting should be configured correctly. CCE-16518-3User Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Local Machine Zone Lockdown Security\All Processes HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWNnThe "Local Machine Zone Lockdown Security: All Processes" current user setting should be configured correctly. CCE-15799-0User Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Local Machine Zone Lockdown Security\Internet Explorer Processes HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN|The "Local Machine Zone Lockdown Security: Internet Explorer Processes" current user setting should be configured correctly. CCE-16672-8User Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Local Machine Zone Lockdown Security\Process List HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControlmThe "Local Machine Zone Lockdown Security: Process List" current user setting should be configured correctly. CCE-16293-3User Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Restrict File Download\Process List HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl_The "Restrict File Download: Process List" current user setting should be configured correctly. CCE-16323-8User Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Restrict File Download\Internet Explorer Processes HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOADnThe "Restrict File Download: Internet Explorer Processes" current user setting should be configured correctly. CCE-16337-8User Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Restrict File Download\All Processes HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD`The "Restrict File Download: All Processes" current user setting should be configured correctly. CCE-16332-9User Configuration\Administrative Templates\Windows Components\Internet Explorer\Delete Browsing History\Prevent Deleting InPrivate Filtering data HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\PrivacydThe "Prevent Deleting InPrivate Filtering data" current user setting should be configured correctly. CCE-15925-1User Configuration\Administrative Templates\Windows Components\Internet Explorer\Delete Browsing History\Prevent Deleting Cookies HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\PrivacySThe "Prevent Deleting Cookies" current user setting should be configured correctly. CCE-15466-6User Configuration\Administrative Templates\Windows Components\Internet Explorer\Delete Browsing History\Prevent Deleting Web sites that the User has Visited HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\PrivacyoThe "Prevent Deleting Web sites that the User has Visited" current user setting should be configured correctly. CCE-15533-3User Configuration\Administrative Templates\Windows Components\Internet Explorer\Delete Browsing History\Disable "Configuring History" HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control PanelXThe "Disable "Configuring History"" current user setting should be configured correctly. CCE-16432-7User Configuration\Administrative Templates\Windows Components\Internet Explorer\Delete Browsing History\Prevent Deleting Passwords HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control PanelUThe "Prevent Deleting Passwords" current user setting should be configured correctly. CCE-15683-6User Configuration\Administrative Templates\Windows Components\Internet Explorer\Delete Browsing History\Prevent Deleting Form Data HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control PanelUThe "Prevent Deleting Form Data" current user setting should be configured correctly. CCE-16427-7User Configuration\Administrative Templates\Windows Components\Internet Explorer\Delete Browsing History\Turn off "Delete Browsing History" functionality HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control PanelkThe "Turn off "Delete Browsing History" functionality" current user setting should be configured correctly. CCE-15670-3User Configuration\Administrative Templates\Windows Components\Internet Explorer\Delete Browsing History\Prevent Deleting Favorites Site Data HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Privacy_The "Prevent Deleting Favorites Site Data" current user setting should be configured correctly. CCE-16414-5User Configuration\Administrative Templates\Windows Components\Internet Explorer\Delete Browsing History\Prevent Deleting Temporary Internet Files HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\PrivacydThe "Prevent Deleting Temporary Internet Files" current user setting should be configured correctly. CCE-16405-3User Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Consistent Mime Handling\Process List HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControlaThe "Consistent Mime Handling: Process List" current user setting should be configured correctly. CCE-16087-9User Configur< ation\Administrative Templates\Windows Components\Internet Explorer\Security Features\Consistent Mime Handling\Internet Explorer Processes HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLINGpThe "Consistent Mime Handling: Internet Explorer Processes" current user setting should be configured correctly. CCE-15836-0User Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Consistent Mime Handling\All Processes HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLINGbThe "Consistent Mime Handling: All Processes" current user setting should be configured correctly. CCE-15484-9User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Settings\AutoComplete\Turn on inline AutoComplete for Web addresses HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Explorer\AutoCompletehThe "Turn on inline AutoComplete for Web addresses" current user setting should be configured correctly. CCE-16704-9User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Settings\AutoComplete\Turn off Windows Search AutoComplete HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\WindowsSearch_The "Turn off Windows Search AutoComplete" current user setting should be configured correctly. CCE-16472-3Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\AJAX\Enable Native XMLHttpRequest Support HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\MainZThe "Enable Native XMLHttpRequest Support" machine setting should be configured correctly. CCE-15496-3Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\AJAX\Turn off Cross Document Messaging HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CROSS_DOCUMENT_MESSAGINGWThe "Turn off Cross Document Messaging" machine setting should be configured correctly. CCE-16372-5Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\AJAX\Maximum number of connections per server (HTTP 1.0) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPER1_0SERVERiThe "Maximum number of connections per server (HTTP 1.0)" machine setting should be configured correctly. CCE-16275-0Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\AJAX\Maximum number of connections per server (HTTP 1.1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPERSERVERiThe "Maximum number of connections per server (HTTP 1.1)" machine setting should be configured correctly. CCE-16244-6Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\AJAX\Turn off the XDomainRequest Object HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_XDOMAINREQUESTXThe "Turn off the XDomainRequest Object" machine setting should be configured correctly. CCE-16394-9Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Toolbars\Hide the Status Bar HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\MainIThe "Hide the Status Bar" machine setting should be configured correctly. CCE-15860-0Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Toolbars\Customize Command Labels HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\CommandBarNThe "Customize Command Labels" machine setting should be configured correctly. CCE-15471-6Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Toolbars\Hide the Command Bar HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\CommandBarJThe "Hide the Command Bar" machine setting should be configured correctly. CCE-15874-1Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Toolbars\Turn off toolbar upgrade tool HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Toolbars\RestrictionsSThe "Turn off toolbar upgrade tool" machine setting should be configured correctly. CCE-15472-4Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Toolbars\Set location of Stop and Refresh buttons HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\CommandBar^The "Set location of Stop and Refresh buttons" machine setting should be configured correctly. CCE-15945-9Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Toolbars\Use large Icons for Command Buttons HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\CommandBarYThe "Use large Icons for Command Buttons" machine setting should be configured correctly. CCE-15474-0Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Toolbars\Lock all Toolbars HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\ToolbarGThe "Lock all Toolbars" machine setting should be configured correctly. CCE-15972-3Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Toolbars\Turn off Developer Tools HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\IEDevToolsNThe "Turn off Developer Tools" machine setting should be configured correctly. CCE-15950-9Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Toolbars\Auto-hide the Toolbars HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\CommandBarLThe "Auto-hide the Toolbars" machine setting should be configured correctly. CCE-15717-2User Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\AJAX\Enable Native XMLHttpRequest Support HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main_The "Enable Native XMLHttpRequest Support" current user setting should be configured correctly. CCE-17113-2User Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\AJAX\Turn off the XDomainRequest Object HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_XDOMAINREQUEST]The "Turn off the XDomainRequest Object" current user setting should be configured correctly. CCE-17122-3User Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\AJAX\Maximum number of connections per server (HTTP 1.1) HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPERSERVERnThe "Maximum number of connections per server (HTTP 1.1)" current user setting should be configured correctly. CCE-16743-7User Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\AJAX\Turn off Cross Document Messaging HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CROSS_DOCUMENT_MESSAGING\The "Turn off Cross Document Messaging" current user setting should be configured correctly. CCE-16161-2User Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\AJAX\Maximum number of connections per server (HTTP 1.0) HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPER1_0SERVERnThe "Maximum number of connections per server (HTTP 1.0)" current user setting should be configured correctly. CCE-17109-0User Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Information Bar\Process List HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControlXThe "Information Bar: Process List" current user setting should be configured correctly. CCE-15264-5User Configuration\Administrative Templates\Windows Components\Internet Explorer\Secu< rity Features\Information Bar\All Processes HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBANDYThe "Information Bar: All Processes" current user setting should be configured correctly. CCE-15726-3User Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Information Bar\Internet Explorer Processes HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBANDgThe "Information Bar: Internet Explorer Processes" current user setting should be configured correctly. CCE-16128-1User Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\MK Protocol Security Restriction\Internet Explorer Processes HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOLxThe "MK Protocol Security Restriction: Internet Explorer Processes" current user setting should be configured correctly. CCE-16938-3User Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\MK Protocol Security Restriction\All Processes HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOLjThe "MK Protocol Security Restriction: All Processes" current user setting should be configured correctly. CCE-16982-1User Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\MK Protocol Security Restriction\Process List HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControliThe "MK Protocol Security Restriction: Process List" current user setting should be configured correctly. CCE-16061-4 Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Local Machine Zone Lockdown Security\All Processes HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWNiThe "Local Machine Zone Lockdown Security: All Processes" machine setting should be configured correctly. CCE-16162-0Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Local Machine Zone Lockdown Security\Internet Explorer Processes HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWNwThe "Local Machine Zone Lockdown Security: Internet Explorer Processes" machine setting should be configured correctly. CCE-16669-4Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Local Machine Zone Lockdown Security\Process List HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControlhThe "Local Machine Zone Lockdown Security: Process List" machine setting should be configured correctly. CCE-16175-26Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Network Protocol Lockdown\Restricted Protocols Per Security Zone\Internet Zone Restricted Protocols HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\RestrictedProtocolsXThe "Internet Zone Restricted Protocols" machine setting should be configured correctly. CCE-15895-6;Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Network Protocol Lockdown\Restricted Protocols Per Security Zone\Local Machine Zone Restricted Protocols HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\RestrictedProtocols]The "Local Machine Zone Restricted Protocols" machine setting should be configured correctly. CCE-15890-7>Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Network Protocol Lockdown\Restricted Protocols Per Security Zone\Restricted Sites Zone Restricted Protocols HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\RestrictedProtocols`The "Restricted Sites Zone Restricted Protocols" machine setting should be configured correctly. CCE-15040-9;Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Network Protocol Lockdown\Restricted Protocols Per Security Zone\Trusted Sites Zone Restricted Protocols HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\RestrictedProtocols]The "Trusted Sites Zone Restricted Protocols" machine setting should be configured correctly. CCE-15529-16Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Network Protocol Lockdown\Restricted Protocols Per Security Zone\Intranet Zone Restricted Protocols HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\RestrictedProtocolsXThe "Intranet Zone Restricted Protocols" machine setting should be configured correctly. CCE-15296-7Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Network Protocol Lockdown\Process List HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl]The "Network Protocol Lockdown: Process List" machine setting should be configured correctly. CCE-15817-0 Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Network Protocol Lockdown\Internet Explorer Processes HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWNlThe "Network Protocol Lockdown: Internet Explorer Processes" machine setting should be configured correctly. CCE-15791-7Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Network Protocol Lockdown\All Processes HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN^The "Network Protocol Lockdown: All Processes" machine setting should be configured correctly. CCE-15060-7User Configuration\Administrative Templates\Windows Components\Internet Explorer\Toolbars\Hide the Status Bar HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\MainNThe "Hide the Status Bar" current user setting should be configured correctly. CCE-16868-2User Configuration\Administrative Templates\Windows Components\Internet Explorer\Toolbars\Disable customizing browser toolbars HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer_The "Disable customizing browser toolbars" current user setting should be configured correctly. CCE-16590-2User Configuration\Administrative Templates\Windows Components\Internet Explorer\Toolbars\Use large Icons for Command Buttons HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\CommandBar^The "Use large Icons for Command Buttons" current user setting should be configured correctly. CCE-16969-8User Configuration\Administrative Templates\Windows Components\Internet Explorer\Toolbars\Lock all Toolbars HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\ToolbarLThe "Lock all Toolbars" current user setting should be configured correctly. CCE-16727-0User Configuration\Administrative Templates\Windows Components\Internet Explorer\Toolbars\Turn off toolbar upgrade tool HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Toolbars\RestrictionsXThe "Turn off toolbar upgrade tool" current user setting should be configured correctly. CCE-16863-3User Configuration\Administrative Templates\Windows Components\Internet Explorer\Toolbars\Turn off Developer Tools HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\IEDevToolsSThe "Turn off Developer Tools" current user setting should be configured correctly. CCE-16700-7User Configuration\Administrative Templates\Windows Components\Internet Explorer\Toolbars\Set location of Stop and Refresh buttons HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\CommandBarcThe "Set location of Stop and Refresh buttons" cur< rent user setting should be configured correctly. CCE-16930-0User Configuration\Administrative Templates\Windows Components\Internet Explorer\Toolbars\Customize Command Labels HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\CommandBarSThe "Customize Command Labels" current user setting should be configured correctly. CCE-16051-5User Configuration\Administrative Templates\Windows Components\Internet Explorer\Toolbars\Auto-hide the Toolbars HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\CommandBarQThe "Auto-hide the Toolbars" current user setting should be configured correctly. CCE-16952-4User Configuration\Administrative Templates\Windows Components\Internet Explorer\Toolbars\Disable customizing browser toolbar buttons HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ExplorerfThe "Disable customizing browser toolbar buttons" current user setting should be configured correctly. CCE-16722-1User Configuration\Administrative Templates\Windows Components\Internet Explorer\Toolbars\Hide the Command Bar HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\CommandBarOThe "Hide the Command Bar" current user setting should be configured correctly. CCE-16956-5_User Configuration\Administrative Templates\Windows Components\Internet Explorer\Application Compatibility\Enable cut, copy or paste operations from the clipboard if URLACTION_SCRIPT_PASTE is set to Prompt\All Processes HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\Feature_Enable_Script_Paste_URLAction_If_PromptThe "Enable cut, copy or paste operations from the clipboard if URLACTION_SCRIPT_PASTE is set to Prompt: All Processes" current user setting should be configured correctly. CCE-15969-9.User Configuration\Administrative Templates\Windows Components\Internet Explorer\Application Compatibility\Enable cut, copy or paste operations from the clipboard if URLACTION_SCRIPT_PASTE is set to Prompt\Process List HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControlThe "Enable cut, copy or paste operations from the clipboard if URLACTION_SCRIPT_PASTE is set to Prompt: Process List" current user setting should be configured correctly. CCE-15991-3mUser Configuration\Administrative Templates\Windows Components\Internet Explorer\Application Compatibility\Enable cut, copy or paste operations from the clipboard if URLACTION_SCRIPT_PASTE is set to Prompt\Internet Explorer Processes HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\Feature_Enable_Script_Paste_URLAction_If_PromptThe "Enable cut, copy or paste operations from the clipboard if URLACTION_SCRIPT_PASTE is set to Prompt: Internet Explorer Processes" current user setting should be configured correctly. CCE-15964-0'Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Settings\Component Updates\Help Menu > About Internet Explorer\Prevent the configuration of cipher strength update information URLs HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersionzThe "Prevent the configuration of cipher strength update information URLs" machine setting should be configured correctly. CCE-15849-3 User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Launching programs and unsafe files HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2yThe "Launching programs and unsafe files" current user setting should be configured correctly for the Trusted Sites Zone. CCE-16167-9User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Java permissions HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2fThe "Java permissions" current user setting should be configured correctly for the Trusted Sites Zone. CCE-16250-3User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Script ActiveX controls marked safe for scripting HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2The "Script ActiveX controls marked safe for scripting" current user setting should be configured correctly for the Trusted Sites Zone. CCE-15965-7%User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Include local directory path when uploading files to a server HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2The "Include local directory path when uploading files to a server" current user setting should be configured correctly for the Trusted Sites Zone. CCE-16409-5User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Display mixed content HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2kThe "Display mixed content" current user setting should be configured correctly for the Trusted Sites Zone. CCE-16625-6User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Allow active scripting HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2lThe "Allow active scripting" current user setting should be configured correctly for the Trusted Sites Zone. CCE-16377-4 User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Allow scripting of Internet Explorer web browser control HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2The "Allow scripting of Internet Explorer web browser control" current user setting should be configured correctly for the Trusted Sites Zone. CCE-16277-6,User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Allow active content over restricted protocols to access my computer HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2The "Allow active content over restricted protocols to access my computer" current user setting should be configured correctly for the Trusted Sites Zone. CCE-15848-5*User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Run .NET Framework-reliant components not signed with Authenticode HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2The "Run .NET Framework-reliant components not signed with Authenticode" current user setting should be configured correctly for the Trusted Sites Zone. CCE-16038-2User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Use SmartScreen Filter HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2lThe "Use SmartScreen Filter" current user setting should be configured correctly for the Trusted Sites Zone. CCE-16612-4User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Launching applications and files in an IFRAME HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2The "Launching applications and files in an IFRAME" current user setting should be configured correctly for the Trusted Sites Zone. CCE-16170-3 User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Allow status bar updates via script HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2< yThe "Allow status bar updates via script" current user setting should be configured correctly for the Trusted Sites Zone. CCE-16806-2User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Open files based on content, not file extension HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2The "Open files based on content, not file extension" current user setting should be configured correctly for the Trusted Sites Zone. CCE-16021-8*User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Only allow approved domains to use ActiveX controls without prompt HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2The "Only allow approved domains to use ActiveX controls without prompt" current user setting should be configured correctly for the Trusted Sites Zone. CCE-16686-8User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Scripting of Java applets HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2oThe "Scripting of Java applets" current user setting should be configured correctly for the Trusted Sites Zone. CCE-15835-2)User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Allow cut, copy or paste operations from the clipboard via script HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2The "Allow cut, copy or paste operations from the clipboard via script" current user setting should be configured correctly for the Trusted Sites Zone. CCE-16084-6User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Navigate windows and frames across different domains HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2The "Navigate windows and frames across different domains" current user setting should be configured correctly for the Trusted Sites Zone. CCE-16771-8/User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Allow video and animation on a Web page that uses a legacy media player HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2The "Allow video and animation on a Web page that uses a legacy media player" current user setting should be configured correctly for the Trusted Sites Zone. CCE-16791-6User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Software channel permissions HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2rThe "Software channel permissions" current user setting should be configured correctly for the Trusted Sites Zone. CCE-16564-7!User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Initialize and script ActiveX controls not marked as safe HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2The "Initialize and script ActiveX controls not marked as safe" current user setting should be configured correctly for the Trusted Sites Zone. CCE-16766-8User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Turn Off First-Run Opt-In HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2oThe "Turn Off First-Run Opt-In" current user setting should be configured correctly for the Trusted Sites Zone. CCE-16355-0+User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Allow script-initiated windows without size or position constraints HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2The "Allow script-initiated windows without size or position constraints" current user setting should be configured correctly for the Trusted Sites Zone. CCE-16639-7 User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Access data sources across domains HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2xThe "Access data sources across domains" current user setting should be configured correctly for the Trusted Sites Zone. CCE-16008-5User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Allow file downloads HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2jThe "Allow file downloads" current user setting should be configured correctly for the Trusted Sites Zone. CCE-16289-1User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Allow font downloads HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2jThe "Allow font downloads" current user setting should be configured correctly for the Trusted Sites Zone. CCE-15837-82User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Web sites in less privileged Web content zones can navigate into this zone HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2The "Web sites in less privileged Web content zones can navigate into this zone" current user setting should be configured correctly for the Trusted Sites Zone. CCE-15845-1User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Automatic prompting for ActiveX controls HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2~The "Automatic prompting for ActiveX controls" current user setting should be configured correctly for the Trusted Sites Zone. CCE-16747-8User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\XAML browser applications HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2oThe "XAML browser applications" current user setting should be configured correctly for the Trusted Sites Zone. CCE-16509-2User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Userdata persistence HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2jThe "Userdata persistence" current user setting should be configured correctly for the Trusted Sites Zone. CCE-16634-8&User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Run .NET Framework-reliant components signed with Authenticode HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2The "Run .NET Framework-reliant components signed with Authenticode" current user setting should be configured correctly for the Trusted Sites Zone. CCE-16207-3User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Run ActiveX controls and plugins HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2vThe "Run ActiveX controls and plugins" current user setting should be configured correctly for the Trusted Sites Zone. CCE-15833-7< User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Submit non-encrypted form data HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2tThe "Submit non-encrypted form data" current user setting should be configured correctly for the Trusted Sites Zone. CCE-16048-1User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Allow META REFRESH HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2hThe "Allow META REFRESH" current user setting should be configured correctly for the Trusted Sites Zone. CCE-16368-3User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Turn on Cross-Site Scripting (XSS) Filter HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2The "Turn on Cross-Site Scripting (XSS) Filter" current user setting should be configured correctly for the Trusted Sites Zone. CCE-16647-0User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Loose XAML files HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2fThe "Loose XAML files" current user setting should be configured correctly for the Trusted Sites Zone. CCE-15852-7%User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Allow websites to open windows without address or status bars HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2The "Allow websites to open windows without address or status bars" current user setting should be configured correctly for the Trusted Sites Zone. CCE-16506-8User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Download signed ActiveX controls HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2vThe "Download signed ActiveX controls" current user setting should be configured correctly for the Trusted Sites Zone. CCE-16157-0User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\XPS documents HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2cThe "XPS documents" current user setting should be configured correctly for the Trusted Sites Zone. CCE-16731-2 User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Allow installation of desktop items HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2yThe "Allow installation of desktop items" current user setting should be configured correctly for the Trusted Sites Zone. CCE-16308-9User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Allow drag and drop or copy and paste files HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2The "Allow drag and drop or copy and paste files" current user setting should be configured correctly for the Trusted Sites Zone. CCE-16586-0User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Automatic prompting for file downloads HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2|The "Automatic prompting for file downloads" current user setting should be configured correctly for the Trusted Sites Zone. CCE-16621-5KUser Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Do not prompt for client certificate selection when no certificates or only one certificate exists. HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2The "Do not prompt for client certificate selection when no certificates or only one certificate exists." current user setting should be configured correctly for the Trusted Sites Zone. CCE-16313-9User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Use Pop-up Blocker HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2hThe "Use Pop-up Blocker" current user setting should be configured correctly for the Trusted Sites Zone. CCE-16520-9User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Disable .NET Framework Setup HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2rThe "Disable .NET Framework Setup" current user setting should be configured correctly for the Trusted Sites Zone. CCE-16723-9User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Logon options HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2cThe "Logon options" current user setting should be configured correctly for the Trusted Sites Zone. CCE-16815-3User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Turn on Protected Mode HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2lThe "Turn on Protected Mode" current user setting should be configured correctly for the Trusted Sites Zone. CCE-16493-9 User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Allow binary and script behaviors HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2wThe "Allow binary and script behaviors" current user setting should be configured correctly for the Trusted Sites Zone. CCE-16701-5'User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Allow websites to prompt for information using scripted windows HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2The "Allow websites to prompt for information using scripted windows" current user setting should be configured correctly for the Trusted Sites Zone. CCE-16802-1User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Allow Scriptlets HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2fThe "Allow Scriptlets" current user setting should be configured correctly for the Trusted Sites Zone. CCE-16693-4 User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Download unsigned ActiveX controls HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2xThe "Download unsigned ActiveX controls" current user setting should be configured correctly for the Trusted Sites Zone. CCE-16286-7User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Settings\Display settings\Prevent users from choosing default text size HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\RestrictionshThe "Prevent users from choosing default text size" current user setting should be configured correctly. CCE-15910-3Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\InPrivate\InPrivate Filtering Threshold HKEY_L< OCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Safety\PrivacIESThe "InPrivate Filtering Threshold" machine setting should be configured correctly. CCE-16164-6Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\InPrivate\Do not collect InPrivate Filtering data HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Safety\PrivacIE]The "Do not collect InPrivate Filtering data" machine setting should be configured correctly. CCE-16171-1Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\InPrivate\Disable toolbars and extensions when InPrivate Browsing starts HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Safety\PrivacIEtThe "Disable toolbars and extensions when InPrivate Browsing starts" machine setting should be configured correctly. CCE-16810-4Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\InPrivate\Turn off InPrivate Filtering HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Safety\PrivacIERThe "Turn off InPrivate Filtering" machine setting should be configured correctly. CCE-16928-4User Configuration\Administrative Templates\Windows Components\Internet Explorer\InPrivate\Turn off InPrivate Filtering HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Safety\PrivacIEWThe "Turn off InPrivate Filtering" current user setting should be configured correctly. CCE-15337-9User Configuration\Administrative Templates\Windows Components\Internet Explorer\InPrivate\Disable toolbars and extensions when InPrivate Browsing starts HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Safety\PrivacIEyThe "Disable toolbars and extensions when InPrivate Browsing starts" current user setting should be configured correctly. CCE-15855-0User Configuration\Administrative Templates\Windows Components\Internet Explorer\InPrivate\Do not collect InPrivate Filtering data HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Safety\PrivacIEbThe "Do not collect InPrivate Filtering data" current user setting should be configured correctly. CCE-15725-5User Configuration\Administrative Templates\Windows Components\Internet Explorer\InPrivate\InPrivate Filtering Threshold HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Safety\PrivacIEXThe "InPrivate Filtering Threshold" current user setting should be configured correctly. CCE-15465-8User Configuration\Administrative Templates\Windows Components\Internet Explorer\InPrivate\Turn off InPrivate Browsing HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\PrivacyVThe "Turn off InPrivate Browsing" current user setting should be configured correctly. CCE-14923-7User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Settings\Advanced settings\Multimedia\Turn off smart image dithering HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet ExplorerYThe "Turn off smart image dithering" current user setting should be configured correctly. CCE-16688-4User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Settings\Advanced settings\Multimedia\Allow the display of image download placeholders HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\MainkThe "Allow the display of image download placeholders" current user setting should be configured correctly. CCE-16569-6User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Settings\Advanced settings\Multimedia\Turn off automatic image resizing HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\The "Turn off automatic image resizing" current user setting should be configured correctly. CCE-16573-8User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Settings\Advanced settings\Multimedia\Turn off picture display HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\MainSThe "Turn off picture display" current user setting should be configured correctly. CCE-16309-7Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Turn off pop-up management HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\RestrictionsPThe "Turn off pop-up management" machine setting should be configured correctly. CCE-16148-9Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Turn off Reopen Last Browsing Session HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Recovery[The "Turn off Reopen Last Browsing Session" machine setting should be configured correctly. CCE-16060-6Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Turn off managing Pop-up filter level HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions[The "Turn off managing Pop-up filter level" machine setting should be configured correctly. CCE-16378-2Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Prevent Internet Explorer Search box from displaying HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Infodelivery\RestrictionsjThe "Prevent Internet Explorer Search box from displaying" machine setting should be configured correctly. CCE-15613-3Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Customize User Agent String HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\User AgentQThe "Customize User Agent String" machine setting should be configured correctly. CCE-15403-9Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Enforce Full Screen Mode HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\MainNThe "Enforce Full Screen Mode" machine setting should be configured correctly. CCE-16249-5Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Turn off page zooming functionality HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\ZOOMYThe "Turn off page zooming functionality" machine setting should be configured correctly. CCE-16393-1Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Restrict search providers to a specific list of providers HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Infodelivery\RestrictionsoThe "Restrict search providers to a specific list of providers" machine setting should be configured correctly. CCE-15917-8Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Add a specific list of search providers to the user's search provider list HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Infodelivery\RestrictionsThe "Add a specific list of search providers to the user's search provider list" machine setting should be configured correctly. CCE-15655-4Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Turn off Managing Pop-up Allow list HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\RestrictionsYThe "Turn off Managing Pop-up Allow list" machine setting should be configured correctly. CCE-16271-9Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Turn off Quick Tabs functionality HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsingWThe "Turn off Quick Tabs functionality" machine setting should be configured correctly. CCE-15419-5Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Turn off configuration of window reuse HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\The "Turn off configuration of window reuse" machine setting should be configured correctly. CCE-16191-9Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Turn off Automatic Crash Recovery Prompt HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Recovery^The "Turn off Automatic Cra< sh Recovery Prompt" machine setting should be configured correctly. CCE-15414-6Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Turn off the activation of the quick pick menu HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\SearchScopesdThe "Turn off the activation of the quick pick menu" machine setting should be configured correctly. CCE-15545-7Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Turn off Favorites bar HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\LinksBarLThe "Turn off Favorites bar" machine setting should be configured correctly. CCE-15704-0Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Turn off suggestions for all user-installed providers HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\SearchScopeskThe "Turn off suggestions for all user-installed providers" machine setting should be configured correctly. CCE-16290-9Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Turn on menu bar by default HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\MainQThe "Turn on menu bar by default" machine setting should be configured correctly. CCE-15397-3Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Restrict changing the default search provider HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Infodelivery\RestrictionscThe "Restrict changing the default search provider" machine setting should be configured correctly. CCE-16388-1Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Turn off displaying the Internet Explorer Help Menu HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\RestrictionsiThe "Turn off displaying the Internet Explorer Help Menu" machine setting should be configured correctly. CCE-16353-5Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Set tab process growth HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\MainLThe "Set tab process growth" machine setting should be configured correctly. CCE-15749-5Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Turn off configuration of default behavior of new tab creation HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsingtThe "Turn off configuration of default behavior of new tab creation" machine setting should be configured correctly. CCE-15563-0Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Turn on Compatibility Logging HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\Feature_Enable_Compat_loggingSThe "Turn on Compatibility Logging" machine setting should be configured correctly. CCE-16349-3Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Turn off tabbed browsing HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsingNThe "Turn off tabbed browsing" machine setting should be configured correctly. CCE-16106-7Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Turn off the auto-complete feature for web addresses HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Explorer\AutoCompletejThe "Turn off the auto-complete feature for web addresses" machine setting should be configured correctly. CCE-16005-1Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Configure new tab page default behavior HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main]The "Configure new tab page default behavior" machine setting should be configured correctly. CCE-15789-1Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Turn off configuration of tabbed browsing pop-up behavior HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsingoThe "Turn off configuration of tabbed browsing pop-up behavior" machine setting should be configured correctly. CCE-16166-1Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Pop-up allow list HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\New WindowsGThe "Pop-up allow list" machine setting should be configured correctly. CCE-15660-4Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone Template HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Template PoliciesLThe "Internet Zone Template" machine setting should be configured correctly. CCE-16384-0Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Turn on Warn about Certificate Address Mismatch HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet SettingseThe "Turn on Warn about Certificate Address Mismatch" machine setting should be configured correctly. CCE-16780-9 Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Turn on Information bar notification for intranet content HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet SettingsoThe "Turn on Information bar notification for intranet content" machine setting should be configured correctly. CCE-15829-5&Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Sites: Include all local (intranet) sites not listed in other zones HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapThe "Intranet Sites: Include all local (intranet) sites not listed in other zones" machine setting should be configured correctly. CCE-16158-8Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Site to Zone Assignment List HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet SettingsRThe "Site to Zone Assignment List" machine setting should be configured correctly. CCE-15815-4Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Sites: Include all sites that bypass the proxy server HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMaptThe "Intranet Sites: Include all sites that bypass the proxy server" machine setting should be configured correctly. CCE-16630-6Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone Template HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Trusted Sites Lockdown Settings\Template Policies]The "Locked-Down Trusted Sites Zone Template" machine setting should be configured correctly. CCE-16458-2Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone Template HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Local Machine Zone Lockdown Settings\Template Policies]The "Locked-Down Local Machine Zone Template" machine setting should be configured correctly. CCE-16255-2Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone Template HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Restricted Sites Lockdown Settings\Template Policies`The "Locked-Down Restricted Sites Zone Template" machine setting should be configured correctly. CCE-16800-5 Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone Template HKEY_LOCAL_MACHIN< E\Software\Policies\Microsoft\Windows\CurrentVersion\Restricted Sites Settings\Template PoliciesTThe "Restricted Sites Zone Template" machine setting should be configured correctly. CCE-16657-9Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone Template HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Intranet Lockdown Settings\Template PoliciesXThe "Locked-Down Intranet Zone Template" machine setting should be configured correctly. CCE-16644-7Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone Template HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Trusted Sites Settings\Template PoliciesQThe "Trusted Sites Zone Template" machine setting should be configured correctly. CCE-16439-2Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Turn on automatic detection of the intranet HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapaThe "Turn on automatic detection of the intranet" machine setting should be configured correctly. CCE-15828-7Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone Template HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Lockdown Settings\Template PoliciesXThe "Locked-Down Internet Zone Template" machine setting should be configured correctly. CCE-15885-7 Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone Template HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Local Machine Zone Settings\Template PoliciesQThe "Local Machine Zone Template" machine setting should be configured correctly. CCE-16805-4Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone Template HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Intranet Settings\Template PoliciesLThe "Intranet Zone Template" machine setting should be configured correctly. CCE-16027-5Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page\Play sounds in web pages HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\MainNThe "Play sounds in web pages" machine setting should be configured correctly. CCE-15863-4Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page\Turn on Caret Browsing support HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\CaretBrowsingTThe "Turn on Caret Browsing support" machine setting should be configured correctly. CCE-16241-2Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page\Use HTTP 1.1 through proxy connections HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\The "Use HTTP 1.1 through proxy connections" machine setting should be configured correctly. CCE-15877-4Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page\Play animations in web pages HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\MainRThe "Play animations in web pages" machine setting should be configured correctly. CCE-15872-5Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page\Turn off ClearType HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\MainHThe "Turn off ClearType" machine setting should be configured correctly. CCE-16827-8Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page\Empty Temporary Internet Files folder when browser is closed HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\CacherThe "Empty Temporary Internet Files folder when browser is closed" machine setting should be configured correctly. CCE-15878-2Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page\Do not allow resetting Internet Explorer settings HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Control PanelgThe "Do not allow resetting Internet Explorer settings" machine setting should be configured correctly. CCE-16142-2Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page\Do not save encrypted pages to disk HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet SettingsYThe "Do not save encrypted pages to disk" machine setting should be configured correctly. CCE-16254-5Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page\Use HTTP 1.1 HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet SettingsBThe "Use HTTP 1.1" machine setting should be configured correctly. CCE-16072-1.Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Allow cut, copy or paste operations from the clipboard via script HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2The "Allow cut, copy or paste operations from the clipboard via script" machine setting should be configured correctly for the Trusted Sites Zone. CCE-16245-3%Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Allow scripting of Internet Explorer web browser control HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2The "Allow scripting of Internet Explorer web browser control" machine setting should be configured correctly for the Trusted Sites Zone. CCE-15994-7PComputer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Do not prompt for client certificate selection when no certificates or only one certificate exists. HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2The "Do not prompt for client certificate selection when no certificates or only one certificate exists." machine setting should be configured correctly for the Trusted Sites Zone. CCE-15441-9Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Open files based on content, not file extension HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2The "Open files based on content, not file extension" machine setting should be configured correctly for the Trusted Sites Zone. CCE-16208-1Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Launching programs and unsafe files HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2tThe "Launching programs and unsafe files" machine setting should be configured correctly for the Trusted Sites Zone. CCE-16018-4Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Scripting of Java applets HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2jThe "Scripting of Java applets" machine setting should be configured correctly for the Trusted Sites Zone. CCE-15648-9+Computer Configuration\Administrative Templates\Window< s Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Run .NET Framework-reliant components signed with Authenticode HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2The "Run .NET Framework-reliant components signed with Authenticode" machine setting should be configured correctly for the Trusted Sites Zone. CCE-16199-2 Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Download signed ActiveX controls HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2qThe "Download signed ActiveX controls" machine setting should be configured correctly for the Trusted Sites Zone. CCE-16304-8Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Allow status bar updates via script HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2tThe "Allow status bar updates via script" machine setting should be configured correctly for the Trusted Sites Zone. CCE-16348-5Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Launching applications and files in an IFRAME HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2~The "Launching applications and files in an IFRAME" machine setting should be configured correctly for the Trusted Sites Zone. CCE-16098-6Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Allow file downloads HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2eThe "Allow file downloads" machine setting should be configured correctly for the Trusted Sites Zone. CCE-16278-4Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Use SmartScreen Filter HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2gThe "Use SmartScreen Filter" machine setting should be configured correctly for the Trusted Sites Zone. CCE-15348-6Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Display mixed content HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2fThe "Display mixed content" machine setting should be configured correctly for the Trusted Sites Zone. CCE-15635-6Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Turn on Protected Mode HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2gThe "Turn on Protected Mode" machine setting should be configured correctly for the Trusted Sites Zone. CCE-15820-4Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Allow Scriptlets HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2aThe "Allow Scriptlets" machine setting should be configured correctly for the Trusted Sites Zone. CCE-16345-1 Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Run ActiveX controls and plugins HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2qThe "Run ActiveX controls and plugins" machine setting should be configured correctly for the Trusted Sites Zone. CCE-16365-9Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Allow binary and script behaviors HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2rThe "Allow binary and script behaviors" machine setting should be configured correctly for the Trusted Sites Zone. CCE-16146-3Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Allow META REFRESH HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2cThe "Allow META REFRESH" machine setting should be configured correctly for the Trusted Sites Zone. CCE-15542-4 Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Software channel permissions HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2mThe "Software channel permissions" machine setting should be configured correctly for the Trusted Sites Zone. CCE-16300-6 Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Submit non-encrypted form data HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2oThe "Submit non-encrypted form data" machine setting should be configured correctly for the Trusted Sites Zone. CCE-15998-8Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Automatic prompting for ActiveX controls HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2yThe "Automatic prompting for ActiveX controls" machine setting should be configured correctly for the Trusted Sites Zone. CCE-15564-8Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Logon options HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2^The "Logon options" machine setting should be configured correctly for the Trusted Sites Zone. CCE-15628-1Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Use Pop-up Blocker HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2cThe "Use Pop-up Blocker" machine setting should be configured correctly for the Trusted Sites Zone. CCE-15921-0Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Access data sources across domains HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2sThe "Access data sources across domains" machine setting should be configured correctly for the Trusted Sites Zone. CCE-15370-0*Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Allow websites to open windows without address or status bars HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2The "Allow websites to open windows without address or status bars" machine setting should be configured correctly for the Trusted Sites Zone. CCE-16007-7,Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Allow websites to prompt for information using scripted windows HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2The "Allow websites to prompt for information using scripted windows" machine setting should be configured correctly for the Trusted Sites Zone. CCE-16354-3 Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Disable .NET Framework Setup HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Cu< rrentVersion\Internet Settings\Zones\2mThe "Disable .NET Framework Setup" machine setting should be configured correctly for the Trusted Sites Zone. CCE-15369-2*Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Include local directory path when uploading files to a server HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2The "Include local directory path when uploading files to a server" machine setting should be configured correctly for the Trusted Sites Zone. CCE-16194-3Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Download unsigned ActiveX controls HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2sThe "Download unsigned ActiveX controls" machine setting should be configured correctly for the Trusted Sites Zone. CCE-16133-14Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Allow video and animation on a Web page that uses a legacy media player HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2The "Allow video and animation on a Web page that uses a legacy media player" machine setting should be configured correctly for the Trusted Sites Zone. CCE-16282-6Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Allow active scripting HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2gThe "Allow active scripting" machine setting should be configured correctly for the Trusted Sites Zone. CCE-15661-21Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Allow active content over restricted protocols to access my computer HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2The "Allow active content over restricted protocols to access my computer" machine setting should be configured correctly for the Trusted Sites Zone. CCE-15573-9Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Userdata persistence HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2eThe "Userdata persistence" machine setting should be configured correctly for the Trusted Sites Zone. CCE-16186-9Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Loose XAML files HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2aThe "Loose XAML files" machine setting should be configured correctly for the Trusted Sites Zone. CCE-16002-87Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Web sites in less privileged Web content zones can navigate into this zone HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2The "Web sites in less privileged Web content zones can navigate into this zone" machine setting should be configured correctly for the Trusted Sites Zone. CCE-15371-8Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Automatic prompting for file downloads HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2wThe "Automatic prompting for file downloads" machine setting should be configured correctly for the Trusted Sites Zone. CCE-15958-2Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Allow drag and drop or copy and paste files HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2|The "Allow drag and drop or copy and paste files" machine setting should be configured correctly for the Trusted Sites Zone. CCE-15372-6Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Turn on Cross-Site Scripting (XSS) Filter HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2zThe "Turn on Cross-Site Scripting (XSS) Filter" machine setting should be configured correctly for the Trusted Sites Zone. CCE-15344-5Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\XPS documents HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2^The "XPS documents" machine setting should be configured correctly for the Trusted Sites Zone. CCE-16235-4!Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Navigate windows and frames across different domains HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2The "Navigate windows and frames across different domains" machine setting should be configured correctly for the Trusted Sites Zone. CCE-16185-1/Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Only allow approved domains to use ActiveX controls without prompt HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2The "Only allow approved domains to use ActiveX controls without prompt" machine setting should be configured correctly for the Trusted Sites Zone. CCE-15943-4&Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Initialize and script ActiveX controls not marked as safe HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2The "Initialize and script ActiveX controls not marked as safe" machine setting should be configured correctly for the Trusted Sites Zone. CCE-16137-2Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Script ActiveX controls marked safe for scripting HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2The "Script ActiveX controls marked safe for scripting" machine setting should be configured correctly for the Trusted Sites Zone. CCE-15962-40Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Allow script-initiated windows without size or position constraints HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2The "Allow script-initiated windows without size or position constraints" machine setting should be configured correctly for the Trusted Sites Zone. CCE-16231-3Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Allow font downloads HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2eThe "Allow font downloads" machine setting should be configured correctly for the Trusted Sites Zone. CCE-16023-4/Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Run .NET Framework-reliant components not signed with Authenticode HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2The "Run .NET Framework-reliant components< not signed with Authenticode" machine setting should be configured correctly for the Trusted Sites Zone. CCE-16058-0Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\XAML browser applications HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2jThe "XAML browser applications" machine setting should be configured correctly for the Trusted Sites Zone. CCE-15688-5Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Allow installation of desktop items HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2tThe "Allow installation of desktop items" machine setting should be configured correctly for the Trusted Sites Zone. CCE-15428-6Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Turn Off First-Run Opt-In HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2jThe "Turn Off First-Run Opt-In" machine setting should be configured correctly for the Trusted Sites Zone. CCE-16256-0 User Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Binary Behavior Security Restriction\Internet Explorer Processes HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BEHAVIORS|The "Binary Behavior Security Restriction: Internet Explorer Processes" current user setting should be configured correctly. CCE-16192-7User Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Binary Behavior Security Restriction\Admin-approved behaviors HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet SettingsSThe "Admin-approved behaviors" current user setting should be configured correctly. CCE-16443-4User Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Binary Behavior Security Restriction\Process List HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControlmThe "Binary Behavior Security Restriction: Process List" current user setting should be configured correctly. CCE-15914-5User Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Binary Behavior Security Restriction\All Processes HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BEHAVIORSnThe "Binary Behavior Security Restriction: All Processes" current user setting should be configured correctly. CCE-15795-8 Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Run ActiveX controls and plugins HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0qThe "Run ActiveX controls and plugins" machine setting should be configured correctly for the Local Machine Zone. CCE-16404-6Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Open files based on content, not file extension HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0The "Open files based on content, not file extension" machine setting should be configured correctly for the Local Machine Zone. CCE-16619-9Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Access data sources across domains HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0sThe "Access data sources across domains" machine setting should be configured correctly for the Local Machine Zone. CCE-16403-8!Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Navigate windows and frames across different domains HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0The "Navigate windows and frames across different domains" machine setting should be configured correctly for the Local Machine Zone. CCE-16526-6/Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Run .NET Framework-reliant components not signed with Authenticode HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0The "Run .NET Framework-reliant components not signed with Authenticode" machine setting should be configured correctly for the Local Machine Zone. CCE-16623-1.Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Allow cut, copy or paste operations from the clipboard via script HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0The "Allow cut, copy or paste operations from the clipboard via script" machine setting should be configured correctly for the Local Machine Zone. CCE-16680-1Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Logon options HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0^The "Logon options" machine setting should be configured correctly for the Local Machine Zone. CCE-16266-9%Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Allow scripting of Internet Explorer web browser control HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0The "Allow scripting of Internet Explorer web browser control" machine setting should be configured correctly for the Local Machine Zone. CCE-16578-7Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Launching programs and unsafe files HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0tThe "Launching programs and unsafe files" machine setting should be configured correctly for the Local Machine Zone. CCE-16514-2Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Turn on Cross-Site Scripting (XSS) Filter HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0zThe "Turn on Cross-Site Scripting (XSS) Filter" machine setting should be configured correctly for the Local Machine Zone. CCE-16163-8*Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Include local directory path when uploading files to a server HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0The "Include local directory path when uploading files to a server" machine setting should be configured correctly for the Local Machine Zone. CCE-16579-5Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Scripting of Java applets HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0jThe "Scripting of Java applets" machine setting should be configured correctly for the Local Machine Zone. CCE-16257-8Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Automatic prompting for ActiveX controls HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0yThe "Automatic prompting f< or ActiveX controls" machine setting should be configured correctly for the Local Machine Zone. CCE-16451-7Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Allow active scripting HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0gThe "Allow active scripting" machine setting should be configured correctly for the Local Machine Zone. CCE-16012-7+Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Run .NET Framework-reliant components signed with Authenticode HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0The "Run .NET Framework-reliant components signed with Authenticode" machine setting should be configured correctly for the Local Machine Zone. CCE-16262-87Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Web sites in less privileged Web content zones can navigate into this zone HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0The "Web sites in less privileged Web content zones can navigate into this zone" machine setting should be configured correctly for the Local Machine Zone. CCE-16628-0Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Allow Scriptlets HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0aThe "Allow Scriptlets" machine setting should be configured correctly for the Local Machine Zone. CCE-15721-4Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Display mixed content HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0fThe "Display mixed content" machine setting should be configured correctly for the Local Machine Zone. CCE-16633-0Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Use Pop-up Blocker HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0cThe "Use Pop-up Blocker" machine setting should be configured correctly for the Local Machine Zone. CCE-15716-4*Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Allow websites to open windows without address or status bars HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0The "Allow websites to open windows without address or status bars" machine setting should be configured correctly for the Local Machine Zone. CCE-15708-1Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Automatic prompting for file downloads HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0wThe "Automatic prompting for file downloads" machine setting should be configured correctly for the Local Machine Zone. CCE-16640-51Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Allow active content over restricted protocols to access my computer HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0The "Allow active content over restricted protocols to access my computer" machine setting should be configured correctly for the Local Machine Zone. CCE-15967-3Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Allow font downloads HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0eThe "Allow font downloads" machine setting should be configured correctly for the Local Machine Zone. CCE-16165-3Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Allow binary and script behaviors HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0rThe "Allow binary and script behaviors" machine setting should be configured correctly for the Local Machine Zone. CCE-16544-9 Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Submit non-encrypted form data HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0oThe "Submit non-encrypted form data" machine setting should be configured correctly for the Local Machine Zone. CCE-15706-5Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Turn Off First-Run Opt-In HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0jThe "Turn Off First-Run Opt-In" machine setting should be configured correctly for the Local Machine Zone. CCE-15953-3Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Turn on Protected Mode HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0gThe "Turn on Protected Mode" machine setting should be configured correctly for the Local Machine Zone. CCE-16319-6Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Loose XAML files HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0aThe "Loose XAML files" machine setting should be configured correctly for the Local Machine Zone. CCE-15713-1PComputer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Do not prompt for client certificate selection when no certificates or only one certificate exists. HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0The "Do not prompt for client certificate selection when no certificates or only one certificate exists." machine setting should be configured correctly for the Local Machine Zone. CCE-15699-2Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Allow file downloads HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0eThe "Allow file downloads" machine setting should be configured correctly for the Local Machine Zone. CCE-15709-9Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Userdata persistence HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0eThe "Userdata persistence" machine setting should be configured correctly for the Local Machine Zone. CCE-15770-1Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Launching applications and files in an IFRAME HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0~The "Launching applications and files in an IFRAME" machine setting should be configured correctly for the Local Machine Zone. CCE-16658-7Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Download unsigned ActiveX controls HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones< \0sThe "Download unsigned ActiveX controls" machine setting should be configured correctly for the Local Machine Zone. CCE-16559-7Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Allow status bar updates via script HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0tThe "Allow status bar updates via script" machine setting should be configured correctly for the Local Machine Zone. CCE-15893-1Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Allow META REFRESH HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0cThe "Allow META REFRESH" machine setting should be configured correctly for the Local Machine Zone. CCE-16423-6 Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Software channel permissions HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0mThe "Software channel permissions" machine setting should be configured correctly for the Local Machine Zone. CCE-16583-7Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Allow installation of desktop items HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0tThe "Allow installation of desktop items" machine setting should be configured correctly for the Local Machine Zone. CCE-16508-4 Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Download signed ActiveX controls HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0qThe "Download signed ActiveX controls" machine setting should be configured correctly for the Local Machine Zone. CCE-16702-3&Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Initialize and script ActiveX controls not marked as safe HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0The "Initialize and script ActiveX controls not marked as safe" machine setting should be configured correctly for the Local Machine Zone. CCE-16707-2,Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Allow websites to prompt for information using scripted windows HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0The "Allow websites to prompt for information using scripted windows" machine setting should be configured correctly for the Local Machine Zone. CCE-16629-8Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\XAML browser applications HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0jThe "XAML browser applications" machine setting should be configured correctly for the Local Machine Zone. CCE-16016-80Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Allow script-initiated windows without size or position constraints HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0The "Allow script-initiated windows without size or position constraints" machine setting should be configured correctly for the Local Machine Zone. CCE-16681-9Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\XPS documents HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0^The "XPS documents" machine setting should be configured correctly for the Local Machine Zone. CCE-16597-74Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Allow video and animation on a Web page that uses a legacy media player HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0The "Allow video and animation on a Web page that uses a legacy media player" machine setting should be configured correctly for the Local Machine Zone. CCE-15729-7 Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Disable .NET Framework Setup HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0mThe "Disable .NET Framework Setup" machine setting should be configured correctly for the Local Machine Zone. CCE-15733-9Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Script ActiveX controls marked safe for scripting HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0The "Script ActiveX controls marked safe for scripting" machine setting should be configured correctly for the Local Machine Zone. CCE-15857-6Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Allow drag and drop or copy and paste files HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0|The "Allow drag and drop or copy and paste files" machine setting should be configured correctly for the Local Machine Zone. CCE-16147-1/Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Only allow approved domains to use ActiveX controls without prompt HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0The "Only allow approved domains to use ActiveX controls without prompt" machine setting should be configured correctly for the Local Machine Zone. CCE-16034-1User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Disable the Security page HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control PanelTThe "Disable the Security page" current user setting should be configured correctly. CCE-16461-6User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Disable the Programs page HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control PanelTThe "Disable the Programs page" current user setting should be configured correctly. CCE-16599-3User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Disable the Connections page HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control PanelWThe "Disable the Connections page" current user setting should be configured correctly. CCE-16694-2User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Disable the Privacy page HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control PanelSThe "Disable the Privacy page" current user setting should be configured correctly. CCE-16554-8User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Disable the General page HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control PanelSThe "Disable the General page" current user setting should be configured correctly. CCE-16604-1User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Disable the Content page HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Contro< l PanelSThe "Disable the Content page" current user setting should be configured correctly. CCE-16703-1User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Prevent ignoring certificate errors HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings^The "Prevent ignoring certificate errors" current user setting should be configured correctly. CCE-15803-0User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Send internationalized domain names HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings^The "Send internationalized domain names" current user setting should be configured correctly. CCE-15805-5User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Disable the Advanced page HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control PanelTThe "Disable the Advanced page" current user setting should be configured correctly. CCE-16690-0User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Use UTF-8 for mailto links HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Protocols\MailtoUThe "Use UTF-8 for mailto links" current user setting should be configured correctly. CCE-15946-7User Configuration\Administrative Templates\Windows Components\Internet Explorer\Compatibility View\Include updated Web site lists from Microsoft HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\BrowserEmulationhThe "Include updated Web site lists from Microsoft" current user setting should be configured correctly. CCE-16022-6User Configuration\Administrative Templates\Windows Components\Internet Explorer\Compatibility View\Turn on Internet Explorer 7 Standards Mode HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\BrowserEmulationeThe "Turn on Internet Explorer 7 Standards Mode" current user setting should be configured correctly. CCE-16674-4User Configuration\Administrative Templates\Windows Components\Internet Explorer\Compatibility View\Turn off Compatibility View button HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\CommandBar]The "Turn off Compatibility View button" current user setting should be configured correctly. CCE-16679-3User Configuration\Administrative Templates\Windows Components\Internet Explorer\Compatibility View\Use Policy List of Internet Explorer 7 sites HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\BrowserEmulation\PolicyListgThe "Use Policy List of Internet Explorer 7 sites" current user setting should be configured correctly. CCE-16652-0User Configuration\Administrative Templates\Windows Components\Internet Explorer\Compatibility View\Turn off Compatibility View HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\BrowserEmulationVThe "Turn off Compatibility View" current user setting should be configured correctly. CCE-16666-0User Configuration\Administrative Templates\Windows Components\Internet Explorer\Compatibility View\Turn on Internet Explorer Standards Mode for Local Intranet HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\BrowserEmulationvThe "Turn on Internet Explorer Standards Mode for Local Intranet" current user setting should be configured correctly. CCE-16785-8User Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Turn off Data URI Support HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DATAURITThe "Turn off Data URI Support" current user setting should be configured correctly. CCE-16260-2Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\XPS documents HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3YThe "XPS documents" machine setting should be configured correctly for the Internet Zone. CCE-15629-9Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Automatic prompting for ActiveX controls HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3tThe "Automatic prompting for ActiveX controls" machine setting should be configured correctly for the Internet Zone. CCE-16123-2Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Submit non-encrypted form data HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3jThe "Submit non-encrypted form data" machine setting should be configured correctly for the Internet Zone. CCE-16143-0Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Allow active scripting HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3bThe "Allow active scripting" machine setting should be configured correctly for the Internet Zone. CCE-15993-9 Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Allow scripting of Internet Explorer web browser control HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3The "Allow scripting of Internet Explorer web browser control" machine setting should be configured correctly for the Internet Zone. CCE-15643-0Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Display mixed content HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3aThe "Display mixed content" machine setting should be configured correctly for the Internet Zone. CCE-15268-6Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Script ActiveX controls marked safe for scripting HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3}The "Script ActiveX controls marked safe for scripting" machine setting should be configured correctly for the Internet Zone. CCE-15311-4 Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Allow binary and script behaviors HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3mThe "Allow binary and script behaviors" machine setting should be configured correctly for the Internet Zone. CCE-15309-8Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Allow file downloads HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3`The "Allow file downloads" machine setting should be configured correctly for the Internet Zone. CCE-16141-4Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Run ActiveX controls and plugins HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3lThe "Run ActiveX controls and plugins" machine setting should be configured correctly for the Internet Zone. CCE-15292-6KComputer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Do not prompt for client certificate selection when no certificates or only one certificate exists. HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3The "Do not prompt for client certificate selection when no certificates or only one certificate exists." machine setting should be configured< correctly for the Internet Zone. CCE-15277-7/Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Allow video and animation on a Web page that uses a legacy media player HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3The "Allow video and animation on a Web page that uses a legacy media player" machine setting should be configured correctly for the Internet Zone. CCE-16006-9Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Scripting of Java applets HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3eThe "Scripting of Java applets" machine setting should be configured correctly for the Internet Zone. CCE-16150-5Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\XAML browser applications HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3eThe "XAML browser applications" machine setting should be configured correctly for the Internet Zone. CCE-16138-0Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Allow META REFRESH HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3^The "Allow META REFRESH" machine setting should be configured correctly for the Internet Zone. CCE-16151-3Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Disable .NET Framework Setup HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3hThe "Disable .NET Framework Setup" machine setting should be configured correctly for the Internet Zone. CCE-15314-8Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Use SmartScreen Filter HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3bThe "Use SmartScreen Filter" machine setting should be configured correctly for the Internet Zone. CCE-15520-0'Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Allow websites to prompt for information using scripted windows HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3The "Allow websites to prompt for information using scripted windows" machine setting should be configured correctly for the Internet Zone. CCE-16145-5%Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Allow websites to open windows without address or status bars HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3The "Allow websites to open windows without address or status bars" machine setting should be configured correctly for the Internet Zone. CCE-15751-1,Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Allow active content over restricted protocols to access my computer HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3The "Allow active content over restricted protocols to access my computer" machine setting should be configured correctly for the Internet Zone. CCE-15507-7Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Information Bar\Process List HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControlSThe "Information Bar: Process List" machine setting should be configured correctly. CCE-16421-0Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Information Bar\Internet Explorer Processes HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBANDbThe "Information Bar: Internet Explorer Processes" machine setting should be configured correctly. CCE-16324-6Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Information Bar\All Processes HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBANDTThe "Information Bar: All Processes" machine setting should be configured correctly. CCE-16302-2User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Settings\Advanced settings\Browsing\Turn off smooth scrolling HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\MainTThe "Turn off smooth scrolling" current user setting should be configured correctly. CCE-15779-2User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Settings\Advanced settings\Browsing\Turn off configuring underline links HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main_The "Turn off configuring underline links" current user setting should be configured correctly. CCE-16758-5User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Settings\Advanced settings\Browsing\Turn on the display of a notification about every script error HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\MainyThe "Turn on the display of a notification about every script error" current user setting should be configured correctly. CCE-16754-4User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Settings\Advanced settings\Browsing\Turn off friendly http error messages HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main`The "Turn off friendly http error messages" current user setting should be configured correctly. CCE-15996-2User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Settings\Advanced settings\Browsing\Turn on script debugging HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\MainSThe "Turn on script debugging" current user setting should be configured correctly. CCE-15785-9Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Mime Sniffing Safety Feature\All Processes HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFINGaThe "Mime Sniffing Safety Feature: All Processes" machine setting should be configured correctly. CCE-16322-0Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Mime Sniffing Safety Feature\Process List HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl`The "Mime Sniffing Safety Feature: Process List" machine setting should be configured correctly. CCE-16327-96User Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Network Protocol Lockdown\Restricted Protocols Per Security Zone\Trusted Sites Zone Restricted Protocols HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\RestrictedProtocolsbThe "Trusted Sites Zone Restricted Protocols" current user setting should be configured correctly. CCE-16097-89User Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Network Protocol Lockdown\Restricted Protocols Per Security Zone\Restricted Sites Zone Restricted Protocols HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\RestrictedProtocolseThe "Restricted Sites Zone Restricted Protocols" current user setting should be configured correctly. CCE-16662-91User Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Network Protoco< l Lockdown\Restricted Protocols Per Security Zone\Internet Zone Restricted Protocols HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\RestrictedProtocols]The "Internet Zone Restricted Protocols" current user setting should be configured correctly. CCE-16944-11User Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Network Protocol Lockdown\Restricted Protocols Per Security Zone\Intranet Zone Restricted Protocols HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\RestrictedProtocols]The "Intranet Zone Restricted Protocols" current user setting should be configured correctly. CCE-17080-36User Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Network Protocol Lockdown\Restricted Protocols Per Security Zone\Local Machine Zone Restricted Protocols HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\RestrictedProtocolsbThe "Local Machine Zone Restricted Protocols" current user setting should be configured correctly. CCE-16931-8User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Settings\Display settings\General Colors\Prevent users from configuring text color HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\SettingsdThe "Prevent users from configuring text color" current user setting should be configured correctly. CCE-15417-9User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Settings\Display settings\General Colors\Prevent the use of Windows colors HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\The "Prevent the use of Windows colors" current user setting should be configured correctly. CCE-15685-1User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Settings\Display settings\General Colors\Prevent users from configuring background color HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\SettingsjThe "Prevent users from configuring background color" current user setting should be configured correctly. CCE-15434-4User Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Protection From Zone Elevation\Internet Explorer Processes HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATIONvThe "Protection From Zone Elevation: Internet Explorer Processes" current user setting should be configured correctly. CCE-16568-8User Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Protection From Zone Elevation\All Processes HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATIONhThe "Protection From Zone Elevation: All Processes" current user setting should be configured correctly. CCE-16541-5User Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Protection From Zone Elevation\Process List HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControlgThe "Protection From Zone Elevation: Process List" current user setting should be configured correctly. CCE-16440-0$User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Allow cut, copy or paste operations from the clipboard via script HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1The "Allow cut, copy or paste operations from the clipboard via script" current user setting should be configured correctly for the Intranet Zone. CCE-15591-1User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Disable .NET Framework Setup HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1mThe "Disable .NET Framework Setup" current user setting should be configured correctly for the Intranet Zone. CCE-16264-4User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Allow scripting of Internet Explorer web browser control HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1The "Allow scripting of Internet Explorer web browser control" current user setting should be configured correctly for the Intranet Zone. CCE-16132-3User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Logon options HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1^The "Logon options" current user setting should be configured correctly for the Intranet Zone. CCE-16379-0FUser Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Do not prompt for client certificate selection when no certificates or only one certificate exists. HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1The "Do not prompt for client certificate selection when no certificates or only one certificate exists." current user setting should be configured correctly for the Intranet Zone. CCE-16357-6User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Allow installation of desktop items HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1tThe "Allow installation of desktop items" current user setting should be configured correctly for the Intranet Zone. CCE-15974-9User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Turn Off First-Run Opt-In HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1jThe "Turn Off First-Run Opt-In" current user setting should be configured correctly for the Intranet Zone. CCE-16066-3User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\XAML browser applications HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1jThe "XAML browser applications" current user setting should be configured correctly for the Intranet Zone. CCE-16261-0%User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Only allow approved domains to use ActiveX controls without prompt HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1The "Only allow approved domains to use ActiveX controls without prompt" current user setting should be configured correctly for the Intranet Zone. CCE-15447-6User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Access data sources across domains HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1sThe "Access data sources across domains" current user setting should be configured correctly for the Intranet Zone. CCE-16431-9User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Allow active scripting HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1gThe "Allow active scripting" current user setting should be configured correctly for the Intranet Zone. CCE-16422-8"User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Allow websites to prompt for information using scripted windows HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1The "Allow websites to p< rompt for information using scripted windows" current user setting should be configured correctly for the Intranet Zone. CCE-16102-6User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Allow binary and script behaviors HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1rThe "Allow binary and script behaviors" current user setting should be configured correctly for the Intranet Zone. CCE-15995-4User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\XPS documents HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1^The "XPS documents" current user setting should be configured correctly for the Intranet Zone. CCE-15823-8User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Submit non-encrypted form data HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1oThe "Submit non-encrypted form data" current user setting should be configured correctly for the Intranet Zone. CCE-15868-3User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Allow file downloads HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1eThe "Allow file downloads" current user setting should be configured correctly for the Intranet Zone. CCE-15456-7User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Allow font downloads HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1eThe "Allow font downloads" current user setting should be configured correctly for the Intranet Zone. CCE-16119-0User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Open files based on content, not file extension HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1The "Open files based on content, not file extension" current user setting should be configured correctly for the Intranet Zone. CCE-15827-9%User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Run .NET Framework-reliant components not signed with Authenticode HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1The "Run .NET Framework-reliant components not signed with Authenticode" current user setting should be configured correctly for the Intranet Zone. CCE-15640-6*User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Allow video and animation on a Web page that uses a legacy media player HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1The "Allow video and animation on a Web page that uses a legacy media player" current user setting should be configured correctly for the Intranet Zone. CCE-16103-4 User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Include local directory path when uploading files to a server HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1The "Include local directory path when uploading files to a server" current user setting should be configured correctly for the Intranet Zone. CCE-16216-4User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Script ActiveX controls marked safe for scripting HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1The "Script ActiveX controls marked safe for scripting" current user setting should be configured correctly for the Intranet Zone. CCE-15443-5User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Userdata persistence HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1eThe "Userdata persistence" current user setting should be configured correctly for the Intranet Zone. CCE-16358-4User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Turn on Protected Mode HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1gThe "Turn on Protected Mode" current user setting should be configured correctly for the Intranet Zone. CCE-15464-1User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Allow status bar updates via script HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1tThe "Allow status bar updates via script" current user setting should be configured correctly for the Intranet Zone. CCE-15854-3User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Scripting of Java applets HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1jThe "Scripting of Java applets" current user setting should be configured correctly for the Intranet Zone. CCE-16411-1User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Launching applications and files in an IFRAME HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1~The "Launching applications and files in an IFRAME" current user setting should be configured correctly for the Intranet Zone. CCE-16330-3User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Initialize and script ActiveX controls not marked as safe HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1The "Initialize and script ActiveX controls not marked as safe" current user setting should be configured correctly for the Intranet Zone. CCE-15421-1User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Allow Scriptlets HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1aThe "Allow Scriptlets" current user setting should be configured correctly for the Intranet Zone. CCE-16202-4User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Display mixed content HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1fThe "Display mixed content" current user setting should be configured correctly for the Intranet Zone. CCE-16115-8User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Use Pop-up Blocker HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1cThe "Use Pop-up Blocker" current user setting should be configured correctly for the Intranet Zone. CCE-16114-1User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Allow drag and drop or copy and paste files HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1|The "Allow drag and drop or copy and paste files" current user setting should be configured correctly for the Intranet Zone. CCE-16248-7-User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Pane< l\Security Page\Intranet Zone\Web sites in less privileged Web content zones can navigate into this zone HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1The "Web sites in less privileged Web content zones can navigate into this zone" current user setting should be configured correctly for the Intranet Zone. CCE-15696-8 User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Turn on Cross-Site Scripting (XSS) Filter HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1zThe "Turn on Cross-Site Scripting (XSS) Filter" current user setting should be configured correctly for the Intranet Zone. CCE-15913-7 User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Automatic prompting for ActiveX controls HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1yThe "Automatic prompting for ActiveX controls" current user setting should be configured correctly for the Intranet Zone. CCE-16397-2User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Java permissions HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1aThe "Java permissions" current user setting should be configured correctly for the Intranet Zone. CCE-16435-0 User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Allow websites to open windows without address or status bars HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1The "Allow websites to open windows without address or status bars" current user setting should be configured correctly for the Intranet Zone. CCE-15673-7User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Navigate windows and frames across different domains HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1The "Navigate windows and frames across different domains" current user setting should be configured correctly for the Intranet Zone. CCE-16328-7User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Allow META REFRESH HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1cThe "Allow META REFRESH" current user setting should be configured correctly for the Intranet Zone. CCE-16398-0User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Loose XAML files HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1aThe "Loose XAML files" current user setting should be configured correctly for the Intranet Zone. CCE-16057-2'User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Allow active content over restricted protocols to access my computer HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1The "Allow active content over restricted protocols to access my computer" current user setting should be configured correctly for the Intranet Zone. CCE-15460-9User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Download signed ActiveX controls HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1qThe "Download signed ActiveX controls" current user setting should be configured correctly for the Intranet Zone. CCE-16428-5User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Software channel permissions HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1mThe "Software channel permissions" current user setting should be configured correctly for the Intranet Zone. CCE-16424-4User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Use SmartScreen Filter HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1gThe "Use SmartScreen Filter" current user setting should be configured correctly for the Intranet Zone. CCE-16433-5User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Run ActiveX controls and plugins HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1qThe "Run ActiveX controls and plugins" current user setting should be configured correctly for the Intranet Zone. CCE-15735-4&User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Allow script-initiated windows without size or position constraints HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1The "Allow script-initiated windows without size or position constraints" current user setting should be configured correctly for the Intranet Zone. CCE-16437-6 User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Automatic prompting for file downloads HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1wThe "Automatic prompting for file downloads" current user setting should be configured correctly for the Intranet Zone. CCE-15450-0!User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Run .NET Framework-reliant components signed with Authenticode HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1The "Run .NET Framework-reliant components signed with Authenticode" current user setting should be configured correctly for the Intranet Zone. CCE-16053-1User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Download unsigned ActiveX controls HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1sThe "Download unsigned ActiveX controls" current user setting should be configured correctly for the Intranet Zone. CCE-16385-7User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Launching programs and unsafe files HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1tThe "Launching programs and unsafe files" current user setting should be configured correctly for the Intranet Zone. CCE-15859-2Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Settings\AutoComplete\Turn off Windows Search AutoComplete HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\WindowsSearchZThe "Turn off Windows Search AutoComplete" machine setting should be configured correctly. CCE-15896-4Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Turn off Data URI Support HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DATAURIOThe "Turn off Data URI Support" machine setting should be configured correctly. CCE-16661-1Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Turn off Data Execution Prevention HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\MainXThe "Turn off Data Execution Prevention" machine setting should b< e configured correctly. CCE-16656-1Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Compatibility View\Turn off Compatibility View HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\BrowserEmulationQThe "Turn off Compatibility View" machine setting should be configured correctly. CCE-15707-3Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Compatibility View\Turn on Internet Explorer Standards Mode for Local Intranet HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\BrowserEmulationqThe "Turn on Internet Explorer Standards Mode for Local Intranet" machine setting should be configured correctly. CCE-15575-4Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Compatibility View\Turn on Internet Explorer 7 Standards Mode HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\BrowserEmulation`The "Turn on Internet Explorer 7 Standards Mode" machine setting should be configured correctly. CCE-14932-8Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Compatibility View\Turn off Compatibility View button HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\CommandBarXThe "Turn off Compatibility View button" machine setting should be configured correctly. CCE-15822-0Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Compatibility View\Use Policy List of Internet Explorer 7 sites HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\BrowserEmulation\PolicyListbThe "Use Policy List of Internet Explorer 7 sites" machine setting should be configured correctly. CCE-15804-8User Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Scripted Window Security Restrictions\All Processes HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONSoThe "Scripted Window Security Restrictions: All Processes" current user setting should be configured correctly. CCE-16467-3User Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Scripted Window Security Restrictions\Internet Explorer Processes HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS}The "Scripted Window Security Restrictions: Internet Explorer Processes" current user setting should be configured correctly. CCE-16462-4User Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Scripted Window Security Restrictions\Process List HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControlnThe "Scripted Window Security Restrictions: Process List" current user setting should be configured correctly. CCE-15886-5Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Add-on Management\All Processes HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ADDON_MANAGEMENTVThe "Add-on Management: All Processes" machine setting should be configured correctly. CCE-16921-9Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Add-on Management\Deny all add-ons unless specifically allowed in the Add-on List HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\ExtuThe "Deny all add-ons unless specifically allowed in the Add-on List" machine setting should be configured correctly. CCE-15982-2Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Add-on Management\Add-on List HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\ExtAThe "Add-on List" machine setting should be configured correctly. CCE-16269-3Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Add-on Management\Process List HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControlUThe "Add-on Management: Process List" machine setting should be configured correctly. CCE-16551-4Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Automatic prompting for ActiveX controls HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1tThe "Automatic prompting for ActiveX controls" machine setting should be configured correctly for the Intranet Zone. CCE-15819-6 Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Allow status bar updates via script HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1oThe "Allow status bar updates via script" machine setting should be configured correctly for the Intranet Zone. CCE-15930-1Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\XPS documents HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1YThe "XPS documents" machine setting should be configured correctly for the Intranet Zone. CCE-15793-3+Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Allow script-initiated windows without size or position constraints HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1The "Allow script-initiated windows without size or position constraints" machine setting should be configured correctly for the Intranet Zone. CCE-15824-6Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Disable .NET Framework Setup HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1hThe "Disable .NET Framework Setup" machine setting should be configured correctly for the Intranet Zone. CCE-14943-5Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Navigate windows and frames across different domains HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1The "Navigate windows and frames across different domains" machine setting should be configured correctly for the Intranet Zone. CCE-15814-7Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Open files based on content, not file extension HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1{The "Open files based on content, not file extension" machine setting should be configured correctly for the Intranet Zone. CCE-15736-2Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Use Pop-up Blocker HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1^The "Use Pop-up Blocker" machine setting should be configured correctly for the Intranet Zone. CCE-15767-7!Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Initialize and script ActiveX controls not marked as safe HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1The "Initialize and script ActiveX controls not marked as safe" machine setting should be configured correctly for the Intranet Zone. CCE-15784-2Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Logon options HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1YThe "Logon optio< ns" machine setting should be configured correctly for the Intranet Zone. CCE-15084-7 Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Launching programs and unsafe files HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1oThe "Launching programs and unsafe files" machine setting should be configured correctly for the Intranet Zone. CCE-15780-0*Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Only allow approved domains to use ActiveX controls without prompt HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1The "Only allow approved domains to use ActiveX controls without prompt" machine setting should be configured correctly for the Intranet Zone. CCE-15758-6*Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Run .NET Framework-reliant components not signed with Authenticode HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1The "Run .NET Framework-reliant components not signed with Authenticode" machine setting should be configured correctly for the Intranet Zone. CCE-15612-5%Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Allow websites to open windows without address or status bars HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1The "Allow websites to open windows without address or status bars" machine setting should be configured correctly for the Intranet Zone. CCE-15476-5Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Loose XAML files HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\The "Loose XAML files" machine setting should be configured correctly for the Intranet Zone. CCE-15840-2Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Allow drag and drop or copy and paste files HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1wThe "Allow drag and drop or copy and paste files" machine setting should be configured correctly for the Intranet Zone. CCE-15286-8 Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Allow installation of desktop items HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1oThe "Allow installation of desktop items" machine setting should be configured correctly for the Intranet Zone. CCE-15621-6Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Allow file downloads HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1`The "Allow file downloads" machine setting should be configured correctly for the Intranet Zone. CCE-15894-9/Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Allow video and animation on a Web page that uses a legacy media player HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1The "Allow video and animation on a Web page that uses a legacy media player" machine setting should be configured correctly for the Intranet Zone. CCE-14959-1Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Userdata persistence HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1`The "Userdata persistence" machine setting should be configured correctly for the Intranet Zone. CCE-15057-3Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Automatic prompting for file downloads HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1rThe "Automatic prompting for file downloads" machine setting should be configured correctly for the Intranet Zone. CCE-14926-02Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Web sites in less privileged Web content zones can navigate into this zone HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1The "Web sites in less privileged Web content zones can navigate into this zone" machine setting should be configured correctly for the Intranet Zone. CCE-14934-4Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Submit non-encrypted form data HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1jThe "Submit non-encrypted form data" machine setting should be configured correctly for the Intranet Zone. CCE-15234-8Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Allow font downloads HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1`The "Allow font downloads" machine setting should be configured correctly for the Intranet Zone. CCE-15489-8Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Script ActiveX controls marked safe for scripting HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1}The "Script ActiveX controls marked safe for scripting" machine setting should be configured correctly for the Intranet Zone. CCE-15753-7Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Allow Scriptlets HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\The "Allow Scriptlets" machine setting should be configured correctly for the Intranet Zone. CCE-15899-8Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Allow META REFRESH HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1^The "Allow META REFRESH" machine setting should be configured correctly for the Intranet Zone. CCE-15580-4Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Software channel permissions HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1hThe "Software channel permissions" machine setting should be configured correctly for the Intranet Zone. CCE-15300-7KComputer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Do not prompt for client certificate selection when no certificates or only one certificate exists. HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1The "Do not prompt for client certificate selection when no certificates or only one certificate exists." machine setting should be configured correctly for the Intranet Zone. CCE-15846-9Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Allow active scripting HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1bThe "Allow active scripting" machi< ne setting should be configured correctly for the Intranet Zone. CCE-15908-7Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Display mixed content HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1aThe "Display mixed content" machine setting should be configured correctly for the Intranet Zone. CCE-15866-7 Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Access data sources across domains HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1nThe "Access data sources across domains" machine setting should be configured correctly for the Intranet Zone. CCE-15219-9Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Launching applications and files in an IFRAME HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1yThe "Launching applications and files in an IFRAME" machine setting should be configured correctly for the Intranet Zone. CCE-15714-9Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Scripting of Java applets HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1eThe "Scripting of Java applets" machine setting should be configured correctly for the Intranet Zone. CCE-15771-9 Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Allow scripting of Internet Explorer web browser control HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1The "Allow scripting of Internet Explorer web browser control" machine setting should be configured correctly for the Intranet Zone. CCE-15534-1Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Turn on Protected Mode HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1bThe "Turn on Protected Mode" machine setting should be configured correctly for the Intranet Zone. CCE-15082-1%Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Include local directory path when uploading files to a server HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1The "Include local directory path when uploading files to a server" machine setting should be configured correctly for the Intranet Zone. CCE-15775-0&Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Run .NET Framework-reliant components signed with Authenticode HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1The "Run .NET Framework-reliant components signed with Authenticode" machine setting should be configured correctly for the Intranet Zone. CCE-14930-2 Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Download unsigned ActiveX controls HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1nThe "Download unsigned ActiveX controls" machine setting should be configured correctly for the Intranet Zone. CCE-15168-8Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Turn Off First-Run Opt-In HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1eThe "Turn Off First-Run Opt-In" machine setting should be configured correctly for the Intranet Zone. CCE-15762-8 Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Allow binary and script behaviors HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1mThe "Allow binary and script behaviors" machine setting should be configured correctly for the Intranet Zone. CCE-15802-2Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Turn on Cross-Site Scripting (XSS) Filter HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1uThe "Turn on Cross-Site Scripting (XSS) Filter" machine setting should be configured correctly for the Intranet Zone. CCE-15818-8,Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Allow active content over restricted protocols to access my computer HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1The "Allow active content over restricted protocols to access my computer" machine setting should be configured correctly for the Intranet Zone. CCE-14928-6)Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Allow cut, copy or paste operations from the clipboard via script HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1The "Allow cut, copy or paste operations from the clipboard via script" machine setting should be configured correctly for the Intranet Zone. CCE-15295-9Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Use SmartScreen Filter HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1bThe "Use SmartScreen Filter" machine setting should be configured correctly for the Intranet Zone. CCE-15619-0Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\XAML browser applications HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1eThe "XAML browser applications" machine setting should be configured correctly for the Intranet Zone. CCE-15705-7Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Run ActiveX controls and plugins HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1lThe "Run ActiveX controls and plugins" machine setting should be configured correctly for the Intranet Zone. CCE-15360-1'Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Allow websites to prompt for information using scripted windows HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1The "Allow websites to prompt for information using scripted windows" machine setting should be configured correctly for the Intranet Zone. CCE-15841-0User Configuration\Administrative Templates\Windows Components\Internet Explorer\Persistence Behavior\File size limits for Trusted Sites zone HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Persistence\2bThe "File size limits for Trusted Sites zone" current user setting should be configured correctly. CCE-15776-8User Configuration\Administrative Templates\Windows Components\Internet Explorer\Persistence Behavior\File size limits for Restricted Sites zone HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Persistence\4eThe "File size limits for Restricted Sites zone" current user setting should be configured correctly. CCE-16317-0User Configuration\Administrative Templates\Windows Components\Internet Explorer\Persisten< ce Behavior\File size limits for Internet zone HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Persistence\3]The "File size limits for Internet zone" current user setting should be configured correctly. CCE-16555-5User Configuration\Administrative Templates\Windows Components\Internet Explorer\Persistence Behavior\File size limits for Intranet zone HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Persistence\1]The "File size limits for Intranet zone" current user setting should be configured correctly. CCE-15903-8User Configuration\Administrative Templates\Windows Components\Internet Explorer\Persistence Behavior\File size limits for Local Machine zone HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Persistence\0bThe "File size limits for Local Machine zone" current user setting should be configured correctly. CCE-16524-1GComputer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Web sites in less privileged Web content zones can navigate into this zone HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1The "Web sites in less privileged Web content zones can navigate into this zone" machine setting should be configured correctly for the Locked-Down Intranet Zone. CCE-16010-1 Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Loose XAML files HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1hThe "Loose XAML files" machine setting should be configured correctly for the Locked-Down Intranet Zone. CCE-16183-6(Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Automatic prompting for file downloads HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2The "Automatic prompting for file downloads" machine setting should be configured correctly for the Locked-Down Trusted Sites Zone. CCE-16513-4Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Run ActiveX controls and plugins HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1xThe "Run ActiveX controls and plugins" machine setting should be configured correctly for the Locked-Down Intranet Zone. CCE-15985-55Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Allow scripting of Internet Explorer web browser control HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1The "Allow scripting of Internet Explorer web browser control" machine setting should be configured correctly for the Locked-Down Intranet Zone. CCE-16342-8Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Turn Off First-Run Opt-In HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1qThe "Turn Off First-Run Opt-In" machine setting should be configured correctly for the Locked-Down Intranet Zone. CCE-16288-3eComputer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Do not prompt for client certificate selection when no certificates or only one certificate exists. HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2The "Do not prompt for client certificate selection when no certificates or only one certificate exists." machine setting should be configured correctly for the Locked-Down Trusted Sites Zone. CCE-16380-8/Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Launching applications and files in an IFRAME HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2The "Launching applications and files in an IFRAME" machine setting should be configured correctly for the Locked-Down Trusted Sites Zone. CCE-16627-2HComputer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Allow script-initiated windows without size or position constraints HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4The "Allow script-initiated windows without size or position constraints" machine setting should be configured correctly for the Locked-Down Restricted Sites Zone. CCE-16885-6@Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Run .NET Framework-reliant components signed with Authenticode HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2The "Run .NET Framework-reliant components signed with Authenticode" machine setting should be configured correctly for the Locked-Down Trusted Sites Zone. CCE-16504-3"Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Run ActiveX controls and plugins HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2}The "Run ActiveX controls and plugins" machine setting should be configured correctly for the Locked-Down Trusted Sites Zone. CCE-15674-5?Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Only allow approved domains to use ActiveX controls without prompt HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1The "Only allow approved domains to use ActiveX controls without prompt" machine setting should be configured correctly for the Locked-Down Intranet Zone. CCE-16540-7Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Allow file downloads HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3lThe "Allow file downloads" machine setting should be configured correctly for the Locked-Down Internet Zone. CCE-16951-64Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Open files based on content, not file extension HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4The "Open files based on content, not file extension" machine setting should be configured correctly for the Locked-Down Restricted Sites Zone. CCE-16798-1@Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Allow script-initiated windows without size or position constraints HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1The "Allow script-initiated windows without size or position constraints" machine setting should be configured correctly for the Locked-Down Intranet Zone. CCE-16948-2Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Access data sources across domains HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3zThe "Access data sources across domains" ma< chine setting should be configured correctly for the Locked-Down Internet Zone. CCE-17036-5DComputer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Only allow approved domains to use ActiveX controls without prompt HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2The "Only allow approved domains to use ActiveX controls without prompt" machine setting should be configured correctly for the Locked-Down Trusted Sites Zone. CCE-16605-8Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Logon options HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2jThe "Logon options" machine setting should be configured correctly for the Locked-Down Trusted Sites Zone. CCE-16622-36Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Navigate windows and frames across different domains HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2The "Navigate windows and frames across different domains" machine setting should be configured correctly for the Locked-Down Trusted Sites Zone. CCE-16387-35Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Allow scripting of Internet Explorer web browser control HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3The "Allow scripting of Internet Explorer web browser control" machine setting should be configured correctly for the Locked-Down Internet Zone. CCE-16811-2CComputer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Allow cut, copy or paste operations from the clipboard via script HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2The "Allow cut, copy or paste operations from the clipboard via script" machine setting should be configured correctly for the Locked-Down Trusted Sites Zone. CCE-16498-8$Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Access data sources across domains HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2The "Access data sources across domains" machine setting should be configured correctly for the Locked-Down Trusted Sites Zone. CCE-15681-0 Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Launching programs and unsafe files HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3{The "Launching programs and unsafe files" machine setting should be configured correctly for the Locked-Down Internet Zone. CCE-16013-5%Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Run ActiveX controls and plugins HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4The "Run ActiveX controls and plugins" machine setting should be configured correctly for the Locked-Down Restricted Sites Zone. CCE-15980-6 Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Submit non-encrypted form data HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2{The "Submit non-encrypted form data" machine setting should be configured correctly for the Locked-Down Trusted Sites Zone. CCE-16416-0Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Scripting of Java applets HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3qThe "Scripting of Java applets" machine setting should be configured correctly for the Locked-Down Internet Zone. CCE-16193-5(Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Allow drag and drop or copy and paste files HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1The "Allow drag and drop or copy and paste files" machine setting should be configured correctly for the Locked-Down Intranet Zone. CCE-16965-6:Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Include local directory path when uploading files to a server HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3The "Include local directory path when uploading files to a server" machine setting should be configured correctly for the Locked-Down Internet Zone. CCE-16867-4(Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Automatic prompting for file downloads HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0The "Automatic prompting for file downloads" machine setting should be configured correctly for the Locked-Down Local Machine Zone. CCE-14982-3 Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Submit non-encrypted form data HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0{The "Submit non-encrypted form data" machine setting should be configured correctly for the Locked-Down Local Machine Zone. CCE-15697-6Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Turn Off First-Run Opt-In HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4yThe "Turn Off First-Run Opt-In" machine setting should be configured correctly for the Locked-Down Restricted Sites Zone. CCE-16212-3Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Turn on Protected Mode HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1nThe "Turn on Protected Mode" machine setting should be configured correctly for the Locked-Down Intranet Zone. CCE-16976-3GComputer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Run .NET Framework-reliant components not signed with Authenticode HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4The "Run .NET Framework-reliant components not signed with Authenticode" machine setting should be configured correctly for the Locked-Down Restricted Sites Zone. CCE-16242-0BComputer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Allow websites to open windows without address or status bars HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4The "Allow websites to open windows without address or status bars" machine setting should be configured correctly for the Locked-Down Restricted Sites< Zone. CCE-16839-3(Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Allow drag and drop or copy and paste files HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3The "Allow drag and drop or copy and paste files" machine setting should be configured correctly for the Locked-Down Internet Zone. CCE-16030-9@Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Run .NET Framework-reliant components signed with Authenticode HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0The "Run .NET Framework-reliant components signed with Authenticode" machine setting should be configured correctly for the Locked-Down Local Machine Zone. CCE-15904-6:Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Allow scripting of Internet Explorer web browser control HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2The "Allow scripting of Internet Explorer web browser control" machine setting should be configured correctly for the Locked-Down Trusted Sites Zone. CCE-16382-4Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Allow font downloads HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0qThe "Allow font downloads" machine setting should be configured correctly for the Locked-Down Local Machine Zone. CCE-15850-1#Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Automatic prompting for file downloads HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1~The "Automatic prompting for file downloads" machine setting should be configured correctly for the Locked-Down Intranet Zone. CCE-16298-2EComputer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Allow script-initiated windows without size or position constraints HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2The "Allow script-initiated windows without size or position constraints" machine setting should be configured correctly for the Locked-Down Trusted Sites Zone. CCE-15689-3<Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Allow websites to prompt for information using scripted windows HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3The "Allow websites to prompt for information using scripted windows" machine setting should be configured correctly for the Locked-Down Internet Zone. CCE-16613-2!Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Software channel permissions HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4|The "Software channel permissions" machine setting should be configured correctly for the Locked-Down Restricted Sites Zone. CCE-16238-8?Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Run .NET Framework-reliant components not signed with Authenticode HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3The "Run .NET Framework-reliant components not signed with Authenticode" machine setting should be configured correctly for the Locked-Down Internet Zone. CCE-16375-8DComputer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Run .NET Framework-reliant components not signed with Authenticode HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0The "Run .NET Framework-reliant components not signed with Authenticode" machine setting should be configured correctly for the Locked-Down Local Machine Zone. CCE-15021-9:Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Allow websites to open windows without address or status bars HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3The "Allow websites to open windows without address or status bars" machine setting should be configured correctly for the Locked-Down Internet Zone. CCE-16020-0AComputer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Allow websites to prompt for information using scripted windows HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2The "Allow websites to prompt for information using scripted windows" machine setting should be configured correctly for the Locked-Down Trusted Sites Zone. CCE-16549-8eComputer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Do not prompt for client certificate selection when no certificates or only one certificate exists. HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0The "Do not prompt for client certificate selection when no certificates or only one certificate exists." machine setting should be configured correctly for the Locked-Down Local Machine Zone. CCE-15594-5*Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Automatic prompting for ActiveX controls HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0The "Automatic prompting for ActiveX controls" machine setting should be configured correctly for the Locked-Down Local Machine Zone. CCE-15900-4Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Turn on Protected Mode HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3nThe "Turn on Protected Mode" machine setting should be configured correctly for the Locked-Down Internet Zone. CCE-16987-0Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Allow Scriptlets HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4pThe "Allow Scriptlets" machine setting should be configured correctly for the Locked-Down Restricted Sites Zone. CCE-16552-2Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Allow META REFRESH HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0oThe "Allow META REFRESH" machine setting should be configured correctly for the Locked-Down Local Machine Zone. CCE-15794-1;Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Run .NET Framework-reliant components signed with Authenticode HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Inte< rnet Settings\Lockdown_Zones\3The "Run .NET Framework-reliant components signed with Authenticode" machine setting should be configured correctly for the Locked-Down Internet Zone. CCE-16880-7Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Use Pop-up Blocker HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3jThe "Use Pop-up Blocker" machine setting should be configured correctly for the Locked-Down Internet Zone. CCE-16362-6OComputer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Web sites in less privileged Web content zones can navigate into this zone HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4The "Web sites in less privileged Web content zones can navigate into this zone" machine setting should be configured correctly for the Locked-Down Restricted Sites Zone. CCE-16872-4CComputer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Run .NET Framework-reliant components signed with Authenticode HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4The "Run .NET Framework-reliant components signed with Authenticode" machine setting should be configured correctly for the Locked-Down Restricted Sites Zone. CCE-16861-7#Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Submit non-encrypted form data HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4~The "Submit non-encrypted form data" machine setting should be configured correctly for the Locked-Down Restricted Sites Zone. CCE-15920-2 Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\XPS documents HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1eThe "XPS documents" machine setting should be configured correctly for the Locked-Down Intranet Zone. CCE-16465-76Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Initialize and script ActiveX controls not marked as safe HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1The "Initialize and script ActiveX controls not marked as safe" machine setting should be configured correctly for the Locked-Down Intranet Zone. CCE-16953-2?Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Include local directory path when uploading files to a server HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2The "Include local directory path when uploading files to a server" machine setting should be configured correctly for the Locked-Down Trusted Sites Zone. CCE-16575-3+Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Automatic prompting for file downloads HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4The "Automatic prompting for file downloads" machine setting should be configured correctly for the Locked-Down Restricted Sites Zone. CCE-16460-8EComputer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Allow script-initiated windows without size or position constraints HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0The "Allow script-initiated windows without size or position constraints" machine setting should be configured correctly for the Locked-Down Local Machine Zone. CCE-15016-9-Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Allow drag and drop or copy and paste files HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0The "Allow drag and drop or copy and paste files" machine setting should be configured correctly for the Locked-Down Local Machine Zone. CCE-15198-5 Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Launching programs and unsafe files HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1{The "Launching programs and unsafe files" machine setting should be configured correctly for the Locked-Down Intranet Zone. CCE-16624-90Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Allow drag and drop or copy and paste files HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4The "Allow drag and drop or copy and paste files" machine setting should be configured correctly for the Locked-Down Restricted Sites Zone. CCE-16094-5Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\XAML browser applications HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3qThe "XAML browser applications" machine setting should be configured correctly for the Locked-Down Internet Zone. CCE-16547-2Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Allow font downloads HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1lThe "Allow font downloads" machine setting should be configured correctly for the Locked-Down Intranet Zone. CCE-16851-8'Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Access data sources across domains HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4The "Access data sources across domains" machine setting should be configured correctly for the Locked-Down Restricted Sites Zone. CCE-16714-8BComputer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Include local directory path when uploading files to a server HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4The "Include local directory path when uploading files to a server" machine setting should be configured correctly for the Locked-Down Restricted Sites Zone. CCE-16789-0hComputer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Do not prompt for client certificate selection when no certificates or only one certificate exists. HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4The "Do not prompt for client certificate selection when no certificates or only one certificate exists." machine setting should be configured correctly for the Locked-Down Restricted Sites Zone. CCE-15901-2@Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Allow script-initiat< ed windows without size or position constraints HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3The "Allow script-initiated windows without size or position constraints" machine setting should be configured correctly for the Locked-Down Internet Zone. CCE-16600-9"Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Run ActiveX controls and plugins HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0}The "Run ActiveX controls and plugins" machine setting should be configured correctly for the Locked-Down Local Machine Zone. CCE-15944-2Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Scripting of Java applets HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1qThe "Scripting of Java applets" machine setting should be configured correctly for the Locked-Down Intranet Zone. CCE-16828-6Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Scripting of Java applets HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2vThe "Scripting of Java applets" machine setting should be configured correctly for the Locked-Down Trusted Sites Zone. CCE-16371-7Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Allow META REFRESH HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1jThe "Allow META REFRESH" machine setting should be configured correctly for the Locked-Down Intranet Zone. CCE-16782-5Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\XPS documents HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0jThe "XPS documents" machine setting should be configured correctly for the Locked-Down Local Machine Zone. CCE-15891-5Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Use Pop-up Blocker HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2oThe "Use Pop-up Blocker" machine setting should be configured correctly for the Locked-Down Trusted Sites Zone. CCE-16228-9;Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Initialize and script ActiveX controls not marked as safe HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2The "Initialize and script ActiveX controls not marked as safe" machine setting should be configured correctly for the Locked-Down Trusted Sites Zone. CCE-16631-4Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Allow META REFRESH HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2oThe "Allow META REFRESH" machine setting should be configured correctly for the Locked-Down Trusted Sites Zone. CCE-15954-1Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Allow binary and script behaviors HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1yThe "Allow binary and script behaviors" machine setting should be configured correctly for the Locked-Down Intranet Zone. CCE-16972-2Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Software channel permissions HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0yThe "Software channel permissions" machine setting should be configured correctly for the Locked-Down Local Machine Zone. CCE-15956-6Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Display mixed content HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4uThe "Display mixed content" machine setting should be configured correctly for the Locked-Down Restricted Sites Zone. CCE-16392-3+Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Turn on Cross-Site Scripting (XSS) Filter HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0The "Turn on Cross-Site Scripting (XSS) Filter" machine setting should be configured correctly for the Locked-Down Local Machine Zone. CCE-15732-1DComputer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Run .NET Framework-reliant components not signed with Authenticode HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2The "Run .NET Framework-reliant components not signed with Authenticode" machine setting should be configured correctly for the Locked-Down Trusted Sites Zone. CCE-16635-5'Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Download unsigned ActiveX controls HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4The "Download unsigned ActiveX controls" machine setting should be configured correctly for the Locked-Down Restricted Sites Zone. CCE-16320-4Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Allow active scripting HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4vThe "Allow active scripting" machine setting should be configured correctly for the Locked-Down Restricted Sites Zone. CCE-15892-3Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Allow file downloads HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2qThe "Allow file downloads" machine setting should be configured correctly for the Locked-Down Trusted Sites Zone. CCE-15642-2Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\XAML browser applications HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1qThe "XAML browser applications" machine setting should be configured correctly for the Locked-Down Intranet Zone. CCE-16935-93Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Script ActiveX controls marked safe for scripting HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2The "Script ActiveX controls marked safe for scripting" machine setting should be configured correctly for the Locked-Down Trusted Sites Zone. CCE-16490-5AComputer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zo< ne\Allow websites to prompt for information using scripted windows HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0The "Allow websites to prompt for information using scripted windows" machine setting should be configured correctly for the Locked-Down Local Machine Zone. CCE-15851-9Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Display mixed content HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1mThe "Display mixed content" machine setting should be configured correctly for the Locked-Down Intranet Zone. CCE-16957-3(Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Launching programs and unsafe files HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4The "Launching programs and unsafe files" machine setting should be configured correctly for the Locked-Down Restricted Sites Zone. CCE-16110-9(Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Allow status bar updates via script HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4The "Allow status bar updates via script" machine setting should be configured correctly for the Locked-Down Restricted Sites Zone. CCE-16830-2 Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Allow status bar updates via script HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3{The "Allow status bar updates via script" machine setting should be configured correctly for the Locked-Down Internet Zone. CCE-16096-0Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Allow active scripting HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1nThe "Allow active scripting" machine setting should be configured correctly for the Locked-Down Intranet Zone. CCE-16985-4Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Scripting of Java applets HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0vThe "Scripting of Java applets" machine setting should be configured correctly for the Locked-Down Local Machine Zone. CCE-15948-3Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Turn Off First-Run Opt-In HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2vThe "Turn Off First-Run Opt-In" machine setting should be configured correctly for the Locked-Down Trusted Sites Zone. CCE-16105-9;Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Run .NET Framework-reliant components signed with Authenticode HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1The "Run .NET Framework-reliant components signed with Authenticode" machine setting should be configured correctly for the Locked-Down Intranet Zone. CCE-16188-5DComputer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Allow video and animation on a Web page that uses a legacy media player HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1The "Allow video and animation on a Web page that uses a legacy media player" machine setting should be configured correctly for the Locked-Down Intranet Zone. CCE-16963-1Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\XPS documents HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2jThe "XPS documents" machine setting should be configured correctly for the Locked-Down Trusted Sites Zone. CCE-16571-2Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Allow font downloads HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3lThe "Allow font downloads" machine setting should be configured correctly for the Locked-Down Internet Zone. CCE-16607-4:Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Allow websites to open windows without address or status bars HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1The "Allow websites to open windows without address or status bars" machine setting should be configured correctly for the Locked-Down Intranet Zone. CCE-16824-5%Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Automatic prompting for ActiveX controls HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3The "Automatic prompting for ActiveX controls" machine setting should be configured correctly for the Locked-Down Internet Zone. CCE-16274-3Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Userdata persistence HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1lThe "Userdata persistence" machine setting should be configured correctly for the Locked-Down Intranet Zone. CCE-16595-1Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Logon options HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4mThe "Logon options" machine setting should be configured correctly for the Locked-Down Restricted Sites Zone. CCE-16092-9Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Use Pop-up Blocker HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4rThe "Use Pop-up Blocker" machine setting should be configured correctly for the Locked-Down Restricted Sites Zone. CCE-16724-7LComputer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Allow video and animation on a Web page that uses a legacy media player HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4The "Allow video and animation on a Web page that uses a legacy media player" machine setting should be configured correctly for the Locked-Down Restricted Sites Zone. CCE-16004-4Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Display mixed content HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2rThe "Display mixed content" machine setting should be configured correctly for the Locked-Down Trusted Sites Zone. CCE-16224-8Computer Configuration\Administrative Temp< lates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Download signed ActiveX controls HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1xThe "Download signed ActiveX controls" machine setting should be configured correctly for the Locked-Down Intranet Zone. CCE-16943-3Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Allow Scriptlets HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2mThe "Allow Scriptlets" machine setting should be configured correctly for the Locked-Down Trusted Sites Zone. CCE-16517-5Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Run ActiveX controls and plugins HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3xThe "Run ActiveX controls and plugins" machine setting should be configured correctly for the Locked-Down Internet Zone. CCE-17009-2$Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Access data sources across domains HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0The "Access data sources across domains" machine setting should be configured correctly for the Locked-Down Local Machine Zone. CCE-15971-5$Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Download unsigned ActiveX controls HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2The "Download unsigned ActiveX controls" machine setting should be configured correctly for the Locked-Down Trusted Sites Zone. CCE-15639-82Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Launching applications and files in an IFRAME HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4The "Launching applications and files in an IFRAME" machine setting should be configured correctly for the Locked-Down Restricted Sites Zone. CCE-16577-9 Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Allow status bar updates via script HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1{The "Allow status bar updates via script" machine setting should be configured correctly for the Locked-Down Intranet Zone. CCE-16922-71Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Open files based on content, not file extension HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2The "Open files based on content, not file extension" machine setting should be configured correctly for the Locked-Down Trusted Sites Zone. CCE-16553-0:Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Allow scripting of Internet Explorer web browser control HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0The "Allow scripting of Internet Explorer web browser control" machine setting should be configured correctly for the Locked-Down Local Machine Zone. CCE-15952-5 Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Allow installation of desktop items HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3{The "Allow installation of desktop items" machine setting should be configured correctly for the Locked-Down Internet Zone. CCE-16854-2Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Use Pop-up Blocker HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0oThe "Use Pop-up Blocker" machine setting should be configured correctly for the Locked-Down Local Machine Zone. CCE-15957-4 Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Allow Scriptlets HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1hThe "Allow Scriptlets" machine setting should be configured correctly for the Locked-Down Intranet Zone. CCE-16373-3?Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Include local directory path when uploading files to a server HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0The "Include local directory path when uploading files to a server" machine setting should be configured correctly for the Locked-Down Local Machine Zone. CCE-15600-0Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Display mixed content HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3mThe "Display mixed content" machine setting should be configured correctly for the Locked-Down Internet Zone. CCE-16189-3-Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Automatic prompting for ActiveX controls HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4The "Automatic prompting for ActiveX controls" machine setting should be configured correctly for the Locked-Down Restricted Sites Zone. CCE-15915-2?Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Run .NET Framework-reliant components not signed with Authenticode HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1The "Run .NET Framework-reliant components not signed with Authenticode" machine setting should be configured correctly for the Locked-Down Intranet Zone. CCE-16318-8Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Allow META REFRESH HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4rThe "Allow META REFRESH" machine setting should be configured correctly for the Locked-Down Restricted Sites Zone. CCE-16729-61Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Navigate windows and frames across different domains HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3The "Navigate windows and frames across different domains" machine setting should be configured correctly for the Locked-Down Internet Zone. CCE-16043-2Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Userdata persistence HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4tThe "Userdata persistence" machine setting should< be configured correctly for the Locked-Down Restricted Sites Zone. CCE-16784-1(Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Allow installation of desktop items HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4The "Allow installation of desktop items" machine setting should be configured correctly for the Locked-Down Restricted Sites Zone. CCE-16229-7Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Loose XAML files HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0mThe "Loose XAML files" machine setting should be configured correctly for the Locked-Down Local Machine Zone. CCE-15017-7DComputer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Allow video and animation on a Web page that uses a legacy media player HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3The "Allow video and animation on a Web page that uses a legacy media player" machine setting should be configured correctly for the Locked-Down Internet Zone. CCE-16730-4Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Access data sources across domains HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1zThe "Access data sources across domains" machine setting should be configured correctly for the Locked-Down Intranet Zone. CCE-16617-3IComputer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Allow video and animation on a Web page that uses a legacy media player HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2The "Allow video and animation on a Web page that uses a legacy media player" machine setting should be configured correctly for the Locked-Down Trusted Sites Zone. CCE-15694-3 Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Allow installation of desktop items HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1{The "Allow installation of desktop items" machine setting should be configured correctly for the Locked-Down Intranet Zone. CCE-16447-5%Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Allow installation of desktop items HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0The "Allow installation of desktop items" machine setting should be configured correctly for the Locked-Down Local Machine Zone. CCE-15983-0Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\XAML browser applications HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2vThe "XAML browser applications" machine setting should be configured correctly for the Locked-Down Trusted Sites Zone. CCE-15766-9?Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Allow websites to open windows without address or status bars HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0The "Allow websites to open windows without address or status bars" machine setting should be configured correctly for the Locked-Down Local Machine Zone. CCE-15362-7Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\XPS documents HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4mThe "XPS documents" machine setting should be configured correctly for the Locked-Down Restricted Sites Zone. CCE-16195-0FComputer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Allow cut, copy or paste operations from the clipboard via script HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4The "Allow cut, copy or paste operations from the clipboard via script" machine setting should be configured correctly for the Locked-Down Restricted Sites Zone. CCE-15909-56Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Navigate windows and frames across different domains HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0The "Navigate windows and frames across different domains" machine setting should be configured correctly for the Locked-Down Local Machine Zone. CCE-15596-0%Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Download signed ActiveX controls HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4The "Download signed ActiveX controls" machine setting should be configured correctly for the Locked-Down Restricted Sites Zone. CCE-16737-9Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\XAML browser applications HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0vThe "XAML browser applications" machine setting should be configured correctly for the Locked-Down Local Machine Zone. CCE-15208-2>Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Initialize and script ActiveX controls not marked as safe HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4The "Initialize and script ActiveX controls not marked as safe" machine setting should be configured correctly for the Locked-Down Restricted Sites Zone. CCE-16643-9`Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Do not prompt for client certificate selection when no certificates or only one certificate exists. HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3The "Do not prompt for client certificate selection when no certificates or only one certificate exists." machine setting should be configured correctly for the Locked-Down Internet Zone. CCE-16859-11Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Open files based on content, not file extension HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0The "Open files based on content, not file extension" machine setting should be configured correctly for the Locked-Down Local Machine Zone. CCE-15393-2IComputer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Allow video and animation on a Web page that uses a legacy media player HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\I< nternet Settings\Lockdown_Zones\0The "Allow video and animation on a Web page that uses a legacy media player" machine setting should be configured correctly for the Locked-Down Local Machine Zone. CCE-15934-3Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Allow file downloads HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4tThe "Allow file downloads" machine setting should be configured correctly for the Locked-Down Restricted Sites Zone. CCE-16069-71Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Navigate windows and frames across different domains HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1The "Navigate windows and frames across different domains" machine setting should be configured correctly for the Locked-Down Intranet Zone. CCE-16533-2.Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Script ActiveX controls marked safe for scripting HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1The "Script ActiveX controls marked safe for scripting" machine setting should be configured correctly for the Locked-Down Intranet Zone. CCE-15987-1%Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Launching programs and unsafe files HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2The "Launching programs and unsafe files" machine setting should be configured correctly for the Locked-Down Trusted Sites Zone. CCE-15813-9Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Userdata persistence HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2qThe "Userdata persistence" machine setting should be configured correctly for the Locked-Down Trusted Sites Zone. CCE-16567-0Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Disable .NET Framework Setup HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2yThe "Disable .NET Framework Setup" machine setting should be configured correctly for the Locked-Down Trusted Sites Zone. CCE-16246-16Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Script ActiveX controls marked safe for scripting HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4The "Script ActiveX controls marked safe for scripting" machine setting should be configured correctly for the Locked-Down Restricted Sites Zone. CCE-16179-4&Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Turn on Cross-Site Scripting (XSS) Filter HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3The "Turn on Cross-Site Scripting (XSS) Filter" machine setting should be configured correctly for the Locked-Down Internet Zone. CCE-16886-4Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Turn Off First-Run Opt-In HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3qThe "Turn Off First-Run Opt-In" machine setting should be configured correctly for the Locked-Down Internet Zone. CCE-16891-4Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Submit non-encrypted form data HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1vThe "Submit non-encrypted form data" machine setting should be configured correctly for the Locked-Down Intranet Zone. CCE-16932-6*Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Launching applications and files in an IFRAME HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1The "Launching applications and files in an IFRAME" machine setting should be configured correctly for the Locked-Down Intranet Zone. CCE-16546-4Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Allow file downloads HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1lThe "Allow file downloads" machine setting should be configured correctly for the Locked-Down Intranet Zone. CCE-16205-7Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Turn on Protected Mode HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2sThe "Turn on Protected Mode" machine setting should be configured correctly for the Locked-Down Trusted Sites Zone. CCE-16225-5,Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Open files based on content, not file extension HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3The "Open files based on content, not file extension" machine setting should be configured correctly for the Locked-Down Internet Zone. CCE-16895-5%Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Automatic prompting for ActiveX controls HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1The "Automatic prompting for ActiveX controls" machine setting should be configured correctly for the Locked-Down Intranet Zone. CCE-16009-3$Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Download unsigned ActiveX controls HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0The "Download unsigned ActiveX controls" machine setting should be configured correctly for the Locked-Down Local Machine Zone. CCE-15960-8:Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Include local directory path when uploading files to a server HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1The "Include local directory path when uploading files to a server" machine setting should be configured correctly for the Locked-Down Intranet Zone. CCE-16104-2Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Allow Scriptlets HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0mThe "Allow Scriptlets" machine setting should be configured correctly for the Locked-Down Local Machine Zone. CCE-15666-1%Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine < Zone\Allow status bar updates via script HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0The "Allow status bar updates via script" machine setting should be configured correctly for the Locked-Down Local Machine Zone. CCE-15012-8Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Download unsigned ActiveX controls HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1zThe "Download unsigned ActiveX controls" machine setting should be configured correctly for the Locked-Down Intranet Zone. CCE-16077-0Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Disable .NET Framework Setup HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3tThe "Disable .NET Framework Setup" machine setting should be configured correctly for the Locked-Down Internet Zone. CCE-16841-9Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Allow active scripting HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0sThe "Allow active scripting" machine setting should be configured correctly for the Locked-Down Local Machine Zone. CCE-15847-7DComputer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Only allow approved domains to use ActiveX controls without prompt HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0The "Only allow approved domains to use ActiveX controls without prompt" machine setting should be configured correctly for the Locked-Down Local Machine Zone. CCE-15864-2Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Allow META REFRESH HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3jThe "Allow META REFRESH" machine setting should be configured correctly for the Locked-Down Internet Zone. CCE-16499-6Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Scripting of Java applets HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4yThe "Scripting of Java applets" machine setting should be configured correctly for the Locked-Down Restricted Sites Zone. CCE-16471-5Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Allow binary and script behaviors HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3yThe "Allow binary and script behaviors" machine setting should be configured correctly for the Locked-Down Internet Zone. CCE-16793-2%Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Launching programs and unsafe files HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0The "Launching programs and unsafe files" machine setting should be configured correctly for the Locked-Down Local Machine Zone. CCE-15970-7 Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\XPS documents HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3eThe "XPS documents" machine setting should be configured correctly for the Locked-Down Internet Zone. CCE-16876-5 Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Logon options HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1eThe "Logon options" machine setting should be configured correctly for the Locked-Down Intranet Zone. CCE-16954-0!Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Disable .NET Framework Setup HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4|The "Disable .NET Framework Setup" machine setting should be configured correctly for the Locked-Down Restricted Sites Zone. CCE-15906-1`Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Do not prompt for client certificate selection when no certificates or only one certificate exists. HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1The "Do not prompt for client certificate selection when no certificates or only one certificate exists." machine setting should be configured correctly for the Locked-Down Intranet Zone. CCE-16947-4LComputer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Web sites in less privileged Web content zones can navigate into this zone HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0The "Web sites in less privileged Web content zones can navigate into this zone" machine setting should be configured correctly for the Locked-Down Local Machine Zone. CCE-15842-8-Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Allow drag and drop or copy and paste files HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2The "Allow drag and drop or copy and paste files" machine setting should be configured correctly for the Locked-Down Trusted Sites Zone. CCE-15653-9?Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Allow websites to open windows without address or status bars HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2The "Allow websites to open windows without address or status bars" machine setting should be configured correctly for the Locked-Down Trusted Sites Zone. CCE-16519-1Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Allow active scripting HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2sThe "Allow active scripting" machine setting should be configured correctly for the Locked-Down Trusted Sites Zone. CCE-16535-7;Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Initialize and script ActiveX controls not marked as safe HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0The "Initialize and script ActiveX controls not marked as safe" machine setting should be configured correctly for the Locked-Down Local Machine Zone. CCE-15304-9Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Disable .NET Framework Setup HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0yThe "Disable .NET Framework Setup" machine setting< should be configured correctly for the Locked-Down Local Machine Zone. CCE-15728-9Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Allow font downloads HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4tThe "Allow font downloads" machine setting should be configured correctly for the Locked-Down Restricted Sites Zone. CCE-16733-8Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Allow active scripting HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3nThe "Allow active scripting" machine setting should be configured correctly for the Locked-Down Internet Zone. CCE-16029-1/Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Launching applications and files in an IFRAME HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0The "Launching applications and files in an IFRAME" machine setting should be configured correctly for the Locked-Down Local Machine Zone. CCE-15644-8Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Display mixed content HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0rThe "Display mixed content" machine setting should be configured correctly for the Locked-Down Local Machine Zone. CCE-15080-5*Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Automatic prompting for ActiveX controls HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2The "Automatic prompting for ActiveX controls" machine setting should be configured correctly for the Locked-Down Trusted Sites Zone. CCE-16548-06Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Initialize and script ActiveX controls not marked as safe HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3The "Initialize and script ActiveX controls not marked as safe" machine setting should be configured correctly for the Locked-Down Internet Zone. CCE-16445-9DComputer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Allow websites to prompt for information using scripted windows HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4The "Allow websites to prompt for information using scripted windows" machine setting should be configured correctly for the Locked-Down Restricted Sites Zone. CCE-16454-1Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\XAML browser applications HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4yThe "XAML browser applications" machine setting should be configured correctly for the Locked-Down Restricted Sites Zone. CCE-15897-2Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Software channel permissions HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2yThe "Software channel permissions" machine setting should be configured correctly for the Locked-Down Trusted Sites Zone. CCE-16616-5Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Submit non-encrypted form data HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3vThe "Submit non-encrypted form data" machine setting should be configured correctly for the Locked-Down Internet Zone. CCE-16468-1Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Turn on Protected Mode HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0sThe "Turn on Protected Mode" machine setting should be configured correctly for the Locked-Down Local Machine Zone. CCE-15811-3Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Software channel permissions HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3tThe "Software channel permissions" machine setting should be configured correctly for the Locked-Down Internet Zone. CCE-16803-9Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Loose XAML files HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2mThe "Loose XAML files" machine setting should be configured correctly for the Locked-Down Trusted Sites Zone. CCE-16601-7"Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Download signed ActiveX controls HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0}The "Download signed ActiveX controls" machine setting should be configured correctly for the Locked-Down Local Machine Zone. CCE-15798-2,Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Open files based on content, not file extension HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1The "Open files based on content, not file extension" machine setting should be configured correctly for the Locked-Down Intranet Zone. CCE-16086-1<Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Allow websites to prompt for information using scripted windows HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1The "Allow websites to prompt for information using scripted windows" machine setting should be configured correctly for the Locked-Down Intranet Zone. CCE-16959-9#Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Automatic prompting for file downloads HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3~The "Automatic prompting for file downloads" machine setting should be configured correctly for the Locked-Down Internet Zone. CCE-16543-1%Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Allow installation of desktop items HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2The "Allow installation of desktop items" machine setting should be configured correctly for the Locked-Down Trusted Sites Zone. CCE-16614-0"Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Download signed ActiveX controls HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Curr< entVersion\Internet Settings\Lockdown_Zones\2}The "Download signed ActiveX controls" machine setting should be configured correctly for the Locked-Down Trusted Sites Zone. CCE-15682-8=Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Allow scripting of Internet Explorer web browser control HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4The "Allow scripting of Internet Explorer web browser control" machine setting should be configured correctly for the Locked-Down Restricted Sites Zone. CCE-16581-1Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Disable .NET Framework Setup HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1tThe "Disable .NET Framework Setup" machine setting should be configured correctly for the Locked-Down Intranet Zone. CCE-16668-6Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Userdata persistence HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0qThe "Userdata persistence" machine setting should be configured correctly for the Locked-Down Local Machine Zone. CCE-15710-7.Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Script ActiveX controls marked safe for scripting HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3The "Script ActiveX controls marked safe for scripting" machine setting should be configured correctly for the Locked-Down Internet Zone. CCE-16039-0#Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Allow binary and script behaviors HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2~The "Allow binary and script behaviors" machine setting should be configured correctly for the Locked-Down Trusted Sites Zone. CCE-16160-4Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Logon options HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0jThe "Logon options" machine setting should be configured correctly for the Locked-Down Local Machine Zone. CCE-14981-5Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Turn Off First-Run Opt-In HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0vThe "Turn Off First-Run Opt-In" machine setting should be configured correctly for the Locked-Down Local Machine Zone. CCE-15949-1.Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Turn on Cross-Site Scripting (XSS) Filter HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4The "Turn on Cross-Site Scripting (XSS) Filter" machine setting should be configured correctly for the Locked-Down Restricted Sites Zone. CCE-16233-9 Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Logon options HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3eThe "Logon options" machine setting should be configured correctly for the Locked-Down Internet Zone. CCE-16807-0&Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Allow binary and script behaviors HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4The "Allow binary and script behaviors" machine setting should be configured correctly for the Locked-Down Restricted Sites Zone. CCE-16857-5%Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Allow status bar updates via script HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2The "Allow status bar updates via script" machine setting should be configured correctly for the Locked-Down Trusted Sites Zone. CCE-16539-9>Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Allow cut, copy or paste operations from the clipboard via script HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1The "Allow cut, copy or paste operations from the clipboard via script" machine setting should be configured correctly for the Locked-Down Intranet Zone. CCE-16425-1CComputer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Allow cut, copy or paste operations from the clipboard via script HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0The "Allow cut, copy or paste operations from the clipboard via script" machine setting should be configured correctly for the Locked-Down Local Machine Zone. CCE-15807-1Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Use Pop-up Blocker HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1jThe "Use Pop-up Blocker" machine setting should be configured correctly for the Locked-Down Intranet Zone. CCE-16650-4LComputer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Web sites in less privileged Web content zones can navigate into this zone HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2The "Web sites in less privileged Web content zones can navigate into this zone" machine setting should be configured correctly for the Locked-Down Trusted Sites Zone. CCE-16667-8&Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Turn on Cross-Site Scripting (XSS) Filter HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1The "Turn on Cross-Site Scripting (XSS) Filter" machine setting should be configured correctly for the Locked-Down Intranet Zone. CCE-16178-6Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Software channel permissions HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1tThe "Software channel permissions" machine setting should be configured correctly for the Locked-Down Intranet Zone. CCE-16719-79Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Navigate windows and frames across different domains HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4The "Navigate windows and frames across different domains" machine setting should be configured correctly for the Locked-Down Restricted Sites Zone. CCE-16565-43Computer Configuration\< Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Script ActiveX controls marked safe for scripting HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0The "Script ActiveX controls marked safe for scripting" machine setting should be configured correctly for the Locked-Down Local Machine Zone. CCE-15719-8 Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Loose XAML files HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3hThe "Loose XAML files" machine setting should be configured correctly for the Locked-Down Internet Zone. CCE-16347-7 Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Allow Scriptlets HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3hThe "Allow Scriptlets" machine setting should be configured correctly for the Locked-Down Internet Zone. CCE-16637-1+Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Turn on Cross-Site Scripting (XSS) Filter HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2The "Turn on Cross-Site Scripting (XSS) Filter" machine setting should be configured correctly for the Locked-Down Trusted Sites Zone. CCE-16230-5Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Download unsigned ActiveX controls HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3zThe "Download unsigned ActiveX controls" machine setting should be configured correctly for the Locked-Down Internet Zone. CCE-16243-8Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Allow file downloads HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0qThe "Allow file downloads" machine setting should be configured correctly for the Locked-Down Local Machine Zone. CCE-15190-2Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Loose XAML files HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4pThe "Loose XAML files" machine setting should be configured correctly for the Locked-Down Restricted Sites Zone. CCE-16826-0Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Allow font downloads HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2qThe "Allow font downloads" machine setting should be configured correctly for the Locked-Down Trusted Sites Zone. CCE-16046-5Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Userdata persistence HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3lThe "Userdata persistence" machine setting should be configured correctly for the Locked-Down Internet Zone. CCE-16864-1GComputer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Web sites in less privileged Web content zones can navigate into this zone HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3The "Web sites in less privileged Web content zones can navigate into this zone" machine setting should be configured correctly for the Locked-Down Internet Zone. CCE-16026-7Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Turn on Protected Mode HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4vThe "Turn on Protected Mode" machine setting should be configured correctly for the Locked-Down Restricted Sites Zone. CCE-16251-1>Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Allow cut, copy or paste operations from the clipboard via script HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3The "Allow cut, copy or paste operations from the clipboard via script" machine setting should be configured correctly for the Locked-Down Internet Zone. CCE-16659-5*Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Launching applications and files in an IFRAME HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3The "Launching applications and files in an IFRAME" machine setting should be configured correctly for the Locked-Down Internet Zone. CCE-16904-5#Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Allow binary and script behaviors HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0~The "Allow binary and script behaviors" machine setting should be configured correctly for the Locked-Down Local Machine Zone. CCE-15947-5User Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Mime Sniffing Safety Feature\All Processes HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFINGfThe "Mime Sniffing Safety Feature: All Processes" current user setting should be configured correctly. CCE-16239-6User Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Mime Sniffing Safety Feature\Internet Explorer Processes HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFINGtThe "Mime Sniffing Safety Feature: Internet Explorer Processes" current user setting should be configured correctly. CCE-16367-5User Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Mime Sniffing Safety Feature\Process List HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControleThe "Mime Sniffing Safety Feature: Process List" current user setting should be configured correctly. CCE-16125-7User Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Add-on Management\Process List HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControlZThe "Add-on Management: Process List" current user setting should be configured correctly. CCE-16341-0User Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Add-on Management\All Processes HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ADDON_MANAGEMENT[The "Add-on Management: All Processes" current user setting should be configured correctly. CCE-16847-6User Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Add-on Management\Deny all add-ons unless specifically allowed in the Add-on List HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ExtzThe "Deny all add-ons unless specifically allowed in the Add-on List" current user setting should be configured correctly.< CCE-16711-4User Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Add-on Management\Add-on List HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ExtFThe "Add-on List" current user setting should be configured correctly. CCE-16089-5User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Settings\URL Encoding\Turn off sending URLs as UTF-8 (requires restart) HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet SettingslThe "Turn off sending URLs as UTF-8 (requires restart)" current user setting should be configured correctly. CCE-16925-0User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Settings\Advanced settings\Internet Connection Wizard Settings\Turn on the Internet Connection Wizard Auto Detect HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Connection WizardmThe "Turn on the Internet Connection Wizard Auto Detect" current user setting should be configured correctly. CCE-15739-6User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Settings\Advanced settings\Searching\Prevent configuration of search from the Address bar HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\MainoThe "Prevent configuration of search from the Address bar" current user setting should be configured correctly. CCE-16336-0User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Script ActiveX controls marked safe for scripting HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4The "Script ActiveX controls marked safe for scripting" current user setting should be configured correctly for the Restricted Sites Zone. CCE-17099-3User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Allow Scriptlets HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4iThe "Allow Scriptlets" current user setting should be configured correctly for the Restricted Sites Zone. CCE-16507-6User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Turn Off First-Run Opt-In HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4rThe "Turn Off First-Run Opt-In" current user setting should be configured correctly for the Restricted Sites Zone. CCE-16503-5User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\XAML browser applications HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4rThe "XAML browser applications" current user setting should be configured correctly for the Restricted Sites Zone. CCE-17059-75User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Web sites in less privileged Web content zones can navigate into this zone HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4The "Web sites in less privileged Web content zones can navigate into this zone" current user setting should be configured correctly for the Restricted Sites Zone. CCE-17117-3 User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Run ActiveX controls and plugins HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4yThe "Run ActiveX controls and plugins" current user setting should be configured correctly for the Restricted Sites Zone. CCE-16152-1 User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Download unsigned ActiveX controls HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4{The "Download unsigned ActiveX controls" current user setting should be configured correctly for the Restricted Sites Zone. CCE-17050-6User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Scripting of Java applets HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4rThe "Scripting of Java applets" current user setting should be configured correctly for the Restricted Sites Zone. CCE-16130-7User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Allow font downloads HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4mThe "Allow font downloads" current user setting should be configured correctly for the Restricted Sites Zone. CCE-16832-8-User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Only allow approved domains to use ActiveX controls without prompt HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4The "Only allow approved domains to use ActiveX controls without prompt" current user setting should be configured correctly for the Restricted Sites Zone. CCE-16153-9User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Launching programs and unsafe files HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4|The "Launching programs and unsafe files" current user setting should be configured correctly for the Restricted Sites Zone. CCE-16860-9$User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Initialize and script ActiveX controls not marked as safe HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4The "Initialize and script ActiveX controls not marked as safe" current user setting should be configured correctly for the Restricted Sites Zone. CCE-16709-8User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Allow status bar updates via script HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4|The "Allow status bar updates via script" current user setting should be configured correctly for the Restricted Sites Zone. CCE-16109-1User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Turn on Protected Mode HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4oThe "Turn on Protected Mode" current user setting should be configured correctly for the Restricted Sites Zone. CCE-17088-6User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Allow installation of desktop items HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4|The "Allow installation of desktop items" current user setting should be configured correctly for the Restricted Sites Zone. CCE-16107-5User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Launching applications and files in an IFRAME HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4The "Launching applications and files in an IFRAME" current user setting should be configured correctly for the Restricted Sites Zone. CCE-17085-2User Configuration\Administrative Templates\Windows Components< \Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Allow META REFRESH HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4kThe "Allow META REFRESH" current user setting should be configured correctly for the Restricted Sites Zone. CCE-17124-9User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Loose XAML files HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4iThe "Loose XAML files" current user setting should be configured correctly for the Restricted Sites Zone. CCE-16139-8User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Disable .NET Framework Setup HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4uThe "Disable .NET Framework Setup" current user setting should be configured correctly for the Restricted Sites Zone. CCE-16855-9/User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Allow active content over restricted protocols to access my computer HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4The "Allow active content over restricted protocols to access my computer" current user setting should be configured correctly for the Restricted Sites Zone. CCE-16738-7User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Software channel permissions HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4uThe "Software channel permissions" current user setting should be configured correctly for the Restricted Sites Zone. CCE-16135-6NUser Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Do not prompt for client certificate selection when no certificates or only one certificate exists. HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4The "Do not prompt for client certificate selection when no certificates or only one certificate exists." current user setting should be configured correctly for the Restricted Sites Zone. CCE-17079-5-User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Run .NET Framework-reliant components not signed with Authenticode HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4The "Run .NET Framework-reliant components not signed with Authenticode" current user setting should be configured correctly for the Restricted Sites Zone. CCE-16209-9 User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Download signed ActiveX controls HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4yThe "Download signed ActiveX controls" current user setting should be configured correctly for the Restricted Sites Zone. CCE-16240-4,User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Allow cut, copy or paste operations from the clipboard via script HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4The "Allow cut, copy or paste operations from the clipboard via script" current user setting should be configured correctly for the Restricted Sites Zone. CCE-16496-2User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Navigate windows and frames across different domains HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4The "Navigate windows and frames across different domains" current user setting should be configured correctly for the Restricted Sites Zone. CCE-16156-2User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Turn on Cross-Site Scripting (XSS) Filter HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4The "Turn on Cross-Site Scripting (XSS) Filter" current user setting should be configured correctly for the Restricted Sites Zone. CCE-16878-1User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Allow active scripting HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4oThe "Allow active scripting" current user setting should be configured correctly for the Restricted Sites Zone. CCE-17010-0User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Allow drag and drop or copy and paste files HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4The "Allow drag and drop or copy and paste files" current user setting should be configured correctly for the Restricted Sites Zone. CCE-16154-7User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Use SmartScreen Filter HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4oThe "Use SmartScreen Filter" current user setting should be configured correctly for the Restricted Sites Zone. CCE-17063-92User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Allow video and animation on a Web page that uses a legacy media player HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4The "Allow video and animation on a Web page that uses a legacy media player" current user setting should be configured correctly for the Restricted Sites Zone. CCE-16974-8 User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Access data sources across domains HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4{The "Access data sources across domains" current user setting should be configured correctly for the Restricted Sites Zone. CCE-17073-8User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Userdata persistence HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4mThe "Userdata persistence" current user setting should be configured correctly for the Restricted Sites Zone. CCE-16905-2 User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Allow binary and script behaviors HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4zThe "Allow binary and script behaviors" current user setting should be configured correctly for the Restricted Sites Zone. CCE-16118-2User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Open files based on content, not file extension HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4The "Open files based on content, not file extension" current user setting should be configured correctly for the Restricted Sites Zone. CCE-16494-7User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone< \Java permissions HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4iThe "Java permissions" current user setting should be configured correctly for the Restricted Sites Zone. CCE-16159-6*User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Allow websites to prompt for information using scripted windows HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4The "Allow websites to prompt for information using scripted windows" current user setting should be configured correctly for the Restricted Sites Zone. CCE-16817-9.User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Allow script-initiated windows without size or position constraints HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4The "Allow script-initiated windows without size or position constraints" current user setting should be configured correctly for the Restricted Sites Zone. CCE-17107-4User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Logon options HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4fThe "Logon options" current user setting should be configured correctly for the Restricted Sites Zone. CCE-16196-8User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Allow file downloads HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4mThe "Allow file downloads" current user setting should be configured correctly for the Restricted Sites Zone. CCE-16734-6User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\XPS documents HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4fThe "XPS documents" current user setting should be configured correctly for the Restricted Sites Zone. CCE-16611-6)User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Run .NET Framework-reliant components signed with Authenticode HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4The "Run .NET Framework-reliant components signed with Authenticode" current user setting should be configured correctly for the Restricted Sites Zone. CCE-17006-8User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Use Pop-up Blocker HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4kThe "Use Pop-up Blocker" current user setting should be configured correctly for the Restricted Sites Zone. CCE-17023-3(User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Include local directory path when uploading files to a server HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4The "Include local directory path when uploading files to a server" current user setting should be configured correctly for the Restricted Sites Zone. CCE-17076-1User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Display mixed content HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4nThe "Display mixed content" current user setting should be configured correctly for the Restricted Sites Zone. CCE-17054-8(User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Allow websites to open windows without address or status bars HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4The "Allow websites to open windows without address or status bars" current user setting should be configured correctly for the Restricted Sites Zone. CCE-17014-2User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Automatic prompting for file downloads HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4The "Automatic prompting for file downloads" current user setting should be configured correctly for the Restricted Sites Zone. CCE-16988-8 User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Submit non-encrypted form data HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4wThe "Submit non-encrypted form data" current user setting should be configured correctly for the Restricted Sites Zone. CCE-17092-8User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Automatic prompting for ActiveX controls HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4The "Automatic prompting for ActiveX controls" current user setting should be configured correctly for the Restricted Sites Zone. CCE-17095-1Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Consistent Mime Handling\Process List HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\The "Consistent Mime Handling: Process List" machine setting should be configured correctly. CCE-16653-8Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Consistent Mime Handling\All Processes HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING]The "Consistent Mime Handling: All Processes" machine setting should be configured correctly. CCE-16648-8User Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Network Protocol Lockdown\Process List HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControlbThe "Network Protocol Lockdown: Process List" current user setting should be configured correctly. CCE-16670-2User Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Network Protocol Lockdown\All Processes HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWNcThe "Network Protocol Lockdown: All Processes" current user setting should be configured correctly. CCE-16696-7User Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Network Protocol Lockdown\Internet Explorer Processes HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWNqThe "Network Protocol Lockdown: Internet Explorer Processes" current user setting should be configured correctly. CCE-16692-6%User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Allow websites to open windows without address or status bars HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0The "Allow websites to open windows without address or status bars" current user setting should be configured correctly for the Local Machine Zone. CCE-15959-0!User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Initialize and script ActiveX controls not marked as safe HKEY_CURRENT_USER\Software\Policies\Microsoft\< Windows\CurrentVersion\Internet Settings\Zones\0The "Initialize and script ActiveX controls not marked as safe" current user setting should be configured correctly for the Local Machine Zone. CCE-15237-1User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Automatic prompting for file downloads HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0|The "Automatic prompting for file downloads" current user setting should be configured correctly for the Local Machine Zone. CCE-15752-9User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Use Pop-up Blocker HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0hThe "Use Pop-up Blocker" current user setting should be configured correctly for the Local Machine Zone. CCE-15565-5 User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Download unsigned ActiveX controls HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0xThe "Download unsigned ActiveX controls" current user setting should be configured correctly for the Local Machine Zone. CCE-16059-82User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Web sites in less privileged Web content zones can navigate into this zone HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0The "Web sites in less privileged Web content zones can navigate into this zone" current user setting should be configured correctly for the Local Machine Zone. CCE-15880-8User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Loose XAML files HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0fThe "Loose XAML files" current user setting should be configured correctly for the Local Machine Zone. CCE-16099-4User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Launching applications and files in an IFRAME HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0The "Launching applications and files in an IFRAME" current user setting should be configured correctly for the Local Machine Zone. CCE-15185-2User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Submit non-encrypted form data HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0tThe "Submit non-encrypted form data" current user setting should be configured correctly for the Local Machine Zone. CCE-16100-0*User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Run .NET Framework-reliant components not signed with Authenticode HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0The "Run .NET Framework-reliant components not signed with Authenticode" current user setting should be configured correctly for the Local Machine Zone. CCE-16140-6 User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Allow status bar updates via script HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0yThe "Allow status bar updates via script" current user setting should be configured correctly for the Local Machine Zone. CCE-16126-5User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Logon options HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0cThe "Logon options" current user setting should be configured correctly for the Local Machine Zone. CCE-16031-7User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Scripting of Java applets HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0oThe "Scripting of Java applets" current user setting should be configured correctly for the Local Machine Zone. CCE-15602-6+User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Allow script-initiated windows without size or position constraints HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0The "Allow script-initiated windows without size or position constraints" current user setting should be configured correctly for the Local Machine Zone. CCE-16003-6User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Use SmartScreen Filter HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0lThe "Use SmartScreen Filter" current user setting should be configured correctly for the Local Machine Zone. CCE-16076-2User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\XAML browser applications HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0oThe "XAML browser applications" current user setting should be configured correctly for the Local Machine Zone. CCE-15241-3User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Display mixed content HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0kThe "Display mixed content" current user setting should be configured correctly for the Local Machine Zone. CCE-16144-8 User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Access data sources across domains HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0xThe "Access data sources across domains" current user setting should be configured correctly for the Local Machine Zone. CCE-15757-8'User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Allow websites to prompt for information using scripted windows HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0The "Allow websites to prompt for information using scripted windows" current user setting should be configured correctly for the Local Machine Zone. CCE-15193-6KUser Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Do not prompt for client certificate selection when no certificates or only one certificate exists. HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0The "Do not prompt for client certificate selection when no certificates or only one certificate exists." current user setting should be configured correctly for the Local Machine Zone. CCE-16054-9User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Allow active scripting HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0lThe "Allow active scripting" current user setting should be configured correctly for the Local Machine Zone. CCE-15196-9User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Contro< l Panel\Security Page\Local Machine Zone\XPS documents HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0cThe "XPS documents" current user setting should be configured correctly for the Local Machine Zone. CCE-16064-8User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Allow font downloads HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0jThe "Allow font downloads" current user setting should be configured correctly for the Local Machine Zone. CCE-15668-7User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Turn on Cross-Site Scripting (XSS) Filter HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0The "Turn on Cross-Site Scripting (XSS) Filter" current user setting should be configured correctly for the Local Machine Zone. CCE-15761-0&User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Run .NET Framework-reliant components signed with Authenticode HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0The "Run .NET Framework-reliant components signed with Authenticode" current user setting should be configured correctly for the Local Machine Zone. CCE-16025-9%User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Include local directory path when uploading files to a server HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0The "Include local directory path when uploading files to a server" current user setting should be configured correctly for the Local Machine Zone. CCE-15902-0 User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Allow scripting of Internet Explorer web browser control HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0The "Allow scripting of Internet Explorer web browser control" current user setting should be configured correctly for the Local Machine Zone. CCE-16108-3User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Allow drag and drop or copy and paste files HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0The "Allow drag and drop or copy and paste files" current user setting should be configured correctly for the Local Machine Zone. CCE-15800-6User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Script ActiveX controls marked safe for scripting HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0The "Script ActiveX controls marked safe for scripting" current user setting should be configured correctly for the Local Machine Zone. CCE-16116-6,User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Allow active content over restricted protocols to access my computer HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0The "Allow active content over restricted protocols to access my computer" current user setting should be configured correctly for the Local Machine Zone. CCE-15157-1User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Run ActiveX controls and plugins HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0vThe "Run ActiveX controls and plugins" current user setting should be configured correctly for the Local Machine Zone. CCE-15153-0User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Allow file downloads HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0jThe "Allow file downloads" current user setting should be configured correctly for the Local Machine Zone. CCE-16122-4User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Userdata persistence HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0jThe "Userdata persistence" current user setting should be configured correctly for the Local Machine Zone. CCE-15195-1User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Open files based on content, not file extension HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0The "Open files based on content, not file extension" current user setting should be configured correctly for the Local Machine Zone. CCE-15858-4User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Turn on Protected Mode HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0lThe "Turn on Protected Mode" current user setting should be configured correctly for the Local Machine Zone. CCE-15988-9)User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Allow cut, copy or paste operations from the clipboard via script HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0The "Allow cut, copy or paste operations from the clipboard via script" current user setting should be configured correctly for the Local Machine Zone. CCE-16044-0 User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Launching programs and unsafe files HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0yThe "Launching programs and unsafe files" current user setting should be configured correctly for the Local Machine Zone. CCE-15171-2User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Allow META REFRESH HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0hThe "Allow META REFRESH" current user setting should be configured correctly for the Local Machine Zone. CCE-15385-8User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Disable .NET Framework Setup HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0rThe "Disable .NET Framework Setup" current user setting should be configured correctly for the Local Machine Zone. CCE-15162-1 User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Allow installation of desktop items HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0yThe "Allow installation of desktop items" current user setting should be configured correctly for the Local Machine Zone. CCE-15479-9User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Download signed ActiveX controls HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0vThe "Download signed ActiveX controls" current user setting should be configured correctly for the Local Machine Zone. CCE-15748-7User Configuration\Admini< strative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Java permissions HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0fThe "Java permissions" current user setting should be configured correctly for the Local Machine Zone. CCE-15446-8User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Allow Scriptlets HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0fThe "Allow Scriptlets" current user setting should be configured correctly for the Local Machine Zone. CCE-15215-7*User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Only allow approved domains to use ActiveX controls without prompt HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0The "Only allow approved domains to use ActiveX controls without prompt" current user setting should be configured correctly for the Local Machine Zone. CCE-15989-7 User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Allow binary and script behaviors HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0wThe "Allow binary and script behaviors" current user setting should be configured correctly for the Local Machine Zone. CCE-15961-6User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Software channel permissions HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0rThe "Software channel permissions" current user setting should be configured correctly for the Local Machine Zone. CCE-15787-5/User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Allow video and animation on a Web page that uses a legacy media player HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0The "Allow video and animation on a Web page that uses a legacy media player" current user setting should be configured correctly for the Local Machine Zone. CCE-16085-3User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Automatic prompting for ActiveX controls HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0~The "Automatic prompting for ActiveX controls" current user setting should be configured correctly for the Local Machine Zone. CCE-16081-2User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Turn Off First-Run Opt-In HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0oThe "Turn Off First-Run Opt-In" current user setting should be configured correctly for the Local Machine Zone. CCE-15177-9User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Navigate windows and frames across different domains HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0The "Navigate windows and frames across different domains" current user setting should be configured correctly for the Local Machine Zone. CCE-16121-6Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Corporate Settings\Code Download\Prevent setting of the code download path for each machine HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet SettingspThe "Prevent setting of the code download path for each machine" machine setting should be configured correctly. CCE-16683-5Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Object Caching Protection\All Processes HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING^The "Object Caching Protection: All Processes" machine setting should be configured correctly. CCE-15487-2Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Object Caching Protection\Internet Explorer Processes HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHINGlThe "Object Caching Protection: Internet Explorer Processes" machine setting should be configured correctly. CCE-15483-1Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Object Caching Protection\Process List HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl]The "Object Caching Protection: Process List" machine setting should be configured correctly. CCE-15482-33Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Application Compatibility\Enable cut, copy or paste operations from the clipboard if URLACTION_SCRIPT_PASTE is set to Prompt\Process List HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControlThe "Enable cut, copy or paste operations from the clipboard if URLACTION_SCRIPT_PASTE is set to Prompt: Process List" machine setting should be configured correctly. CCE-15781-8dComputer Configuration\Administrative Templates\Windows Components\Internet Explorer\Application Compatibility\Enable cut, copy or paste operations from the clipboard if URLACTION_SCRIPT_PASTE is set to Prompt\All Processes HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\Feature_Enable_Script_Paste_URLAction_If_PromptThe "Enable cut, copy or paste operations from the clipboard if URLACTION_SCRIPT_PASTE is set to Prompt: All Processes" machine setting should be configured correctly. CCE-15508-5rComputer Configuration\Administrative Templates\Windows Components\Internet Explorer\Application Compatibility\Enable cut, copy or paste operations from the clipboard if URLACTION_SCRIPT_PASTE is set to Prompt\Internet Explorer Processes HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\Feature_Enable_Script_Paste_URLAction_If_PromptThe "Enable cut, copy or paste operations from the clipboard if URLACTION_SCRIPT_PASTE is set to Prompt: Internet Explorer Processes" machine setting should be configured correctly. CCE-16032-5User Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Restrict ActiveX Install\Process List HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControlaThe "Restrict ActiveX Install: Process List" current user setting should be configured correctly. CCE-16491-3User Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Restrict ActiveX Install\All Processes HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALLbThe "Restrict ActiveX Install: All Processes" current user setting should be configured correctly. CCE-15869-1 User Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Restrict ActiveX Install\Internet Explorer Processes HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALLpThe "Restrict ActiveX Install: Internet Explorer Processes" current user setting should be configured correctly. CCE-16645-40User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Allow scripting of Internet Explorer web browser control HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3< The "Allow scripting of Internet Explorer web browser control" current user setting should be configured correctly for the Locked-Down Internet Zone. CCE-16082-0User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Allow font downloads HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4yThe "Allow font downloads" current user setting should be configured correctly for the Locked-Down Restricted Sites Zone. CCE-15589-5 User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Use Pop-up Blocker HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1oThe "Use Pop-up Blocker" current user setting should be configured correctly for the Locked-Down Intranet Zone. CCE-15632-31User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Script ActiveX controls marked safe for scripting HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4The "Script ActiveX controls marked safe for scripting" current user setting should be configured correctly for the Locked-Down Restricted Sites Zone. CCE-16011-9 User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Logon options HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0oThe "Logon options" current user setting should be configured correctly for the Locked-Down Local Machine Zone. CCE-15646-3User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Access data sources across domains HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3The "Access data sources across domains" current user setting should be configured correctly for the Locked-Down Internet Zone. CCE-16041-6#User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Automatic prompting for file downloads HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2The "Automatic prompting for file downloads" current user setting should be configured correctly for the Locked-Down Trusted Sites Zone. CCE-16761-90User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Allow scripting of Internet Explorer web browser control HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1The "Allow scripting of Internet Explorer web browser control" current user setting should be configured correctly for the Locked-Down Intranet Zone. CCE-16420-2*User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Launching applications and files in an IFRAME HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0The "Launching applications and files in an IFRAME" current user setting should be configured correctly for the Locked-Down Local Machine Zone. CCE-16412-9 User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Display mixed content HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3rThe "Display mixed content" current user setting should be configured correctly for the Locked-Down Internet Zone. CCE-15328-8User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Use SmartScreen Filter HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1sThe "Use SmartScreen Filter" current user setting should be configured correctly for the Locked-Down Intranet Zone. CCE-16576-1User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Turn on Protected Mode HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4{The "Turn on Protected Mode" current user setting should be configured correctly for the Locked-Down Restricted Sites Zone. CCE-15603-4:User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Run .NET Framework-reliant components not signed with Authenticode HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3The "Run .NET Framework-reliant components not signed with Authenticode" current user setting should be configured correctly for the Locked-Down Internet Zone. CCE-15539-0User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Use SmartScreen Filter HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0xThe "Use SmartScreen Filter" current user setting should be configured correctly for the Locked-Down Local Machine Zone. CCE-16455-8GUser Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Web sites in less privileged Web content zones can navigate into this zone HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0The "Web sites in less privileged Web content zones can navigate into this zone" current user setting should be configured correctly for the Locked-Down Local Machine Zone. CCE-15513-5User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Software channel permissions HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2~The "Software channel permissions" current user setting should be configured correctly for the Locked-Down Trusted Sites Zone. CCE-17078-7AUser Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Allow cut, copy or paste operations from the clipboard via script HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4The "Allow cut, copy or paste operations from the clipboard via script" current user setting should be configured correctly for the Locked-Down Restricted Sites Zone. CCE-15255-3User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Allow META REFRESH HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0tThe "Allow META REFRESH" current user setting should be configured correctly for the Locked-Down Local Machine Zone. CCE-16198-4User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Turn on Protected Mode HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2xThe "Turn on Protected Mode" current user setting should be configured correctly for the Locked-Down Trusted Sites Zone. CCE-17032-49User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\All< ow cut, copy or paste operations from the clipboard via script HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3The "Allow cut, copy or paste operations from the clipboard via script" current user setting should be configured correctly for the Locked-Down Internet Zone. CCE-15318-98User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Allow scripting of Internet Explorer web browser control HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4The "Allow scripting of Internet Explorer web browser control" current user setting should be configured correctly for the Locked-Down Restricted Sites Zone. CCE-15100-1User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Display mixed content HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0wThe "Display mixed content" current user setting should be configured correctly for the Locked-Down Local Machine Zone. CCE-16326-1?User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Run .NET Framework-reliant components not signed with Authenticode HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0The "Run .NET Framework-reliant components not signed with Authenticode" current user setting should be configured correctly for the Locked-Down Local Machine Zone. CCE-16399-8User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Allow META REFRESH HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2tThe "Allow META REFRESH" current user setting should be configured correctly for the Locked-Down Trusted Sites Zone. CCE-17141-3'User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Open files based on content, not file extension HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1The "Open files based on content, not file extension" current user setting should be configured correctly for the Locked-Down Intranet Zone. CCE-16560-5User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Access data sources across domains HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1The "Access data sources across domains" current user setting should be configured correctly for the Locked-Down Intranet Zone. CCE-15626-5User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Download unsigned ActiveX controls HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0The "Download unsigned ActiveX controls" current user setting should be configured correctly for the Locked-Down Local Machine Zone. CCE-15506-9User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Turn Off First-Run Opt-In HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3vThe "Turn Off First-Run Opt-In" current user setting should be configured correctly for the Locked-Down Internet Zone. CCE-16223-0%User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Automatic prompting for ActiveX controls HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0The "Automatic prompting for ActiveX controls" current user setting should be configured correctly for the Locked-Down Local Machine Zone. CCE-16366-7`User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Do not prompt for client certificate selection when no certificates or only one certificate exists. HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2The "Do not prompt for client certificate selection when no certificates or only one certificate exists." current user setting should be configured correctly for the Locked-Down Trusted Sites Zone. CCE-17180-1User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\XPS documents HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1jThe "XPS documents" current user setting should be configured correctly for the Locked-Down Intranet Zone. CCE-16415-2%User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Automatic prompting for ActiveX controls HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2The "Automatic prompting for ActiveX controls" current user setting should be configured correctly for the Locked-Down Trusted Sites Zone. CCE-17118-1;User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Allow script-initiated windows without size or position constraints HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1The "Allow script-initiated windows without size or position constraints" current user setting should be configured correctly for the Locked-Down Intranet Zone. CCE-16495-4User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Turn on Protected Mode HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0xThe "Turn on Protected Mode" current user setting should be configured correctly for the Locked-Down Local Machine Zone. CCE-16386-5User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Use SmartScreen Filter HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3sThe "Use SmartScreen Filter" current user setting should be configured correctly for the Locked-Down Internet Zone. CCE-15322-1 User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Allow status bar updates via script HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2The "Allow status bar updates via script" current user setting should be configured correctly for the Locked-Down Trusted Sites Zone. CCE-16258-6User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Run ActiveX controls and plugins HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0The "Run ActiveX controls and plugins" current user setting should be configured correctly for the Locked-Down Local Machine Zone. CCE-16453-3User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Userdata persistence HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0< vThe "Userdata persistence" current user setting should be configured correctly for the Locked-Down Local Machine Zone. CCE-15551-5User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Download signed ActiveX controls HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0The "Download signed ActiveX controls" current user setting should be configured correctly for the Locked-Down Local Machine Zone. CCE-16321-2?User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Allow video and animation on a Web page that uses a legacy media player HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3The "Allow video and animation on a Web page that uses a legacy media player" current user setting should be configured correctly for the Locked-Down Internet Zone. CCE-16305-51User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Navigate windows and frames across different domains HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0The "Navigate windows and frames across different domains" current user setting should be configured correctly for the Locked-Down Local Machine Zone. CCE-16339-4*User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Launching applications and files in an IFRAME HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2The "Launching applications and files in an IFRAME" current user setting should be configured correctly for the Locked-Down Trusted Sites Zone. CCE-17225-4User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Allow file downloads HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0vThe "Allow file downloads" current user setting should be configured correctly for the Locked-Down Local Machine Zone. CCE-16390-7User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\XPS documents HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3jThe "XPS documents" current user setting should be configured correctly for the Locked-Down Internet Zone. CCE-15939-21User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Navigate windows and frames across different domains HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2The "Navigate windows and frames across different domains" current user setting should be configured correctly for the Locked-Down Trusted Sites Zone. CCE-16221-4 User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Automatic prompting for ActiveX controls HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1The "Automatic prompting for ActiveX controls" current user setting should be configured correctly for the Locked-Down Intranet Zone. CCE-15679-44User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Navigate windows and frames across different domains HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4The "Navigate windows and frames across different domains" current user setting should be configured correctly for the Locked-Down Restricted Sites Zone. CCE-15301-5GUser Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Allow video and animation on a Web page that uses a legacy media player HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4The "Allow video and animation on a Web page that uses a legacy media player" current user setting should be configured correctly for the Locked-Down Restricted Sites Zone. CCE-15228-0 User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Allow file downloads HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1qThe "Allow file downloads" current user setting should be configured correctly for the Locked-Down Intranet Zone. CCE-15634-9 User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Loose XAML files HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0rThe "Loose XAML files" current user setting should be configured correctly for the Locked-Down Local Machine Zone. CCE-15941-8User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Allow file downloads HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4yThe "Allow file downloads" current user setting should be configured correctly for the Locked-Down Restricted Sites Zone. CCE-15997-0User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Access data sources across domains HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2The "Access data sources across domains" current user setting should be configured correctly for the Locked-Down Trusted Sites Zone. CCE-16222-2&User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Automatic prompting for file downloads HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4The "Automatic prompting for file downloads" current user setting should be configured correctly for the Locked-Down Restricted Sites Zone. CCE-15233-0DUser Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Allow video and animation on a Web page that uses a legacy media player HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2The "Allow video and animation on a Web page that uses a legacy media player" current user setting should be configured correctly for the Locked-Down Trusted Sites Zone. CCE-17066-2 User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Automatic prompting for ActiveX controls HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3The "Automatic prompting for ActiveX controls" current user setting should be configured correctly for the Locked-Down Internet Zone. CCE-16045-7%User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Launching applications and files in an IFRAME HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1The "Launching applications and files in an IFRAME" current user setting should be configured correctly for the Locked-Down Intranet Zo< ne. CCE-16446-7/User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Open files based on content, not file extension HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4The "Open files based on content, not file extension" current user setting should be configured correctly for the Locked-Down Restricted Sites Zone. CCE-15432-8User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Download signed ActiveX controls HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1}The "Download signed ActiveX controls" current user setting should be configured correctly for the Locked-Down Intranet Zone. CCE-16333-7 User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Run ActiveX controls and plugins HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4The "Run ActiveX controls and plugins" current user setting should be configured correctly for the Locked-Down Restricted Sites Zone. CCE-15574-7User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Use Pop-up Blocker HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0tThe "Use Pop-up Blocker" current user setting should be configured correctly for the Locked-Down Local Machine Zone. CCE-16217-2 User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\XPS documents HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4rThe "XPS documents" current user setting should be configured correctly for the Locked-Down Restricted Sites Zone. CCE-15942-6User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Disable .NET Framework Setup HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3yThe "Disable .NET Framework Setup" current user setting should be configured correctly for the Locked-Down Internet Zone. CCE-15324-7<User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Allow websites to prompt for information using scripted windows HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2The "Allow websites to prompt for information using scripted windows" current user setting should be configured correctly for the Locked-Down Trusted Sites Zone. CCE-16970-6User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Submit non-encrypted form data HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0The "Submit non-encrypted form data" current user setting should be configured correctly for the Locked-Down Local Machine Zone. CCE-15778-4User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\XAML browser applications HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0{The "XAML browser applications" current user setting should be configured correctly for the Locked-Down Local Machine Zone. CCE-16352-7User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Allow font downloads HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0vThe "Allow font downloads" current user setting should be configured correctly for the Locked-Down Local Machine Zone. CCE-16213-15User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Allow scripting of Internet Explorer web browser control HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0The "Allow scripting of Internet Explorer web browser control" current user setting should be configured correctly for the Locked-Down Local Machine Zone. CCE-15754-5GUser Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Web sites in less privileged Web content zones can navigate into this zone HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2The "Web sites in less privileged Web content zones can navigate into this zone" current user setting should be configured correctly for the Locked-Down Trusted Sites Zone. CCE-17177-7User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Scripting of Java applets HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3vThe "Scripting of Java applets" current user setting should be configured correctly for the Locked-Down Internet Zone. CCE-15755-2?User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Only allow approved domains to use ActiveX controls without prompt HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2The "Only allow approved domains to use ActiveX controls without prompt" current user setting should be configured correctly for the Locked-Down Trusted Sites Zone. CCE-17021-77User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Allow websites to prompt for information using scripted windows HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3The "Allow websites to prompt for information using scripted windows" current user setting should be configured correctly for the Locked-Down Internet Zone. CCE-15525-9:User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Include local directory path when uploading files to a server HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2The "Include local directory path when uploading files to a server" current user setting should be configured correctly for the Locked-Down Trusted Sites Zone. CCE-16949-0User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Scripting of Java applets HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2{The "Scripting of Java applets" current user setting should be configured correctly for the Locked-Down Trusted Sites Zone. CCE-17146-26User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Run .NET Framework-reliant components signed with Authenticode HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3The "Run .NET Framework-reliant components signed with Authenticode" current user setting should be configured correctly for the Locked-Down Internet Zone. CCE-15981-4#User Configuration\Administrative Templates\Windows Components\Internet Explo< rer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Allow drag and drop or copy and paste files HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1The "Allow drag and drop or copy and paste files" current user setting should be configured correctly for the Locked-Down Intranet Zone. CCE-16442-6User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\XAML browser applications HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2{The "XAML browser applications" current user setting should be configured correctly for the Locked-Down Trusted Sites Zone. CCE-16482-2#User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Allow installation of desktop items HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4The "Allow installation of desktop items" current user setting should be configured correctly for the Locked-Down Restricted Sites Zone. CCE-15036-79User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Allow cut, copy or paste operations from the clipboard via script HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1The "Allow cut, copy or paste operations from the clipboard via script" current user setting should be configured correctly for the Locked-Down Intranet Zone. CCE-16556-3User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Download signed ActiveX controls HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2The "Download signed ActiveX controls" current user setting should be configured correctly for the Locked-Down Trusted Sites Zone. CCE-17247-8User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Turn Off First-Run Opt-In HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0{The "Turn Off First-Run Opt-In" current user setting should be configured correctly for the Locked-Down Local Machine Zone. CCE-16481-4 User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Use Pop-up Blocker HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3oThe "Use Pop-up Blocker" current user setting should be configured correctly for the Locked-Down Internet Zone. CCE-15703-2User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Run ActiveX controls and plugins HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1}The "Run ActiveX controls and plugins" current user setting should be configured correctly for the Locked-Down Intranet Zone. CCE-16580-3User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Use SmartScreen Filter HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2xThe "Use SmartScreen Filter" current user setting should be configured correctly for the Locked-Down Trusted Sites Zone. CCE-16307-1User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Loose XAML files HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1mThe "Loose XAML files" current user setting should be configured correctly for the Locked-Down Intranet Zone. CCE-16501-9(User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Allow drag and drop or copy and paste files HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2The "Allow drag and drop or copy and paste files" current user setting should be configured correctly for the Locked-Down Trusted Sites Zone. CCE-16732-0!User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Turn on Cross-Site Scripting (XSS) Filter HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1The "Turn on Cross-Site Scripting (XSS) Filter" current user setting should be configured correctly for the Locked-Down Intranet Zone. CCE-16055-6User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Allow active scripting HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4{The "Allow active scripting" current user setting should be configured correctly for the Locked-Down Restricted Sites Zone. CCE-16035-8 User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Logon options HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4rThe "Logon options" current user setting should be configured correctly for the Locked-Down Restricted Sites Zone. CCE-15463-3&User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Turn on Cross-Site Scripting (XSS) Filter HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0The "Turn on Cross-Site Scripting (XSS) Filter" current user setting should be configured correctly for the Locked-Down Local Machine Zone. CCE-16417-8(User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Allow drag and drop or copy and paste files HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0The "Allow drag and drop or copy and paste files" current user setting should be configured correctly for the Locked-Down Local Machine Zone. CCE-16486-3 User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Allow installation of desktop items HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2The "Allow installation of desktop items" current user setting should be configured correctly for the Locked-Down Trusted Sites Zone. CCE-17243-7 User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Allow META REFRESH HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1oThe "Allow META REFRESH" current user setting should be configured correctly for the Locked-Down Intranet Zone. CCE-15638-0User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Submit non-encrypted form data HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2The "Submit non-encrypted form data" current user setting should be configured correctly for the Locked-Down Trusted Sites Zone. CCE-17077-9User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\S< ecurity Page\Locked-Down Internet Zone\Allow active scripting HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3sThe "Allow active scripting" current user setting should be configured correctly for the Locked-Down Internet Zone. CCE-16062-2:User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Only allow approved domains to use ActiveX controls without prompt HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1The "Only allow approved domains to use ActiveX controls without prompt" current user setting should be configured correctly for the Locked-Down Intranet Zone. CCE-16346-9(User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Automatic prompting for ActiveX controls HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4The "Automatic prompting for ActiveX controls" current user setting should be configured correctly for the Locked-Down Restricted Sites Zone. CCE-15816-2,User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Navigate windows and frames across different domains HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1The "Navigate windows and frames across different domains" current user setting should be configured correctly for the Locked-Down Intranet Zone. CCE-16065-5 User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Launching programs and unsafe files HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0The "Launching programs and unsafe files" current user setting should be configured correctly for the Locked-Down Local Machine Zone. CCE-15912-9.User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Script ActiveX controls marked safe for scripting HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2The "Script ActiveX controls marked safe for scripting" current user setting should be configured correctly for the Locked-Down Trusted Sites Zone. CCE-16200-8User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\XAML browser applications HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3vThe "XAML browser applications" current user setting should be configured correctly for the Locked-Down Internet Zone. CCE-16265-1+User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Allow drag and drop or copy and paste files HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4The "Allow drag and drop or copy and paste files" current user setting should be configured correctly for the Locked-Down Restricted Sites Zone. CCE-15812-1User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Turn Off First-Run Opt-In HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2{The "Turn Off First-Run Opt-In" current user setting should be configured correctly for the Locked-Down Trusted Sites Zone. CCE-17062-1User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Allow active scripting HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2xThe "Allow active scripting" current user setting should be configured correctly for the Locked-Down Trusted Sites Zone. CCE-16450-9:User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Include local directory path when uploading files to a server HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0The "Include local directory path when uploading files to a server" current user setting should be configured correctly for the Locked-Down Local Machine Zone. CCE-16473-1User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Allow binary and script behaviors HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2The "Allow binary and script behaviors" current user setting should be configured correctly for the Locked-Down Trusted Sites Zone. CCE-16272-7>User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Allow cut, copy or paste operations from the clipboard via script HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2The "Allow cut, copy or paste operations from the clipboard via script" current user setting should be configured correctly for the Locked-Down Trusted Sites Zone. CCE-16926-8 User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Userdata persistence HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3qThe "Userdata persistence" current user setting should be configured correctly for the Locked-Down Internet Zone. CCE-16134-9#User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Allow status bar updates via script HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4The "Allow status bar updates via script" current user setting should be configured correctly for the Locked-Down Restricted Sites Zone. CCE-15984-8 User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\XPS documents HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0oThe "XPS documents" current user setting should be configured correctly for the Locked-Down Local Machine Zone. CCE-16448-36User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Run .NET Framework-reliant components signed with Authenticode HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1The "Run .NET Framework-reliant components signed with Authenticode" current user setting should be configured correctly for the Locked-Down Intranet Zone. CCE-15742-0=User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Include local directory path when uploading files to a server HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4The "Include local directory path when uploading files to a server" current user setting should be configured correctly for the Locked-Down Restricted Sites Zone. CCE-15722-2User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Download unsigned ActiveX controls HKEY_CURRENT_USER\Software\Policies\Microsof< t\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2The "Download unsigned ActiveX controls" current user setting should be configured correctly for the Locked-Down Trusted Sites Zone. CCE-17231-2User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Allow Scriptlets HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1mThe "Allow Scriptlets" current user setting should be configured correctly for the Locked-Down Intranet Zone. CCE-16311-3<User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Allow websites to prompt for information using scripted windows HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0The "Allow websites to prompt for information using scripted windows" current user setting should be configured correctly for the Locked-Down Local Machine Zone. CCE-16075-4User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Run ActiveX controls and plugins HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3}The "Run ActiveX controls and plugins" current user setting should be configured correctly for the Locked-Down Internet Zone. CCE-16331-1>User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Run .NET Framework-reliant components signed with Authenticode HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4The "Run .NET Framework-reliant components signed with Authenticode" current user setting should be configured correctly for the Locked-Down Restricted Sites Zone. CCE-15992-1User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Loose XAML files HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3mThe "Loose XAML files" current user setting should be configured correctly for the Locked-Down Internet Zone. CCE-15935-0 User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Allow file downloads HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3qThe "Allow file downloads" current user setting should be configured correctly for the Locked-Down Internet Zone. CCE-16080-4User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Java permissions HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4uThe "Java permissions" current user setting should be configured correctly for the Locked-Down Restricted Sites Zone. CCE-15243-9User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Userdata persistence HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4yThe "Userdata persistence" current user setting should be configured correctly for the Locked-Down Restricted Sites Zone. CCE-15678-6User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Use Pop-up Blocker HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4wThe "Use Pop-up Blocker" current user setting should be configured correctly for the Locked-Down Restricted Sites Zone. CCE-15975-61User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Initialize and script ActiveX controls not marked as safe HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3The "Initialize and script ActiveX controls not marked as safe" current user setting should be configured correctly for the Locked-Down Internet Zone. CCE-16291-7"User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Access data sources across domains HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4The "Access data sources across domains" current user setting should be configured correctly for the Locked-Down Restricted Sites Zone. CCE-15966-5 User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Allow installation of desktop items HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0The "Allow installation of desktop items" current user setting should be configured correctly for the Locked-Down Local Machine Zone. CCE-16325-3%User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Launching applications and files in an IFRAME HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3The "Launching applications and files in an IFRAME" current user setting should be configured correctly for the Locked-Down Internet Zone. CCE-15567-1=User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Allow websites to open windows without address or status bars HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4The "Allow websites to open windows without address or status bars" current user setting should be configured correctly for the Locked-Down Restricted Sites Zone. CCE-15204-1User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Java permissions HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3mThe "Java permissions" current user setting should be configured correctly for the Locked-Down Internet Zone. CCE-16155-4User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Software channel permissions HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4The "Software channel permissions" current user setting should be configured correctly for the Locked-Down Restricted Sites Zone. CCE-15212-4User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Userdata persistence HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2vThe "Userdata persistence" current user setting should be configured correctly for the Locked-Down Trusted Sites Zone. CCE-17252-8User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Allow status bar updates via script HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1The "Allow status bar updates via script" current user setting should be configured correctly for the Locked-Down Intranet Zone. CCE-16095-2)User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Script ActiveX controls marked safe for < scripting HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1The "Script ActiveX controls marked safe for scripting" current user setting should be configured correctly for the Locked-Down Intranet Zone. CCE-16190-1;User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Run .NET Framework-reliant components signed with Authenticode HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2The "Run .NET Framework-reliant components signed with Authenticode" current user setting should be configured correctly for the Locked-Down Trusted Sites Zone. CCE-16280-0`User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Do not prompt for client certificate selection when no certificates or only one certificate exists. HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0The "Do not prompt for client certificate selection when no certificates or only one certificate exists." current user setting should be configured correctly for the Locked-Down Local Machine Zone. CCE-16476-4User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Launching programs and unsafe files HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1The "Launching programs and unsafe files" current user setting should be configured correctly for the Locked-Down Intranet Zone. CCE-16071-3User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Allow binary and script behaviors HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0The "Allow binary and script behaviors" current user setting should be configured correctly for the Locked-Down Local Machine Zone. CCE-16344-41User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Initialize and script ActiveX controls not marked as safe HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1The "Initialize and script ActiveX controls not marked as safe" current user setting should be configured correctly for the Locked-Down Intranet Zone. CCE-16492-1:User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Allow websites to open windows without address or status bars HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2The "Allow websites to open windows without address or status bars" current user setting should be configured correctly for the Locked-Down Trusted Sites Zone. CCE-17238-7User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Allow META REFRESH HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4wThe "Allow META REFRESH" current user setting should be configured correctly for the Locked-Down Restricted Sites Zone. CCE-16024-27User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Allow websites to prompt for information using scripted windows HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1The "Allow websites to prompt for information using scripted windows" current user setting should be configured correctly for the Locked-Down Intranet Zone. CCE-16381-6User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Software channel permissions HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1yThe "Software channel permissions" current user setting should be configured correctly for the Locked-Down Intranet Zone. CCE-15620-8#User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Automatic prompting for file downloads HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0The "Automatic prompting for file downloads" current user setting should be configured correctly for the Locked-Down Local Machine Zone. CCE-16452-5)User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Script ActiveX controls marked safe for scripting HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3The "Script ActiveX controls marked safe for scripting" current user setting should be configured correctly for the Locked-Down Internet Zone. CCE-15558-0User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\XAML browser applications HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1vThe "XAML browser applications" current user setting should be configured correctly for the Locked-Down Intranet Zone. CCE-16359-2User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Allow status bar updates via script HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3The "Allow status bar updates via script" current user setting should be configured correctly for the Locked-Down Internet Zone. CCE-16180-2:User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Run .NET Framework-reliant components not signed with Authenticode HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1The "Run .NET Framework-reliant components not signed with Authenticode" current user setting should be configured correctly for the Locked-Down Intranet Zone. CCE-15862-6User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Display mixed content HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2wThe "Display mixed content" current user setting should be configured correctly for the Locked-Down Trusted Sites Zone. CCE-16211-5User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Turn Off First-Run Opt-In HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4~The "Turn Off First-Run Opt-In" current user setting should be configured correctly for the Locked-Down Restricted Sites Zone. CCE-15044-1User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Allow file downloads HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2vThe "Allow file downloads" current user setting should be configured correctly for the Locked-Down Trusted Sites Zone. CCE-16220-6?User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Allow websites to prompt for information using scripted windows HKEY_CURRENT_USER\Softw< are\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4The "Allow websites to prompt for information using scripted windows" current user setting should be configured correctly for the Locked-Down Restricted Sites Zone. CCE-15076-3:User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Allow websites to open windows without address or status bars HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0The "Allow websites to open windows without address or status bars" current user setting should be configured correctly for the Locked-Down Local Machine Zone. CCE-16449-1.User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Script ActiveX controls marked safe for scripting HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0The "Script ActiveX controls marked safe for scripting" current user setting should be configured correctly for the Locked-Down Local Machine Zone. CCE-16426-9User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Software channel permissions HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3yThe "Software channel permissions" current user setting should be configured correctly for the Locked-Down Internet Zone. CCE-16296-6;User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Run .NET Framework-reliant components signed with Authenticode HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0The "Run .NET Framework-reliant components signed with Authenticode" current user setting should be configured correctly for the Locked-Down Local Machine Zone. CCE-15832-9 User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Allow META REFRESH HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3oThe "Allow META REFRESH" current user setting should be configured correctly for the Locked-Down Internet Zone. CCE-15876-6User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Disable .NET Framework Setup HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2~The "Disable .NET Framework Setup" current user setting should be configured correctly for the Locked-Down Trusted Sites Zone. CCE-16816-1,User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Open files based on content, not file extension HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2The "Open files based on content, not file extension" current user setting should be configured correctly for the Locked-Down Trusted Sites Zone. CCE-16361-8BUser Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Web sites in less privileged Web content zones can navigate into this zone HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3The "Web sites in less privileged Web content zones can navigate into this zone" current user setting should be configured correctly for the Locked-Down Internet Zone. CCE-16176-0User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Allow font downloads HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2vThe "Allow font downloads" current user setting should be configured correctly for the Locked-Down Trusted Sites Zone. CCE-17227-0 User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\XPS documents HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2oThe "XPS documents" current user setting should be configured correctly for the Locked-Down Trusted Sites Zone. CCE-16466-5User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Allow Scriptlets HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3mThe "Allow Scriptlets" current user setting should be configured correctly for the Locked-Down Internet Zone. CCE-16206-5@User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Allow script-initiated windows without size or position constraints HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2The "Allow script-initiated windows without size or position constraints" current user setting should be configured correctly for the Locked-Down Trusted Sites Zone. CCE-16226-3&User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Turn on Cross-Site Scripting (XSS) Filter HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2The "Turn on Cross-Site Scripting (XSS) Filter" current user setting should be configured correctly for the Locked-Down Trusted Sites Zone. CCE-16374-1User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Download unsigned ActiveX controls HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1The "Download unsigned ActiveX controls" current user setting should be configured correctly for the Locked-Down Intranet Zone. CCE-16479-8User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Scripting of Java applets HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1vThe "Scripting of Java applets" current user setting should be configured correctly for the Locked-Down Intranet Zone. CCE-16281-8User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Run ActiveX controls and plugins HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2The "Run ActiveX controls and plugins" current user setting should be configured correctly for the Locked-Down Trusted Sites Zone. CCE-16234-7 User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Allow status bar updates via script HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0The "Allow status bar updates via script" current user setting should be configured correctly for the Locked-Down Local Machine Zone. CCE-16434-3;User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Allow script-initiated windows without size or position constraints HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3The "Allow script-initiated windows without size or position constraints" current user setting< should be configured correctly for the Locked-Down Internet Zone. CCE-15693-5User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Launching programs and unsafe files HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3The "Launching programs and unsafe files" current user setting should be configured correctly for the Locked-Down Internet Zone. CCE-16040-8User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Logon options HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1jThe "Logon options" current user setting should be configured correctly for the Locked-Down Intranet Zone. CCE-15601-85User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Allow websites to open windows without address or status bars HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3The "Allow websites to open windows without address or status bars" current user setting should be configured correctly for the Locked-Down Internet Zone. CCE-15926-9!User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Turn on Cross-Site Scripting (XSS) Filter HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3The "Turn on Cross-Site Scripting (XSS) Filter" current user setting should be configured correctly for the Locked-Down Internet Zone. CCE-16181-0@User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Allow script-initiated windows without size or position constraints HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0The "Allow script-initiated windows without size or position constraints" current user setting should be configured correctly for the Locked-Down Local Machine Zone. CCE-16459-0User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\XAML browser applications HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4~The "XAML browser applications" current user setting should be configured correctly for the Locked-Down Restricted Sites Zone. CCE-15200-9-User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Launching applications and files in an IFRAME HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4The "Launching applications and files in an IFRAME" current user setting should be configured correctly for the Locked-Down Restricted Sites Zone. CCE-15066-4User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Submit non-encrypted form data HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1{The "Submit non-encrypted form data" current user setting should be configured correctly for the Locked-Down Intranet Zone. CCE-15599-4 User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Download signed ActiveX controls HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4The "Download signed ActiveX controls" current user setting should be configured correctly for the Locked-Down Restricted Sites Zone. CCE-15105-0User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Automatic prompting for file downloads HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1The "Automatic prompting for file downloads" current user setting should be configured correctly for the Locked-Down Intranet Zone. CCE-16562-1User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Allow active scripting HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0xThe "Allow active scripting" current user setting should be configured correctly for the Locked-Down Local Machine Zone. CCE-16335-2BUser Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Only allow approved domains to use ActiveX controls without prompt HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4The "Only allow approved domains to use ActiveX controls without prompt" current user setting should be configured correctly for the Locked-Down Restricted Sites Zone. CCE-15091-2User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Loose XAML files HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4uThe "Loose XAML files" current user setting should be configured correctly for the Locked-Down Restricted Sites Zone. CCE-15096-1User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Java permissions HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1mThe "Java permissions" current user setting should be configured correctly for the Locked-Down Intranet Zone. CCE-15692-7User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Submit non-encrypted form data HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3{The "Submit non-encrypted form data" current user setting should be configured correctly for the Locked-Down Internet Zone. CCE-16270-1User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Turn on Protected Mode HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1sThe "Turn on Protected Mode" current user setting should be configured correctly for the Locked-Down Intranet Zone. CCE-16407-9User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Allow binary and script behaviors HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3~The "Allow binary and script behaviors" current user setting should be configured correctly for the Locked-Down Internet Zone. CCE-16129-9User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Access data sources across domains HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0The "Access data sources across domains" current user setting should be configured correctly for the Locked-Down Local Machine Zone. CCE-15500-2 User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Java permissions HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2< rThe "Java permissions" current user setting should be configured correctly for the Locked-Down Trusted Sites Zone. CCE-16184-4'User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Open files based on content, not file extension HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3The "Open files based on content, not file extension" current user setting should be configured correctly for the Locked-Down Internet Zone. CCE-16314-7[User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Do not prompt for client certificate selection when no certificates or only one certificate exists. HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1The "Do not prompt for client certificate selection when no certificates or only one certificate exists." current user setting should be configured correctly for the Locked-Down Intranet Zone. CCE-16522-5User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Download signed ActiveX controls HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3}The "Download signed ActiveX controls" current user setting should be configured correctly for the Locked-Down Internet Zone. CCE-16036-6User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Disable .NET Framework Setup HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0~The "Disable .NET Framework Setup" current user setting should be configured correctly for the Locked-Down Local Machine Zone. CCE-15538-2User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Turn Off First-Run Opt-In HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1vThe "Turn Off First-Run Opt-In" current user setting should be configured correctly for the Locked-Down Intranet Zone. CCE-15773-55User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Allow scripting of Internet Explorer web browser control HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2The "Allow scripting of Internet Explorer web browser control" current user setting should be configured correctly for the Locked-Down Trusted Sites Zone. CCE-16898-9>User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Allow cut, copy or paste operations from the clipboard via script HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0The "Allow cut, copy or paste operations from the clipboard via script" current user setting should be configured correctly for the Locked-Down Local Machine Zone. CCE-16457-4 User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Allow Scriptlets HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2rThe "Allow Scriptlets" current user setting should be configured correctly for the Locked-Down Trusted Sites Zone. CCE-16642-1#User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Launching programs and unsafe files HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4The "Launching programs and unsafe files" current user setting should be configured correctly for the Locked-Down Restricted Sites Zone. CCE-15351-0BUser Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Run .NET Framework-reliant components not signed with Authenticode HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4The "Run .NET Framework-reliant components not signed with Authenticode" current user setting should be configured correctly for the Locked-Down Restricted Sites Zone. CCE-15873-3"User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Download unsigned ActiveX controls HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4The "Download unsigned ActiveX controls" current user setting should be configured correctly for the Locked-Down Restricted Sites Zone. CCE-15636-4User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Disable .NET Framework Setup HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4The "Disable .NET Framework Setup" current user setting should be configured correctly for the Locked-Down Restricted Sites Zone. CCE-15882-4JUser Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Web sites in less privileged Web content zones can navigate into this zone HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4The "Web sites in less privileged Web content zones can navigate into this zone" current user setting should be configured correctly for the Locked-Down Restricted Sites Zone. CCE-15323-9?User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Allow video and animation on a Web page that uses a legacy media player HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1The "Allow video and animation on a Web page that uses a legacy media player" current user setting should be configured correctly for the Locked-Down Intranet Zone. CCE-16561-3:User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Only allow approved domains to use ActiveX controls without prompt HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3The "Only allow approved domains to use ActiveX controls without prompt" current user setting should be configured correctly for the Locked-Down Internet Zone. CCE-16219-8)User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Turn on Cross-Site Scripting (XSS) Filter HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4The "Turn on Cross-Site Scripting (XSS) Filter" current user setting should be configured correctly for the Locked-Down Restricted Sites Zone. CCE-15327-0,User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Open files based on content, not file extension HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0The "Open files based on content, not file extension" current user setting should be configured correctly for the Locked-Down Local Machine Zone. CCE-16430-15User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\All< ow websites to open windows without address or status bars HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1The "Allow websites to open windows without address or status bars" current user setting should be configured correctly for the Locked-Down Intranet Zone. CCE-15747-9User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Logon options HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3jThe "Logon options" current user setting should be configured correctly for the Locked-Down Internet Zone. CCE-16117-46User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Initialize and script ActiveX controls not marked as safe HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2The "Initialize and script ActiveX controls not marked as safe" current user setting should be configured correctly for the Locked-Down Trusted Sites Zone. CCE-16215-6#User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Allow drag and drop or copy and paste files HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3The "Allow drag and drop or copy and paste files" current user setting should be configured correctly for the Locked-Down Internet Zone. CCE-15976-4User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Allow binary and script behaviors HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1~The "Allow binary and script behaviors" current user setting should be configured correctly for the Locked-Down Intranet Zone. CCE-15963-2User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Allow active scripting HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1sThe "Allow active scripting" current user setting should be configured correctly for the Locked-Down Intranet Zone. CCE-16505-0User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Scripting of Java applets HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0{The "Scripting of Java applets" current user setting should be configured correctly for the Locked-Down Local Machine Zone. CCE-16444-2 User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Logon options HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2oThe "Logon options" current user setting should be configured correctly for the Locked-Down Trusted Sites Zone. CCE-16809-6User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Submit non-encrypted form data HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4The "Submit non-encrypted form data" current user setting should be configured correctly for the Locked-Down Restricted Sites Zone. CCE-15067-2User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Automatic prompting for file downloads HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3The "Automatic prompting for file downloads" current user setting should be configured correctly for the Locked-Down Internet Zone. CCE-16067-1 User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Display mixed content HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1rThe "Display mixed content" current user setting should be configured correctly for the Locked-Down Intranet Zone. CCE-16429-3User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Use SmartScreen Filter HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4{The "Use SmartScreen Filter" current user setting should be configured correctly for the Locked-Down Restricted Sites Zone. CCE-15102-79User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Initialize and script ActiveX controls not marked as safe HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4The "Initialize and script ActiveX controls not marked as safe" current user setting should be configured correctly for the Locked-Down Restricted Sites Zone. CCE-16015-0?User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Only allow approved domains to use ActiveX controls without prompt HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0The "Only allow approved domains to use ActiveX controls without prompt" current user setting should be configured correctly for the Locked-Down Local Machine Zone. CCE-16174-5,User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Navigate windows and frames across different domains HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3The "Navigate windows and frames across different domains" current user setting should be configured correctly for the Locked-Down Internet Zone. CCE-16177-8User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Use Pop-up Blocker HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2tThe "Use Pop-up Blocker" current user setting should be configured correctly for the Locked-Down Trusted Sites Zone. CCE-16983-9 User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Allow Scriptlets HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0rThe "Allow Scriptlets" current user setting should be configured correctly for the Locked-Down Local Machine Zone. CCE-16204-06User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Initialize and script ActiveX controls not marked as safe HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0The "Initialize and script ActiveX controls not marked as safe" current user setting should be configured correctly for the Locked-Down Local Machine Zone. CCE-15512-7BUser Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Web sites in less privileged Web content zones can navigate into this zone HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1The "Web sites in less privileged Web content zones can navigate into this zone" current user setting should be configured correctly for the < Locked-Down Intranet Zone. CCE-15622-4User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Allow installation of desktop items HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1The "Allow installation of desktop items" current user setting should be configured correctly for the Locked-Down Intranet Zone. CCE-16441-8 User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Loose XAML files HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2rThe "Loose XAML files" current user setting should be configured correctly for the Locked-Down Trusted Sites Zone. CCE-16844-3 User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Launching programs and unsafe files HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2The "Launching programs and unsafe files" current user setting should be configured correctly for the Locked-Down Trusted Sites Zone. CCE-16187-7[User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Do not prompt for client certificate selection when no certificates or only one certificate exists. HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3The "Do not prompt for client certificate selection when no certificates or only one certificate exists." current user setting should be configured correctly for the Locked-Down Internet Zone. CCE-15320-5User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Turn on Protected Mode HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3sThe "Turn on Protected Mode" current user setting should be configured correctly for the Locked-Down Internet Zone. CCE-16014-3User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Download unsigned ActiveX controls HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3The "Download unsigned ActiveX controls" current user setting should be configured correctly for the Locked-Down Internet Zone. CCE-16063-0DUser Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Allow video and animation on a Web page that uses a legacy media player HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0The "Allow video and animation on a Web page that uses a legacy media player" current user setting should be configured correctly for the Locked-Down Local Machine Zone. CCE-15690-1 User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Allow font downloads HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3qThe "Allow font downloads" current user setting should be configured correctly for the Locked-Down Internet Zone. CCE-15999-6?User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Run .NET Framework-reliant components not signed with Authenticode HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2The "Run .NET Framework-reliant components not signed with Authenticode" current user setting should be configured correctly for the Locked-Down Trusted Sites Zone. CCE-17028-2 User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Allow font downloads HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1qThe "Allow font downloads" current user setting should be configured correctly for the Locked-Down Intranet Zone. CCE-15734-75User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Include local directory path when uploading files to a server HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3The "Include local directory path when uploading files to a server" current user setting should be configured correctly for the Locked-Down Internet Zone. CCE-16168-7 User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Userdata persistence HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1qThe "Userdata persistence" current user setting should be configured correctly for the Locked-Down Intranet Zone. CCE-15712-3User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Display mixed content HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4zThe "Display mixed content" current user setting should be configured correctly for the Locked-Down Restricted Sites Zone. CCE-15838-6cUser Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Do not prompt for client certificate selection when no certificates or only one certificate exists. HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4The "Do not prompt for client certificate selection when no certificates or only one certificate exists." current user setting should be configured correctly for the Locked-Down Restricted Sites Zone. CCE-15979-8!User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Allow binary and script behaviors HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4The "Allow binary and script behaviors" current user setting should be configured correctly for the Locked-Down Restricted Sites Zone. CCE-15724-8 User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Java permissions HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0rThe "Java permissions" current user setting should be configured correctly for the Locked-Down Local Machine Zone. CCE-15532-5User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Scripting of Java applets HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4~The "Scripting of Java applets" current user setting should be configured correctly for the Locked-Down Restricted Sites Zone. CCE-15317-1User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Allow installation of desktop items HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3The "Allow installation of desktop items" current user setting should be configured correctly for the Locked-Down Internet Zone. CCE-15339-5User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security< Page\Locked-Down Local Machine Zone\Software channel permissions HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0~The "Software channel permissions" current user setting should be configured correctly for the Locked-Down Local Machine Zone. CCE-16408-7User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Disable .NET Framework Setup HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1yThe "Disable .NET Framework Setup" current user setting should be configured correctly for the Locked-Down Intranet Zone. CCE-16602-55User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Include local directory path when uploading files to a server HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1The "Include local directory path when uploading files to a server" current user setting should be configured correctly for the Locked-Down Intranet Zone. CCE-16338-6CUser Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Allow script-initiated windows without size or position constraints HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4The "Allow script-initiated windows without size or position constraints" current user setting should be configured correctly for the Locked-Down Restricted Sites Zone. CCE-15649-7User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Allow Scriptlets HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4uThe "Allow Scriptlets" current user setting should be configured correctly for the Locked-Down Restricted Sites Zone. CCE-15578-8Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Restrict File Download\Process List HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControlZThe "Restrict File Download: Process List" machine setting should be configured correctly. CCE-16775-9Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Restrict File Download\All Processes HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD[The "Restrict File Download: All Processes" machine setting should be configured correctly. CCE-15881-6User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Script ActiveX controls marked safe for scripting HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3The "Script ActiveX controls marked safe for scripting" current user setting should be configured correctly for the Internet Zone. CCE-15598-6User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Allow drag and drop or copy and paste files HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3|The "Allow drag and drop or copy and paste files" current user setting should be configured correctly for the Internet Zone. CCE-15254-6 User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Allow websites to open windows without address or status bars HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3The "Allow websites to open windows without address or status bars" current user setting should be configured correctly for the Internet Zone. CCE-15263-7%User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Run .NET Framework-reliant components not signed with Authenticode HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3The "Run .NET Framework-reliant components not signed with Authenticode" current user setting should be configured correctly for the Internet Zone. CCE-16210-7User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Allow status bar updates via script HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3tThe "Allow status bar updates via script" current user setting should be configured correctly for the Internet Zone. CCE-15518-4User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Turn on Protected Mode HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3gThe "Turn on Protected Mode" current user setting should be configured correctly for the Internet Zone. CCE-15279-3User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Allow active scripting HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3gThe "Allow active scripting" current user setting should be configured correctly for the Internet Zone. CCE-15199-3"User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Allow websites to prompt for information using scripted windows HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3The "Allow websites to prompt for information using scripted windows" current user setting should be configured correctly for the Internet Zone. CCE-15223-1User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Software channel permissions HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3mThe "Software channel permissions" current user setting should be configured correctly for the Internet Zone. CCE-15510-1 User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Automatic prompting for ActiveX controls HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3yThe "Automatic prompting for ActiveX controls" current user setting should be configured correctly for the Internet Zone. CCE-16131-5User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Java permissions HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3aThe "Java permissions" current user setting should be configured correctly for the Internet Zone. CCE-15211-6User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Allow file downloads HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3eThe "Allow file downloads" current user setting should be configured correctly for the Internet Zone. CCE-16127-3User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Allow font downloads HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3eThe "Allow font downloads" current user setting should be configured correctly for the Internet Zone. CCE-16017-6User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Allow installation of de< sktop items HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3tThe "Allow installation of desktop items" current user setting should be configured correctly for the Internet Zone. CCE-15356-9 User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Automatic prompting for file downloads HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3wThe "Automatic prompting for file downloads" current user setting should be configured correctly for the Internet Zone. CCE-15730-5User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Loose XAML files HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3aThe "Loose XAML files" current user setting should be configured correctly for the Internet Zone. CCE-15404-7 User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Turn on Cross-Site Scripting (XSS) Filter HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3zThe "Turn on Cross-Site Scripting (XSS) Filter" current user setting should be configured correctly for the Internet Zone. CCE-15675-2User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\XAML browser applications HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3jThe "XAML browser applications" current user setting should be configured correctly for the Internet Zone. CCE-15931-9User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Launching programs and unsafe files HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3tThe "Launching programs and unsafe files" current user setting should be configured correctly for the Internet Zone. CCE-15783-4$User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Allow cut, copy or paste operations from the clipboard via script HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3The "Allow cut, copy or paste operations from the clipboard via script" current user setting should be configured correctly for the Internet Zone. CCE-16201-6&User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Allow script-initiated windows without size or position constraints HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3The "Allow script-initiated windows without size or position constraints" current user setting should be configured correctly for the Internet Zone. CCE-15667-9FUser Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Do not prompt for client certificate selection when no certificates or only one certificate exists. HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3The "Do not prompt for client certificate selection when no certificates or only one certificate exists." current user setting should be configured correctly for the Internet Zone. CCE-15202-5-User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Web sites in less privileged Web content zones can navigate into this zone HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3The "Web sites in less privileged Web content zones can navigate into this zone" current user setting should be configured correctly for the Internet Zone. CCE-15809-7User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Navigate windows and frames across different domains HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3The "Navigate windows and frames across different domains" current user setting should be configured correctly for the Internet Zone. CCE-16028-3%User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Only allow approved domains to use ActiveX controls without prompt HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3The "Only allow approved domains to use ActiveX controls without prompt" current user setting should be configured correctly for the Internet Zone. CCE-15652-1User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Logon options HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3^The "Logon options" current user setting should be configured correctly for the Internet Zone. CCE-16083-8!User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Run .NET Framework-reliant components signed with Authenticode HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3The "Run .NET Framework-reliant components signed with Authenticode" current user setting should be configured correctly for the Internet Zone. CCE-15347-8User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Allow Scriptlets HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3aThe "Allow Scriptlets" current user setting should be configured correctly for the Internet Zone. CCE-15505-1User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Allow META REFRESH HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3cThe "Allow META REFRESH" current user setting should be configured correctly for the Internet Zone. CCE-15922-8User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Userdata persistence HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3eThe "Userdata persistence" current user setting should be configured correctly for the Internet Zone. CCE-15990-5User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\XPS documents HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3^The "XPS documents" current user setting should be configured correctly for the Internet Zone. CCE-16169-5 User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Include local directory path when uploading files to a server HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3The "Include local directory path when uploading files to a server" current user setting should be configured correctly for the Internet Zone. CCE-15305-6User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Disable .NET Framework Setup HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3mThe "Disable .NET Framework Setup" current user setting should be configured correctly for the Internet Zone. CCE-15968-1User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone< \Use SmartScreen Filter HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3gThe "Use SmartScreen Filter" current user setting should be configured correctly for the Internet Zone. CCE-16182-8'User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Allow active content over restricted protocols to access my computer HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3The "Allow active content over restricted protocols to access my computer" current user setting should be configured correctly for the Internet Zone. CCE-15515-0User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Turn Off First-Run Opt-In HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3jThe "Turn Off First-Run Opt-In" current user setting should be configured correctly for the Internet Zone. CCE-16078-8User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Initialize and script ActiveX controls not marked as safe HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3The "Initialize and script ActiveX controls not marked as safe" current user setting should be configured correctly for the Internet Zone. CCE-15825-3User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Access data sources across domains HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3sThe "Access data sources across domains" current user setting should be configured correctly for the Internet Zone. CCE-15220-7User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Scripting of Java applets HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3jThe "Scripting of Java applets" current user setting should be configured correctly for the Internet Zone. CCE-15280-1User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Display mixed content HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3fThe "Display mixed content" current user setting should be configured correctly for the Internet Zone. CCE-15438-5User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Launching applications and files in an IFRAME HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3~The "Launching applications and files in an IFRAME" current user setting should be configured correctly for the Internet Zone. CCE-16050-7User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Run ActiveX controls and plugins HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3qThe "Run ActiveX controls and plugins" current user setting should be configured correctly for the Internet Zone. CCE-15686-9User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Open files based on content, not file extension HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3The "Open files based on content, not file extension" current user setting should be configured correctly for the Internet Zone. CCE-15871-7User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Use Pop-up Blocker HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3cThe "Use Pop-up Blocker" current user setting should be configured correctly for the Internet Zone. CCE-15986-3*User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Allow video and animation on a Web page that uses a legacy media player HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3The "Allow video and animation on a Web page that uses a legacy media player" current user setting should be configured correctly for the Internet Zone. CCE-16136-4User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Download signed ActiveX controls HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3qThe "Download signed ActiveX controls" current user setting should be configured correctly for the Internet Zone. CCE-15201-7User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Submit non-encrypted form data HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3oThe "Submit non-encrypted form data" current user setting should be configured correctly for the Internet Zone. CCE-16197-6User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Allow binary and script behaviors HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3rThe "Allow binary and script behaviors" current user setting should be configured correctly for the Internet Zone. CCE-16173-7User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Download unsigned ActiveX controls HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3sThe "Download unsigned ActiveX controls" current user setting should be configured correctly for the Internet Zone. CCE-16149-7Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Delete Browsing History\Prevent Deleting Form Data HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Control PanelPThe "Prevent Deleting Form Data" machine setting should be configured correctly. CCE-15242-1Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Delete Browsing History\Configure Delete Browsing History on exit HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Privacy_The "Configure Delete Browsing History on exit" machine setting should be configured correctly. CCE-15494-8Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Delete Browsing History\Prevent Deleting InPrivate Filtering data HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Privacy_The "Prevent Deleting InPrivate Filtering data" machine setting should be configured correctly. CCE-16001-0Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Delete Browsing History\Prevent Deleting Passwords HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Control PanelPThe "Prevent Deleting Passwords" machine setting should be configured correctly. CCE-15022-7Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Delete Browsing History\Prevent Deleting Favorites Site Data HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\PrivacyZThe "Prevent Deleting Favorites Site Data" machine setting should be configured correctly. CCE-15480-7Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Restrict ActiveX Install\All Processes HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL]The "Restrict ActiveX Ins< tall: All Processes" machine setting should be configured correctly. CCE-16718-9Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Restrict ActiveX Install\Process List HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\The "Restrict ActiveX Install: Process List" machine setting should be configured correctly. CCE-16480-6User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Settings\Advanced settings\Printing\Allow the printing of background colors and images HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\MainmThe "Allow the printing of background colors and images" current user setting should be configured correctly. CCE-15727-1Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Use SmartScreen Filter HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4jThe "Use SmartScreen Filter" machine setting should be configured correctly for the Restricted Sites Zone. CCE-15760-27Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Allow video and animation on a Web page that uses a legacy media player HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4The "Allow video and animation on a Web page that uses a legacy media player" machine setting should be configured correctly for the Restricted Sites Zone. CCE-15569-7Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Submit non-encrypted form data HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4rThe "Submit non-encrypted form data" machine setting should be configured correctly for the Restricted Sites Zone. CCE-15647-1Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Display mixed content HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4iThe "Display mixed content" machine setting should be configured correctly for the Restricted Sites Zone. CCE-16294-1Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\XPS documents HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4aThe "XPS documents" machine setting should be configured correctly for the Restricted Sites Zone. CCE-16537-3 Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\XAML browser applications HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4mThe "XAML browser applications" machine setting should be configured correctly for the Restricted Sites Zone. CCE-16268-5SComputer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Do not prompt for client certificate selection when no certificates or only one certificate exists. HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4The "Do not prompt for client certificate selection when no certificates or only one certificate exists." machine setting should be configured correctly for the Restricted Sites Zone. CCE-16391-5 Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Disable .NET Framework Setup HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4pThe "Disable .NET Framework Setup" machine setting should be configured correctly for the Restricted Sites Zone. CCE-15546-5/Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Allow websites to prompt for information using scripted windows HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4The "Allow websites to prompt for information using scripted windows" machine setting should be configured correctly for the Restricted Sites Zone. CCE-16363-4-Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Allow websites to open windows without address or status bars HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4The "Allow websites to open windows without address or status bars" machine setting should be configured correctly for the Restricted Sites Zone. CCE-16299-04Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Allow active content over restricted protocols to access my computer HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4The "Allow active content over restricted protocols to access my computer" machine setting should be configured correctly for the Restricted Sites Zone. CCE-15641-4Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Automatic prompting for ActiveX controls HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4|The "Automatic prompting for ActiveX controls" machine setting should be configured correctly for the Restricted Sites Zone. CCE-16370-9(Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Allow scripting of Internet Explorer web browser control HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4The "Allow scripting of Internet Explorer web browser control" machine setting should be configured correctly for the Restricted Sites Zone. CCE-15702-4User Configuration\Administrative Templates\Windows Components\Internet Explorer\Accelerators\Turn off Accelerators HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\ActivitiesPThe "Turn off Accelerators" current user setting should be configured correctly. CCE-16879-9User Configuration\Administrative Templates\Windows Components\Internet Explorer\Accelerators\Use Policy Accelerators HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Activities\RestrictionsRThe "Use Policy Accelerators" current user setting should be configured correctly. CCE-16848-4User Configuration\Administrative Templates\Windows Components\Internet Explorer\Accelerators\Deploy default Accelerators HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\GPActivities\ActivitiesDefaultInstallVThe "Deploy default Accelerators" current user setting should be configured correctly. CCE-16874-0User Configuration\Administrative Templates\Windows Components\Internet Explorer\Accelerators\Deploy non-default Accelerators HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\GPActivities\ActivitiesInstallZThe "Deploy non-default Accelerators" current user setting should be configured correctly. CCE-16852-6Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Accelerators\Use Policy Accelerators HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Activities\RestrictionsMThe "Use Policy Accelerators" machine setting should be configured correctly. CCE-16276-8Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Accelerators\Deploy non-default Accelerators HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\GPA< ctivities\ActivitiesInstallUThe "Deploy non-default Accelerators" machine setting should be configured correctly. CCE-16527-4Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Accelerators\Deploy default Accelerators HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\GPActivities\ActivitiesDefaultInstallQThe "Deploy default Accelerators" machine setting should be configured correctly. CCE-16395-6Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Accelerators\Turn off Accelerators HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\ActivitiesKThe "Turn off Accelerators" machine setting should be configured correctly. CCE-16033-3User Configuration\Administrative Templates\Windows Components\Internet Explorer\Disable Import/Export Settings wizard HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer`The "Disable Import/Export Settings wizard" current user setting should be configured correctly. CCE-16840-1User Configuration\Administrative Templates\Windows Components\Internet Explorer\Add a specific list of search providers to the user's search provider list HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Infodelivery\RestrictionsThe "Add a specific list of search providers to the user's search provider list" current user setting should be configured correctly. CCE-16487-1User Configuration\Administrative Templates\Windows Components\Internet Explorer\Moving the menu bar above the navigation bar HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Toolbar\WebBrowsergThe "Moving the menu bar above the navigation bar" current user setting should be configured correctly. CCE-17030-8User Configuration\Administrative Templates\Windows Components\Internet Explorer\Turn on Compatibility Logging HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\Feature_Enable_Compat_loggingXThe "Turn on Compatibility Logging" current user setting should be configured correctly. CCE-16091-1User Configuration\Administrative Templates\Windows Components\Internet Explorer\Disable changing connection settings HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel_The "Disable changing connection settings" current user setting should be configured correctly. CCE-16295-8User Configuration\Administrative Templates\Windows Components\Internet Explorer\Use Automatic Detection for dial-up connections HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet SettingsjThe "Use Automatic Detection for dial-up connections" current user setting should be configured correctly. CCE-17031-6User Configuration\Administrative Templates\Windows Components\Internet Explorer\Turn off the Security Settings Check feature HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\SecuritygThe "Turn off the Security Settings Check feature" current user setting should be configured correctly. CCE-16227-1User Configuration\Administrative Templates\Windows Components\Internet Explorer\Turn off suggestions for all user-installed providers HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\SearchScopespThe "Turn off suggestions for all user-installed providers" current user setting should be configured correctly. CCE-16994-6User Configuration\Administrative Templates\Windows Components\Internet Explorer\Turn off Favorites bar HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\LinksBarQThe "Turn off Favorites bar" current user setting should be configured correctly. CCE-16794-0User Configuration\Administrative Templates\Windows Components\Internet Explorer\Disable changing font settings HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control PanelYThe "Disable changing font settings" current user setting should be configured correctly. CCE-17012-6User Configuration\Administrative Templates\Windows Components\Internet Explorer\Turn on Suggested Sites HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Suggested SitesRThe "Turn on Suggested Sites" current user setting should be configured correctly. CCE-16663-7User Configuration\Administrative Templates\Windows Components\Internet Explorer\Turn off Managing SmartScreen Filter HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\PhishingFilter_The "Turn off Managing SmartScreen Filter" current user setting should be configured correctly. CCE-17035-7User Configuration\Administrative Templates\Windows Components\Internet Explorer\Display error message on proxy script download failure HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet SettingsqThe "Display error message on proxy script download failure" current user setting should be configured correctly. CCE-16406-1User Configuration\Administrative Templates\Windows Components\Internet Explorer\Turn off configuration of tabbed browsing pop-up behavior HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsingtThe "Turn off configuration of tabbed browsing pop-up behavior" current user setting should be configured correctly. CCE-16749-4User Configuration\Administrative Templates\Windows Components\Internet Explorer\Pop-up allow list HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\New WindowsLThe "Pop-up allow list" current user setting should be configured correctly. CCE-16620-7User Configuration\Administrative Templates\Windows Components\Internet Explorer\Disable changing accessibility settings HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control PanelbThe "Disable changing accessibility settings" current user setting should be configured correctly. CCE-16079-6User Configuration\Administrative Templates\Windows Components\Internet Explorer\Disable changing Automatic Configuration settings HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control PanellThe "Disable changing Automatic Configuration settings" current user setting should be configured correctly. CCE-16263-6User Configuration\Administrative Templates\Windows Components\Internet Explorer\Restrict search providers to a specific list of providers HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Infodelivery\RestrictionstThe "Restrict search providers to a specific list of providers" current user setting should be configured correctly. CCE-16699-1User Configuration\Administrative Templates\Windows Components\Internet Explorer\Prevent "Fix settings" functionality HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Security_The "Prevent "Fix settings" functionality" current user setting should be configured correctly. CCE-16897-1User Configuration\Administrative Templates\Windows Components\Internet Explorer\Prevent Bypassing SmartScreen Filter Warnings HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\PhishingFilterhThe "Prevent Bypassing SmartScreen Filter Warnings" current user setting should be configured correctly. CCE-16915-1User Configuration\Administrative Templates\Windows Components\Internet Explorer\Disable changing secondary home page settings HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\SecondaryStartPageshThe "Disable changing secondary home page settings" current user setting should be configured correctly. CCE-16088-7User Configuration\Administrative Templates\Windows Components\Internet Explorer\Turn off pop-up management HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\RestrictionsUThe "Turn off pop-up management" current user setting should be configured correctly. CCE-17018-3User Configuration\Administrative Templates\Windows Components\Internet Explorer\Configure new tab page default behavior HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\MainbThe "Configure new tab page default behavior" current user setting should be configured correctly. CCE-16093-7User Configuration\Administrative Templates\Windows Components\< Internet Explorer\Turn off Managing Pop-up Allow list HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions^The "Turn off Managing Pop-up Allow list" current user setting should be configured correctly. CCE-16232-1User Configuration\Administrative Templates\Windows Components\Internet Explorer\Prevent performance of First Run Customize settings HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\MainnThe "Prevent performance of First Run Customize settings" current user setting should be configured correctly. CCE-16364-2User Configuration\Administrative Templates\Windows Components\Internet Explorer\Disable Internet Connection wizard HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel]The "Disable Internet Connection wizard" current user setting should be configured correctly. CCE-16267-7User Configuration\Administrative Templates\Windows Components\Internet Explorer\Set tab process growth HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\MainQThe "Set tab process growth" current user setting should be configured correctly. CCE-17020-9User Configuration\Administrative Templates\Windows Components\Internet Explorer\Turn off Tab Grouping HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsingPThe "Turn off Tab Grouping" current user setting should be configured correctly. CCE-16977-1User Configuration\Administrative Templates\Windows Components\Internet Explorer\Turn off configuration of window reuse HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\MainaThe "Turn off configuration of window reuse" current user setting should be configured correctly. CCE-16285-9User Configuration\Administrative Templates\Windows Components\Internet Explorer\Disable changing link color settings HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel_The "Disable changing link color settings" current user setting should be configured correctly. CCE-16356-8User Configuration\Administrative Templates\Windows Components\Internet Explorer\Turn on menu bar by default HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\MainVThe "Turn on menu bar by default" current user setting should be configured correctly. CCE-17003-5User Configuration\Administrative Templates\Windows Components\Internet Explorer\Disable changing home page settings HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel^The "Disable changing home page settings" current user setting should be configured correctly. CCE-16999-5User Configuration\Administrative Templates\Windows Components\Internet Explorer\Turn off managing Pop-up filter level HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions`The "Turn off managing Pop-up filter level" current user setting should be configured correctly. CCE-16351-9User Configuration\Administrative Templates\Windows Components\Internet Explorer\Turn off Reopen Last Browsing Session HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Recovery`The "Turn off Reopen Last Browsing Session" current user setting should be configured correctly. CCE-16756-9User Configuration\Administrative Templates\Windows Components\Internet Explorer\Turn off the auto-complete feature for web addresses HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Explorer\AutoCompleteoThe "Turn off the auto-complete feature for web addresses" current user setting should be configured correctly. CCE-16767-6User Configuration\Administrative Templates\Windows Components\Internet Explorer\Turn off ActiveX opt-in prompt HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ExtYThe "Turn off ActiveX opt-in prompt" current user setting should be configured correctly. CCE-16090-3User Configuration\Administrative Templates\Windows Components\Internet Explorer\Disable caching of Auto-Proxy scripts HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings`The "Disable caching of Auto-Proxy scripts" current user setting should be configured correctly. CCE-16626-4User Configuration\Administrative Templates\Windows Components\Internet Explorer\Turn off Quick Tabs functionality HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing\The "Turn off Quick Tabs functionality" current user setting should be configured correctly. CCE-16113-3User Configuration\Administrative Templates\Windows Components\Internet Explorer\Disable changing proxy settings HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control PanelZThe "Disable changing proxy settings" current user setting should be configured correctly. CCE-16474-9User Configuration\Administrative Templates\Windows Components\Internet Explorer\Turn off displaying the Internet Explorer Help Menu HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\RestrictionsnThe "Turn off displaying the Internet Explorer Help Menu" current user setting should be configured correctly. CCE-16752-8User Configuration\Administrative Templates\Windows Components\Internet Explorer\Disable changing Calendar and Contact settings HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control PaneliThe "Disable changing Calendar and Contact settings" current user setting should be configured correctly. CCE-16906-0User Configuration\Administrative Templates\Windows Components\Internet Explorer\Turn off Automatic Crash Recovery Prompt HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\RecoverycThe "Turn off Automatic Crash Recovery Prompt" current user setting should be configured correctly. CCE-16236-2User Configuration\Administrative Templates\Windows Components\Internet Explorer\Turn off the activation of the quick pick menu HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\SearchScopesiThe "Turn off the activation of the quick pick menu" current user setting should be configured correctly. CCE-16831-0User Configuration\Administrative Templates\Windows Components\Internet Explorer\Disable changing Advanced page settings HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control PanelbThe "Disable changing Advanced page settings" current user setting should be configured correctly. CCE-16919-3User Configuration\Administrative Templates\Windows Components\Internet Explorer\Disable changing Messaging settings HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel^The "Disable changing Messaging settings" current user setting should be configured correctly. CCE-16813-8User Configuration\Administrative Templates\Windows Components\Internet Explorer\Disable changing default browser check HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control PanelaThe "Disable changing default browser check" current user setting should be configured correctly. CCE-16478-0User Configuration\Administrative Templates\Windows Components\Internet Explorer\Turn off page zooming functionality HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\ZOOM^The "Turn off page zooming functionality" current user setting should be configured correctly. CCE-16893-0User Configuration\Administrative Templates\Windows Components\Internet Explorer\Only use the ActiveX Installer Service for installation of ActiveX Controls HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\AxInstallerThe "Only use the ActiveX Installer Service for installation of ActiveX Controls" current user setting should be configured correctly. CCE-16511-8User Configuration\Administrative Templates\Windows Components\Internet Explorer\Prevent participation in the Customer Experience Improvement Program HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\SQMThe "Prevent participation in the Customer Experience Improvement Program" current user setting should be configured correctly. CCE-17053-0User Configuration\Administrative Templates\Windows Components\Internet Explorer\Disable changing lang< uage settings HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel]The "Disable changing language settings" current user setting should be configured correctly. CCE-16950-8User Configuration\Administrative Templates\Windows Components\Internet Explorer\Disable changing color settings HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control PanelZThe "Disable changing color settings" current user setting should be configured correctly. CCE-17086-0User Configuration\Administrative Templates\Windows Components\Internet Explorer\Restrict changing the default search provider HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Infodelivery\RestrictionshThe "Restrict changing the default search provider" current user setting should be configured correctly. CCE-16218-0User Configuration\Administrative Templates\Windows Components\Internet Explorer\Turn off tabbed browsing HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsingSThe "Turn off tabbed browsing" current user setting should be configured correctly. CCE-16902-9User Configuration\Administrative Templates\Windows Components\Internet Explorer\Disable Per-User Installation of ActiveX Controls HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Security\ActiveXlThe "Disable Per-User Installation of ActiveX Controls" current user setting should be configured correctly. CCE-17007-6User Configuration\Administrative Templates\Windows Components\Internet Explorer\Turn off configuration of default behavior of new tab creation HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsingyThe "Turn off configuration of default behavior of new tab creation" current user setting should be configured correctly. CCE-17082-9User Configuration\Administrative Templates\Windows Components\Internet Explorer\Disable changing Temporary Internet files settings HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control PanelmThe "Disable changing Temporary Internet files settings" current user setting should be configured correctly. CCE-16917-7User Configuration\Administrative Templates\Windows Components\Internet Explorer\Prevent Internet Explorer Search box from displaying HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Infodelivery\RestrictionsoThe "Prevent Internet Explorer Search box from displaying" current user setting should be configured correctly. CCE-17043-1User Configuration\Administrative Templates\Windows Components\Internet Explorer\Turn off Crash Detection HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\RestrictionsSThe "Turn off Crash Detection" current user setting should be configured correctly. CCE-16360-0User Configuration\Administrative Templates\Windows Components\Internet Explorer\Disable changing ratings settings HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\The "Disable changing ratings settings" current user setting should be configured correctly. CCE-16073-9User Configuration\Administrative Templates\Windows Components\Internet Explorer\Enforce Full Screen Mode HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\MainSThe "Enforce Full Screen Mode" current user setting should be configured correctly. CCE-17025-8User Configuration\Administrative Templates\Windows Components\Internet Explorer\Do not allow users to enable or disable add-ons HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\RestrictionsjThe "Do not allow users to enable or disable add-ons" current user setting should be configured correctly. CCE-17008-4User Configuration\Administrative Templates\Windows Components\Internet Explorer\Customize User Agent String HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\User AgentVThe "Customize User Agent String" current user setting should be configured correctly. CCE-16818-7)(1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Download signed ActiveX controls (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\1001lThe "Download signed ActiveX controls" machine setting should be configured correctly for the Intranet Zone. CCE-10820-9User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced settings\Internet Connection Wizard Settings\Turn on the Internet Connection Wizard Auto DetectDEPRECATED. Previously: The "Turn on the Internet Connection Wizard Auto Detect" setting should be configured correctly. Note: According to Microsoft, does not apply to IE 8. CCE-10816-7User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced settings\Browsing\Turn off page transitionsTThe "Turn off page transitions" current user setting should be configured correctly. CCE-10701-1User Configuration\Administrative Templates\Windows Components\Internet Explorer\Disable external branding of Internet ExploreriThe "Disable external branding of Internet Explorer" current user setting should be configured correctly. CCE-10829-0$(1) GPO Settings: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Userdata persistence (2) Registry Key: HKLM\HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1606hThe "Userdata persistence" machine setting should be configured correctly for the Restricted Sites Zone. CCE-9760-0(1) GPO Settings: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Userdata persistence (2) Registry Key: HKLM\HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1606`The "Userdata persistence" machine setting should be configured correctly for the Internet Zone. CCE-10200-4&(1) GPO Settings: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Turn on Protected Mode (2) Registry Key: HKLM\HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500jThe "Turn on Protected Mode" machine setting should be configured correctly for the Restricted Sites Zone. CCE-9945-7(1) GPO Settings: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Turn on Protected Mode (2) Registry Key: HKLM\HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500bThe "Turn on Protected Mode" machine setting should be configured correctly for the Internet Zone. CCE-10676-5.Definition 'oval:gov.nist.USGCB.ie8:def:31107'GRule 'TurnonCrossSiteScriptingFilter_RestrictedSitesZone_LocalComputer'1GPO Settings: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Turn on Cross-Site Scripting (XSS) Filter Registry Key: HKLM\HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1409}The "Turn on Cross-Site Scripting (XSS) Filter" machine setting should be configured correctly for the Restricted Sites Zone. CCE-10105-5.Definition 'oval:gov.nist.USGCB.ie8:def:31102'@Rule 'TurnonCrossSiteScriptingFilter_InternetZone_LocalComputer')GPO Settings: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Turn on Cross-Site Scripting (XSS) Filter Registry Key: HKLM\HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1409uThe "Turn on Cross-Site Scripting (XSS) Filter" machine setting should be configured correctly for the Internet Zone. CCE-10276-4.Definition 'oval:gov.nist.USGCB.ie8:def:31093'5Rule 'TurnoffManagingSmartScreenFilter< _LocalComputer'(1) GPO Settings: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Turn off Managing SmartScreen Filter (2) Registry Key: HKLM\Software\Policies\Microsoft\Internet Explorer\PhishingFilter\EnabledV8(1) enabled/disabled (2) on/offZThe "Turn off Managing SmartScreen Filter" machine setting should be configured correctly. CCE-9973-9(1) GPO Settings: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Turn off Managing Phishing filter (2) Registry Key: HKLM\HKLM\Software\Policies\Microsoft\Internet Explorer\PhishingFilter\Enabled CCE-10540-3.Definition 'oval:gov.nist.USGCB.ie8:def:31097'-Rule 'TurnOffInPrivateBrowsing_LocalComputer'GPO Settings: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\InPrivate\Turn off InPrivate Browsing Registry Key: HKLM\HKLM\Software\Policies\Microsoft\Internet Explorer\Privacy\EnableInPrivateBrowsingQThe "Turn off InPrivate Browsing" machine setting should be configured correctly. CCE-9885-5)(1) GPO Settings: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Turn Off First-Run Opt-In (2) Registry Key: HKLM\HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4!1208mThe "Turn Off First-Run Opt-In" machine setting should be configured correctly for the Restricted Sites Zone. CCE-10420-8!(1) GPO Settings: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Turn Off First-Run Opt-In (2) Registry Key: HKLM\HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1208eThe "Turn Off First-Run Opt-In" machine setting should be configured correctly for the Internet Zone. CCE-10434-9(1) GPO Settings: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Settings\Component Updates\Periodic check for updates to Internet Explorer and Internet Tools\Turn off configuring the update check interval (in days) - Update check interval (in days) (2) Registry Key: HKLM\HKLM\Software\Policies\Microsoft\Internet Explorer\Main\Update_Check_IntervalLThe "Update Check Interval" should be set to the appropriate number of days. CCE-14910-4k(1) GPO Settings: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Settings\Component Updates\Periodic check for updates to Internet Explorer and Internet Tools\Turn off configuring the update check interval (in days) (2) Registry Key: HKLM\HKLM\Software\Policies\Microsoft\Internet Explorer\Main\Update_Check_IntervalnThe "Turn off configuring the update check interval (in days)" machine setting should be configured correctly. CCE-9776-6(1) GPO Settings: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Settings\Component Updates\Periodic check for updates to Internet Explorer and Internet Tools\Turn off changing the URL to be displayed for checking updates to Internet Explorer and Internet Tools (2) Registry Key: HKLM\HKLM\Software\Policies\Microsoft\Internet Explorer\Main\Update_Check_PageThe "Turn off changing the URL to be displayed for checking updates to Internet Explorer and Internet Tools" machine setting should be configured correctly. CCE-10595-7$(1) GPO Settings: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Software channel permissions (2) Registry Key: HKLM\HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1E05hThe "Software channel permissions" machine setting should be configured correctly for the Internet Zone. CCE-10425-7.Definition 'oval:gov.nist.USGCB.ie8:def:31036'XRule 'RunNETFrameworkReliantComponentsSignedWithAuthenticode_InternetZone_LocalComputer'>GPO Settings: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Run .NET Framework-reliant components signed with Authenticode Registry Key: HKLM\HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2001The "Run .NET Framework-reliant components not signed with Authenticode" machine setting should be configured correctly for the Internet Zone. CCE-10625-2.Definition 'oval:gov.nist.USGCB.ie8:def:31035'[Rule 'RunNETFrameworkReliantComponentsNotSignedWithAuthenticode_InternetZone_LocalComputer'BGPO Settings: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Run .NET Framework-reliant components not signed with Authenticode Registry Key: HKLM\HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2004The "Run .NET Framework-reliant components signed with Authenticode" machine setting should be configured correctly for the Internet Zone. CCE-10515-5(1) GPO Settings: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Prevent performance of First Run Customize settings (2) Registry Key: HKLM\HKLM\Software\Policies\Microsoft\Internet Explorer\Main\DisableFirstRunCustomizeiThe "Prevent performance of First Run Customize settings" machine setting should be configured correctly. CCE-10641-9(1) GPO Settings: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Prevent participation in the Customer Experience Improvement Program (2) Registry Key: HKLM\HKLM\Software\Policies\Microsoft\Internet Explorer\SQM\DisableCustomerImprovementProgramzThe "Prevent participation in the Customer Experience Improvement Program" machine setting should be configured correctly. CCE-10522-1.Definition 'oval:gov.nist.USGCB.ie8:def:31096'ARule 'PreventDeletingWebsitesthattheUserhasVisited_LocalComputer'(1) GPO Settings: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Delete Browsing History\Prevent Deleting Web sites that the User has Visited (2) Registry Key: HKLM\HKLM\Software\Policies\Microsoft\Internet Explorer\Privacy\CleanHistoryjThe "Prevent Deleting Web sites that the User has Visited" machine setting should be configured correctly. CCE-10110-5(1) GPO Settings: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Make proxy settings per-machine (rather than per-user) (2) Registry Key: HKLM\HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ProxySettingsPerUserlThe "Make proxy settings per-machine (rather than per-user)" machine setting should be configured correctly. CCE-9870-7 (1) GPO Settings: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Loose XAML files (2) Registry Key: HKLM\HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2402dThe "Loose XAML files" machine setting should be configured correctly for the Restricted Sites Zone. CCE-10178-2(1) GPO Settings: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Loose XAML files (2) Registry Key: HKLM\HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2402\The "Loose XAML files" machine setting should be configured correctly for the Internet Zone. CCE-10672-4.Definition 'oval:gov.nist.USGCB.ie8:def:31105'HRule 'LaunchingProgramsAndUnsafeFiles_RestrictedSitesZone_LocalComputer'+GPO Settings: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Launching programs and unsafe files Registry Key: HKLM\HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1806wThe "Launching programs and unsafe files" machine setting should be configured correctly for the Restricted Sites Zone.< CCE-10744-1.Definition 'oval:gov.nist.USGCB.ie8:def:31100'ARule 'LaunchingProgramsAndUnsafeFiles_InternetZone_LocalComputer'#GPO Settings: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Launching programs and unsafe files Registry Key: HKLM\HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1806oThe "Launching programs and unsafe files" machine setting should be configured correctly for the Internet Zone. CCE-10650-0(1) GPO Settings: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone\Java permissions (2) Registry Key: HKLM\HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\1C00aThe "Java permissions" machine setting should be configured correctly for the Trusted Sites Zone. CCE-10696-32(1) GPO Settings: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Java permissions (2) Registry Key: HKLM\HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2\1C00mThe "Java permissions" machine setting should be configured correctly for the Locked-Down Trusted Sites Zone. CCE-10654-25(1) GPO Settings: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Java permissions (2) Registry Key: HKLM\HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4\1C00pThe "Java permissions" machine setting should be configured correctly for the Locked-Down Restricted Sites Zone. CCE-10275-62(1) GPO Settings: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Java permissions (2) Registry Key: HKLM\HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0\1C00mThe "Java permissions" machine setting should be configured correctly for the Locked-Down Local Machine Zone. CCE-10535-3-(1) GPO Settings: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Java permissions (2) Registry Key: HKLM\HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1\1C00hThe "Java permissions" machine setting should be configured correctly for the Locked-Down Intranet Zone. CCE-10342-4-(1) GPO Settings: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Java permissions (2) Registry Key: HKLM\HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3\1C00hThe "Java permissions" machine setting should be configured correctly for the Locked-Down Internet Zone. CCE-10597-3(1) GPO Settings: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Java permissions (2) Registry Key: HKLM\HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1C00aThe "Java permissions" machine setting should be configured correctly for the Local Machine Zone. CCE-10319-2(1) GPO Settings: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone\Java permissions (2) Registry Key: HKLM\HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\1C00\The "Java permissions" machine setting should be configured correctly for the Intranet Zone. CCE-10566-8.Definition 'oval:gov.nist.USGCB.ie8:def:31094'<Rule 'IncludeUpdatedWebsiteListsFromMicrosoft_LocalComputer'(1) GPO Settings: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Compatibility View\Include updated Web site lists from Microsoft (2) Registry Key: HKLM\HKLM\Software\Policies\Microsoft\Internet Explorer\BrowserEmulation\MSCompatibilityModecThe "Include updated Web site lists from Microsoft" machine setting should be configured correctly. CCE-10603-9.Definition 'oval:gov.nist.USGCB.ie8:def:31104']Rule 'IncludeLocalDirectoryPathWhenUploadingFilesToAServer_RestrictedSitesZone_LocalComputer'EGPO Settings: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Include local directory path when uploading files to a server Registry Key: HKLM\HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\160AThe "Include local directory path when uploading files to a server" machine setting should be configured correctly for the Restricted Sites Zone. CCE-9781-6.Definition 'oval:gov.nist.USGCB.ie8:def:31099'VRule 'IncludeLocalDirectoryPathWhenUploadingFilesToAServer_InternetZone_LocalComputer'=GPO Settings: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Include local directory path when uploading files to a server Registry Key: HKLM\HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\160AThe "Include local directory path when uploading files to a server" machine setting should be configured correctly for the Internet Zone. CCE-10646-8(1) GPO Settings: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page\Allow third-party browser extensions (2) Registry Key: HKLM\HKLM\Software\Policies\Microsoft\Internet Explorer\Main\Enable Browser ExtensionsZThe "Allow third-party browser extensions" machine setting should be configured correctly. CCE-9905-1=(1) GPO Settings: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Download signed ActiveX controls (2) Registry Key: HKLM\HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3\1001xThe "Download signed ActiveX controls" machine setting should be configured correctly for the Locked-Down Internet Zone. CCE-10095-8(1) GPO Settings: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Disable showing the splash screen (2) Registry Key: HKLM\HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions\NoSplashOThe "Disable showing the splash screen" setting should be configured correctly. CCE-10632-8GPO Settings: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Disable Periodic Check for Internet Explorer software updates Registry Key: HKLM\HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions\NoUpdateCheck CCE-10634-4GPO Settings: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Disable Automatic Install of Internet Explorer components Registry Key: HKLM\HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions\NoJITSetupgThe "Disable Automatic Install of Internet Explorer components" setting should be configured correctly. CCE-9987-9.Definition 'oval:gov.nist.USGCB.ie8:def:31095'9Rule 'ConfigureDeleteBrowsingHistoryonexit_LocalComputer'(1) GPO Settings: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Delete Browsing History\Configure Delete Browsing History on exit (2) Registry Key: HKLM\HKLM\Software\Policies\Microsoft\Internet Explorer\Privacy\ClearBrowsingHistoryOnExitdThe "Configure Delete Browsing History on exit" current user setting should be configured correctly. CCE-10590-8(1) GPO Settings: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page\Check for signatures on downloaded programs (2)< Registry Key: HKLM\HKLM\Software\Policies\Microsoft\Internet Explorer\Download]CheckExeSignaturesaThe "Check for signatures on downloaded programs" machine setting should be configured correctly. CCE-10055-2.Definition 'oval:gov.nist.USGCB.ie8:def:31061'8Rule 'AllowScriptlets_RestrictedSitesZone_LocalComputer'GPO Settings: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Allow Scriptlets Registry Key: HKLM\HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1209dThe "Allow Scriptlets" machine setting should be configured correctly for the Restricted Sites Zone. CCE-10630-2(1) GPO Settings: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Allow Scriptlets (2) Registry Key: HKLM\HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1209\The "Allow Scriptlets" machine setting should be configured correctly for the Internet Zone. CCE-10685-6.Definition 'oval:gov.nist.USGCB.ie8:def:31103'ZRule 'AllowScriptingOfInternetExplorerWebBrowserControl_RestrictedSitesZone_LocalComputer'@GPO Settings: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Allow scripting of Internet Explorer web browser control Registry Key: HKLM\HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1206The "Allow scripting of Internet Explorer web browser control" current user setting should be configured correctly for the Restricted Sites Zone. CCE-10725-0.Definition 'oval:gov.nist.USGCB.ie8:def:31098'SRule 'AllowScriptingOfInternetExplorerWebBrowserControl_InternetZone_LocalComputer'8GPO Settings: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Allow scripting of Internet Explorer web browser control Registry Key: HKLM\HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1206The "Allow scripting of Internet Explorer web browser control" current user setting should be configured correctly for the Internet Zone. CCE-9779-0](1) GPO Settings: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page\Allow active content from CDs to run on user machines (2) Registry Key: HKLM\HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\Settings\LOCALMACHINE_CD_UNLOCKkThe "Allow active content from CDs to run on user machines" machine setting should be configured correctly. CCE-10293-9nSetting Index #59: This policy setting allows you to manage whether pages of the zone may download HTML fonts.%(1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Allow font downloads (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1604hThe "Allow font downloads" machine setting should be configured correctly for the Restricted Sites Zone. CCE-9982-0wSetting Index #64: This policy setting determines whether users will be prompted for non user-initiated file downloads.7(1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Automatic prompting for file downloads (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2200zThe "Automatic prompting for file downloads" machine setting should be configured correctly for the Restricted Sites Zone. CCE-9959-8Setting Index #39: This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone. )(1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Download signed ActiveX controls (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1001lThe "Download signed ActiveX controls" machine setting should be configured correctly for the Internet Zone. CCE-9917-6lSetting Index #73: Restricted Sites Zone: Run .NET Framework-reliant components not signed with AuthenticodeS(1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Run .NET Framework-reliant components not signed with Authenticode (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2004The "Run .NET Framework-reliant components not signed with Authenticode" machine setting should be configured correctly for the Restricted Sites Zone. CCE-9898-8gSetting Index #88: This policy setting is used to prevent users from deleting temporary Internet files.(1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Delete Browsing History\Prevent Deleting Temporary Internet Files (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Privacy\CleanTIF_The "Prevent Deleting Temporary Internet Files" machine setting should be configured correctly. CCE-9889-7Setting Index #36: This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars. L(1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Allow script-initiated windows without size or position constraints (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2102The "Allow script-initiated windows without size or position constraints" machine setting should be configured correctly for the Internet Zone. CCE-9882-2Setting Index #47: This policy setting allows you to manage software channel permissions. If you enable this policy setting, you can choose the following options from the drop-down box: %(1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Software channel permissions (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1E05$Low safety/Medium safety/High safety`The 'Software channel permissions' setting should be configured correctly for the Internet Zone. CCE-9869-9zSetting Index #19: This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.9(1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone\Use SmartScreen Filter (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0\2301sThe "Use SmartScreen Filter" machine setting should be configured correctly for the Locked-Down Local Machine Zone. CCE-9867-3Setting Index #45: This policy setting allows you to manage the opening of sub-frames and access of applications across different domains. =(1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Navigate windows and frames across different domains (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1607The "Navigate windows and frames across different domains" machine setting should be configured correctly for the Internet Zone. CCE-9865-7.Definition 'oval:gov.nist.USGCB.ie8:def:31106'bRule 'OnlyAllowApprovedDomainsToUseActiveXControlsWithoutPrompt_RestrictedSitesZone_LocalComputer'Setting Index #< 89: This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on Web sites other than the Web site that installed the ActiveX control.S(1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Only allow approved domains to use ActiveX controls without prompt (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\120bThe "Only allow approved domains to use ActiveX controls without prompt" machine setting should be configured correctly for the Restricted Sites Zone. CCE-9832-7Setting Index #43: This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone.6(1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Launching applications and files in an IFRAME (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1804yThe "Launching applications and files in an IFRAME" machine setting should be configured correctly for the Internet Zone. CCE-9821-0Setting Index #62: This policy setting allows you to manage restrictions on script-initiated pop-up windows and windows that include the title and status bars. T(1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Allow script-initiated windows without size or position constraints (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2102The "Allow script-initiated windows without size or position constraints" machine setting should be configured correctly for the Restricted Sites Zone. CCE-9814-5.Definition 'oval:gov.nist.USGCB.ie8:def:31101'[Rule 'OnlyAllowApprovedDomainsToUseActiveXControlsWithoutPrompt_InternetZone_LocalComputer'Setting Index #14: This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on Web sites other than the Web site that installed the ActiveX control.K(1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Only allow approved domains to use ActiveX controls without prompt (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\120bThe "Only allow approved domains to use ActiveX controls without prompt" machine setting should be configured correctly for the Internet Zone. CCE-9793-1Setting Index #75: This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone.1(1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Run ActiveX controls and plugins (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1200tThe "Run ActiveX controls and plugins" machine setting should be configured correctly for the Restricted Sites Zone. CCE-9792-3zSetting Index #35: This policy setting allows you to manage whether users can install Active Desktop items from this zone.,(1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Allow installation of desktop items (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1800oThe "Allow installation of desktop items" machine setting should be configured correctly for the Internet Zone. CCE-9790-7Setting Index #81: This policy setting prevents users from performing the "Delete Browsing History" action in Internet Explorer.&(1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Delete Browsing History\Turn off "Delete Browsing History" functionality (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Control Panel\DisableDeleteBrowsingHistoryfThe "Turn off "Delete Browsing History" functionality" machine setting should be configured correctly. CCE-9775-8Setting Index #37: This policy setting allows you to manage whether script is allowed to update the status bar within the zone. ,(1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Allow status bar updates via script (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2103oThe "Allow status bar updates via script" machine setting should be configured correctly for the Internet Zone. CCE-9750-1Setting Index #74: This policy setting allows you to manage whether .NET Framework components that are signed with Authenticode can be executed from Internet Explorer. O(1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Run .NET Framework-reliant components signed with Authenticode (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2001The "Run .NET Framework-reliant components signed with Authenticode" machine setting should be configured correctly for the Restricted Sites Zone. CCE-9673-5YSetting Index #78: This policy setting allows you to manage software channel permissions.-(1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Software channel permissions (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1E05pThe "Software channel permissions" machine setting should be configured correctly for the Restricted Sites Zone. CCE-9669-3Setting Index #57: This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone.<(1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Allow drag and drop or copy and paste files (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1802The "Allow drag and drop or copy and paste files" machine setting should be configured correctly for the Restricted Sites Zone. CCE-9667-7Setting Index #50: This policy setting controls whether URLs representing UNCs are mapped into the local Intranet security zone.4(1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Sites: Include all network paths (UNCs) (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranetfThe "Intranet Sites: Include all network paths (UNCs)" machine setting should be configured correctly. CCE-9660-2Setting Index #95: This policy setting allows you to turn off support for Transport Layer Security (TLS) 1.0, TLS 1.1, TLS 1.2, Secure Sockets Layer (SSL) 2.0 or SSL 3.0 in the browser.(1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page\Turn off Encryption Support (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\SecureProtocolsQThe "Turn off Encryption Support" machine setting should be configured correctly. CCE-9652-9Setting Index #16: This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on Web sites other than the Web site that installed the ActiveX control.`(1) GPO: Computer Configuration< \Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Only allow approved domains to use ActiveX controls without prompt (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3\120bThe "Only allow approved domains to use ActiveX controls without prompt" machine setting should be configured correctly for the Locked-Down Internet Zone. CCE-9599-2XSetting Index #93: This policy setting allows you to turn off the ActiveX opt-in prompt.(1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Turn off ActiveX opt-in prompt (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Ext\NoFirsttimepromptTThe "Turn off ActiveX opt-in prompt" machine setting should be configured correctly. CCE-9580-2jSetting Index #4: This policy setting allows you to disable the per-user installation of ActiveX controls.(1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Disable Per-User Installation of ActiveX Controls (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Security\ActiveX\BlockNonAdminActiveXInstallgThe "Disable Per-User Installation of ActiveX Controls" machine setting should be configured correctly. CCE-9504-2zSetting Index #17: This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.4(1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone\Use SmartScreen Filter (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3\2301nThe "Use SmartScreen Filter" machine setting should be configured correctly for the Locked-Down Internet Zone. CCE-9489-6VSetting Index #87: This policy setting is used to prevent users from deleting cookies.(1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Delete Browsing History\Prevent Deleting Cookies (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Privacy\CleanCookiesNThe "Prevent Deleting Cookies" machine setting should be configured correctly. CCE-9238-7Setting Index #86: The SmartScreen Filter prevents users from navigating to and downloading from sites known to host malicious content, including Phishing or malicious software attacks.(1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Prevent Bypassing SmartScreen Filter Warnings (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\PhishingFilter\PreventOverridecThe "Prevent Bypassing SmartScreen Filter Warnings" machine setting should be configured correctly. CCE-9233-8`Setting Index #85: This policy setting allows you to specify how ActiveX controls are installed.(1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Only use the ActiveX Installer Service for installation of ActiveX Controls (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\AxInstaller\OnlyUseAXISForActiveXInstallThe "Only use the ActiveX Installer Service for installation of ActiveX Controls" machine setting should be configured correctly. CCE-9230-4Setting Index #61: This policy setting allows you to manage whether a user's browser can be redirected to another Web page if the author of the Web page uses the Meta Refresh setting to redirect browsers to another Web page. #(1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Allow META REFRESH (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1608fThe "Allow META REFRESH" machine setting should be configured correctly for the Restricted Sites Zone. CCE-10664-1WSetting Index #70: This policy setting allows you to manage settings for logon options.(1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Logon options (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1A00Anonymous logon/Automatic logon only in Intranet zone/Automatic logon with current username and password/Prompt for user name and passwordaThe "Logon options" machine setting should be configured correctly for the Restricted Sites Zone. CCE-10651-8Setting Index #71: This policy setting allows you to manage the opening of sub-frames and access of applications across different domains. E(1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Navigate windows and frames across different domains (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1607The "Navigate windows and frames across different domains" machine setting should be configured correctly for the Restricted Sites Zone. CCE-10642-7mSetting Index #26: This policy setting removes a user's ability to change automatically configured settings. (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Disable changing Automatic Configuration settings (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Control Panel\AutoconfiggThe "Disable changing Automatic Configuration settings" machine setting should be configured correctly. CCE-10638-5Setting Index #8: When set to Enabled, MIME sniffing will not promote a file of one type to a more dangerous file type. When set to Disabled, MIME sniffing configures Internet Explorer processes to allow the promotion of a file to a more dangerous file type.(1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Mime Sniffing Safety Feature\Internet Explorer ProcessesoThe "Mime Sniffing Safety Feature: Internet Explorer Processes" machine setting should be configured correctly. CCE-10635-1Setting Index #49: This policy setting allows you to manage whether Web sites from less privileged zones can navigate into this zone. S(1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Web sites in less privileged Web content zones can navigate into this zone (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2101The "Web sites in less privileged Web content zones can navigate into this zone" machine setting should be configured correctly for the Internet Zone. CCE-10622-9YSetting Index #68: This policy setting allows you to manage permissions for Java applets.!(1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Java permissions (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1C00dThe "Java permissions" machine setting should be configured correctly for the Restricted Sites Zone. CCE-10620-3Setting Index #80: This policy setting allows you to manage whether Web sites from less privileged zones can navigate into this zone. [(1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Web sites in less privileged Web content zones can navigate into this zone (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2101The "Web sites in less privileged Web content zones can navigate into this zone" machine setting should be configured correctly for < the Restricted Sites Zone. CCE-10609-6Setting Index #82: This policy setting turns off the Security Settings Check feature, which checks Internet Explorer security settings to determine when the settings put Internet Explorer at risk.(1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Turn off the Security Settings Check feature (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Security\DisableSecuritySettingsCheckbThe "Turn off the Security Settings Check feature" machine setting should be configured correctly. CCE-10607-0ZSetting Index #27: This policy setting removes users' ability to change dial-up settings. (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Disable changing connection settings (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Control Panel\Connection SettingsZThe "Disable changing connection settings" machine setting should be configured correctly. CCE-10605-4Setting Index #12: When set to Enabled, pop-up windows will not display in Windows Explorer or for Internet Explorer processes. When set to Disabled or Do not configure, scripts can create pop-up windows and windows that can hide other windows.(1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Scripted Window Security Restrictions\Internet Explorer ProcessesxThe "Scripted Window Security Restrictions: Internet Explorer Processes" machine setting should be configured correctly. CCE-10604-7Setting Index #94: This policy setting allows you to manage the crash detection feature of add-on management in Internet Explorer. (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Turn off Crash Detection (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\NoCrashDetectionNThe "Turn off Crash Detection" machine setting should be configured correctly. CCE-10594-0~Setting Index #23: This policy setting allows you to manage whether Internet Explorer checks the Internet for newer versions. (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page\Automatically check for Internet Explorer updates (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\NoUpdateCheckgThe "Automatically check for Internet Explorer updates" machine setting should be configured correctly. CCE-10581-7Setting Index #11: When set to Enabled, file download prompts that are not user-initiated are blocked for Internet Explorer processes. When set to Disabled, file download prompts will occur that are not user-initiated for Internet Explorer processes.(1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Restrict File Download\Internet Explorer ProcessesiThe "Restrict File Download: Internet Explorer Processes" machine setting should be configured correctly. CCE-10578-3Setting Index #13: This setting controls the Internet Explorer restrictions on each Web page that it opens. These restrictions depend on the location of the Web page (such as Internet zone, Intranet zone, or Local Machine zone).(1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Protection From Zone Elevation\Internet Explorer ProcessesqThe "Protection From Zone Elevation: Internet Explorer Processes" machine setting should be configured correctly. CCE-10574-2aSetting Index #41: This policy setting allows you to manage ActiveX controls not marked as safe. B(1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Initialize and script ActiveX controls not marked as safe (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1201The "Initialize and script ActiveX controls not marked as safe" machine setting should be configured correctly for the Internet Zone. CCE-10561-9[Setting Index #76: Restricted Sites Zone: Script ActiveX controls marked safe for scriptingB(1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Script ActiveX controls marked safe for scripting (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1405The "Script ActiveX controls marked safe for scripting" machine setting should be configured correctly for the Restricted Sites Zone. CCE-10554-4eSetting Index #30: This policy setting removes the Security tab from the Internet Options dialog box.(1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Disable the Security Page (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Control Panel\SecurityTabOThe "Disable the Security page" machine setting should be configured correctly. CCE-10550-2`Setting Index #55: This policy setting allows you to manage dynamic binary and script behaviors.2(1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Allow binary and script behaviors (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2000'enabled/disabled/Administrator approveduThe "Allow binary and script behaviors" machine setting should be configured correctly for the Restricted Sites Zone. CCE-10547-8Setting Index #56: This policy setting allows you to manage whether scripts can perform a clipboard operation (for example, cut, copy, and paste) in the security zone.R(1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Allow cut, copy or paste operations from the clipboard via script (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1407The "Allow cut, copy or paste operations from the clipboard via script" machine setting should be configured correctly for the Restricted Sites Zone. CCE-10539-5Setting Index #53: This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).3(1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Access data sources across domains (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1406vThe "Access data sources across domains" machine setting should be configured correctly for the Restricted Sites Zone. CCE-10525-4tSetting Index #3: This policy setting removes a user's ability to change certificate settings in Internet Explorer. (1) GPO: User Configuration\Administrative Templates\Windows Components\Internet Explorer\Disable changing certificate settings (2) Registry Key: HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\Certificates`The "Disable changing certificate settings" current user setting should be configured correctly. CCE-10503-1Setting Index #48: This policy setting allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a link are not blocked. (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Use Pop-up Blocker (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1809^The "Use Pop-up Blocker" machine setting should be configured correc< tly for the Internet Zone. CCE-10486-9{Setting Index #60: This policy setting allows you to manage whether users can install Active Desktop items from this zone. 4(1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Allow installation of desktop items (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1800wThe "Allow installation of desktop items" machine setting should be configured correctly for the Restricted Sites Zone. CCE-10475-2WSetting Index #44: This policy setting allows you to manage settings for logon options.(1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Logon options (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1A00YThe "Logon options" machine setting should be configured correctly for the Internet Zone. CCE-10472-9Setting Index #65: This policy setting allows you to manage whether users may download signed ActiveX controls from a page in the zone. 1(1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Download signed ActiveX controls (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1001tThe "Download signed ActiveX controls" machine setting should be configured correctly for the Restricted Sites Zone. CCE-10470-3pSetting Index #58: This policy setting allows you to manage whether file downloads are permitted from the zone. %(1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Allow file downloads (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1803hThe "Allow file downloads" machine setting should be configured correctly for the Restricted Sites Zone. CCE-10466-1WSetting Index #28: This policy setting removes users' ability to change proxy settings.(1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Disable changing proxy settings (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Control Panel\ProxyUThe "Disable changing proxy settings" machine setting should be configured correctly. CCE-10464-6Setting Index #66: This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone.3(1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Download unsigned ActiveX controls (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1004vThe "Download unsigned ActiveX controls" machine setting should be configured correctly for the Restricted Sites Zone. CCE-10461-2Setting Index #52: When a user experiences Secure Socket Layer/Transport Layer Security (SSL/TLS) certificate errors such as "expired," "revoked," or "name mismatch," Internet Explorer blocks the user's ability to continue browsing the Web site.(1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Prevent ignoring certificate errors (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\PreventIgnoreCertErrorsYThe "Prevent ignoring certificate errors" machine setting should be configured correctly. CCE-10436-4Setting Index #40: This policy setting allows you to manage whether users may download unsigned ActiveX controls from the zone. +(1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Download unsigned ActiveX controls (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1004nThe "Download unsigned ActiveX controls" machine setting should be configured correctly for the Internet Zone. CCE-10433-1Setting Index #63: This policy setting allows you to manage whether script is allowed to update the status bar within the zone.4(1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Allow status bar updates via script (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2103wThe "Allow status bar updates via script" machine setting should be configured correctly for the Restricted Sites Zone. CCE-10431-5Setting Index #5: This policy setting prevents users from saving a program or file that Internet Explorer has downloaded to the hard disk.(1) GPO: User Configuration\Administrative Templates\Windows Components\Internet Explorer\Browser menus\Disable Save this program to disk option (2) Registry Key: HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions\NoSelectDownloadDircThe "Disable Save this program to disk option" current user setting should be configured correctly. CCE-10415-8Setting Index #10: This policy setting provides the ability to block ActiveX control installation prompts for Internet Explorer processes.(1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Restrict ActiveX Install\Internet Explorer ProcesseskThe "Restrict ActiveX Install: Internet Explorer Processes" machine setting should be configured correctly. CCE-10405-9nSetting Index #34: This policy setting allows you to manage whether pages of the zone may download HTML fonts.(1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Allow font downloads (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1604`The "Allow font downloads" machine setting should be configured correctly for the Internet Zone. CCE-10403-4Setting Index #29: This policy setting works in conjunction with other settings to ensure that users cannot change the settings that are configured in the Advanced tab of Internet Explorer.(1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Disable the Advanced Page (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Control Panel\AdvancedTabOThe "Disable the Advanced page" machine setting should be configured correctly. CCE-10396-0iSetting Index #90: Enable this policy setting to disable the site management settings for security zones.(1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Zones: Do not allow users to add/delete sites (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Security_zones_map_editlThe "Security Zones: Do not allow users to add/delete sites" machine setting should be configured correctly. CCE-10394-5kSetting Index #54: This policy setting allows you to manage whether script code on pages in the zone is run'(1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Allow active scripting (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1400jThe "Allow active scripting" machine setting should be configured correctly for the Restricted Sites Zone. CCE-10393-7xSetting Index #38: This policy setting determines whether users will be prompted for non user-initiated file downloads. /(1) GPO: Computer Configuration\Administrative Templates\Windows< Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Automatic prompting for file downloads (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2200rThe "Automatic prompting for file downloads" machine setting should be configured correctly for the Internet Zone. CCE-10389-5eSetting Index #2: This policy setting controls automatic completion of fields in forms on Web pages. (1) GPO: User Configuration\Administrative Templates\Windows Components\Internet Explorer\Disable AutoComplete for forms (2) Registry Key: HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\FormSuggestYThe "Disable AutoComplete for forms" current user setting should be configured correctly. CCE-10388-7Setting Index #25: This setting specifies the number of days that Internet Explorer keeps track of the pages viewed in the History List.(1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Delete Browsing History\Disable "Configuring History" (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Url History\DaysToKeepSThe "Disable "Configuring History"" machine setting should be configured correctly. CCE-10387-9Setting Index #31: This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO). +(1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Access data sources across domains (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1406nThe "Access data sources across domains" machine setting should be configured correctly for the Internet Zone. CCE-10380-4Setting Index #69: This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone. >(1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Launching applications and files in an IFRAME (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1804The "Launching applications and files in an IFRAME" machine setting should be configured correctly for the Restricted Sites Zone. CCE-10360-6aSetting Index #67: This policy setting allows you to manage ActiveX controls not marked as safe. J(1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Initialize and script ActiveX controls not marked as safe (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1201The "Initialize and script ActiveX controls not marked as safe" machine setting should be configured correctly for the Restricted Sites Zone. CCE-10347-3Setting Index #96: This policy setting controls automatic completion of user names and passwords in forms on Web pages, and prevents user prompts to save passwords. (1) GPO: User Configuration\Administrative Templates\Windows Components\Internet Explorer\Turn on the auto-complete feature for user names and passwords on forms (2) Registry Key: HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FormSuggest PasswordsThe "Turn on the auto-complete feature for user names and passwords on forms" current user setting should be configured correctly. CCE-10291-3Setting Index #72: This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff.@(1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Open files based on content, not file extension (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2100The "Open files based on content, not file extension" machine setting should be configured correctly for the Restricted Sites Zone. CCE-10277-2 Setting Index #9: When this setting is configured to Enabled, the MK protocol is blocked for Windows Explorer and Internet Explorer, which causes resources that use it to fail. When this setting is configured to Disabled, other applications can use the MK protocol API.;(1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\MK Protocol Security Restriction\Internet Explorer Processes (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL\(Reserved)sThe "MK Protocol Security Restriction: Internet Explorer Processes" machine setting should be configured correctly. CCE-10265-7Setting Index #51: This policy setting prevents users from performing the "Fix settings" functionality related to the Security Settings Check in Internet Explorer.(1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\\Prevent "Fix settings" functionality (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Security\DisableFixSecuritySettingsZThe "Prevent "Fix settings" functionality" machine setting should be configured correctly. CCE-10253-3Setting Index #84: This policy setting allows you to manage whether users have the ability to allow or deny add-ons through Add-On Manager.(1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Do not allow users to enable or disable add-ons (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\NoExtensionManagementeThe "Do not allow users to enable or disable add-ons" machine setting should be configured correctly. CCE-10235-0zSetting Index #15: This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.$(1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone\Use SmartScreen Filter (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\2301gThe "Use SmartScreen Filter" machine setting should be configured correctly for the Local Machine Zone. CCE-10211-1ZSetting Index #42: This policy setting allows you to manage permissions for Java applets. (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Java permissions (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1C00\The "Java permissions" machine setting should be configured correctly for the Internet Zone. CCE-10182-4zSetting Index #18: This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.4(1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone\Use SmartScreen Filter (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1\2301nThe "Use SmartScreen Filter" machine setting should be configured correctly for the Locked-Down Intranet Zone. CCE-10163-4zSetting Index #21: This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.<(1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Use SmartScreen Filter (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4\2301< vThe "Use SmartScreen Filter" machine setting should be configured correctly for the Locked-Down Restricted Sites Zone. CCE-10145-1Setting Index #7: When set to Enabled, Internet Explorer examines each received file for a consistent MIME type. When set to Disabled or Not configured, Internet Explorer does not require consistent MIME data from each file.(1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Consistent Mime Handling\Internet Explorer ProcesseskThe "Consistent Mime Handling: Internet Explorer Processes" machine setting should be configured correctly. CCE-10138-6Setting Index #46: This policy setting allows you to manage MIME sniffing for file promotion from one type to another based on a MIME sniff. A MIME sniff is the recognition by Internet Explorer of the file type based on a bit signature.8(1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Open files based on content, not file extension (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2100{The "Open files based on content, not file extension" machine setting should be configured correctly for the Internet Zone. CCE-10107-1bSetting Index #92: This policy setting affects how security zone changes apply to different users.(1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Zones: Use only machine settings (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Security_HKLM_only_The "Security Zones: Use only machine settings" machine setting should be configured correctly. CCE-10096-6dSetting Index #79: This policy setting allows you to manage whether unwanted pop-up windows appear. #(1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Use Pop-up Blocker (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1809fThe "Use Pop-up Blocker" machine setting should be configured correctly for the Restricted Sites Zone. CCE-10094-1tSetting Index #77: This policy setting allows you to manage whether applets are exposed to scripts within the zone. *(1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Scripting of Java applets (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1402mThe "Scripting of Java applets" machine setting should be configured correctly for the Restricted Sites Zone. CCE-10083-4Setting Index #24: This policy setting allows you to manage whether Internet Explorer will check revocation status of servers' certificates. +(1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page\Check for server certificate revocation (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\CertificateRevocation]The "Check for server certificate revocation" machine setting should be configured correctly. CCE-10074-3zSetting Index #22: This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.9(1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone\Use SmartScreen Filter (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2\2301sThe "Use SmartScreen Filter" machine setting should be configured correctly for the Locked-Down Trusted Sites Zone. CCE-10065-1TSetting Index #83: Allow software to run or install even if the signature is invalid6(1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page\Allow software to run or install even if the signature is invalid (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Download\RunInvalidSignatureswThe "Allow software to run or install even if the signature is invalid" machine setting should be configured correctly. CCE-10052-9Setting Index #91: If you enable this policy setting, you disable the Custom Level button and Security level for this zone slider on the Security tab in the Internet Options dialog box.(1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Zones: Do not allow users to change policies (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Security_options_editkThe "Security Zones: Do not allow users to change policies" machine setting should be configured correctly. CCE-10037-0Setting Index #33: This policy setting allows you to manage whether users can drag files or copy and paste files from a source within the zone. 4(1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Allow drag and drop or copy and paste files (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1802wThe "Allow drag and drop or copy and paste files" machine setting should be configured correctly for the Internet Zone. CCE-10033-9Setting Index #20: This policy setting controls whether or not the user is prompted to allow ActiveX controls to run on Web sites other than the Web site that installed the ActiveX control.h(1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone\Only allow approved domains to use ActiveX controls without prompt (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4\120bThe "Only allow approved domains to use ActiveX controls without prompt" machine setting should be configured correctly for the Locked-Down Restricted Sites Zone. CCE-10004-0Setting Index #32: This policy setting allows you to manage whether scripts can perform a clipboard operation (for example, cut, copy, and paste) in the security zone. J(1) GPO: Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Allow cut, copy or paste operations from the clipboard via script (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1407The "Allow cut, copy or paste operations from the clipboard via script" machine setting should be configured correctly for the Internet Zone. CCE-10002-4/USGCB Beta 2010-08-31 OVAL (USGCB-ie8_oval.xml)1USGCB Beta 2010-08-31 XCCDF (USGCB-ie8_xccdf.xml)Microsoft Security Compliance Management Toolkit for Internet Explorer 8, Version 1.0: "Internet Explorer 8 Security Baseline.xml" CCE-17742-8FThe rsyslog package should be installed or uninstalled as appropriate.0Section: 2.6.1.2.1 - Install the rsyslog Package CCE-17698-2AThe rsyslog service should be enabled or disabled as appropriate.<Section: 2.6.1.2.2 - Ensure the rsyslog Service is Activated CCE-18095-0CFile permissions for all rsyslog log files should be set correctly.DSection: 2.6.1.2.4 - Confirm Existence and Permissions of Log Files CCE-18240-2?All rsyslog log files should be owned by the appropriate group. CCE-17857-4>All rsyslog log files should be owned by the appropriate user. CCE-17248-6FRsyslog logs should be sent to a remote loghost or not as appropriate.via /etc/rsyslog.confHSection: 2.6.1.2.5 - Send Logs to a Remote Host Using Reliable Transport CCE-17639-6<Rsyslog should accept remote messages or not as appropri< ate.OSection: 2.6.1.2.6 - Enable rsyslog to Accept Remote Messages on Loghosts Only CCE-18031-5JThe ipsec-tools package should be installed or uninstalled as appropriate.3Section: 2.5.8.1.2 - Remove the ipsec-tools Package CCE-17250-2IThe pam_ccreds package should be installed or uninstalled as appropriate.0Section: 2.3.3.7 - Remove the pam_ccreds Package CCE-18151-1JThe talk-server package should be installed or uninstalled as appropriate.1Section: 3.2.6.1 - Remove the talk-server Package CCE-18200-6CThe talk package should be installed or uninstalled as appropriate.*Section: 3.2.6.2 - Remove the talk Package CCE-18244-4>The irda service should be enabled or disabled as appropriate.8Section: 3.3.16.1 - Disable the irda Service if Possible CCE-17504-2IThe irda-utils package should be installed or uninstalled as appropriate.=Section: 3.3.16.2 - Remove the irda-utils Package if Possible CCE-18037-2@The firewall should allow or reject access to the avahi service.BSection: 3.7.1.2 - Remove Avahi Server iptables Firewall Exception CCE-18156-0DThe rawdevices service should be enabled or disabled as appropriate..Section: 3.3.17.1 - Disable rawdevices Service CCE-17816-0RThe libuser library "login_defs" variable should be set correctly in libuser.conf.path to login.defsvia /etc/libuser.conf BSection: 2.3.1.7.1 - Ensure Libuser Uses Settings from login.defsLast modified: 2011-10-07Version: 5.201110074The 'Games' features should be configured correctly.r(1) Control Panel\Programs and Features\Turn Windows features on or off\Games (2) %Program Files%\Microsoft GamesgamesLThe 'Internet Information Services' features should be configured correctly.(1) Control Panel\Programs and Features\Turn Windows features on or off\Internet Information Services (2) HKLM\SYSTEM\CurrentControlSet\Services\W3Svc\DisplayNameInternet_Information_ServicesAThe 'SimpleTCP Services' features should be configured correctly.(1) Control Panel\Programs and Features\Turn Windows features on or off\SimpleTCP Services (2) HKLM\SYSTEM\CurrentControlSet\Services\simptcp\DisplayNameSimple_TCPIP_Services<The 'Telnet Client' features should be configured correctly.w(1) Control Panel\Programs and Features\Turn Windows features on or off\Telnet Client (2) %windir%\system32\telnet.exe Telnet_Client<The 'Telnet Server' features should be configured correctly.(1) Control Panel\Programs and Features\Turn Windows features on or off\Telnet Server (2) HKLM\SYSTEM\CurrentControlSet\Services\tlntsvr Telnet_Server:The 'TFTP Client' features should be configured correctly.s(1) Control Panel\Programs and Features\Turn Windows features on or off\TFTP Client (2) %windir%\system32\tftp.exe TFTP_ClientCThe 'Windows Media Center' features should be configured correctly.|(1) Control Panel\Programs and Features\Turn Windows features on or off\Windows Media Center (2) %windir%\ehome\ehshell.exeWindows_Media_CenterLast modfied: 2011-10-07dBEA WebLogic Server 10.0 Domain Configuration Schema Reference, See element complete-message-timeoutOracle Fusion Middleware Programming JTA for Oracle WebLogic Server 11g Release 1 (10.3.1), link down to 3.3.2.3, "Configuring Security Interoperability Mode"XBEA WebLogic Server Domain Configuration Schema Reference, See element lockout-threshold]BEA WebLogic Server Domain Configuration Schema Reference, See element lockout-reset-durationXEnable or disable the "SSL Enabled" setting for the appropriate LDAP Server connections.?Set the "Host Name Verification" appropriately on all servers.7(1) Custom Hostname Verifier/BEA Hostname Verifier/None(1) via the Administration Console, Environment > Servers > Server Name > Configuration > SSL > Advanced > Host Name Verification setting`BEA WebLogic Server 10.0 Domain Configuration Schema Reference, See element archive-config-count[BEA WebLogic Server 10.0 Security Schema Reference, See element administration-port-enabled;Set the appropriate "SSL Listen Port" value on each server.r(1) via the Administration Console, Domain Structure > Environment > Servers > Server Name > SSL Listen Port fieldOracle Fusion Middleware Release Notes 11g Release 1 (11.1.1); See Web Applications Issues and Workarounds http://download.oracle.com/docs/cd/E12839_01/doc.1111/e14770/weblogic_server_issues.htm#BCFCJGIF>link down to 4.6, "Configuring the WebLogic Auditing Provider"^BEA WebLogic Server 10.0 Security Schema Reference, See element anonymous-admin-lookup-enabled^BEA WebLogic Server 10.0 Security Schema Reference, See element web-app-files-case-insensitiveOracle Fusion Middleware Configuring Server Environments for Oracle WebLogic Server 11g Release 1 (10.3.3), link down to 4.2.3.2, "Administration Port and Administrative Channel"MEnable or disable the "SSL Rejection Logging Enabled" setting on all servers.(1) via the Administration Console, Environment > Servers > Server Name > Configuration > SSL > Advanced > SSL Rejection Logging Enabled attribute"link down to 12, "Configuring SSL"<Set the "Export Key Lifespan" as appropriate on each Server.(1) via the Administration Console, Environment > Servers > Server Name > Configuration > SSL > Advanced > Export Key Lifespan attributeZBEA WebLogic Server 9.0 Domain Configuration Schema Reference, element export-key-lifespanOracle Fusion Middleware Developing Web Applications, Servlets, and JSPs for Oracle WebLogic Server 11g Release 1 (10.3.1), link down to B.13.13, "client-cert-proxy-enabled"A(1) AllWebApplicationsAndEJBs/WebApplicationsAndEJBsProtectedInDDOracle Fusion Middleware Securing Resources Using Roles and Policies for Oracle WebLogic Server 11g Release 1 (10.3.5), See 4 Options for Securing Web Application and EJB Resources@(1) IgnoreRolesAndPoliciesFromDD/InitializeRoleAndPoliciesFromDD}Oracle eDocs > Securing WebLogic Resources Using Roles and Policies > Options for Securing Web Application and EJB ResourcesSSet the EditMBeanServerEnabled attribute appropriately on the Administration Server(1) True/False(1) via the Administration Console, Environment > Servers > Administration Server > Configuration then via WLST or via the Management APIsThe WebLogic Server Mbean Reference: JMXM Bean - EditMBeanServerEnabled http://download.oracle.com/docs/cd/E12840_01/wls/docs103/wlsmbeanref/core/index.htmlhOracle Fusion Middleware Securing Oracle WebLogic Server 11g Release 1 (10.3.5), See 12 Configuring SSL@The WebLogic Server Mbean Reference: EmbeddedLDAPMBean - TimeoutOracle Fusion Middleware Administrator's Guide for Oracle Internet Directory 11g Release 1 (11.1.1); See Introduction to Anonymous Binds 01http://download.oracle.com/docs/cd/E12839_01/oid.1111/e10029/authentication.htm#OIDAG2564Oracle BEA Administration Console Online Help; http://download.oracle.com/docs/cd/E13222_01/wls/docs81/ConsoleHelp/domain_server_protocols_http.html Oracle Fusion Middleware Administrator's Guide for Oracle HTTP Server 11g Release 1 (11.1.1); See Introduction to Oracle HTTP Server; http://download.oracle.com/docs/cd/E12839_01/web.1111/e10144/intro_ohs.htm#HSADM101 bBEA WebLogic Server 10.0 Domain Configuration Schema Reference, See element https-keep-alive-secs b BEA WebLogic Server 10.0 Domain Configuration Schema Reference, See element max-http-message-size. link down to 13.3, "Using Connection Filters"Oracle Fusion Middleware Securing Oracle WebLogic Server 11g Release 1 (10.3.5), See 13 Configuring Security for a WebLogic Domain3Set the "Keystore" file permissions as appropriate.yOracle Fusion Middleware Securing Oracle WebLogic Server 11g Release 1 (10.3.1), See "11 Configuring Identity and Trust"1link down to 11, "Configuring Identity and Trust"Oracle Fusion Middleware Installation Guide for Oracle WebLogic Server 11g Release 1 (10.3.1) -- See Choosing a Product Installation Directory; http://download.oracle.com/docs/cd/E12839_01/doc.1111/e14142/prepare.htm#WLSIG112Oracle Fusion Middleware Administrator's Guide 11g Release 1 (11.1.1), See "2 Understanding Oracle Fusion Middleware Concepts," "< 2.2 What Is an Oracle WebLogic Server Domain"o(1) via the Administration Console, Domain > Configuration > Web Applications > Client Cert Proxy Enabled FieldOracle Fusion Middleware Developing Web Applications, Servlets, and JSPs for Oracle WebLogic Server 11g Release 1 (10.3.1), See "B weblogic.xml Deployment Descriptor Elements," then "client-cert-proxy-enabled"i(1) via the Administration Console, Domain > Configuration > Web Applications > Auth Cookie Enabled Field[BEA WebLogic Server 10.0 Domain Configuration Schema Reference, element auth-cookie-enabledb(1) via the Administration Console, Domain > Configuration > Web Applications > Post Timeout FieldYBEA WebLogic Server 10.0 Domain Configuration Schema Reference, element post-timeout-secs (1) via WLSTwOracle Fusion Middleware Securing a Production Environment for Oracle WebLogic Server 11g Release 1 (10.3.1) E13705-01Oracle Fusion Middleware Installation Guide for Oracle Identity Management 11g Release 1 (11.1.1) -- Installing Oracle WebLogic Server and Creating the Oracle Middleware Home http://download.oracle.com/docs/cd/E12839_01/install.1111/e12002/before.htm#INOIM957 CCE-17895-4XSet the "Complete Message Timeout" appropriately for each custom channel on each server.(1) via the Administration console, Environment > Servers > Server Domain > Server name > Protocols > Channels > General > Complete Message Timeout fieldOracle Fusion Middleware Performance and Tuning for Oracle WebLogic Server 11g Release 1 (10.3.4), See  7 Tuning WebLogic Server, Reducing the Potential for Denial of Service Attacks, Tuning Complete Message Timeout" CCE-17410-2WSet the "Idle Connection Timeout" appropriately for each custom channel on each server.(1) via the Administration console, Environment > Servers > Server Domain > Server name > Protocols > Channels > General > Idle Connection Timeout fielddBEA WebLogic Server 10.0 Domain Configuration Schema Reference. See: element idle-connection-timeout CCE-17239-5TSet the "Maximum Message Size" appropriately for each custom channel on each server.(1) number of bytes(1) via the Administration console, Environment > Servers > Server Domain > Server name > Protocols > Channels > General > Maximum Message Size fieldOracle Fusion Middleware Performance and Tuning for Oracle WebLogic Server 11g Release 1 (10.3.4), See "14 Tuning WebLogic JMS," then "Setting Maximum Message Size for Network Protocols CCE-17401-12Set the Node Manager Listen Address appropriately.!(1) IP address/hostname of server(1) via the Administration Console, Environment > Machines > the machine hosting the WebLogic Admin Server > Configuration > Node Manager > Listen Address settingOracle Fusion Middleware Node Manager Administrator's Guide for Oracle WebLogic Server 11g Release 1 (10.3.1), See  4 Configuring Java Node Manager, then Reviewing nodemanager.properties, Table 4-1 Node Manager Properties CCE-17237-9*Set the Node Manager "Type" appropriately.(1) SSH/SSL/RSH/Plain(1) via the Administration Console, Environment > Machines > the machine hosting the WebLogic Admin Server > Configuration > Node Manager > Type settingOracle Fusion Middleware Node Manager Administrator's Guide for Oracle WebLogic Server 11g Release 1 (10.3.1), See  4 Configuring Java Node Manager, then Configuring Java-based Node Manager Security CCE-18211-34Set the "Policy Selection Preference" appropriately.(1) Security then Compatibility then Performance/Security then Performance then Compatibility/Compatibility then Security then Performance/Compatibility then Performance then Security/Performance then Compatibility then Security/Performance then Security then Compatibility(1) via the Administration Console, domain name > Web Service Security > Web Service Security Configuration name > General > Policy Selection Preference settingOracle Fusion Middleware Securing WebLogic Web Services for Oracle WebLogic Server 11g Release 1 (10.3.1), See  2 Configuring Message-Level Security, Smart Policy Selection, Configuring Smart Policy Selection CCE-17780-8LSet the "Maximum Open Sockets" setting appropriately on all Managed Servers.(1) via the Administration Console, Domain > Environment > Servers > Server Name > Configuration > Tuning > Maximum Open Sockets Field CCE-18146-1MSet the "Enforce Constraints" setting on digital certificates as appropriate.(1) strict/strong/true/off(1) via the Administration Console, Environment > Servers > Server Name > Configuration > Server Start > Arguments (2) via Startup Script CCE-17246-0DSet the "Keystores" field accordingly for each server in the domain.(1) Custom Identity and Command Line Trust/Custom Identity and Custom Trust/Custom Identity and Java Standard Trust/Demo Identity and Demo Trust(1) via the Administration Console, Environment > Servers > Server Name > Configuration > Keystores > Demo Identity and Demo Trust attributeXOverview of Security Management, (p7, refers to Chapter 11 Configure Identity and Trust) CCE-18013-3SEnable or disable the "HTTP Access Log File" setting as appropriate on each server.(1) via the Administration Console, Domain Structure > Environment > Servers > Server Name >Logging > HTTP > HTTP Access Log File Enabled checkboxOracle Fusion Middleware Configuring Server Environments for Oracle WebLogic Server 11g Release 1 (10.3.1), See "5 Configuring Web Server Functionality ," then "Setting Up HTTP Access Logs" CCE-17907-7(1) custom verifier name(1) via the Administration Console, Domain Structure > Environment > Servers > Server Name > Configuration > SSL > Advanced > Custom Hostname Verification fieldOracle Fusion Middleware Programming Security for Oracle WebLogic Server 11g Release 1 (10.3.1), See "4 Using SSL Authentication in Java Clients," then "Using a Custom Hostname Verifier" CCE-18953-0ASet the "SSL port enabled" setting appropriately for each server.(1) via the Administration Console, Environment > Servers > Administration Server > SSL Listen Port Enabled attribute and SSL Listen Port field CCE-18365-7<Set the "Listen Port Enabled" as appropriate on each server.y(1) via the Administration Console, Domain Structure > Environment > Servers > Server Name > Listen Port enabled checkbox$USGCB XCCDF (USGCB-Windows-XP-xccdf)"USGCB OVAL (USGCB-Windows-XP-oval) CCE-18167-7q(1) Control Panel\Add or Remove Programs\Add/Remove Windows Components\Games (2) %Program Files%\Microsoft Games oval:gov.nist.usgcb.xp:def:20000 CCE-18870-6(1) Control Panel\Add or Remove Programs\Add/Remove Windows Components\Internet Information Services (2) HKLM\SYSTEM\CurrentControlSet\Services\W3Svc\DisplayName oval:gov.nist.usgcb.xp:def:20001 CCE-18307-9(1) Control Panel\Add or Remove Programs\Add/Remove Windows Components\SimpleTCP Services (2) HKLM\SYSTEM\CurrentControlSet\Services\simptcp\DisplayName oval:gov.nist.usgcb.xp:def:20002 CCE-18959-7{(1) Control Panel\Add or Remove Programs\Add/Remove Windows Components\Windows Media Center (2) %windir%\ehome\ehshell.exe oval:gov.nist.usgcb.xp:def:20006 CCE-18412-7`User accounts may or may not be inactivated a specified number of days after account expiration.via /etc/default/useraddSection: 2.3.1.9, Value: 30 CCE-18455-6< >The IPv6 protocol should be enabled or disabed as appropriate.via modprobe.confSection: 2.5.3.1.3, Value: 1'USGCB XCCDF (USGCB-Windows-Vista-xccdf)%USGCB OVAL (USGCB-Windows-Vista-oval) CCE-18588-4IThe 'Audit Credential Validation' setting should be configured correctly./No auditing/Success/Failure/Success and Failure(1) Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Account Logon\Audit Credential ValidationAudit_Credential_Validation#oval:gov.nist.usgcb.vista:def:20037 CCE-18891-2#oval:gov.nist.usgcb.vista:def:20000 CCE-18279-0#oval:gov.nist.usgcb.vista:def:20001 CCE-18624-7#oval:gov.nist.usgcb.vista:def:20002 CCE-18129-7#oval:gov.nist.usgcb.vista:def:20003 CCE-18284-0#oval:gov.nist.usgcb.vista:def:20004 CCE-18700-5#oval:gov.nist.usgcb.vista:def:20005 CCE-18689-0#oval:gov.nist.usgcb.vista:def:20006 CCE-1114-88Set the "Custom Hostname Verifier" field as appropriate. CCE-10575-9 CCE-10689-8 CCE-11051-0 CCE-10222-8 CCE-10808-4 CCE-10209-5 CCE-10707-8 CCE-10213-7 CCE-10848-0 CCE-11068-4 CCE-10826-6 CCE-10803-5 CCE-10971-0 CCE-9932-5 CCE-10601-3 CCE-10060-2 CCE-10923-1 CCE-10716-9 CCE-9972-1 CCE-10086-7 CCE-10232-7 CCE-10862-1 CCE-10849-8 CCE-10853-0 CCE-10858-9 CCE-10880-3 CCE-10369-7 CCE-10122-0 CCE-10897-7 CCE-9937-4 CCE-10770-6 CCE-10792-0 CCE-10796-1 CCE-10911-6 CCE-10915-7 CCE-10733-4 CCE-10596-5 CCE-10226-9 CCE-10750-8 CCE-10878-7 CCE-10618-7 CCE-10785-4 CCE-10274-9 CCE-9946-5 CCE-10548-6 CCE-9961-4 CCE-10202-0 CCE-10955-3 CCE-10549-4 CCE-10845-6 CCE-10726-8 CCE-10567-6 CCE-10659-1 CCE-9984-6 CCE-10458-8 CCE-10193-1 CCE-10969-4 CCE-10599-9 CCE-10805-0 CCE-10439-8 CCE-10932-2 CCE-10954-6 CCE-10571-8 CCE-9989-5 CCE-9992-9 CCE-10976-9 CCE-10747-4 CCE-10487-7 CCE-10619-5 CCE-10112-1 CCE-10742-5 CCE-10139-4 CCE-10896-9 CCE-10883-7 CCE-10637-7 CCE-9999-4 CCE-10780-5 CCE-10912-4 CCE-10683-1 CCE-10423-2None/Require signing CCE-10802-7 enabled/disabled CCE-10871-2 CCE-10875-3 CCE-10009-9 CCE-10775-5 CCE-10903-3 CCE-10541-1 CCE-10158-4 CCE-10788-8 CCE-10810-0 CCE-10673-2 CCE-10010-7 CCE-10926-4 CCE-10930-6 CCE-10705-2 CCE-10833-2 CCE-10573-4 CCE-10970-2 CCE-10974-4 CCE-10838-1 CCE-10362-2 CCE-10992-6 CCE-10978-5 CCE-10983-5 CCE-10617-9 CCE-10745-8 CCE-10732-6 CCE-10888-6 CCE-10518-9 CCE-10751-6 CCE-10381-2 CCE-10018-0 CCE-10653-4 CCE-10781-3 CCE-10768-0 CCE-10772-2 CCE-10799-5 DEPRECATED CCE-10019-8 CCE-10936-3Source http://blogs.technet.com/b/netro/archive/2010/08/30/tcp-ip-stack-hardening-in-operating-systems-starting-with-windows-vista.aspx CCE-10941-3 CCE-10804-3 CCE-11011-4 CCE-10024-8 CCE-10027-1 CCE-10557-7 CCE-10292-1 CCE-10297-0 CCE-10944-7 CCE-10949-6 CCE-10935-5 CCE-10940-5 CCE-10821-7 CCE-10825-8 CCE-10812-6 CCE-10817-5 CCE-10839-9 CCE-10843-1 CCE-10830-8 CCE-10588-2 CCE-10984-3 CCE-10614-6 CCE-10035-4LDEPRECATED in favor of CCE-18889-6, CCE-18983-7, CCE-18973-8 and CCE-18808-6  CCE-18889-6 CCE-18983-7 CCE-18973-8 CCE-18808-6 CCE-10040-4MDEPRECATED In favor of CCE-18949-8, CCE-18927-4, CCE-18664-3 and CCE-18944-9   CCE-18949-8 CCE-18927-4 CCE-18664-3 CCE-18944-9 CCE-10640-1 CCE-10045-3 CCE-10053-7 CCE-10057-8 CCE-10087-5 CCE-10229-3 CCE-10859-7 CCE-10370-5 CCE-10643-5 CCE-10419-0 CCE-11049-4 CCE-11035-3 CCE-10789-6 CCE-10986-8 CCE-11010-6 CCE-10913-2 CCE-10900-9 CCE-11028-8 CCE-10534-6 CCE-11023-9 CCE-10807-6 CCE-10794-6 CCE-10922-3 CCE-10570-0 CCE-10684-9 CCE-10109-7 CCE-10865-4 CCE-10482-8 CCE-10997-5 CCE-10113-9 CCE-11019-7 CCE-11041-1 CCE-10798-7 CCE-11036-1 CCE-11103-9 CCE-10857-1 CCE-10123-8 CCE-10631-0 CCE-10127-9 CCE-10131-1 CCE-10921-5 CCE-11050-2 CCE-10171-7 CCE-10481-0 CCE-11120-3 CCE-10873-8 CCE-10188-1 CCE-10529-6 CCE-10738-3(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Account Logon\Audit Credential Validation CCE-10192-3 CCE-11079-1(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Account Logon\Audit Kerberos Authentication Service CCE-10233-5 CCE-10196-4(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Account Logon\Audit Kerberos Service Ticket Operations CCE-10237-6 CCE-10755-7(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Account Logon\Audit Other Account Logon Events CCE-10445-5 CCE-10746-6(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Account Management\Audit Application Group Management CCE-10752-4 CCE-10860-5(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Account Management\Audit Computer Account Management CCE-10523-9 CCE-10240-0(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Account Management\Audit Distribution Group Management CCE-10201-2 CCE-11001-5(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Account Management\Audit Other Account Management CCE-11018-9 CCE-10917-3(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Account Management\Audit Security Group Management CCE-10741-7 CCE-10203-8(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Account Management\Audit User Account Management CCE-10247-5 CCE-11193-0(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Detailed Trackingt\Audit DPAPI Activity CCE-10761-5 CCE-10514-8(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Detailed Trackingt\Audit Process Creation CCE-11069-2 CCE-11038-7(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Detailed Trackingt\Audit Process Termination CCE-11184-9 CCE-11061-9(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Detailed Trackingt\Audit RPC Events CCE-11025-4 CCE-11074-2(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\DS Access\Audit Detailed Directory Service Replication CCE-11056-9 CCE-10668-2(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\DS Access\Audit Directory Service Access CCE-10686-4 CCE-11065-0(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\DS Access\Audit Directory Service Changes CCE-10800-1 CCE-11087-4(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\< Advanced Audit Policy Configuration\System Audit Policies\DS Access\Audit Directory Service Replication CCE-10206-1 CCE-10834-0(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Logon/Logoff\Audit Account Lockout CCE-10704-5 CCE-10961-1(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Logon/Logoff\Audit IPsec Extended Mode CCE-11224-3 CCE-10995-9(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Logon/Logoff\Audit IPsec Main Mode CCE-10948-8 CCE-10999-1(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Logon/Logoff\Audit IPsec Quick Mode CCE-10706-0 CCE-11102-1(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Logon/Logoff\Audit Logoff CCE-11113-8 CCE-11060-1(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Logon/Logoff\Audit Logon CCE-11107-0 CCE-10847-2(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Logon/Logoff\Audit Network Policy Server CCE-11064-3 CCE-10869-6(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Logon/Logoff\Audit Other Logon/Logoff Events CCE-11179-9 CCE-11078-3(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Logon/Logoff\Audit Special Logon CCE-10737-5 CCE-11197-1(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Object Access\Audit Application Generated CCE-11111-2 CCE-10216-0(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Object Access\Audit Certification Services CCE-10950-4 CCE-11100-5 CCE-10391-1 CCE-11021-3(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Object Access\Audit File Share CCE-10589-0 CCE-10263-2(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Object Access\Audit File System CCE-10967-8 CCE-10743-3(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Object Access\Audit Filtering Platform Connection CCE-10285-5 CCE-11148-4(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Object Access\Audit Filtering Platform Packet Drop CCE-10677-3 CCE-10959-5(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Object Access\Audit Handle Manipulation CCE-10902-5 CCE-10851-4(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Object Access\Audit Kernel Object CCE-10220-2 CCE-11170-8(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Object Access\Audit Other Object Access Events CCE-10979-3 CCE-10988-4(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Object Access\Audit Registry CCE-10224-4 CCE-10728-4(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Object Access\Audit SAM CCE-10491-9 CCE-10385-3(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Policy Change\Audit Audit Policy Change CCE-10119-6 CCE-10874-6(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Policy Changes\Audit Authentication Policy Change CCE-11160-9 CCE-10132-9(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Policy Change\Audit Authorization Policy Change CCE-10790-4 CCE-11006-4(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Policy Change\Audit Filtering Platform Policy Change CCE-10526-2 CCE-10530-4(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Policy Change\Audit MPSSVC Rule-Level Policy Change CCE-10189-9 CCE-11032-0(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Policy Changes\Audit Other Policy Change Events CCE-10680-7 CCE-11187-2(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Privilege Use\Audit Audit Non Sensitive Privilege Use CCE-11173-2 CCE-10197-2 CCE-10593-2 CCE-10400-0(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Privilege Use\Audit Audit Sensitive Privilege Use CCE-11003-1 CCE-10214-5(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\System\Audit IPsec Driver CCE-10390-3 CCE-11116-1(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\System\Audit Other System Events CCE-10879-5 CCE-10892-8(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\System\Audit Security State Change CCE-11007-2 CCE-11029-6(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\System\Audit Security System Extension CCE-11169-0 CCE-10884-5(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\System\Audit System Integrity CCE-11034-6 CCE-11153-4(1) Commandline: auditpol.exe (2) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Global Object Access Auditing\File System CCE-10818-3xAuditing of 'Global Object Access Auditing:File System' events on failure should be enabled or disabled as appropriate. CCE-11042-9uAuditing of 'Global Object Access Auditing:Registry' events on failure should be enabled or disabled as appropriate.(1) Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Global Object Access Auditing\Registry< CCE-10822-5uAuditing of 'Global Object Access Auditing:Registry' events on success should be enabled or disabled as appropriate. CCE-10809-2 CCE-10562-7 CCE-10760-7 CCE-10372-1 CCE-10901-7 CCE-10905-8 CCE-10399-4 CCE-11046-0 CCE-11059-3.(1) Computer Configuration\Administrative Templates\System\Group Policy (2) HKLM\Software\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}\NoBackgroundPolicy (3) HKLM\Software\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}\NoGPOListChanges(1) Computer Configuration\Administrative Templates\System\Internet Communication Settings (2) HKLM\Software\Policies\Microsoft\Windows NT\Printers\DisableWebPnPDownload(1) Computer Configuration\Administrative Templates\System\Internet Communication Settings (2) HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoWebServices(1) Computer Configuration\Administrative Templates\System\Internet Communication Settings (2) HKLM\Software\Policies\Microsoft\Windows NT\Printers\DisableHTTPPrinting(1) Computer Configuration\Administrative Templates\System\Internet Communication Settings (2) HKLM\Software\Policies\Microsoft\SearchCompanion\DisableContentFileUpdates(1) Computer Configuration\Administrative Templates\System\Internet Communication Settings (2) HKLM\Software\Policies\Microsoft\Messenger\Client\CEIP(1) Computer Configuration\Administrative Templates\System\Internet Communication Settings (2) HKLM\Software\Policies\Microsoft\Windows\DriverSearching\DontSearchWindowsUpdateUThe Windows XP 'Games' component should be installed or not installed as appropriate. CCE-18099-2KDEPRECATED. [Was: "The 'Configure Windows NTP Client' setting should be configured correctly." The enabled/disabled/not configured status of this GPO (see CCE Technical Mechanisms) does not itself affect the configuration of aspects of the Windows NTP Client; it only controls whether Group Policy is used to set those options.]  Not configured\Enabled \Disabled{(1) Computer Configuration\Administrative Templates\System\Windows Time Service\Time Providers\Configure Windows NTP Clientconfigure_windows_ntp_client!oval:gov.nist.usgcb.xp:def:100215 CCE-18173-5\The 'Configure Windows NTP Client\CrossSiteSyncFlags' option should be configured correctly.8None (0) / Primary Domain Controllers only (1) / All (2)(1) HKLM\Software\Policies\Microsoft\W32time\TimeProviders\NtpClient\CrossSiteSyncFlags (2) Computer Configuration\Administrative Templates\System\Windows Time Service\Time Providers\Configure Windows NTP Client\CrossSiteSyncFlags CCE-18559-5WThe 'Configure Windows NTP Client\EventLogFlags' option should be configured correctly.wNo events (0) / Time jump events (1) / Time source change events (2) / Both time jump and time source change events (3)(1) HKLM\Software\Policies\Microsoft\W32time\TimeProviders\NtpClient\EventLogFlags (2) Computer Configuration\Administrative Templates\System\Windows Time Service\Time Providers\Configure Windows NTP Client\EventLogFlags CCE-18149-5SThe 'Configure Windows NTP Client\NtpServer' option should be configured correctly.,DNS name or IP address of an NTP time source(1) HKLM\Software\Policies\Microsoft\W32time\Parameters\NtpServer (2) Computer Configuration\Administrative Templates\System\Windows Time Service\Time Providers\Configure Windows NTP Client\NtpServer CCE-18962-1dThe 'Configure Windows NTP Client\ResolvePeerBackoffMaxTimes' option should be configured correctly.maximum number of DNS resolution attempts by W32time, with the delay period doubling between each attempt, before the resolution process is restarted (0 to 9999)(1) HKLM\Software\Policies\Microsoft\W32time\TimeProviders\NtpClient\ResolvePeerBackoffMaxTimes (2) Computer Configuration\Administrative Templates\System\Windows Time Service\Time Providers\Configure Windows NTP Client\ResolvePeerBackoffMaxTimes CCE-18306-1cThe 'Configure Windows NTP Client\ResolvePeerBackoffMinutes' option should be configured correctly.&number of minutes (between 0 and 9999)(1) HKLM\Software\Policies\Microsoft\W32time\TimeProviders\NtpClient\ResolvePeerBackoffMinutes (2) Computer Configuration\Administrative Templates\System\Windows Time Service\Time Providers\Configure Windows NTP Client\ResolvePeerBackoffMinutes CCE-18692-4]The 'Configure Windows NTP Client\SpecialPollInterval' option should be configured correctly.,number of seconds (between 0 and 4294967295)(1) HKLM\Software\Policies\Microsoft\W32time\TimeProviders\NtpClient\SpecialPollInterval (2) Computer Configuration\Administrative Templates\System\Windows Time Service\Time Providers\Configure Windows NTP Client\SpecialPollInterval CCE-18634-6NThe 'Configure Windows NTP Client\Type' option should be configured correctly.NoSync\NTP\NT5DS\AllSync(1) HKLM\Software\Policies\Microsoft\W32time\Parameters\Type (2) Computer Configuration\Administrative Templates\System\Windows Time Service\Time Providers\Configure Windows NTP Client\Type CCE-18782-3eThe 'Allow users to connect remotely using Terminal Services' setting should be configured correctly. (1) HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\fDenyTSConnections (2) Computer Configuration\Administrative Templates\Windows Components\Terminal Services Services\Terminal Servicer\Connections\Allow users to connect remotely using Terminal Services=allow_users_to_connect_remotely_using_remote_desktop_services oval:gov.nist.usgcb.xp:def:20020|The 'Core Networking - Dynamic Host Configuration Protocol (DHCP-In)' Windows Firewall rule should be configured correctly. (1) Enabled\Not Enabled (2) Allow the connection\Allow the connection if it is secure(Allow the connection if it is authenticated and integrity-protected\Require the connection to be encrypted\Allow the computers to dynamically negotiate encryption\Allow the connection to use null encapsulation\Override block rules)\Block the connection (3) List of authorized computers (4) List of computer exceptions (5) List of local IP address that limit the scope (6) List of remote IP address that limit the scope (7) Profiles: Domain\Private\Public (8) All interface types\These interface types (Local area network/Remote access\Wireless) (9) Block edge traversal\Allow edge traversal\Defer to user\Defer to application (10) List of authorized users (11) List of user exceptions&domain_profile_Core_Networking_DHCP_In CCE-18320-2(1) HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\FirewallRules\CoreNet-DHCP-In!v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|LPort=68|RPort=67|App=%SystemRoot%\system32\svchost.exe|Svc=dhcp|Name=@FirewallAPI.dll,-25301|Desc=@FirewallAPI.dll,-25303|EmbedCtxt=@FirewallAPI.dll,-25000| (2) Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Inbound Rules\Core Networking - Dynamic Host Configuration Protocol (DHCP-In)+oval:gov.nist.USGCB.vistafirewall:def:20940 CCE-18987-8CThe 'Turn off game updates' setting should be configured correctly.(1) HKLM\Software\Policies\Microsoft\Windows\GameUX!GameUpdateOptions (2) Computer Configuration\Administrative Templates\Windows Components\Game Explorer\Turn off game updatesturn_off_game_updates+oval:gov.nist.usgcb.windowsvista:def:100010 CCE-18388-9FThe 'Enable/Disable PerfTrack' setting should be configured correctly.(1) HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{9c5a40da-b965-4fc3-8781-88dd50a6299d}!ScenarioExecutionEnabled (2) Computer Configuration\Administrative Templates\System\Troubleshooting and Diagnostics\Windows Performance PerfTrack\Enable/Disable PerfTrackenable_disable_perftrack+oval:gov.nist.usgcb.windowsvista:def:100066 CCE-18220-4$oval:gov.nist.usgcb.vista:def:100215 CCE-18356-6(1) HKLM\Software\Policies\Microsoft\W32time\TimeProviders\NtpClient!CrossSiteSyncFlags (2) Computer Configuration\Administrative Templates\System\Windows Time Service\Time Providers\Configure Windows NTP Client\CrossSiteSyncFlags CCE-18589-2< (1) HKLM\Software\Policies\Microsoft\W32time\TimeProviders\NtpClient!EventLogFlags (2) Computer Configuration\Administrative Templates\System\Windows Time Service\Time Providers\Configure Windows NTP Client\EventLogFlags CCE-18626-2(1) HKLM\Software\Policies\Microsoft\W32time\Parameters!NtpServer (2) Computer Configuration\Administrative Templates\System\Windows Time Service\Time Providers\Configure Windows NTP Client\NtpServer CCE-18386-3(1) HKLM\Software\Policies\Microsoft\W32time\TimeProviders\NtpClient!ResolvePeerBackoffMaxTimes (2) Computer Configuration\Administrative Templates\System\Windows Time Service\Time Providers\Configure Windows NTP Client\ResolvePeerBackoffMaxTimes CCE-18324-4(1) HKLM\Software\Policies\Microsoft\W32time\TimeProviders\NtpClient!ResolvePeerBackoffMinutes (2) Computer Configuration\Administrative Templates\System\Windows Time Service\Time Providers\Configure Windows NTP Client\ResolvePeerBackoffMinutes CCE-18594-2(1) HKLM\Software\Policies\Microsoft\W32time\TimeProviders\NtpClient!SpecialPollInterval (2) Computer Configuration\Administrative Templates\System\Windows Time Service\Time Providers\Configure Windows NTP Client\SpecialPollInterval CCE-18115-6(1) HKLM\Software\Policies\Microsoft\W32time\Parameters!Type (2) Computer Configuration\Administrative Templates\System\Windows Time Service\Time Providers\Configure Windows NTP Client\Type CCE-18938-1_The 'Specify the System Hibernate Timeout (On Battery)' setting should be configured correctly.,number of seconds seconds (0 to 4294967295) (1) HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Power\PowerSettings\9D7815A6-7EE4-497E-8888-515A05F02364\DCSettingIndex!3600 (2) Computer Configuration\Administrative Templates\System\Power Management\Sleep Settings\Specify the System Hibernate Timeout (On Battery)/Specify_the_System_Hibernate_Timeout_On_Battery#oval:gov.nist.usgcb.vista:def:20020 CCE-18358-2_The 'Specify the System Hibernate Timeout (Plugged In)' setting should be configured correctly. (1) HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Power\PowerSettings\9D7815A6-7EE4-497E-8888-515A05F02364\ACSettingIndex!3600 (2) Computer Configuration\Administrative Templates\System\Power Management\Sleep Settings\Specify the System Hibernate Timeout (Plugged In)/Specify_the_System_Hibernate_Timeout_Plugged_in#oval:gov.nist.usgcb.vista:def:20021 CCE-18686-6OThe 'Turn off the Display (On Battery)' setting should be configured correctly. (1) HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Power\PowerSettings\3C0BC021-C8A8-4E07-A973-6B14CBCB2B7E\DCSettingIndex!1200 (2) Computer Configuration\Administrative Templates\System\Power Management\Video and Display Settings\Turn off the Display (On Battery)Turn_off_the_Display_On_Battery#oval:gov.nist.usgcb.vista:def:20022 CCE-18303-8OThe 'Turn off the Display (Plugged In)' setting should be configured correctly. (1) HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Power\PowerSettings\3C0BC021-C8A8-4E07-A973-6B14CBCB2B7E\ACSettingIndex!1200 (2) Computer Configuration\Administrative Templates\System\Power Management\Video and Display Settings\Turn off the Display (Plugged In)Turn_off_the_Display_Plugged_In#oval:gov.nist.usgcb.vista:def:20023 CCE-18881-3hThe 'Extend Point and Print connection to search Windows Update' setting should be configured correctly.(1) HKLM\Software\Policies\Microsoft\Windows NT\Printers!DoNotInstallCompatibleDriverFromWindowsUpdate (2) Computer Configuration\Administrative Templates\Printers\Extend Point and Print connection to search Windows Updateaextend_point_and_print_connection_to_search_windows_update_and_use_alternate_connection_if_needed+oval:gov.nist.usgcb.windowsvista:def:100035 CCE-18715-3 (1) HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fDenyTSConnections (2) Computer Configuration\Administrative Templates\Windows Components\Terminal Services Services\Terminal Servicer\Connections\Allow users to connect remotely using Terminal Services CCE-18414-3QThe 'Do not delete temp folder upon exit' setting should be configured correctly.(1) HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!DeleteTempDirsOnExit (2) Computer Configuration\Administrative Templates\Windows Components\Terminal Services Services\Terminal Servicer\Connections\Do not delete temp folder upon exit$do_not_delete_temp_folders_upon_exit$oval:gov.nist.usgcb.vista:def:100013 CCE-18913-4VThe 'Do not use temporary folders per session' setting should be configured correctly.(1) HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!PerSessionTempDir (2) Computer Configuration\Administrative Templates\Windows Components\Terminal Services Services\Terminal Servicer\Connections\Do not use temporary folders per session(do_not_use_temporary_folders_per_session$oval:gov.nist.usgcb.vista:def:100014Last modified: 2012-02-24 CCE-19088-4HThe "Allow basic authentication" setting should be configured correctly. True/Falses(1) Powershell: Get-ExchangeConfiguration -configType AllowBasicAuthentication |Select-Object -Property SettingDataMicrosoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Exchange Server 2007 SP3 1.0 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Note, use SCM global search and baseline filter to locate settings related to CCE ID CCE-19184-1DThe "Allow simple passwords" setting should be configured correctly.o(1) Powershell: Get-ExchangeConfiguration -configType AllowSimplePasswords |Select-Object -Property SettingData CCE-19107-2EThe "Allow unmanaged devices" setting should be configured correctly.p(1) Powershell: Get-ExchangeConfiguration -configType AllowUnmanagedDevices |Select-Object -Property SettingData CCE-19178-3JThe "Configure dial plan security" setting should be configured correctly.Unsecured, SIPSecured, Securedi(1) Powershell: Get-ExchangeConfiguration -configType DialPlanSecure |Select-Object -Property SettingData CCE-19098-3VThe "Configure login authentication for IMAP4" setting should be configured correctly.4PlainTextLogin, PlainTextAuthentication, SecureLogini(1) Powershell: Get-ExchangeConfiguration -configType IMAP4LoginType |Select-Object -Property SettingData CCE-18657-7UThe "Configure login authentication for POP3" setting should be configured correctly.h(1) Powershell: Get-ExchangeConfiguration -configType POP3LoginType |Select-Object -Property SettingData CCE-19200-5HThe "Configure Protocol logging" setting should be configured correctly. Verbose, Nonej(1) Powershell: Get-ExchangeConfiguration -configType ProtocolLogging |Select-Object -Property SettingData CCE-18409-3HThe "Configure Sender Filtering" setting should be configured correctly.StampStatus, Rejectj(1) Powershell: Get-ExchangeConfiguration -configType SenderFiltering |Select-Object -Property SettingData CCE-19203-9sThe "Do not permamently delete items until the database has been backed up" setting should be configured correctly.x(1) Powershell: Get-ExchangeConfiguration -configType RetainDeletedItemsUntilBackup |Select-Object -Property SettingData CCE-19015-7YThe "Enable automatic forwards to remote domains" setting should be configured correctly.y(1) Powershell: Get-ExchangeConfiguration -configType AutomaticForwardsRemoteDomains |Select-Object -Property SettingData CCE-19198-1XThe "Enable automatic replies to remote domains" setting should be configured correctly.x(1) Powershell: Get-ExchangeConfiguration -configType AutomaticRepliesRemoteDomains |Select-Object -Property SettingData CCE-19207-0[The "Enable non-delivery reports to remote domains" setting should be configured correctly.z(1) Powershell: Get-ExchangeConfiguration -configType NonDeliveryReportsRemoteDomains |Select-Object -Property SettingData CCE-19191-6SThe "Enable OOF messages to remote domains" setting should be configured correctly.2External, ExternalLegacy, None, and InternalLegacys(1) Powershell: Get-ExchangeConfiguration -configType OofMessagesRemoteDomains |Select-Object -Property SettingData CCE-18405-1HThe "Enable S/MIME for< OWA 2007" setting should be configured correctly.k(1) Powershell: Get-ExchangeConfiguration -configType SMimeEnabled2007 |Select-Object -Property SettingData CCE-19150-2DThe "Enable Sender ID agent" setting should be configured correctly.c(1) Powershell: Get-ExchangeConfiguration -configType SenderID |Select-Object -Property SettingData CCE-19035-5FThe "Enable Sender Reputation" setting should be configured correctly.k(1) Powershell: Get-ExchangeConfiguration -configType SenderReputation |Select-Object -Property SettingData CCE-19205-4FThe "Enforce Password History" setting should be configured correctly.0 - 50 passwordsq(1) Powershell: Get-ExchangeConfiguration -configType EnforcePasswordHistory |Select-Object -Property SettingData CCE-19116-3aThe "External send connector authentication: DNS Routing" setting should be configured correctly.(1) Powershell: Get-ExchangeConfiguration -configType ExternalSendConnectorAuthDNSRoutingEnabled |Select-Object -Property SettingData CCE-19112-2eThe "External send connector authentication: Domain Security" setting should be configured correctly.(1) Powershell: Get-ExchangeConfiguration -configType ExternalSendConnectorAuthDomainSecureEnabled |Select-Object -Property SettingData CCE-18256-8fThe "External send connector authentication: Ignore Start TLS" setting should be configured correctly.(1) Powershell: Get-ExchangeConfiguration -configType ExternalSendConnectorAuthIgnoreSTARTTLS |Select-Object -Property SettingData CCE-19188-2eThe "Keep deleted mailboxes for the specified number of days" setting should be configured correctly.0 - 24855 Dayso(1) Powershell: Get-ExchangeConfiguration -configType KeepDeletedMailboxes |Select-Object -Property SettingData CCE-19239-3NThe "Mailbox quotas: Issue warning at" setting should be configured correctly.0 - 2147483647 KB(1) Powershell: Get-ExchangeConfiguration -configType MailboxApproachingStorageLimitWarning |Select-Object -Property SettingData CCE-19195-7ZThe "Mailbox quotas: Prohibit send and receive at" setting should be configured correctly.s(1) Powershell: Get-ExchangeConfiguration -configType ProhibitSendReceiveQuota |Select-Object -Property SettingData CCE-18295-6NThe "Mailbox quotas: Prohibit send at" setting should be configured correctly.l(1) Powershell: Get-ExchangeConfiguration -configType ProhibitSendQuota |Select-Object -Property SettingData CCE-18314-5_The "Maximum number of recipients - organization level" setting should be configured correctly.0 - 2147483647 recipientsr(1) Powershell: Get-ExchangeConfiguration -configType MaximumNumberRecipients |Select-Object -Property SettingData CCE-18897-9TThe "Maximum receive size - connector level" setting should be configured correctly.64 - 2147483647 KBv(1) Powershell: Get-ExchangeConfiguration -configType MaximumReceiveSizeConnector |Select-Object -Property SettingData CCE-19036-3WThe "Maximum receive size - organization level" setting should be configured correctly.0 - 2097151 KBy(1) Powershell: Get-ExchangeConfiguration -configType MaximumReceiveSizeOrganization |Select-Object -Property SettingData CCE-18354-1QThe "Maximum send size - connector level" setting should be configured correctly.s(1) Powershell: Get-ExchangeConfiguration -configType MaximumSendSizeConnector |Select-Object -Property SettingData CCE-19165-0TThe "Maximum send size - organization level" setting should be configured correctly.v(1) Powershell: Get-ExchangeConfiguration -configType MaximumSendSizeOrganization |Select-Object -Property SettingData CCE-18561-1PThe "Message tracking logging - Mailbox" setting should be configured correctly.x(1) Powershell: Get-ExchangeConfiguration -configType MessageTrackingLoggingMailbox |Select-Object -Property SettingData CCE-19093-4RThe "Message tracking logging - Transport" setting should be configured correctly.z(1) Powershell: Get-ExchangeConfiguration -configType MessageTrackingLoggingTransport |Select-Object -Property SettingData CCE-19329-2The machine setting for the startup type of the "Microsoft Exchange Active Directory Topology" service should be configured correctly.#Automatic = 2, Manual=3, Disabled=4(1) GPO: Computer Configuration\Windows Settings\Security Settings\System Services\Microsoft Exchange Active Directory Topology (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangeADTopology\Start CCE-19214-6qThe machine setting for the startup type of the "Microsoft Exchange ADAM" service should be configured correctly.(1) GPO: Computer Configuration\Windows Settings\Security Settings\System Services\Microsoft Exchange ADAM (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ADAM_MSExchange\Start CCE-19294-8}The machine setting for the startup type of the "Microsoft Exchange Anti-spam Update" service should be configured correctly.(1) GPO: Computer Configuration\Windows Settings\Security Settings\System Services\Microsoft Exchange Anti-spam Update (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangeAntispamUpdate\Start CCE-19174-2The machine setting for the startup type of the "Microsoft Exchange Credential Service (Exchange 2007)" service should be configured correctly.(1) GPO: Computer Configuration\Windows Settings\Security Settings\System Services\Microsoft Exchange Credential Service (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\EdgeCredentialSvc\Start CCE-19234-4}The machine setting for the startup type of the "Microsoft Exchange EdgeSync Service" service should be configured correctly.(1) GPO: Computer Configuration\Windows Settings\Security Settings\System Services\Microsoft Exchange EdgeSync Service (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangeEdgeSync\Start CCE-19213-8~The machine setting for the startup type of the "Microsoft Exchange File Distribution" service should be configured correctly.(1) GPO: Computer Configuration\Windows Settings\Security Settings\System Services\Microsoft Exchange File Distribution (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangeFDS\Start CCE-19155-1rThe machine setting for the startup type of the "Microsoft Exchange IMAP4" service should be configured correctly.(1) GPO: Computer Configuration\Windows Settings\Security Settings\System Services\Microsoft Exchange IMAP4 (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangeIMAP4\Start CCE-19120-5~The machine setting for the startup type of the "Microsoft Exchange Information Store" service should be configured correctly.(1) GPO: Computer Configuration\Windows Settings\Security Settings\System Services\Microsoft Exchange Information Store (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangeIS\Start CCE-19268-2The machine setting for the startup type of the "Microsoft Exchange Mail Submission Service" service should be configured correctly.(1) GPO: Computer Configuration\Windows Settings\Security Settings\System Services\Microsoft Exchange Mail Submission Service (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangeMailSubmission\Start CCE-19193-2The machine setting for the startup type of the "Microsoft Exchange Mailbox Assistants" service should be configured correctly.(1) GPO: Computer Configuration\Windows Settings\Security Settings\System Services\Microsoft Exchange Mailbox Assistants (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangeMailboxAssistants\Start CCE-19171-8wThe machine setting for the startup type of the "Microsoft Exchange Monitoring" service should be configured correctly.(1) GPO: Computer Configuration\Windows Settings\Security Settings\System Services\Microsoft Exchange Monitoring (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangeMonitoring\Start CCE-19108-0qThe machine setting for the startup type of the "Microsoft Exchange POP3" service should be configured correctly.< (1) GPO: Computer Configuration\Windows Settings\Security Settings\System Services\Microsoft Exchange POP3 (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangePOP3\Start CCE-19334-2The machine setting for the startup type of the "Microsoft Exchange Replication Service" service should be configured correctly.(1) GPO: Computer Configuration\Windows Settings\Security Settings\System Services\Microsoft Exchange Replication Service (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangeRepl\Start CCE-19243-5{The machine setting for the startup type of the "Microsoft Exchange Search Indexer" service should be configured correctly.(1) GPO: Computer Configuration\Windows Settings\Security Settings\System Services\Microsoft Exchange Search Indexer (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangeSearch\Start CCE-19139-5The machine setting for the startup type of the "Microsoft Exchange Server Extension for Windows Server Backup" service should be configured correctly.(1) GPO: Computer Configuration\Windows Settings\Security Settings\System Services\Microsoft Exchange Server Extension for Windows Server Backup (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wsbexchange\Start CCE-19144-5yThe machine setting for the startup type of the "Microsoft Exchange Service Host" service should be configured correctly.(1) GPO: Computer Configuration\Windows Settings\Security Settings\System Services\Microsoft Exchange Service Host (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangeServiceHost\Start CCE-19134-6The machine setting for the startup type of the "Microsoft Exchange Speech Engine Service" service should be configured correctly.(1) GPO: Computer Configuration\Windows Settings\Security Settings\System Services\Microsoft Exchange Speech Engine Service (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSSpeechService\Start CCE-18914-2}The machine setting for the startup type of the "Microsoft Exchange System Attendant" service should be configured correctly.(1) GPO: Computer Configuration\Windows Settings\Security Settings\System Services\Microsoft Exchange System Attendant (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangeSA\Start CCE-19020-7vThe machine setting for the startup type of the "Microsoft Exchange Transport" service should be configured correctly.(1) GPO: Computer Configuration\Windows Settings\Security Settings\System Services\Microsoft Exchange Transport (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangeTransport\Start CCE-19303-7The machine setting for the startup type of the "Microsoft Exchange Transport Log Search" service should be configured correctly.(1) GPO: Computer Configuration\Windows Settings\Security Settings\System Services\Microsoft Exchange Transport Log Search (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangeTransportLogSearch\Start CCE-19008-2~The machine setting for the startup type of the "Microsoft Exchange Unified Messaging" service should be configured correctly.(1) GPO: Computer Configuration\Windows Settings\Security Settings\System Services\Microsoft Exchange Unified Messaging (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangeUM\Start CCE-19055-3uThe machine setting for the startup type of the "Microsoft Search (Exchange)" service should be configured correctly.(1) GPO: Computer Configuration\Windows Settings\Security Settings\System Services\Microsoft Search (Exchange) (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\msftesql-Exchange\Start CCE-19185-81 - 16p(1) Powershell: Get-ExchangeConfiguration -configType MinimumPasswordLength |Select-Object -Property SettingData CCE-19054-6GThe "Mount database at startup" setting should be configured correctly.q(1) Powershell: Get-ExchangeConfiguration -configType MountDatabaseAtStartup |Select-Object -Property SettingData CCE-19310-2HThe "Number of attempts allowed" setting should be configured correctly.4 - 16 Attemptsp(1) Powershell: Get-ExchangeConfiguration -configType NumberAttemptsAllowed |Select-Object -Property SettingData CCE-19349-0AThe "Password Expiration" setting should be configured correctly.1:00:00:00 - 730:00:00:00 Daysm(1) Powershell: Get-ExchangeConfiguration -configType PasswordExpiration |Select-Object -Property SettingData CCE-19264-1>The "Refresh interval" setting should be configured correctly.0 - 596523 Hoursj(1) Powershell: Get-ExchangeConfiguration -configType RefreshInterval |Select-Object -Property SettingData CCE-19149-4KThe "Require alphanumeric password" setting should be configured correctly.v(1) Powershell: Get-ExchangeConfiguration -configType RequireAlphanumericPassword |Select-Object -Property SettingData CCE-19251-8IThe "Require Client Certificates" setting should be configured correctly.Ignore, Accepted, or Requiredt(1) Powershell: Get-ExchangeConfiguration -configType RequireClientCertificates |Select-Object -Property SettingData CCE-19351-6JThe "Require encryption on device" setting should be configured correctly.t(1) Powershell: Get-ExchangeConfiguration -configType RequireEncryptionOnDevice |Select-Object -Property SettingData CCE-19194-0>The "Require password" setting should be configured correctly.j(1) Powershell: Get-ExchangeConfiguration -configType RequirePassword |Select-Object -Property SettingData CCE-19285-6cThe "Retain deleted items for the specified number of days" setting should be configured correctly. 0 - 30 Dayso(1) Powershell: Get-ExchangeConfiguration -configType DeletedItemRetention |Select-Object -Property SettingData CCE-19280-7hThe "Time without user input before password must be re-entered" setting should be configured correctly.1 - 60 Minutesv(1) Powershell: Get-ExchangeConfiguration -configType MaxInactivityTimeDeviceLock |Select-Object -Property SettingData CCE-19339-1JThe "Turn on Connectivity logging" setting should be configured correctly.n(1) Powershell: Get-ExchangeConfiguration -configType ConnectivityLogging |Select-Object -Property SettingData CCE-19327-6FThe "Turn on script execution" setting should be configured correctly.1Restricted/ AllSigned/ RemoteSigned/ Unrestrictedj(1) Powershell: Get-ExchangeConfiguration -configType ExecutionPolicy |Select-Object -Property SettingData CCE-19141-1_The "Allow access to voicemail without requiring a PIN" setting should be configured correctly.s(1) Powershell: Get-ExchangeConfiguration -configType PinlessAccessToVoicemail |Select-Object -Property SettingDataMicrosoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Exchange Server 2010 SP2 1.0 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Note, use SCM global search and baseline filter to locate settings related to CCE ID CCE-19132-0 CCE-18357-4 CCE-18866-4 CCE-19115-5 CCE-18176-8 CCE-19077-7 CCE-18924-1 CCE-18693-2 CCE-18710-4DThe "Configure startup mode" setting should be configured correctly.TCP, Dual, TLSh(1) Powershell: Get-ExchangeConfiguration -configType UMStartupMode |Select-Object -Property SettingData CCE-18273-3 CCE-18842-5 CCE-19131-2 CCE-19057-9 CCE-19022-3 CCE-19096-7HThe "Enable S/MIME for OWA 2010" setting should be configured correctly.k(1) Powershell: Get-ExchangeConfiguration -configType SMimeEnabled2010 |Select-Object -Property SettingData CCE-18208-9 CCE-18326-9 CCE-19013-20-50 passwords CCE-19081-9 CCE-18182-6 CCE-18214-7 CCE-19076-90 - 24855 days CCE-18662-7 CCE-18281-6 CCE-18515-7 CCE-18506-6 CCE-19113-0 CCE-19010-8 CCE-18590-0 CCE-19156-9 CCE-18647-8 CCE-19094-2 CCE-18530-6 CCE-19176-7 CCE-18189-1yThe machine setting for the startup type of the "Microsoft Exchange Address Book" service should be configured correctly.(1) GPO: Computer Configuration\Windows Settings\Security Settings\System Services\Microsoft < Exchange Address Book (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangeAB\Start CCE-19179-1 CCE-19126-2The machine setting for the startup type of the "Microsoft Exchange Credential Service (Exchange 2010)" service should be configured correctly.(1) GPO: Computer Configuration\Windows Settings\Security Settings\System Services\Microsoft Exchange Credential Service (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangeEdgeCredential\Start CCE-19164-3 CCE-18421-8 CCE-19181-7The machine setting for the startup type of the "Microsoft Exchange Forms-Based Authentication service" service should be configured correctly.(1) GPO: Computer Configuration\Windows Settings\Security Settings\System Services\Microsoft Exchange Forms-Based Authentication service (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangeFBA\Start CCE-18945-6 CCE-18199-0 CCE-18635-3 CCE-19083-5 CCE-19066-0The machine setting for the startup type of the "Microsoft Exchange Mailbox Replication" service should be configured correctly.(1) GPO: Computer Configuration\Windows Settings\Security Settings\System Services\Microsoft Exchange Mailbox Replication (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangeMailboxReplication\Start CCE-19100-7 CCE-18778-1 CCE-18352-5The machine setting for the startup type of the "Microsoft Exchange Protected Service Host" service should be configured correctly.(1) GPO: Computer Configuration\Windows Settings\Security Settings\System Services\Microsoft Exchange Protected Service Host (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangeProtectedServiceHost\Start CCE-18595-9 CCE-19101-5~The machine setting for the startup type of the "Microsoft Exchange RPC Client Access" service should be configured correctly.(1) GPO: Computer Configuration\Windows Settings\Security Settings\System Services\Microsoft Exchange RPC Client Access (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangeRPC\Start CCE-19031-4 CCE-18203-0 CCE-19109-8 CCE-19136-1 CCE-18212-1 CCE-19201-3wThe machine setting for the startup type of the "Microsoft Exchange Throttling" service should be configured correctly.(1) GPO: Computer Configuration\Windows Settings\Security Settings\System Services\Microsoft Exchange Throttling (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangeThrottling\Start CCE-18234-5 CCE-19208-8 CCE-19121-3 CCE-18373-1 CCE-18241-0 CCE-19042-1 CCE-19190-8 CCE-19215-3 CCE-19091-8 CCE-19177-5 CCE-19221-1 CCE-18242-8LThe "Require client MAPI encryption" setting should be configured correctly.v(1) Powershell: Get-ExchangeConfiguration -configType RequireClientMAPIEncryption |Select-Object -Property SettingData CCE-19202-1 CCE-19162-7 CCE-19241-9 CCE-18432-5 CCE-19153-6QThe "Turn on Administrator Audit Logging" setting should be configured correctly.t(1) Powershell: Get-ExchangeConfiguration -configType AdministratorAuditLogging |Select-Object -Property SettingData CCE-19219-5 CCE-19240-1!oval:gov.nist.USGCB.ie7:def:31105ALaunchingProgramsAndUnsafeFiles_RestrictedSitesZone_LocalComputer(1) HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1806 (2) Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Launching programs and unsafe filesoThe 'Launching programs and unsafe files' setting should be configured correctly for the Restricted Sites Zone. CCE-18137-0!oval:gov.nist.USGCB.ie7:def:31104VIncludeLocalDirectoryPathWhenUploadingFilesToAServer_RestrictedSitesZone_LocalComputer-(1) HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\160A (2) Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Include local directory path when uploading files to a serverThe 'Include local directory path when uploading files to a server' setting should be configured correctly for the Restricted Sites Zone. CCE-18738-5!oval:gov.nist.USGCB.ie7:def:31103SAllowScriptingOfInternetExplorerWebBrowserControl_RestrictedSitesZone_LocalComputer((1) HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\1206 (2) Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone\Allow scripting of Internet Explorer web browser controlThe 'Allow scripting of Internet Explorer web browser control' setting should be configured correctly for the Restricted Sites Zone. CCE-18912-6!oval:gov.nist.USGCB.ie7:def:31036QRunNETFrameworkReliantComponentsSignedWithAuthenticode_InternetZone_LocalComputer&(1) HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2001 (2) Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Run .NET Framework-reliant components signed with AuthenticodeThe 'Run .NET Framework-reliant components signed with Authenticode' setting should be configured correctly for the Internet Zone. CCE-18230-3!oval:gov.nist.USGCB.ie7:def:31035TRunNETFrameworkReliantComponentsNotSignedWithAuthenticode_InternetZone_LocalComputer*(1) HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2004 (2) Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Run .NET Framework-reliant components not signed with AuthenticodeThe 'Run .NET Framework-reliant components not signed with Authenticode' setting should be configured correctly for the Internet Zone. CCE-18731-0!oval:gov.nist.USGCB.ie7:def:31100:LaunchingProgramsAndUnsafeFiles_InternetZone_LocalComputer (1) HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1806 (2) Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Launching programs and unsafe filesgThe 'Launching programs and unsafe files' setting should be configured correctly for the Internet Zone. CCE-18467-1!oval:gov.nist.USGCB.ie7:def:31099OIncludeLocalDirectoryPathWhenUploadingFilesToAServer_InternetZone_LocalComputer%(1) HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\160A (2) Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Include local directory path when uploading files to a serverThe 'Include local directory path when uploading files to a server' setting should be configured correctly for the Internet Zone. CCE-18552-0!oval:gov.nist.USGCB.ie7:def:31098LAllowScriptingOfInternetExplorerWebBrowserControl_InternetZone_LocalComputer (1) HKLM\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1206 (2) Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone\Allow scripting of Internet Explorer web browser control|The 'Allow scripting of Internet Explorer web browser control' setting should be configured correctly for the Internet Zone. CCE-18394-7QHKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel\ResetWebSettingsSHKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel\Connwiz Admin LockFHKCU\Software\Policies\Microsoft\Internet Connection Wizard\DisableICW;HKCU\Software\Microsoft\Outlook Express\BlockExeAttachmentsRHKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions\NoExternalBrandingMHKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel\CertificatesSHKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions\NoSelectDownloadDirHKCU\Software\Policies\Microsoft\I< nternet Explorer\Main\Use FormSuggest HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel\FormSuggestHHKCU\Software\Policies\Microsoft\Internet Explorer\Main\Page_TransitionsBHKCU\Software\Policies\Microsoft\Internet Explorer\Main\NoJITSetupHKCU\Software\Policies\Microsoft\Internet Explorer\Main\FormSuggest Passwords HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel\FormSuggest PasswordsHKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING\(Reserved) HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING\explorer.exe Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Features/Mime Sniffing Safety Feature Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING\(Reserved) [HKLM | HKCU]\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING\explorer.exe [HKLM | HKCU]\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING\iexplore.exeHKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS\(Reserved) HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS\explorer.exe Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Features/Scripted Window Security Restrictions Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS\(Reserved) [HKLM | HKCU]\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS\explorer.exe [HKLM | HKCU]\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS\iexplore.exe&HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions\NoCrashDetection Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Internet Explorer\Restrictions\NoCrashDetectionHKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD\(Reserved) HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD\explorer.exe Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Features/Restrict File Download Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD\(Reserved) [HKLM | HKCU]\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD\explorer.exe [HKLM | HKCU]\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD\iexplore.exe2HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL\(Reserved) HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL\explorer.exe HKLM\Software\Policies\Microsoft Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Features/MK Protocol Security Restriction Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL\(Reserved) [HKLM | HKCU]\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL\explorer.exe [HKLM | HKCU]\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL\iexplore.exeMHKLM\Software\Policies\Microsoft\Internet Explorer\Download\RunInvalidSignatures Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Advanced Page Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Internet Explorer\Download\RunInvalidSignatures!HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING\(Reserved) HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING\explorer.exe HKLM\Software\Policies\Microsoft\Internet E Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Features/Binary Behavior Security Restriction Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING\(Reserved) [HKLM | HKCU]\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING\explorer.exe [HKLM | HKCU]\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING\iexplore.exeHKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION\(Reserved) HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION\explorer.exe HKLM\Software\Policies\Microsoft\Internet Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Features/Protection From Zone Elevation Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION\(Reserved) [HKLM | HKCU]\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION\explorer.exe [HKLM | HKCU]\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION\iexplore.exe3HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL\(Reserved) HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL\explorer.exe HKLM\Software\Policies\ Local Internet Options: GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Features/Restrict ActiveX Install Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL\(Reserved) [HKLM | HKCU]\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL\explorer.exe [HKLM | HKCU]\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL\iexplore.exe#USGCB OVAL (USGCB-Windows-ie7-oval)%USGCB XCCDF (USGCB-Windows-ie7-xccdf)Last modified: 2012-02-17xAuditing of 'Global Object Access Auditing:File System' events on success should be enabled or disabled as appropriate.{Auditing of 'Object Access:Filtering Platform Packet Drop' events on failure should be enabled or disabled as appropriate.4DEPRECATED: Does not apply to Windows Server 2008 r2 jThe "Use forest search order" machine setting should be configured correctly for Kerberos client searches.xThe "Use forest search order" machine setting should be configured correctly for Key Distribution Center (KDC) searches.ZThe "Retain old events" machine setting should be configured correctly for the system log.YThe "Retain old events" machine setting should be configured correctly for the setup log.\The "Retain old events" machine setting should be configured correctly for the security log._The "Retain old events" machine setting should be configured correctly for the application log.bThe "Qualitative service type" link layer (Layer-2) priority value should be configured correctly.The "Qualitative service type" Layer-3 Differentiated Services Code Point (DSCP) value should be configured correctly for packets that do not conform to the flow specification.The "Qualitative service type" Layer-3 Differentiated Services Code Point (DSCP) value should be configured correctly for packets that conform to the flow specification.gThe "Network control service type" link layer (Layer-2) priority value should be configured corr< ectly.The "Network control service type" Layer-3 Differentiated Services Code Point (DSCP) value should be configured correctly for packets that do not conform to the flow specification.The "Network control service type" Layer-3 Differentiated Services Code Point (DSCP) value should be configured correctly for packets that conform to the flow specification.^The "Maximum Log Size (KB)" machine setting should be configured correctly for the system log.]The "Maximum Log Size (KB)" machine setting should be configured correctly for the setup log.`The "Maximum Log Size (KB)" machine setting should be configured correctly for the secirity log.cThe "Maximum Log Size (KB)" machine setting should be configured correctly for the application log.VThe "Log File Path" machine setting should be configured correctly for the system log.UThe "Log File Path" machine setting should be configured correctly for the setup log.XThe "Log File Path" machine setting should be configured correctly for the security log.[The "Log File Path" machine setting should be configured correctly for the application log.RThe "Log Access" machine setting should be configured correctlyfor the system log.RThe "Log Access" machine setting should be configured correctly for the setup log.UThe "Log Access" machine setting should be configured correctly for the security log.XThe "Log Access" machine setting should be configured correctly for the application log.aThe "Guaranteed service type" link layer (Layer-2) priority value should be configured correctly.The "Guaranteed service type" Layer-3 Differentiated Services Code Point should be configured correctly for packets that do not conform to the flow specification.The "Guaranteed service type" Layer-3 Differentiated Services Code Point (DSCP) value should be configured correctly for packets that conform to the flow specification.mThe "Disallow Negotiate authentication" machine setting should be configured correctly for the WinRM service.lThe "Disallow Negotiate authentication" machine setting should be configured correctly for the WinRM client.lThe "Disallow Kerberos authentication" machine setting should be configured correctly for the WinRM service.kThe "Disallow Kerberos authentication" machine setting should be configured correctly for the WinRM client.fThe "Controlled load service type" link layer (Layer-2) priority value should be configured correctly.The "Controlled load service type" Layer-3 Differentiated Services Code Point (DSCP) should be configured correctly for packets that do not conform to the flow specification.The "Controlled load service type" Layer-3 Differentiated Services Code Point (DSCP) value should be configured correctly for packets that conform to the flow specification.bThe "Best effort service type" link layer (Layer-2) priority value should be configured correctly.The "Best effort service type" Layer-3 Differentiated Services Code Point (DSCP) value should be configured correctly for packets that do not conform to the flow specification.The "Best effort service type" Layer-3 Differentiated Services Code Point (DSCP) value should be configured correctly for packets that conform to the flow specification.kThe "Backup log automatically when full" machine setting should be configured correctly for the system log.jThe "Backup log automatically when full" machine setting should be configured correctly for the setup log.mThe "Backup log automatically when full" machine setting should be configured correctly for the security log.pThe "Backup log automatically when full" machine setting should be configured correctly for the application log.eThe "Allow unencrypted traffic" machine setting should be configured correctly for the WinRM service.dThe "Allow unencrypted traffic" machine setting should be configured correctly for the WinRM client.hThe "Allow CredSSP authentication" machine setting should be configured correctly for the WinRM service.gThe "Allow CredSSP authentication" machine setting should be configured correctly for the WinRM client.fThe "Allow Basic authentication" machine setting should be configured correctly for the WinRM service.eThe "Allow Basic authentication" machine setting should be configured correctly for the WinRM client.Last modified: 2012-02-168 (1) disabled/manual/automatic/automatic (delayed start)(1) Computer Configuration/Windows Settings/Security Settings/Event Log//Maximum system log size (2) Computer Configuration\Administrative Templates\Windows Components\Event Log Service\System\Maximum Log Size (3) HKLM\Software\Policies\Microsoft\Windows\EventLog\System\MaxSize (1) Computer Configuration/Windows Settings/Security Settings/Event Log//Maximum security log size (2) Computer Configuration\Administrative Templates\Windows Components\Event Log Service\Security\Maximum Log Size (3) HKLM\Software\Policies\Microsoft\Windows\EventLog\Security\MaxSize*(1) Computer Configuration/Windows Settings/Security Settings/Event Log//Maximum application log size (2) Computer Configuration\Administrative Templates\Windows Components\Event Log Service\Application\Maximum Log Size (3) HKLM\Software\Policies\Microsoft\Windows\EventLog\Application\MaxSize*oval:gov.nist.USGCB.win7firewall:def:20941(domain_profile_Core_Networking_DHCPV6_InT(1) GPO: Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Inbound Rules\Core Networking - Dynamic Host Configuration Protocol (DHCPV6-In) (2) Registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\FirewallRules\CoreNet-DHCPV6-In~The 'Core Networking - Dynamic Host Configuration Protocol (DHCPV6-In)' Windows Firewall rule should be configured correctly. CCE-14854-4*oval:gov.nist.USGCB.win7firewall:def:20940P(1) GPO: Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Inbound Rules\Core Networking - Dynamic Host Configuration Protocol (DHCP-In) (2) Registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\FirewallRules\CoreNet-DHCP-In CCE-14986-4*oval:gov.nist.usgcb.windowsseven:def:20006 CCE-18300-4*oval:gov.nist.usgcb.windowsseven:def:20005 CCE-18190-9*oval:gov.nist.usgcb.windowsseven:def:20004 CCE-18739-3*oval:gov.nist.usgcb.windowsseven:def:20003 CCE-18659-3*oval:gov.nist.usgcb.windowsseven:def:20002 CCE-18629-6*oval:gov.nist.usgcb.windowsseven:def:20001 CCE-18249-3*oval:gov.nist.usgcb.windowsseven:def:20000 CCE-18880-5/DEPRECATED in favor of CCE-10078-4, CCE-9737-8. CCE-10450-5.DEPRECATED in favor of CCE-9811-1, CCE-9217-1. CCE-10551-0DEPRECATED in favor of CCE-9715-4, CCE-8956-5. Previously: Auditing of 'Logon-Logoff: IPsec Main Mode' events on success should be enabled or disabled as appropriate. . CCE-10939-7User Configuration\Administrative Templates\System\Internet Communication Management\Internet Communication Settings\Turn off Help Ratings CCE-10295-4User Configuration\Administrative Templates\Windows Components\Network Sharing\Prevent users from sharing files within their profile. CCE-10644-3DEPRECATED. Previously: Prompt for password on resume from hibernate/suspend is set correctly.Note: According to Microsoft, does not apply to Windows 7. See settings under System\Power Management\Sleep Settings.  CCE-10767-2yComputer Configuration\Administrative Templates\Windows Components\Windows Media Player\Prevent Desktop Shortcut Creation CCE-11027-0qComputer Configuration\Administrative Templates\Windows Components\Windows Mail\Turn off Windows Mail application CCE-10882-9qComputer Configuration\Administrative Templates\Windows Components\Windows Mail\Turn off the communities featuresYThe "Turn off the communitication features" setting should be configured correctly. (sic) CCE-11252-4lComputer Configuration\Administrative Templates\Windows Components\NetMeeting\Disable remote Desktop Sharing CCE-10763-1tComputer Configuration\Administrative Templates\Windo< ws Components\Digital Locker\Do not allow Digital Locker to run CCE-10759-9Computer Configuration\Administrative Templates\Windows Components\ActiveX Installer Service\Approved Installation Sites for ActiveX Controls CCE-10877-9[Computer Configuration\Administrative Templates\System\Logon\Turn off Windows Startup Sound CCE-10499-2sComputer Configuration\Administrative Templates\System\Group Policy\Internet Explorer Maintenance policy processing CCE-10886-0DEPRECATED. Previously: The "Prohibit use of Internet Connection Firewall on your DNS domain network" setting should be configured correctly.Note: According to Microsoft, does not apply to Windows 7.  CCE-10282-2kComputer Configuration\Windows Settings\Security Settings\System Services\World Wide Web Publishing Service CCE-11220-1aComputer Configuration\Windows Settings\Security Settings\System Services\WMI Performance Adapter CCE-11233-4DEPRECATED. Previously: The Wireless Zero Configuration service should be enabled or disabled as appropriate.Note: According to Microsoft, no such service in Windows 7.  CCE-11229-2SComputer Configuration\Windows Settings\Security Settings\System Services\WebClient CCE-11207-8DEPRECATED. Previously: The startup type of the Universal Plug and Play Device Host (UPnP) service should be correct. Note: According to Microsoft, no such service in Windows 7.  CCE-10577-5DEPRECATED. Previously: The startup type of the Terminal Services service should be correct. Note: According to Microsoft, no such service in Windows 7. See Remote Desktop Services.  CCE-10841-5XComputer Configuration\Windows Settings\Security Settings\System Services\Task Scheduler CCE-10272-3`Computer Configuration\Windows Settings\Security Settings\System Services\SSDP Discovery Service CCE-10271-5cComputer Configuration\Windows Settings\Security Settings\System Services\Routing and Remote Access CCE-11246-6jComputer Configuration\Windows Settings\Security Settings\System Services\Remote Access Connection Manager CCE-10267-3DEPRECATED. Previously: The Network DDE DDE Share Database Manager (DSDM) service should be enabled or disabled as appropriate.Note: According to Microsoft, no such service in Windows 7.  CCE-11124-5DEPRECATED. Previously: The Network Dynamic Data Exchange (DDE) service should be enabled or disabled as appropriate.Note: According to Microsoft, no such service in Windows 7.  CCE-11226-8DEPRECATED. Previously: The startup type of the NetMeeting Remote Desktop Sharing service should be correct. Note: According to Microsoft, no such service in Windows 7.  CCE-11221-9DEPRECATED. Previously: The startup type of the Messenger service should be correct. Note: According to Microsoft, no such service in Windows 7.  CCE-11235-9DEPRECATED. Previously: The startup type of the Indexing service should be correct. Note: According to Microsoft, no such service in Windows 7.  CCE-10264-0`Computer Configuration\Windows Settings\Security Settings\System Services\FTP Publishing Service CCE-11066-8DEPRECATED. Previously: The startup type of the Fast User Switching service should be correct. Note: According to Microsoft, no such service in Windows 7.  CCE-10956-1DEPRECATED. Previously: The Error Reporting Service should be enabled or disabled as appropriate. Note: According to Microsoft, no such service in Windows 7. See Windows Error Reporting.  CCE-10674-0ZComputer Configuration\Windows Settings\Security Settings\System Services\Computer Browser CCE-10254-1DEPRECATED. Previously: The startup type of the ClipBook service should be correct. Note: According to Microsoft, no such service in Windows 7.  CCE-11045-2qComputer Configuration\Windows Settings\Security Settings\System Services\Background Intelligent Transfer Service CCE-11151-8DEPRECATED. Previously: The startup type of the Alerter service should be correct. Note: According to Microsoft, no such service in Windows 7.  CCE-11164-1DEPRECATED. Previously: The "synchronize directory service data" user right should be assigned to the correct accounts. Note: According to Microsoft, this is only relevant to domain controllers and hence does not apply to Windows 7.  CCE-10251-7 CCE-10636-9(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WwanSvc\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy DThe startup type of the WWAN AutoConfig service should be correct. CCE-10844-9(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WbioSrvc\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy FThe startup type of the Windows Biometric service should be correct. CCE-10091-7(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sppuinotify\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy MThe startup type of the SPP Notification Service service should be correct. CCE-10443-06Definition 'oval:gov.nist.usgcb.windowsseven:def:147' !Rule 'parental_controls_service' (1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WPCSvc\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy FThe startup type of the Parantal Controls service should be correct. CCE-10311-96Definition 'oval:gov.nist.usgcb.windowsseven:def:146' %Rule 'media_center_extender_service' (1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Mcx2Svc\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy KThe startup type of the Media Center Extenders service should be correct. CCE-10699-76Definition 'oval:gov.nist.usgcb.windowsseven:def:145' "Rule 'homegroup_provider_service' (1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HomeGroupProvider\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy GThe startup type of the Homegroup Provider service should be correct. CCE-9910-16Definition 'oval:gov.nist.usgcb.windowsseven:def:144' "Rule 'homegroup_listener_service' (1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HomeGroupListener\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy GThe startup type of the Homegroup Listener service should be correct. CCE-10543-76Definition 'oval:gov.nist.usgcb.windowsseven:def:143' Rule 'fax_service' CCE-10150-16Definition 'oval:gov.nist.usgcb.windowsseven:def:142' !Rule 'bluetooth_support_service' (1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bthserv\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy >The startup type of the Bluetooth service should be correct. CCE-10661-76Definition 'oval:gov.nist.usgcb.windowsseven:def:300' !Rule 'prevent_automatic_updates' (1) GPO Settings: Local Computer Policy\Computer Configuration\Administrative Templates\Windows Components\Windows Media Player\Prevent Automatic Updates (2) Registry Key: HKLM\Software\Policies\Microsoft\WindowsMediaPlayer\DisableAutoUpdate CCE-10602-16Definition 'oval:gov.nist.usgcb.windowsseven:def:299' *Rule 'do_not_show_first_use_dialog_boxes' (1) GPO Settings: Local Computer Policy\Computer Configuration\Administrative Templates\Windows Components\Windows Media Player\Do Not Show First Use Dialog Boxes (2) Registry Key: HKLM\Software\Policies\Microsoft\WindowsMediaPlayer\GroupPrivacyAcceptance CCE-10692-26Definition 'oval:gov.nist.usgcb.windowsseven:def:298' 1Rule 'prevent_windows_media_drm_internet_access' (1) GPO Settings: Local Computer Policy\Computer Configuration\Administrative Templates\Windows Components\Windows Media Digital Rights Management\Prevent Windows Media DRM Internet Access (2) Registry Key: HKLM\Software\Policies\Microsoft\WMDRM\DisableOnline CCE-9908-56Definition 'oval:gov.nist.usgcb.windowsseven:def:297' DRule 'report_when_logon_server_was_not_available_during_user_logon' &(1) GPO Settings: Local Com< puter Policy\Computer Configuration\Administrative Templates\Windows Components\Windows Logon Options\Report when logon server was not available during user logon (2) Registry Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ReportControllerMissing CCE-9907-76Definition 'oval:gov.nist.usgcb.windowsseven:def:296' GRule 'prohibit_non_administrators_from_applying_vendor_signed_updates' (1) GPO Settings: Local Computer Policy\Computer Configuration\Administrative Templates\Windows Components\Windows Installer\Prohibit non-administrators from applying vender signed updates (2) Registry Key: HKLM\Software\Policies\Microsoft\Windows\Installer\DisableLUAPatching CCE-9888-96Definition 'oval:gov.nist.usgcb.windowsseven:def:295' )Rule 'enable_user_control_over_installs' (1) GPO Settings: Local Computer Policy\Computer Configuration\Administrative Templates\Windows Components\Windows Installer\Enable user control over installs (2) Registry Key: HKLM\Software\Policies\Microsoft\Windows\Installer\EnableUserControl (1) enabled/disabled CCE-9876-46Definition 'oval:gov.nist.usgcb.windowsseven:def:294' @Rule 'disable_ie_security_prompt_for_windows_installer_scripts' (1) GPO Settings: Local Computer Policy\Computer Configuration\Administrative Templates\Windows Components\Windows Installer\Disable IE security prompt for Windows Installer scripts (2) Registry Key: HKLM\Software\Policies\Microsoft\Windows\Installer\SafeForScripting CCE-9875-66Definition 'oval:gov.nist.usgcb.windowsseven:def:293' .Rule 'turn_off_shell_protocol_protected_mode' (1) GPO Settings: Local Computer Policy\Computer Configuration\Administrative Templates\Windows Components\Windows Explorer\Turn off shell protocol protected mode (2) Registry Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\PreXPSP2ShellProtocolBehavior CCE-10623-76Definition 'oval:gov.nist.usgcb.windowsseven:def:292' 0Rule 'turn_off_heap_terminiation_on_corruption' (1) GPO Settings: Local Computer Policy\Computer Configuration\Administrative Templates\Windows Components\Windows Explorer\Turn off heap termination on corruption (2) Registry Key: HKLM\Software\Policies\Microsoft\Windows\Explorer\NoHeapTerminationOnCorruption CCE-9874-96Definition 'oval:gov.nist.usgcb.windowsseven:def:290' #Rule 'do_not_send_additional_data' (1) GPO Settings: Local Computer Policy\Computer Configuration\Administrative Templates\Windows Components\Windows Error Reporting\Do not send additional data (2) Registry Key: HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting\DontSendAdditionalDataaThe Windows Error Reporting "Do not send additional data" setting should be configured correctly. CCE-10824-16Definition 'oval:gov.nist.usgcb.windowsseven:def:289' #Rule 'disable_error_notifications' (1) GPO Settings: Local Computer Policy\Computer Configuration\Administrative Templates\Windows Components\Windows Error Reporting\Display Error Notification (2) Registry Key: HKLM\Software\Policies\Microsoft\PCHealth\ErrorReporting\ShowUI`The Windows Error Reporting "Display Error Notification" setting should be configured correctly. CCE-10709-46Definition 'oval:gov.nist.usgcb.windowsseven:def:288' 'Rule 'disable_windows_error_reporting' (1) GPO Settings: Local Computer Policy\Computer Configuration\Administrative Templates\Windows Components\Windows Error Reporting\Disable Windows Error Reporting (2) Registry Key: HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting\Disabled CCE-9914-36Definition 'oval:gov.nist.usgcb.windowsseven:def:287' Rule 'disable_logging' (1) GPO Settings: Local Computer Policy\Computer Configuration\Administrative Templates\Windows Components\Windows Error Reporting\Disable Logging (2) Registry Key: HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting\LoggingDisabledUThe Windows Error Reporting "Disable Logging" setting should be configured correctly. CCE-10157-66Definition 'oval:gov.nist.usgcb.windowsseven:def:286' ,Rule 'configure_microsoft_spynet_reporting' (1) GPO Settings: Local Computer Policy\Computer Configuration\Administrative Templates\Windows Components\Windows Defender\Configure Microsoft SpyNet Reporting (2) Registry Key: HKLM\Software\Policies\Microsoft\Windows Defender\SpyNet\SpyNetReportingRThe "Configure Microsoft SpyNet Reporting" setting should be configured correctly. CCE-9868-16Definition 'oval:gov.nist.usgcb.windowsseven:def:285' 4Rule 'prevent_windows_anytime_upgrade_from_running' (1) GPO Settings: Local Computer Policy\Computer Configuration\Administrative Templates\Windows Components\Windows Anytime Upgrade\Prevent Windows Anytime Upgrade from running (2) Registry Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\WAU\DisabledZThe "Prevent Windows Anytime Upgrade from running" setting should be configured correctly. CCE-10137-86Definition 'oval:gov.nist.usgcb.windowsseven:def:284' 1Rule 'enable_indexing_uncached_exchange_folders' (1) GPO Settings: Local Computer Policy\Computer Configuration\Administrative Templates\Windows Components\Search\Enable indexing uncached Exchange folders (2) Registry Key: HKLM\Software\Policies\Microsoft\Windows\Windows Search\PreventIndexingUncachedExchangeFolders CCE-9866-56Definition 'oval:gov.nist.usgcb.windowsseven:def:283' )Rule 'allow_indexing_of_encrypted_files' (1) GPO Settings: Local Computer Policy\Computer Configuration\Administrative Templates\Windows Components\Search\Allow indexing of encrypted files (2) Registry Key: HKLM\Software\Policies\Microsoft\Windows\Windows Search\AllowIndexingEncryptedStoresOrItems CCE-10496-8(1) GPO Settings: Local Computer Policy\Computer Configuration\Administrative Templates\Windows Components\RSS Feeds\Turn on Basic feed authentication over HTTP (2) Registry Key: HKLM\Software\Policies\Microsoft\Internet Explorer\Feeds\AllowBasicAuthInClearYThe "Turn on Basic feed authentication over HTTP" setting should be configured correctly. CCE-10007-36Definition 'oval:gov.nist.usgcb.windowsseven:def:281' *Rule 'turn_off_downloading_of_enclosures' (1) GPO Settings: Local Computer Policy\Computer Configuration\Administrative Templates\Windows Components\RSS Feeds\Turn off downloading of enclosures (2) Registry Key: HKLM\Software\Policies\Microsoft\Internet Explorer\Feeds\DisableEnclosureDownload CCE-10730-06Definition 'oval:gov.nist.usgcb.windowsseven:def:280' 0Rule 'do_not_use_temporary_folders_per_session' ;(1) GPO Settings: Local Computer Policy\Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Temporary Folders\Do not use temporary folders per session (2) Registry Key: HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\PerSessionTempDirVThe "Do not use temporary folders per session" setting should be configured correctly. CCE-9864-06Definition 'oval:gov.nist.usgcb.windowsseven:def:279' ,Rule 'do_not_delete_temp_folders_upon_exit' 9(1) GPO Settings: Local Computer Policy\Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Temporary Folders\Do not delete temp folder upon exit (2) Registry Key: HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\DeleteTempDirsOnExitQThe "Do not delete temp folder upon exit" setting should be configured correctly. CCE-10856-36Definition 'oval:gov.nist.usgcb.windowsseven:def:278' 0Rule 'set_time_limit_for_disconnected_sessions' @(1) GPO Settings: Local Computer Policy\Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits\Set time limit for disconnected sessions (2) Registry Key: HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\MaxDisconnectionTime (1) Time Limit (minutes) CCE-9858-26Definition 'oval:gov.nist.usgcb.windowsseven:def:277' KRule 'set_time_limit_for_active_but_idle_remote_desktop_services_sessions' R(1) GPO Settings: Local Computer Policy\Computer Configuration\Administrative Templates\Windows Components\< Remote Desktop Services\Remote Desktop Session Host\Session Time Limits\Set time limit for active but idle Remote Desktop Services sessions (2) Registry Key: HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\MaxIdleTime (1) Time limit (minutes) CCE-10608-86Definition 'oval:gov.nist.usgcb.windowsseven:def:270' Rule 'turn_off_game_updates' (1) GPO Settings: Local Computer Policy\Computer Configuration\Administrative Templates\Windows Components\Game Explorer\Turn off game updates (2) Registry Key: HKLM\Software\Policies\Microsoft\Windows\GameUX\GameUpdateOptionsCThe "Turn off game updates" setting should be configured correctly. CCE-10850-66Definition 'oval:gov.nist.usgcb.windowsseven:def:269' 0Rule 'turn_off_downloading_of_game_information' (1) GPO Settings: Local Computer Policy\Computer Configuration\Administrative Templates\Windows Components\Game Explorer\Turn off downloading of game information (2) Registry Key: HKLM\Software\Policies\Microsoft\Windows\GameUX\DownloadGameInfo CCE-10828-26Definition 'oval:gov.nist.usgcb.windowsseven:def:267' Rule 'maximum_setup_log_size' (1) GPO Settings: Local Computer Policy\Computer Configuration\Administrative Templates\Windows Components\Event Log Service\Setup\Maximum Log Size (KB) (2) Registry Key: HKLM\Software\Policies\Microsoft\Windows\EventLog\Setup\MaxSize CCE-10714-46Definition 'oval:gov.nist.usgcb.windowsseven:def:264' /Rule 'turn_off_user_installed_desktop_gadgets' (1) GPO Settings: Local Computer Policy\Computer Configuration\Administrative Templates\Windows Components\Desktop Gadgets\Turn Off user-installed desktop gadgets (2) Registry Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Windows\Sidebar\TurnOffUserInstalledGadgets CCE-10586-66Definition 'oval:gov.nist.usgcb.windowsseven:def:263' PRule 'restrict_unpacking_installation_of_gadgets_that_are_not_digitally_signed' 4(1) GPO Settings: Local Computer Policy\Computer Configuration\Administrative Templates\Windows Components\Desktop Gadgets\Restrict unpacking installation of gadgets that are not digitally signed (2) Registry Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Windows\Sidebar\TurnOffUnsignedGadgets CCE-10811-86Definition 'oval:gov.nist.usgcb.windowsseven:def:262' &Rule 'override_the_more_gadgets_link' (1) GPO Settings: Local Computer Policy\Computer Configuration\Administrative Templates\Windows Components\Desktop Gadgets\Override the More Gadgets link (2) Registry Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Windows\Sidebar\OverrideMoreGadgetsLink CCE-9857-46Definition 'oval:gov.nist.usgcb.windowsseven:def:260' 0Rule 'turn_off_autoplay_for_non_volume_devices' (1) GPO Settings: Local Computer Policy\Computer Configuration\Administrative Templates\Windows Components\AutoPlay Policies\Turn off Autoplay for non-volume devices (2) Registry Key: HKLM\Software\Policies\Microsoft\Windows\Explorer\NoAutoplayfornonVolumeVThe "Turn off Autoplay for non-volume devices" setting should be configured correctly. CCE-10655-96Definition 'oval:gov.nist.usgcb.windowsseven:def:258' $Rule 'default_behavior_for_autorun' (1) GPO Settings: Local Computer Policy\Computer Configuration\Administrative Templates\Windows Components\AutoPlay Policies\Default behavior for AutoRun (2) Registry Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoAutorun CCE-10527-06Definition 'oval:gov.nist.usgcb.windowsseven:def:257' "Rule 'turn_off_program_inventory' (1) GPO Settings: Local Computer Policy\Computer Configuration\Administrative Templates\Windows Components\Application Compatibility\Turn off Program Inventory (2) Registry Key: HKLM\Software\Policies\Microsoft\Windows\AppCompat\DisableInventoryHThe "Turn off Program Inventory" setting should be configured correctly. CCE-10787-0(1) GPO Settings: Local Computer Policy\Computer Configuration\Administrative Templates\System\Windows Time Service\Time Providers\Configure Windows NTP Client\EventLogFlags (2) Registry Key: HKLM\Software\Policies\Microsoft\W32time\TimeProviders\NtpClient\EventLogFlags 0, 1, 2, 3XThe "Configure Windows NTP Client\EventLogFlags" setting should be configured correctly. CCE-10408-3(1) GPO Settings: Local Computer Policy\Computer Configuration\Administrative Templates\System\Windows Time Service\Time Providers\Configure Windows NTP Client\SpecialPollInterval (2) Registry Key: HKLM\Software\Policies\Microsoft\W32time\TimeProviders\NtpClient\SpecialPollIntervalNumber of seconds^The "Configure Windows NTP Client\SpecialPollInterval" setting should be configured correctly. CCE-10774-8((1) GPO Settings: Local Computer Policy\Computer Configuration\Administrative Templates\System\Windows Time Service\Time Providers\Configure Windows NTP Client\ResolvePeerBackoffMaxTimes (2) Registry Key: HKLM\Software\Policies\Microsoft\W32time\TimeProviders\NtpClient\ResolvePeerBackoffMaxTimes+Number of attempts made to resolve DNS nameeThe "Configure Windows NTP Client\ResolvePeerBackoffMaxTimes" setting should be configured correctly. CCE-10531-2&(1) GPO Settings: Local Computer Policy\Computer Configuration\Administrative Templates\System\Windows Time Service\Time Providers\Configure Windows NTP Client\ResolvePeerBackoffMinutes (2) Registry Key: HKLM\Software\Policies\Microsoft\W32time\TimeProviders\NtpClient\ResolvePeerBackoffMinutesNumber of minutesdThe "Configure Windows NTP Client\ResolvePeerBackoffMinutes" setting should be configured correctly. CCE-10756-5(1) GPO Settings: Local Computer Policy\Computer Configuration\Administrative Templates\System\Windows Time Service\Time Providers\Configure Windows NTP Client\CrossSiteSyncFlags (2) Registry Key: HKLM\Software\Policies\Microsoft\W32time\TimeProviders\NtpClient\CrossSiteSyncFlags0/1/2]The "Configure Windows NTP Client\CrossSiteSyncFlags" setting should be configured correctly. CCE-9892-1(1) GPO Settings: Local Computer Policy\Computer Configuration\Administrative Templates\System\Windows Time Service\Time Providers\Configure Windows NTP Client\Type (2) Registry Key: HKLM\Software\Policies\Microsoft\W32time\Parameters\TypeNo Sync/NTP/NT5DS/AllSyncOThe "Configure Windows NTP Client\Type" setting should be configured correctly. CCE-10368-99Definition 'oval:gov.nist.usgcb.windowsseven:def:100215' $Rule 'configure_windows_ntp_client' (1) GPO Settings: Local Computer Policy\Computer Configuration\Administrative Templates\System\Windows Time Service\Time Providers\Configure Windows NTP Client\NtpServer (2) Registry Key: HKLM\Software\Policies\Microsoft\W32time\Parameters\NtpServerEThe Domain Name System (DNS) name or IP address of an NTP time sourceTThe "Configure Windows NTP Client\NtpServer" setting should be configured correctly. CCE-10500-76Definition 'oval:gov.nist.usgcb.windowsseven:def:255' Rule 'enable_disable_perftrack' 4(1) GPO Settings: Local Computer Policy\Computer Configuration\Administrative Templates\System\Troubleshooting and Diagnostics\Windows Performance PerfTrack\Enable/Disable PerfTrack (2) Registry Key: HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{9c5a40da-b965-4fc3-8781-88dd50a6299d}\ScenarioExecutionEnabledFThe "Enable/Disable PerfTrack" setting should be configured correctly. CCE-10219-46Definition 'oval:gov.nist.usgcb.windowsseven:def:254' Rule 'troubleshooting_allow_user_to_access_online_troubleshooting_content_on_microsoft_servers_from_the_troubleshooting_control_panel' (1) GPO Settings: Local Computer Policy\Computer Configuration\Administrative Templates\System\Troubleshooting and Diagnostics\Scripted Diagnostics\Troubleshooting: Allow user to access online troubleshooting content on Microsoft servers from the Troubleshooting Control Panel (via Windows Online Troubleshooting Service - WOTS) (2) Registry Key: HKLM\SOFTWARE\Policies\Microsoft\Windows\ScriptedDiagnosticsProvider\Policy\EnableQueryRemoteServerThe "Troubleshooting: Allow user to access online troubleshooting content on Microsoft servers from the Troubleshooting Control Panel (via Windows Online Troubleshooting Service - WOTS)" setting sh< ould be configured correctly. CCE-10606-26Definition 'oval:gov.nist.usgcb.windowsseven:def:253' fRule 'microsoft_support_diagnostic_tool_turn_on_msdt_interactive_communication_with_support_provider' w(1) GPO Settings: Local Computer Policy\Computer Configuration\Administrative Templates\System\Troubleshooting and Diagnostics\Microsoft Support Diagnostic Tool\Microsoft Support Diagnostic Tool: Turn on MSDT interactive communication with support provider (2) Registry Key: HKLM\SOFTWARE\Policies\Microsoft\Windows\ScriptedDiagnosticsProvider\Policy\DisableQueryRemoteServerThe "Microsoft Support Diagnostic Tool: Turn on MSDT interactive communication with support provider" setting should be configured correctly. CCE-9842-66Definition 'oval:gov.nist.usgcb.windowsseven:def:250' Rule 'turn_on_session_logging' (1) GPO Settings: Local Computer Policy\Computer Configuration\Administrative Templates\System\Remote Assistance\Turn on session logging (2) Registry Key: HKLM\Software\policies\Microsoft\Windows NT\Terminal Services\LoggingEnabled CCE-10344-06Definition 'oval:gov.nist.usgcb.windowsseven:def:245' Rule 'always_use_classic_logon' (1) GPO Settings: Local Computer Policy\Computer Configuration\Administrative Templates\System\Logon\Always use classic logon (2) Registry Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\LogonType (1) logon type CCE-10591-66Definition 'oval:gov.nist.usgcb.windowsseven:def:243' (Rule 'turn_off_windows_error_reporting' a(1) GPO Settings: Local Computer Policy\Computer Configuration\Administrative Templates\System\Internet Communications Management\Internet Communication settings\Turn off Windows Error Reporting (2) Registry Key: HKLM\Software\Policies\Microsoft\PCHealth\ErrorReporting\DoReport, HKLM\Software\Policies\Microsoft\Windows\Windows Error Reporting\Disabled CCE-10441-4DRule 'turn_off_the_windows_customer_experience_improvement_program' *(1) GPO Settings: Local Computer Policy\Computer Configuration\Administrative Templates\System\Internet Communications Management\Internet Communication settings\Turn off Windows Customer Experience Improvement Program (2) Registry Key: HKLM\Software\Policies\Microsoft\SQMClient\Windows\CEIPEnablefThe "Turn off Windows Customer Experience Improvement Program" setting should be configured correctly. CCE-9831-96Definition 'oval:gov.nist.usgcb.windowsseven:def:239' .Rule 'turn_off_the_order_prints_picture_task' 2(1) GPO Settings: Local Computer Policy\Computer Configuration\Administrative Templates\System\Internet Communications Management\Internet Communication settings\Turn off the "Order Prints" picture task (2) Registry Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoOnlinePrintsWizard CCE-9823-66Definition 'oval:gov.nist.usgcb.windowsseven:def:237' MRule 'turn_off_registration_if_url_connection_is_referring_to_microsoft_com' M(1) GPO Settings: Local Computer Policy\Computer Configuration\Administrative Templates\System\Internet Communications Management\Internet Communication settings\Turn Off Registration if URL Connection is Referring to Microsoft.com (2) Registry Key: HKLM\Software\Policies\Microsoft\Windows\Registration Wizard Control\NoRegistration CCE-10160-06Definition 'oval:gov.nist.usgcb.windowsseven:def:235' 1Rule 'turn_off_internet_file_association_wizard' 2(1) GPO Settings: Local Computer Policy\Computer Configuration\Administrative Templates\System\Internet Communications Management\Internet Communication settings\Turn off Internet File Association service (2) Registry Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoInternetOpenWith CCE-10795-36Definition 'oval:gov.nist.usgcb.windowsseven:def:233' [Rule 'turn_off_internet_connection_wizard_if_url_connection_is_referring_to_microsoft_com' W(1) GPO Settings: Local Computer Policy\Computer Configuration\Administrative Templates\System\Internet Communications Management\Internet Communication settings\Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com (2) Registry Key: HKLM\Software\Policies\Microsoft\Windows\Internet Connection Wizard\ExitOnMSICW CCE-10649-2lDefinition 'oval:gov.nist.usgcb.windowsseven:def:232' Definition 'oval:gov.nist.usgcb.windowsseven:def:231' qRule 'turn_off_handwriting_personalization_data_sharing' Rule 'turn_off_handwriting_recognition_error_reporting' D(1) GPO Settings: Local Computer Policy\Computer Configuration\Administrative Templates\System\Internet Communications Management\Internet Communication settings\Turn off handwriting recognition error reporting (2) Registry Key: HKLM\Software\Policies\Microsoft\Windows\HandwritingErrorReports\PreventHandwritingErrorReports CCE-10645-05(1) GPO Settings: Local Computer Policy\Computer Configuration\Administrative Templates\System\Internet Communications Management\Internet Communication settings\Turn off handwriting personalization data sharing (2) Registry Key: HKLM\Software\Policies\Microsoft\Windows\TabletPC\PreventHandwritingDataSharing_The "Turn off handwriting personalization data sharing" setting should be configured correctly. CCE-10658-36Definition 'oval:gov.nist.usgcb.windowsseven:def:230' .Rule 'turn_off_event_viewer_events_asp_links' '(1) GPO Settings: Local Computer Policy\Computer Configuration\Administrative Templates\System\Internet Communications Management\Internet Communication settings\Turn off Event Viewer "Events.asp" links (2) Registry Key: HKLM\Software\Policies\Microsoft\EventViewer\MicrosoftEventVwrDisableLinksUThe "Turn Off Event Views "Events.asp" Links" setting should be configured correctly. CCE-9819-42(1) GPO Settings: Local Computer Policy\Computer Configuration\Administrative Templates\System\Internet Communications Management\Internet Communication settings\Turn off Automatic Root Certificates Update (2) Registry Key: HKLM\Software\Policies\Microsoft\SystemCertificates\AuthRoot\DisableRootAutoUpdate CCE-10681-5 (1) GPO Settings: Local Computer Policy\Computer Configuration\Administrative Templates\System\Driver Installation\Turn off Windows Update device driver search prompt (2) Registry Key: HKLM\Software\Policies\Microsoft\Windows\DriverSearching\DontPromptForWindowsUpdateaThe "Turn off Windows Update device driver search prompt" setting should be configured correctly. CCE-10694-86Definition 'oval:gov.nist.usgcb.windowsseven:def:225' ?Rule 'specify_search_order_for_device_driver_source_locations' (1) GPO Settings: Local Computer Policy\Computer Configuration\Administrative Templates\System\Device Installation\Specify Search Order for device driver source locations (2) Registry Key: HKLM\Software\Policies\Microsoft\Windows\DriverSearching\SearchOrderConfig`(1) enabled/disabled (2) Windows Update first, Windows Update last, Do not search Windows UpdateeThe "Specify Search Order for device driver source locations" setting should be configured correctly. CCE-9919-26Definition 'oval:gov.nist.usgcb.windowsseven:def:224' ;Rule 'prevent_device_metadata_retrieval_from_the_internet' (1) GPO Settings: Local Computer Policy\Computer Configuration\Administrative Templates\System\Device Installation\Prevent device metadata retrieval from internet (2) Registry Key: HKLM\SOFTWARE\Policies\Microsoft\Windows\Device Metadata\PreventDeviceMetadataFromNetwork]The "Prevent device metadata retrieval from internet" setting should be configured correctly. CCE-10165-96Definition 'oval:gov.nist.usgcb.windowsseven:def:223' Rule 'prevent_creation_of_a_system_restore_point_during_device_activity_that_would_normally_prompt_creation_of_a_restore_point' R(1) GPO Settings: Local Computer Policy\Computer Configuration\Administrative Templates\System\Device Installation\Prevent creation of a system restore point during device activity that would normally prompt creation of a restore point (2) Registry Key: HKLM\Software\Policies\Microsoft\Windows\DeviceInstall\Settings\DisableSystemRestore CCE-10553-66Definition 'oval:gov.nist.usgcb.windowsseven:def:222' YRule 'do_not_send_a_windows_error_report_when_a_generic_driver_is_in< stalled_on_a_device' <(1) GPO Settings: Local Computer Policy\Computer Configuration\Administrative Templates\System\Device Installation\Do not send a Windows Error Report when a generic driver is installed on a device (2) Registry Key: HKLM\Software\Policies\Microsoft\Windows\DeviceInstall\Settings\DisableSendGenericDriverNotFoundToWER CCE-9901-06Definition 'oval:gov.nist.usgcb.windowsseven:def:221' 0Rule 'allow_remote_access_to_the_pnp_interface' (1) GPO Settings: Local Computer Policy\Computer Configuration\Administrative Templates\System\Device Installation\Allow remote access to the PnP interface (2) Registry Key: HKLM\Software\Policies\Microsoft\Windows\DeviceInstall\Settings\AllowRemoteRPC CCE-10769-86Definition 'oval:gov.nist.usgcb.windowsseven:def:220' iRule 'extend_point_and_print_connection_to_search_windows_update_and_use_alternate_connection_if_needed' 7(1) GPO Settings: Local Computer Policy\Computer Configuration\Administrative Templates\Printers\Extend Point and Print connection to search Windows Update and use alternate connection if needed (2) Registry Key: HKLM\Software\Policies\Microsoft\Windows NT\Printers\DoNotInstallCompatibleDriverFromWindowsUpdateThe "Extend Point and Print connection to search Windows Update and use alternate connection if needed" setting should be configured correctly. CCE-10782-16Definition 'oval:gov.nist.usgcb.windowsseven:def:219' :Rule 'prohibit_access_to_the_windows_connect_now_wizards' (1) GPO Settings: Local Computer Policy\Computer Configuration\Administrative Templates\Network\Windows Connect Now\Prohibit Access of the Windows Connect Now wizards (2) Registry Key: HKLM\Software\Policies\Microsoft\Windows\WCN\UI\DisableWcnUi CCE-10778-9(1) GPO Settings: Local Computer Policy\Computer Configuration\Administrative Templates\Network\Windows Connect Now\Configuration of wireless settings using Windows Connect Now (2) Registry Key: HKLM\Software\Policies\Microsoft\Windows\WCN\Registrars\DisableWPDRegistrarYThe Windows Connect Now "Windows Portable Device" setting should be configured correctly. CCE-14411-3(1) GPO Settings: Local Computer Policy\Computer Configuration\Administrative Templates\Network\Windows Connect Now\Configuration of wireless settings using Windows Connect Now Registry Key: HKLM\Software\Policy (2) cies\Microsoft\Windows\WCN\Registrars\DisableFlashConfigRegistrarQThe Windows Connect Now "USB Flash Drive" setting should be configured correctly. CCE-15041-7(1) GPO Settings: Local Computer Policy\Computer Configuration\Administrative Templates\Network\Windows Connect Now\Configuration of wireless settings using Windows Connect Now (2) Registry Key:HKLM\Software\Policies\Microsoft\Windows\WCN\Registrars\DisableInBand802DOT11RegistrarRThe Windows Connect "In-band 802.11 Wi-Fi" setting should be configured correctly. CCE-15019-3(1) GPO Settings: Local Computer Policy\Computer Configuration\Administrative Templates\Network\Windows Connect Now\Configuration of wireless settings using Windows Connect Now (2) Registry Key: HKLM\Software\Policies\Microsoft\Windows\WCN\Registrars\DisableUPnPRegistrarQThe Windows Connect Now "Ethernet (UPnP)" setting should be configured correctly. CCE-15015-1(1) GPO Settings: Local Computer Policy\Computer Configuration\Administrative Templates\Network\Windows Connect Now\Configuration of wireless settings using Windows Connect Now (2) HKLM\Software\Policies\Microsoft\Windows\WCN\Registrars\HigherPrecedenceRegistrar7WCN over Ethernet (UPnP), WCN over In-band 802.11 Wi-FiThe Windows Connect Now "Higher precedence medium for devices discovered by multiple media" setting should be configured appropriately. CCE-14653-0(1) GPO Settings: Local Computer Policy\Computer Configuration\Administrative Templates\Network\Windows Connect Now\Configuration of wireless settings using Windows Connect Now (2) HKLM\Software\Policies\Microsoft\Windows\WCN\Registrars\MaxWCNDeviceNumber, number of devices_The Windows Connect Now "Maximum number of WCN devices" setting should be configured correctly. CCE-14900-56Definition 'oval:gov.nist.usgcb.windowsseven:def:218' DRule 'configuration_of_wireless_settings_using_windows_connect_now' (1) GPO Settings: Local Computer Policy\Computer Configuration\Administrative Templates\Network\Windows Connect Now\Configuration of wireless settings using Windows Connect Now (2) Registry Key: HKLM\Software\Policies\Microsoft\Windows\WCN\Registrars\EnableRegistrars CCE-9879-86Definition 'oval:gov.nist.usgcb.windowsseven:def:217' Rule 'ip_https' oGPO Settings: Local Computer Policy\Computer Configuration\Administrative Templates\Network\TCPIP Settings\IPv6 Transition Technologies\IP HTTPS Registry Key: HKLM\Software\Policies\Microsoft\Windows\TCPIP\v6Transition\IPHTTPS\IPHTTPSInterface\IPHTTPS_ClientState, HKLM\Software\Policies\Microsoft\Windows\TCPIP\v6Transition\IPHTTPS\IPHTTPSInterface\IPHTTPS_ClientUrl<The "IP HTTPS" state setting should be configured correctly. CCE-10764-96Definition 'oval:gov.nist.usgcb.windowsseven:def:216' Rule 'teredo_state' (1) GPO Settings: Local Computer Policy\Computer Configuration\Administrative Templates\Network\TCPIP Settings\IPv6 Transition Technologies\Teredo State (2) Registry Key: HKLM\Software\Policies\Microsoft\Windows\TCPIP\v6Transition\Teredo_State:The "Teredo State" setting should be configured correctly. CCE-10011-56Definition 'oval:gov.nist.usgcb.windowsseven:def:215' Rule 'isatap_state' (1) GPO Settings: Local Computer Policy\Computer Configuration\Administrative Templates\Network\TCPIP Settings\IPv6 Transition Technologies\ISATAP State (2) Registry Key: HKLM\Software\Policies\Microsoft\Windows\TCPIP\v6Transition\ISATAP_StateCThe "ISATAP State" setting for IPv6 should be configured correctly. CCE-10130-36Definition 'oval:gov.nist.usgcb.windowsseven:def:214' Rule '_6to4_state' (1) GPO Settings: Local Computer Policy\Computer Configuration\Administrative Templates\Network\TCPIP Settings\IPv6 Transition Technologies\6to4 State (2) Registry Key: HKLM\Software\Policies\Microsoft\Windows\TCPIP\v6Transition\6to4_State8The "6to4 State" setting should be configured correctly. CCE-10266-56Definition 'oval:gov.nist.usgcb.windowsseven:def:213' 6Rule 'route_all_traffic_through_the_internal_network' GPO Settings: Local Computer Policy\Computer Configuration\Administrative Templates\Network\Network Connections\Route all traffic through the internal network Registry Key: HKLM\Software\Policies\Microsoft\Windows\TCPIP\v6Transition\Force_Tunneling\The "Route all traffic through the internal network" setting should be configured correctly. CCE-10509-86Definition 'oval:gov.nist.usgcb.windowsseven:def:212' HRule 'require_domain_users_to_elevate_when_setting_a_networks_location' (1) GPO Settings: Local Computer Policy\Computer Configuration\Administrative Templates\Network\Network Connections\Require domain users to elevate when setting a network"s location (2) Registry Key: HKLM\Software\Policies\Microsoft\Windows\Network Connections\NC_StdDomainUserSetLocationoThe "Require domain users to elevate when setting a network's location" setting should be configured correctly. CCE-10359-8(1) GPO Settings: Local Computer Policy\Computer Configuration\Administrative Templates\Network\Network Connections\Prohibit use of Internet Connection Sharing on your DNS domain network (2) Registry Key: HKLM\Software\Policies\Microsoft\Windows\Network Connections\NC_ShowSharedAccessUI CCE-9797-26Definition 'oval:gov.nist.usgcb.windowsseven:def:210' \Rule 'prohibit_installation_and_configuration_of_network_bridge_on_your_dns_domain_network' -(1) GPO Settings: Local Computer Policy\Computer Configuration\Administrative Templates\Network\Network Connections\Prohibit installation and configuration of Network Bridge on your DNS domain network (2) Registry Key: HKLM\Software\Policies\Microsoft\Windows\Network Connections\NC_AllowNetBridge_NLA CCE-9953-16Definition 'oval:gov.nist.usgcb.windowsseven:def:209' ;Rule 'turn_off_microsoft_peer_to_peer_networking_services' (1) GPO Settings: Local Compute< r Policy\Computer Configuration\Administrative Templates\Network\Microsoft Peer-to-Peer Networking Services\Turn off Microsoft Peer-to-Peer Networking Services (2) Registry Key: HKLM\Software\policies\Microsoft\Peernet\Disabled CCE-10438-0 (1) GPO Settings: Local Computer Policy\Computer Configuration\Administrative Templates\Network\Link-Layer Topology Discovery\Turn on Responder (RSPNDR) Driver - Prohibit operation while in private network (2) HKLM\Software\Policies\Microsoft\Windows\LLTD\ProhibitRspndrOnPrivateNetnThe "Prohibit operation while in private network" setting on the RSPNDR Driver should be configured correctly. CCE-14834-6(1) GPO Settings: Local Computer Policy\Computer Configuration\Administrative Templates\Network\Link-Layer Topology Discovery\Turn on Responder (RSPNDR) Driver - Allow operation while in public network (2) HKLM\Software\Policies\Microsoft\Windows\LLTD\AllowRspndrOnPublicNet, jThe "Allow operation while in public network" setting on the RSPNDR Driver should be configured correctly. CCE-14830-4 (1) GPO Settings: Local Computer Policy\Computer Configuration\Administrative Templates\Network\Link-Layer Topology Discovery\Turn on Responder (RSPNDR) Driver - Allow Operation while in Domain (2) HKLM\Software\Policies\Microsoft\Windows\LLTD\AllowRspndrOnDomain, bThe "Allow operation while in domain" setting on the RSPNDR Driver should be configured correctly. CCE-15059-96Definition 'oval:gov.nist.usgcb.windowsseven:def:208' 'Rule 'turn_on_responder_rspndr_driver' (1) GPO Settings: Local Computer Policy\Computer Configuration\Administrative Templates\Network\Link-Layer Topology Discovery\Turn on Responder (RSPNDR) Driver (2) Registry Key: HKLM\Software\Policies\Microsoft\Windows\LLTD\EnableRspndrOThe "Turn on Responder (RSPNDR) Driver" setting should be configured correctly. CCE-10059-4(1) GPO Settings: Local Computer Policy\Computer Configuration\Administrative Templates\Network\Link-Layer Topology Discovery\Turn on Mapper I/O (LLTDIO) Driver - Prohibit operation while in private network (2) HKLM\Software\Policies\Microsoft\Windows\LLTD\ProhibitLLTDIOOnPrivateNetnThe "Prohibit operation while in private network" setting on the LLTDIO Driver should be configured correctly. CCE-14718-1(1) GPO Settings: Local Computer Policy\Computer Configuration\Administrative Templates\Network\Link-Layer Topology Discovery\Turn on Mapper I/O (LLTDIO) Driver - Allow operation while in public network (2) HKLM\Software\Policies\Microsoft\Windows\LLTD\AllowLLTDIOOnPublicNet, jThe "Allow operation while in public network" setting on the LLTDIO Driver should be configured correctly. CCE-14109-3 (1) GPO Settings: Local Computer Policy\Computer Configuration\Administrative Templates\Network\Link-Layer Topology Discovery\Turn on Mapper I/O (LLTDIO) Driver - Allow operation while in domain (2) HKLM\Software\Policies\Microsoft\Windows\LLTD\AllowLLTDIOOnDomain, bThe "Allow operation while in domain" setting on the LLTDIO Driver should be configured correctly. CCE-15050-86Definition 'oval:gov.nist.usgcb.windowsseven:def:207' 'Rule 'turn_on_mapper_io_lltdio_driver' (1) GPO Settings: Local Computer Policy\Computer Configuration\Administrative Templates\Network\Link-Layer Topology Discovery\Turn on Mapper I/O (LLTDIO) Driver (2) Registry Key: HKLM\Software\Policies\Microsoft\Windows\LLTD\EnableLLTDIOPThe "Turn on Mapper I/O (LLTDIO) Driver" setting should be configured correctly. CCE-9783-2?(1) GPO Settings: Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall Properties\Public Profile Tab\Logging\Size limit (KB) (2) Registry Key: HKLM\Software\Policies\Microsoft\WindowsFirewall\PublicProfile\LogFileSizeiThe "Log File Size Limit" for the Windows Firewall should be configured correctly for the Public Profile. CCE-10373-94(1) GPO Settings: Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall Properties\Public Profile Tab\Logging\Name (2) Registry Key: HKLM\Software\Policies\Microsoft\WindowsFirewall\PublicProfile\LogFilePathlThe "Log File Path and Name" for the Windows Firewall should be configured correctly for the Public Profile. CCE-9926-7[(1) GPO Settings: Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall Properties\Public Profile Tab\Logging\Logged successful connections (2) Registry Key: HKLM\Software\Policies\Microsoft\WindowsFirewall\PublicProfile\LogSuccessfulConnections CCE-9753-5I(1) GPO Settings: Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall Properties\Public Profile Tab\Logging\Log dropped packets (2) Registry Key: HKLM\Software\Policies\Microsoft\WindowsFirewall\PublicProfile\LogDroppedPackets CCE-9749-3A(1) GPO Settings: Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall Properties\Private Profile Tab\Logging\Size limit (KB) (2) Registry Key: HKLM\Software\Policies\Microsoft\WindowsFirewall\PrivateProfile\LogFileSizejThe "Log File Size Limit" for the Windows Firewall should be configured correctly for the Private Profile. CCE-10250-96(1) GPO Settings: Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall Properties\Private Profile Tab\Logging\Name (2) Registry Key: HKLM\Software\Policies\Microsoft\WindowsFirewall\PrivateProfile\LogFilePathmThe "Log File Path and Name" for the Windows Firewall should be configured correctly for the Private Profile. CCE-10386-1](1) GPO Settings: Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall Properties\Private Profile Tab\Logging\Logged successful connections (2) Registry Key: HKLM\Software\Policies\Microsoft\WindowsFirewall\PrivateProfile\LogSuccessfulConnectionsenable/disabled CCE-10611-2K(1) GPO Settings: Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall Properties\Private Profile Tab\Logging\Log dropped packets (2) Registry Key: HKLM\Software\Policies\Microsoft\WindowsFirewall\PrivateProfile\LogDroppedPackets CCE-10215-2?(1) GPO Settings: Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall Properties\Domain Profile Tab\Logging\Size limit (KB) (2) Registry Key: HKLM\Software\Policies\Microsoft\WindowsFirewall\DomainProfile\LogFileSizeiThe "Log File Size Limit" for the Windows Firewall should be configured correctly for the Domain Profile. CCE-9747-74(1) GPO Settings: Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall Properties\Domain Profile Tab\Logging\Name (2) Registry Key: HKLM\Software\Policies\Microsoft\WindowsFirewall\DomainProfile\LogFilePathlThe "Log File Path and Name" for the Windows Firewall should be configured correctly for the Domain Profile. CCE-10022-2[(1) GPO Settings: Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall Properties\Domain Profile Tab\Logging\Logged successful connections (2) Registry Key: HKLM\Software\Policies\Microsoft\WindowsFirewall\DomainProfile\LogSuccessfulConnections CCE-10268-1I(1) GPO Settings: Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall Properties\Domain Profile Tab\Logging\Log dropped packets (2) Registry Key: HKLM\Software\< Policies\Microsoft\WindowsFirewall\DomainProfile\LogDroppedPackets (1) enabled/disabled CCE-10502-3(1) GPO Settings: Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Outbound Rules\IPv6 Block of UDP 3544dThe "IPv6 Block of UDP 3544" option for the Windows Firewall setting should be configured correctly. CCE-10488-5(1) GPO Settings: Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Outbound Rules\IPv6 Block of Protocols 41hThe "IPv6 Block of Protocols 41" option for the Windows Firewall setting should be configured correctly. CCE-10207-9Setting Index #364: This policy setting in the System audit category determines whether to audit Security System Extension changes on computers that are running Windows Vista or later Windows operating systems.(Worksheet: Audit Policy Settings; Row: 6(1) Commandline: auditpol.exe CCE-9998-6Setting Index #23: This policy setting allows you to monitor system events that succeed and fail, and provides a record of these events that may help determine instances of unauthorized system access. )Worksheet: Audit Policy Settings; Row: 64 CCE-9990-3Setting Index #931: This setting applies to Other Privilege Use Events subcategory of events. You can use it to audit users exercising user rights.)Worksheet: Audit Policy Settings; Row: 31 CCE-9988-7ERule 'allow_users_to_connect_remotely_using_remote_desktop_services' Setting Index #268: This policy setting allows you to control if users can connect to a computer using Terminal Services or Remote Desktop.-Worksheet: Computer Policy Settings; Row: 200;(1) GPO: Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections\Allow users to connect remotely using Remote Desktop Services (2) Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\fDenyTSConnectionskThe 'Allow users to connect remotely using Remote Desktop Services' setting should be configured correctly. CCE-9985-3Setting Index #230: This policy setting causes the run list, which is a list of programs that Windows Vista runs automatically when it starts, to be ignored. -Worksheet: Computer Policy Settings; Row: 175(1) GPO: Computer Configuration\Administrative Templates\System\Logon\Do not process the legacy run list (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisableLocalMachineRunPThe 'Do not process the legacy run list' setting should be configured correctly. CCE-9983-8Setting Index #396: The policy setting for this audit category determines whether to audit Authentication Policy changes on computers running Windows Vista or later Windows operating systems.)Worksheet: Audit Policy Settings; Row: 37 CCE-9976-2Setting Index #233: This policy setting determines whether an IT support person can offer remote assistance to fix issues on computers in your environment without explicit user requests.-Worksheet: Computer Policy Settings; Row: 178(1) GPO: Computer Configuration\Administrative Templates\System\Remote Assistance\Offer Remote Assistance (2) Registry Key: HKEY_LOCAL_MACHINE\Software\policies\Microsoft\Windows NT\Terminal Services\fAllowUnsolicitedlist of users and/or groupsThe set of users and/or gorups allowed to make unsolicited offers of remote assistance (aka the 'Helpers' option for the 'Offer Remote Assistance' setting) should be configured correctly. CCE-9931-7VAllow helpers to remotely control the computer/Allow helpers to only view the computer}The 'Permit remote control of this computer' option for the 'Offer Remote Assistance' setting should be configured correctly. CCE-10690-66Definition 'oval:gov.nist.usgcb.windowsseven:def:248' Rule 'offer_remote_assistance' Unsolicited offers of remote assistance (aka the 'Offer Remote Assistance' setting) should be automatically rejected or passed to the logged-on user for confirmation as appropriate. CCE-9960-6_Setting Index #1031: This policy setting allows you to manage whether or not screen savers run.(Worksheet: User Policy Settings; Row: 10(1) GPO: User Configuration\Administrative Templates\Control Panel\Personalization\Force specific screen saver (2) Registry Key: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Control Panel\Desktop\SCRNSAVE.EXEIThe 'Force specific screen saver' setting should be configured correctly. CCE-9958-06Definition 'oval:gov.nist.usgcb.windowsseven:def:261' 5Rule 'enumerate_administrator_accounts_on_elevation' {Setting Index #245: By default, all administrator accounts are displayed when you attempt to elevate a running application.-Worksheet: Computer Policy Settings; Row: 190 (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Credential User Interface\Enumerate administrator accounts on elevation (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\CredUI\EnumerateAdministrators[The 'Enumerate administrator accounts on elevation' setting should be configured correctly. CCE-9938-2Setting Index #366: This policy setting in the System audit category determines whether to audit IPsec Driver events on computers that are running Windows Vista.(Worksheet: Audit Policy Settings; Row: 3 CCE-9925-96Definition 'oval:gov.nist.usgcb.windowsseven:def:291' 7Rule 'turn_off_data_execution_prevention_for_explorer' Setting Index #1030: Disabling data execution prevention can allow certain legacy plug-in applications to function without terminating Explorer.+Worksheet: Computer Policy Settings; Row: 6(1) GPO: Computer Configuration\Administrative Templates\Windows Components\Windows Explorer\Turn off Data Execution Prevention for Explorer (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Explorer\NoDataExecutionPrevention]The 'Turn off Data Execution Prevention for Explorer' setting should be configured correctly. CCE-9918-4Setting Index #398: The policy setting for this audit category determines whether to audit MPSSVC Rule-Level Policy changes on computers running Windows Vista or later Windows operating systems.)Worksheet: Audit Policy Settings; Row: 40 CCE-9913-5Setting Index #399: The policy setting for this audit category determines whether to audit Filtering Platform Policy changes on computers running Windows Vista or later Windows operating systems.)Worksheet: Audit Policy Settings; Row: 39 CCE-9902-8Setting Index #15: This policy setting determines whether to audit each instance of a user who logs on to or off from another computer that validates the account.)Worksheet: Audit Policy Settings; Row: 56 CCE-9887-1Setting Index #388: This setting applies to the Sensitive Privilege Use subcategory of events. You can use it to audit users exercising user rights.)Worksheet: Audit Policy Settings; Row: 30 CCE-9878-0 CCE-9863-2Setting Index #380: The policy setting controls whether to audit users who have accessed the Security Accounts Manager (SAM) object on computers running Windows Vista or later Windows operating systems.)Worksheet: Audit Policy Settings; Row: 27 CCE-9856-6Setting Index #368: This policy setting in the System audit category determines whether to audit Security State changes on computers that are running Windows Vista or later Windows operating systems.(Worksheet: Audit Policy Settings; Row: 5 CCE-9850-9 CCE-9845-96Definition 'oval:gov.nist.usgcb.windowsseven:def:246' 9Rule 'require_a_password_when_computer_wakes_on_battery' vSetting Index #1028: Specifies whether or not the user is prompted for a password when the system resumes from sleep. +Worksheet: Computer Policy Settings; Row: 3(1) GPO: Computer Configuration\Administrative Templates\System\Power Management\Sleep Settings\Require a Password When a Computer Wakes (On Battery) (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Power\PowerSettings\0e796bd< b-100d-47d6-a2d5-f7d2daa51f51\DCSettingIndexcThe 'Require a Password When a Computer Wakes (On Battery)' setting should be configured correctly. CCE-9829-3Setting Index #391: Detailed Tracking audit category determines whether to audit detailed tracking information for events such as program activation, process exit, handle duplication, and indirect object access. This setting deals with Process Termination.)Worksheet: Audit Policy Settings; Row: 34 CCE-9818-6Setting Index #203: This setting controls whether local administrators are allowed to create connection security rules that apply with other connection security rules enforced by Group Policy.-Worksheet: Computer Policy Settings; Row: 174 CCE-9817-8Setting Index #382: This setting determines whether to audit the event of a user who accesses an object that has a specified system access control list (SACL), effectively enabling auditing to take place. It targets application generated events.)Worksheet: Audit Policy Settings; Row: 17 CCE-9816-0Setting Index #377: This settings determines whether to audit the event of a user who attempts to access an object that has a specified system access control list (SACL), effectively enabling auditing to take place. It is targeted to File System object access processes.)Worksheet: Audit Policy Settings; Row: 20 CCE-9811-1xSetting Index #413: This policy setting audits logon events other than credential validation and Kerberos Ticket Events.)Worksheet: Audit Policy Settings; Row: 55CCE-214 CCE-9808-7Setting Index #394: The Detailed Tracking audit category determines whether to audit detailed tracking information for events such as program activation, process exit, handle duplication, and indirect object access. This setting deals with Process Creation.)Worksheet: Audit Policy Settings; Row: 33 CCE-9805-3 Setting Index #379: This settings determines whether to audit the event of a user who attempts to access an object that has a specified system access control list (SACL), effectively enabling auditing to take place. It is targeted to Kernal Object access processes.)Worksheet: Audit Policy Settings; Row: 24 CCE-9803-8 CCE-9802-06Definition 'oval:gov.nist.usgcb.windowsseven:def:118' fRule 'user_account_control_only_elevate_uiaccess_applications_that_are_installed_in_secure_locations' Setting Index #162: This setting helps protect a Windows Vista based computer by only allowing applications installed in a secure location, such as the Program Files or the Windows\System32 folders, to run with elevated privileges.-Worksheet: Computer Policy Settings; Row: 132 CCE-9801-2ISetting Index #401: This policy setting audits Account Management events.)Worksheet: Audit Policy Settings; Row: 47 CCE-9800-4Setting Index #407: This policy setting in the DS Access audit category enables reports to result when Active Directory Domain Services (AD DS) objects are accessed.)Worksheet: Audit Policy Settings; Row: 49 CCE-9791-5Setting Index #383: This settings determines whether to audit the event of a user who attempts to access an object that has a specified system access control list (SACL), effectively enabling auditing to take place. It is targeted to Handle Manipulation on Windows objects.)Worksheet: Audit Policy Settings; Row: 23 CCE-9789-9Setting Index #202: This setting controls whether local administrators are allowed to create local firewall rules that apply with other firewall rules enforced by Group Policy.-Worksheet: Computer Policy Settings; Row: 173 CCE-9786-5Setting Index #186: Select this option to have Windows Firewall with Advanced Security display notifications to the user when a program is blocked from receiving inbound connections.-Worksheet: Computer Policy Settings; Row: 157 CCE-9774-1zSetting Index #201: Controls whether computer receives unicast responses to its outgoing multicast or broadcast messages.-Worksheet: Computer Policy Settings; Row: 172 CCE-9773-3fRule 'network_security_allow_pku2u_authentication_requests_to_this_computer_to_use_online_identities' Setting Index #921: This policy will be turned off by default on domain joined machines. This would disallow the online identities to be able to authenticate to the domain joined machine in Windows 7.-Worksheet: Computer Policy Settings; Row: 145 CCE-9770-96Definition 'oval:gov.nist.usgcb.windowsseven:def:103' 9Rule 'network_security_ldap_client_signing_requirements' Setting Index #143: This policy setting determines the level of data signing that is requested on behalf of clients that issue LDAP BIND requests.-Worksheet: Computer Policy Settings; Row: 118 CCE-9768-3 CCE-9765-9Setting Index #271: This policy setting specifies whether the computer that is about to host the remote connection will enforce an encryption level for all data sent between it and the client computer for the remote session.-Worksheet: Computer Policy Settings; Row: 198!(1) GPO: Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security\Set client connection encryption level (2) Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\MinEncryptionLevelLow/High/Client CompatibleThe 'Encryption Level' option for the Remote Desktop Services 'Set client connection encryption level' setting should be configured correctly. CCE-10779-76Definition 'oval:gov.nist.usgcb.windowsseven:def:276' .Rule 'set_client_connection_encryption_level' zThe Remote Desktop Services 'Set client connection encryption level' setting should be enabled or disabled as appropriate. CCE-9764-2Setting Index #375: This audit category generates events that record the creation and destruction of logon sessions. This setting targets the special settings defined in the Windows Vista Security Guide.)Worksheet: Audit Policy Settings; Row: 15 CCE-9763-4Setting Index #409: This policy setting for the DS Access audit category enables reports to result when replication between two domain controllers starts and ends.)Worksheet: Audit Policy Settings; Row: 51 CCE-9755-0}Setting Index #200: Setting displays notifications to the user when a program is blocked from receiving inbound connections.-Worksheet: Computer Policy Settings; Row: 171 CCE-9742-8uSetting Index #520: This audit category generates events that record the creation and destruction of logon sessions. )Worksheet: Audit Policy Settings; Row: 16 CCE-9741-0Setting Index #190: This profile only applies if a user with local administrator privileges assigns it to a network that was previously set to use the Public profile. Microsoft recommends only changing the profile to Private for a trusted network. -Worksheet: Computer Policy Settings; Row: 161 CCE-9739-4Setting Index #378: This settings determines whether to audit the event of a user who accesses an object that has a specified system access control list (SACL), effectively enabling auditing to take place. It is targeted to Registry Object access events.)Worksheet: Audit Policy Settings; Row: 26 CCE-9737-8DSetting Index #145: This setting controls the encrypion used in RPC.,Worksheet: Computer Policy Settings; Row: 49 CCE-10924-9 CCE-10281-4 CCE-10916-56Definition 'oval:gov.nist.usgcb.windowsseven:def:105' aRule 'network_security_minimum_session_security_for_ntlm_ssp_based_including_secure_rpc_servers' CCE-9736-0Setting Index #392: The Detailed Tracking audit category determines whether to audit detailed tracking information for events such as program activation, process exit, handle duplication, and indirect object access. This setting deals with the DPAPI Activity.)Worksheet: Audit Policy Settings; Row: 32 CCE-9735-2Setting Index #408: This policy setting in the DS Access audit category enables reports to result when changes to create< , modify, move, or undelete operations are performed on objects in Active Directory Domain Services (AD DS).)Worksheet: Audit Policy Settings; Row: 50 CCE-9734-5Setting Index #275: This policy setting allows you to manage whether the Install Updates and Shut Down option is displayed in the Shut Down Windows dialog box.-Worksheet: Computer Policy Settings; Row: 1961(1) GPO: Computer Configuration\Administrative Templates\Windows Components\Windows Update\Do not adjust default option to 'Install Updates and Shut Down' in Shut Down Windows dialog box (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU\NoAUAsDefaultShutdownOptionThe 'Do not adjust default option to 'Install Updates and Shut Down' in Shut Down Windows dialog box' setting should be configured correctly. CCE-9733-7)Rule 'password_protect_the_screen_saver' ^Setting Index #500: If this setting is enabled, then all screen savers are password protected.'Worksheet: User Policy Settings; Row: 9(1) GPO: User Configuration\Administrative Templates\Control Panel\Personalization\Password protect the screen saver (2) Registry Key: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Control Panel\Desktop\ScreenSaverIsSecureOThe 'Password protect the screen saver' setting should be configured correctly. CCE-9730-3Setting Index #386: This setting determines whether to audit the event of a user who attempts to access an object that has a specified system access control list (SACL), effectively enabling auditing to take place. It is targeted to connections to the Filtering Platform.)Worksheet: Audit Policy Settings; Row: 21 CCE-9728-7Setting Index #411: The Account Logon audit category generates events for credential validation. These events occur on the computer that is authoritative for the credentials.)Worksheet: Audit Policy Settings; Row: 52CCE-1141 CCE-9725-3Setting Index #930: )Worksheet: Audit Policy Settings; Row: 28 CCE-9720-4CCE-229 CCE-9718-8Setting Index #372: This audit category generates events that record the creation and destruction of logon sessions. This setting targets the IPsec Main Mode settings.)Worksheet: Audit Policy Settings; Row: 10 CCE-9715-4Setting Index #196: This profile only applies if a user with local administrator privileges assigns it to a network that was previously set to use the Public profile. Microsoft recommends only changing the profile to Private for a trusted network. -Worksheet: Computer Policy Settings; Row: 167 CCE-9712-16Definition 'oval:gov.nist.usgcb.windowsseven:def:108' ERule 'shutdown_allow_system_to_be_shutdown_without_having_to_log_on' tSetting Index #148: This policy setting determines whether a computer can be shut down when a user is not logged on.-Worksheet: Computer Policy Settings; Row: 123 CCE-9707-16Definition 'oval:gov.nist.usgcb.windowsseven:def:101' =Rule 'network_security_force_logoff_when_logon_hours_expire' Setting Index #141: This policy setting, which determines whether to disconnect users who are connected to the local computer outside their user account s valid logon hours, affects the SMB component.,Worksheet: Computer Policy Settings; Row: 53 CCE-9704-8Setting Index #191: This setting determines the behavior for inbound connections that do not match an inbound firewall rule. This profile only applies if a user with local administrator privileges assigns it to a network that was previously set to use the Public profile. -Worksheet: Computer Policy Settings; Row: 162 CCE-9694-1PSetting Index #403: This policy setting audits Security Group Management events.)Worksheet: Audit Policy Settings; Row: 46 CCE-9692-5Setting Index #188: This setting controls whether local administrators are allowed to create local firewall rules that apply together with firewall rules configured by Group Policy.-Worksheet: Computer Policy Settings; Row: 159 CCE-9686-7&Rule 'hide_mechanisms_to_remove_zone' Setting Index #281: This policy setting allows you to manage whether users can manually remove the zone information from saved file attachments. 'Worksheet: User Policy Settings; Row: 4(1) GPO: User Configuration\Administrative Templates\Windows Components\Attachment Manager\Hide mechanisms to remove zone information (2) Registry Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments\HideZoneInfoOnPropertiesXThe 'Hide mechanisms to remove zone information' setting should be configured correctly. CCE-9684-2Setting Index #369: This audit category generates events that record the creation and destruction of logon sessions. This setting targets the Logon settings.)Worksheet: Audit Policy Settings; Row: 13 CCE-9683-4lSetting Index #278: This policy setting disables the Windows registry editors Regedit.exe and Regedt32.exe. 'Worksheet: User Policy Settings; Row: 8(1) GPO: User Configuration\Administrative Templates\System\Prevent access to registry editing tools (2) Registry Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryToolsVThe 'Prevent access to registry editing tools' setting should be configured correctly. CCE-9677-66Definition 'oval:gov.nist.usgcb.windowsseven:def:234' QRule 'turn_off_internet_download_for_web_publishing_and_online_ordering_wizards' Setting Index #239: Setting controls whether Windows will download a list of providers for the Web publishing and online ordering wizards.-Worksheet: Computer Policy Settings; Row: 184;(1) GPO: Computer Configuration\Administrative Templates\System\Internet Communication Management\Internet Communication settings\Turn off Internet download for Web publishing and online ordering wizards (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoWebServiceswThe 'Turn off Internet download for Web publishing and online ordering wizards' setting should be configured correctly. CCE-9674-39Definition 'oval:gov.nist.usgcb.windowsseven:def:100213' ZRule 'no_auto_restart_with_logged_on_users_for_scheduled_automatic_updates_installations' \Setting Index #1049: Setting controls the auto-restart functionality of the operating system-Worksheet: Computer Policy Settings; Row: 194&(1) GPO: Computer Configuration\Administrative Templates\Windows Components\Windows Update\No auto-restart with logged on users for scheduled automatic updates installations (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU\NoAutoRebootWithLoggedOnUsersThe 'No auto-restart with logged on users for scheduled automatic updates installations' setting should be configured correctly. CCE-9672-7Setting Index #373: This audit category generates events that record the creation and destruction of logon sessions. This setting targets IPsec Quick Mode settings.)Worksheet: Audit Policy Settings; Row: 11 CCE-9671-96Definition 'oval:gov.nist.usgcb.windowsseven:def:247' 9Rule 'require_a_password_when_computer_wakes_plugged_in' vSetting Index #1029: Specifies whether or not the user is prompted for a password when the system resumes from sleep. +Worksheet: Computer Policy Settings; Row: 4(1) GPO: Computer Configuration\Administrative Templates\System\Power Management\Sleep Settings\Require a Password When a Computer Wakes (Plugged In) (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Power\PowerSettings\0e796bdb-100d-47d6-a2d5-f7d2daa51f51\ACSettingIndexcThe 'Require a Password When a Computer Wakes (Plugged In)' setting should be configured correctly. CCE-9670-1OSetting Index #406: This policy setting audits Other Account Management events.)Worksheet: Audit Policy Settings; Row: 45 CCE-9668-5Setting Index #195: This profile only applies if a user with local administrator privileges assigns it to a network that was previously set to use the Public profile. Microsoft < recommends only changing the profile to Private for a trusted network. -Worksheet: Computer Policy Settings; Row: 166 CCE-9663-6Setting Index #374: This audit category generates events that record the creation and destruction of logon sessions. This setting targets the IPsec Extended Mode settings.(Worksheet: Audit Policy Settings; Row: 9 CCE-9661-0 CCE-9657-8TSetting Index #404: This policy setting audits Distribution Group Management events.)Worksheet: Audit Policy Settings; Row: 44 CCE-9644-66Definition 'oval:gov.nist.usgcb.windowsseven:def:240' >Rule 'turn_off_the_publish_to_web_task_for_files_and_folders' Setting Index #237: This policy setting specifies whether the tasks Publish this file to the Web, Publish this folder to the Web, and Publish the selected items to the Web are available from File and Folder Tasks in Windows folders.-Worksheet: Computer Policy Settings; Row: 183/(1) GPO: Computer Configuration\Administrative Templates\System\Internet Communication Management\Internet Communication settings\Turn off the "Publish to Web" task for files and folders (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPublishingWizardfThe 'Turn off the "Publish to Web" task for files and folders' setting should be configured correctly. CCE-9643-8 CCE-9637-0Setting Index #397: The policy setting for this audit category determines whether to audit Authorization Policy changes on computers running Windows Vista or later Windows operating systems.)Worksheet: Audit Policy Settings; Row: 38 CCE-9633-9 CCE-9632-1tSetting Index #376: This audit category generates events that record the creation and destruction of logon sessions.)Worksheet: Audit Policy Settings; Row: 14 CCE-9631-3ESetting Index #19: This policy setting audits and logs object access.)Worksheet: Audit Policy Settings; Row: 60 CCE-9629-7Setting Index #410: This policy setting in the DS Access audit category enables domain controllers to report detailed information about information that replicates between domain controllers.)Worksheet: Audit Policy Settings; Row: 48 CCE-9628-9 CCE-9622-2|Setting Index #184: This setting determines the behavior for inbound connections that do not match an inbound firewall rule.-Worksheet: Computer Policy Settings; Row: 155 CCE-9620-66Definition 'oval:gov.nist.usgcb.windowsseven:def:116' URule 'user_account_control_detect_application_installation_and_prompt_for_elevation' Setting Index #160: This setting determines how Windows Vista responds to application installation requests. Application installation requires an elevation of privilege. -Worksheet: Computer Policy Settings; Row: 130 CCE-9616-4RSetting Index #402: This policy setting audits Computer Account Management events.)Worksheet: Audit Policy Settings; Row: 43 CCE-9608-1xSetting Index #926: This policy setting allows you to audit NTLM authentication in a domain from this domain controller.-Worksheet: Computer Policy Settings; Row: 150tDisable/Enable for domain accounts to domain servers/Enable for domain accounts/Enable for domain servers/Enable all CCE-9604-06Definition 'oval:gov.nist.usgcb.windowsseven:def:265' $Rule 'maximum_application_log_size' Setting Index #505: This policy requires Windows Vista or later versions of Windows, it specifies the maximum size of the log file in kilobytes.-Worksheet: Computer Policy Settings; Row: 202CCE-NONE(1) GPO: Computer Configuration\Administrative Templates\Windows Components\Event Log Service\Application\Maximum Log Size (KB) (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\EventLog\Application\MaxSizesize in kilobytes[The 'Maximum Log Size (KB)' setting should be configured correctly for the application log. CCE-9603-2Setting Index #400: The policy setting for this audit category determines whether to audit Other Policy Change events on computers running Windows Vista or later Windows operating systems.)Worksheet: Audit Policy Settings; Row: 41 CCE-9596-8ySetting Index #197: Windows Firewall with Advanced Security uses the settings for this profile to filter network traffic.-Worksheet: Computer Policy Settings; Row: 168 CCE-9593-5SSetting Index #405: This policy setting audits Application Group Management events.)Worksheet: Audit Policy Settings; Row: 42 CCE-9591-9Setting Index #199: This setting determines the behavior for outbound connections that do not match an outbound firewall rule. If Outbound connections are set to Block and deploy the firewall policy by using a GPO, cannot receive subsequent Group Policy updates.-Worksheet: Computer Policy Settings; Row: 170 CCE-9588-5Setting Index #367: This policy setting in the System audit category determines whether to audit Other System events on computers that are running Windows Vista or later versions of Windows.(Worksheet: Audit Policy Settings; Row: 4 CCE-9586-9ySetting Index #155: This policy setting determines which subsystems are used to support applications in your environment.-Worksheet: Computer Policy Settings; Row: 137 CCE-9579-4 CCE-9569-5 CCE-9562-06Definition 'oval:gov.nist.usgcb.windowsseven:def:241' NRule 'turn_off_the_windows_messenger_customer_experience_improvement_program' Setting Index #242: This policy setting specifies whether Windows Messenger can collect anonymous information about how the Windows Messenger software and service is used. -Worksheet: Computer Policy Settings; Row: 187 (1) GPO: Computer Configuration\Administrative Templates\System\Internet Communication Management\Internet Communication settings\Turn off the Windows Messenger Customer Experience Improvement Program (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Messenger\Client\CEIPtThe 'Turn off the Windows Messenger Customer Experience Improvement Program' setting should be configured correctly. CCE-9559-6Setting Index #929: This policy setting allows you to deny or audit outgoing NTLM traffic from this Windows 7 or this Windows Server 2008 R2 computer to any Windows remote server.-Worksheet: Computer Policy Settings; Row: 152 CCE-9556-2Setting Index #387: This settings determines whether to audit the event of a user who accesses an object that has a specified system access control list (SACL), effectively enabling auditing to take place. It is targeted to Other Object Access events.)Worksheet: Audit Policy Settings; Row: 25 CCE-9545-5 CCE-9542-25Definition 'oval:gov.nist.usgcb.windowsseven:def:93' JRule 'network_access_restrict_anonymous_access_to_named_pipes_and_shares' Setting Index #137: When enabled, this policy setting restricts anonymous access to only those shares and pipes that are named in the Network access: Named pipes that can be accessed anonymously and Network access: Shares that can be accessed anonymously settings.-Worksheet: Computer Policy Settings; Row: 113 CCE-9540-6Setting Index #144: This policy setting determines the minimum application-to-application communications security standards for client computers.-Worksheet: Computer Policy Settings; Row: 119 CCE-10904-1 CCE-10777-1 CCE-10887-86Definition 'oval:gov.nist.usgcb.windowsseven:def:104' aRule 'network_security_minimum_session_security_for_ntlm_ssp_based_including_secure_rpc_clients' CCE-9534-9HRule 'network_security_configure_encryption_types_allowed_for_kerberos' oSetting Index #922: This policy setting allows you to set the encryption types that Kerberos is allowed to use.-Worksheet: Computer Policy Settings; Row: 146 CCE-9532-35Definition 'oval:gov.nist.usgcb.windowsseven:def:85' ;Rule 'network_access_allow_anonymous_sid_name_translation' Setting Index #129: This policy setting determines whether an anonymous user can request security identifier (SID) attributes for another user, or use a SID to obtain its corresponding user name. ,Worksheet: Computer Policy Settings; Row: 56 CCE-9531-56Definition 'oval:gov.nist.usgcb.windowsseven:def:259' Rule 'turn_off_autoplay' Setting Index #244: Autoplay starts to read from a drive < as soon as you insert media in the drive, which causes the setup file for programs or audio media to start immediately.-Worksheet: Computer Policy Settings; Row: 189(1) GPO: Computer Configuration\Administrative Templates\Windows Components\AutoPlay Policies\Turn off Autoplay (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun!All drives/CD-ROM drives/Disabled?The 'Turn off Autoplay' setting should be configured correctly. CCE-9528-1 CCE-9526-5Setting Index #928: This policy setting allows you to deny or allow NTLM authentication within a domain from this domain controller. This policy does not affect interactive logon to this domain controller.-Worksheet: Computer Policy Settings; Row: 153 CCE-9525-7Setting Index #194: This is an advanced security setting for the Windows Firewall that you can use to allow unicast responses on computers running Windows Vista.-Worksheet: Computer Policy Settings; Row: 165 CCE-9522-4 CCE-9521-6Setting Index #365: This policy setting in the System audit category determines whether to audit System Integrity changes on computers that are running Windows Vista.(Worksheet: Audit Policy Settings; Row: 7 CCE-9520-8Setting Index #269: This policy setting prevents users from sharing the local drives on their client computers to Terminal Servers that they access.-Worksheet: Computer Policy Settings; Row: 199(1) GPO: Computer Configuration\Administrative Templates\Windows Components\Terminal Services\Terminal Server\Device and Resource Redirection\Do not allow drive redirection (2) Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\fDisableCdmLThe 'Do not allow drive redirection' setting should be configured correctly. CCE-9518-2~Setting Index #185: This setting determines the behavior for outbound connections that do not match an outbound firewall rule.-Worksheet: Computer Policy Settings; Row: 156 CCE-9509-1Setting Index #234: This policy setting determines whether remote assistance may be solicited from computers running Windows operating systems in your environment.-Worksheet: Computer Policy Settings; Row: 179m(1) GPO: Computer Configuration\Administrative Templates\System\Remote Assistance\Solicited Remote AssistanceMailto/Simple MAPIThe 'Method for sending e-mail invitations' option for the 'Solicited Remote Assistance' setting should be configured correctly. CCE-9929-1 time unitsvThe 'Maximum ticket time (units)' option for the 'Solicited Remote Assistance' setting should be configured correctly. CCE-10312-7 time valuevThe 'Maximum ticket time (value)' option for the 'Solicited Remote Assistance' setting should be configured correctly. CCE-10753-2The 'Permit remote control of this computer' option for the 'Solicited Remote Assistance' setting should be configured correctly. CCE-10519-76Definition 'oval:gov.nist.usgcb.windowsseven:def:249' #Rule 'solicited_remote_assistance' (1) GPO: Computer Configuration\Administrative Templates\System\Remote Assistance\Solicited Remote Assistance (2) Registry Key: HKEY_LOCAL_MACHINE\Software\policies\Microsoft\Windows NT\Terminal Services\fAllowToGetHelpUser-intiated solicitations for remote assistance (aka the 'Solicited Remote Assistance' setting) should be enabled or disabled as appropriate. CCE-9506-75Definition 'oval:gov.nist.usgcb.windowsseven:def:95' DRule 'network_access_sharing_and_security_model_for_local_accounts' pSetting Index #139: This policy setting determines how network logons that use local accounts are authenticated.-Worksheet: Computer Policy Settings; Row: 115 CCE-9503-4aSetting Index #518: The Account Logon audit category generates events for credential validation. )Worksheet: Audit Policy Settings; Row: 53 CCE-9502-66Definition 'oval:gov.nist.usgcb.windowsseven:def:139' tRule 'mss_warninglevel_percentage_threshold_for_the_security_event_log_at_which_the_system_will_generate_a_warning' Setting Index #128: The entry appears as MSS: (WarningLevel) Percentage threshold for the security event log at which the system will generate a warning in the SCE.-Worksheet: Computer Policy Settings; Row: 106 CCE-9501-8SSetting Index #516: This policy requires Windows Vista or later versions of Windows-Worksheet: Computer Policy Settings; Row: 205(1) GPO: Computer Configuration\Administrative Templates\Windows Components\Event Log Service\Security\Retain old events (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\EventLog\Security\Retain security logTThe 'Retain old events' setting should be configured correctly for the security log. CCE-9500-0 CCE-9498-76Definition 'oval:gov.nist.usgcb.windowsseven:def:123' ERule 'mss_disableipsourcerouting_ip_source_routing_protection_level' Setting Index #112: The entry appears as MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing) in the SCE.,Worksheet: Computer Policy Settings; Row: 95 CCE-9496-1ZSetting Index #927: This policy setting allows you to deny or allow incoming NTLM traffic.-Worksheet: Computer Policy Settings; Row: 151 CCE-9494-6Setting Index #393: The Detailed Tracking audit category determines whether to audit detailed tracking information for events, such as program activation, process exit, handle duplication, and indirect object access. This setting is focused on RPC events.)Worksheet: Audit Policy Settings; Row: 35 CCE-9492-0Setting Index #381: This policy determines whether to audit the event of a user who attempts to access an object that has a specified system access control list (SACL), effectively enabling auditing to take place. It is targeted to the certification services processes.)Worksheet: Audit Policy Settings; Row: 18 CCE-9488-8]Rule 'mss_tcpmaxdataretransmissionsipv6_how_many_times_unacknowledged_data_is_retransmitted' Setting Index #522: This registry value entry appears as MSS: (TcpMaxDataRetransmissions) IPv6 How many times unacknowledged data is retransmitted (3 recommended, 5 is default) in the SCE.-Worksheet: Computer Policy Settings; Row: 141 CCE-9487-0Setting Index #183: Select On to allow Windows Firewall to filter network traffic. Select Off to prevent Windows Firewall from using any firewall rules or connection security rules for this profile.-Worksheet: Computer Policy Settings; Row: 154 CCE-9465-69Definition 'oval:gov.nist.usgcb.windowsseven:def:100212' [Rule 'do_not_display_install_updates_and_shut_down_option_in_shut_down_windows_dialog_box' Setting Index #273: This policy setting allows you to manage whether the Install Updates and Shut Down option is displayed in the Shut Down Windows dialog box. -Worksheet: Computer Policy Settings; Row: 193(1) GPO: Computer Configuration\Administrative Templates\Windows Components\Windows Update\Do not display 'Install Updates and Shut Down' option in Shut Down Windows dialog box (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU\NoAUShutdownOptionThe 'Do not display 'Install Updates and Shut Down' option in Shut Down Windows dialog box' setting should be configured correctly. CCE-9464-9xSetting Index #74: This policy setting determines whether the system shuts down if it is unable to log Security events. ,Worksheet: Computer Policy Settings; Row: 61 CCE-9463-15Definition 'oval:gov.nist.usgcb.windowsseven:def:38' Rule 'log_on_as_a_service' Setting Index #54: This policy setting allows accounts to start network services or register a process as a service running on the system.,Worksheet: Computer Policy Settings; Row: 45 CCE-9461-5 CCE-9460-76Definition 'oval:gov.nist.usgcb.windowsseven:def:134' dRule 'mss_performrouterdiscovery_allow_irdp_to_detect_andconfigure_default_default_gateway_address' Setting Index #122: This registry value entry appears as MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS) in the SCE.-Worksheet: Computer Policy Settings; Row: 102 CCE-9458-1< 6Definition 'oval:gov.nist.usgcb.windowsseven:def:137' YRule 'mss_tcpmaxdataretransmissions_how_many_times_unacknowledged_data_is_retransmitted' Setting Index #127: This registry value entry appears as MSS: (TcpMaxDataRetransmissions) How many times unacknowledged data is retransmitted (3 recommended, 5 is default) in the SCE.-Worksheet: Computer Policy Settings; Row: 105 CCE-9456-5 CCE-9455-75Definition 'oval:gov.nist.usgcb.windowsseven:def:69' 7Rule 'interactive_logon_do_not_display_last_user_name' Setting Index #93: This policy setting determines whether the account name of the last user to log on to the client computers in your organization will be displayed in each computer's respective Windows logon screen.,Worksheet: Computer Policy Settings; Row: 76 CCE-9449-0CCE-226 CCE-9445-85Definition 'oval:gov.nist.usgcb.windowsseven:def:62' ARule 'devices_restrict_floppy_access_to_locally_logged_on_users' Setting Index #81: This policy setting determines whether removable floppy media are accessible to both local and remote users simultaneously.,Worksheet: Computer Policy Settings; Row: 69 CCE-9440-96Definition 'oval:gov.nist.usgcb.windowsseven:def:130' [Rule 'mss_nodefaultexempt_configure_ipsec_exemptions_for_various_types_of_network_traffic' &http://support.microsoft.com/kb/811832Setting Index #118: The entry appears as MSS: (NoDefaultExempt) Configure IPSec exemptions for various types of network traffic in the SCE.,Worksheet: Computer Policy Settings; Row: 99 CCE-9439-15Definition 'oval:gov.nist.usgcb.windowsseven:def:57' ZRule 'audit_force_policy_subcategory_settings_to_override_audit_policy_category_settings' Setting Index #73: This policy setting allows administrators to enable the more precise auditing capabilities present in Windows Vista. Uses subcategory setting to override audit policy categories.,Worksheet: Computer Policy Settings; Row: 62 CCE-9432-66Definition 'oval:gov.nist.usgcb.windowsseven:def:129' ORule 'mss_keepalivetime_how_often_keep_alive_packets_are_sent_in_milliseconds' Setting Index #117: The registry value entry appears as MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds (300,000 is recommended) in the SCE.,Worksheet: Computer Policy Settings; Row: 98 CCE-9426-85Definition 'oval:gov.nist.usgcb.windowsseven:def:44' "Rule 'profile_system_performance' Setting Index #59: This policy setting allows users to use tools to view the performance of different system processes, which could be abused to allow attackers to determine a system's active processes and provide insight into the potential attack surface of the computer.,Worksheet: Computer Policy Settings; Row: 30 CCE-9419-35Definition 'oval:gov.nist.usgcb.windowsseven:def:52' QRule 'accounts_limit_local_account_use_of_blank_passwords_to_console_logon_only' Setting Index #68: This policy setting determines whether local accounts that are not password protected can be used to log on from locations other than the physical computer console,Worksheet: Computer Policy Settings; Row: 58 CCE-9418-55Definition 'oval:gov.nist.usgcb.windowsseven:def:41' -Rule 'modify_firmware_environment_variables' Setting Index #56: This policy setting allows users to configure the system-wide environment variables that affect hardware configuration. This information is typically stored in the Last Known Good Configuration.,Worksheet: Computer Policy Settings; Row: 26 CCE-9417-7 CCE-9412-8aSetting Index #100: This policy setting requires users to log on to a computer with a smart card.,Worksheet: Computer Policy Settings; Row: 84 CCE-9410-25Definition 'oval:gov.nist.usgcb.windowsseven:def:11' +Rule 'act_as_part_of_the_operating_system' Setting Index #25: This policy setting allows a process to assume the identity of any user and thus gain access to the resources that the user is authorized to access.+Worksheet: Computer Policy Settings; Row: 8 CCE-9407-85Definition 'oval:gov.nist.usgcb.windowsseven:def:80' WRule 'microsoft_network_server_amount_of_idle_time_required_before_suspending_session' Setting Index #105: This policy setting allows you to specify the amount of continuous idle time that must pass in an SMB session before the session is suspended because of inactivity. ,Worksheet: Computer Policy Settings; Row: 88 CCE-9406-0Setting Index #384: This setting determines whether to audit the event of a user who attempts to access an object that has a specified system access control list (SACL), effectively enabling auditing to take place. This setting is targeted to File Share access operations.)Worksheet: Audit Policy Settings; Row: 19 CCE-9405-2?http://technet.microsoft.com/en-us/library/cc720539(WS.10).aspxSetting Index #274: This policy setting specifies whether computers in your environment will receive security updates from Windows Update or WSUS-Worksheet: Computer Policy Settings; Row: 192(1) GPO: Computer Configuration\Administrative Templates\Windows Components\Windows Update\Configure Automatic Updates (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU\AUOptionshour of the dayRThe 'Scheduled install time' option for automatic updates should be set correctly. CCE-9924-2$every day/specific day of every weekQThe 'Scheduled install day' option for automatic updates should be set correctly. CCE-10700-36Definition 'oval:gov.nist.usgcb.windowsseven:def:301' #Rule 'configure_automatic_updates' Notify for download and notify for install/Auto download and notify for install/Auto download and schedule the install/Allow local admin to choose setting/Disabled?Automatic Updates should be enabled or disabled as appropriate. CCE-9403-74Definition 'oval:gov.nist.usgcb.windowsseven:def:3' Rule 'account_lockout_reset' ySetting Index #9: This policy setting determines the length of time before the Account lockout threshold resets to zero. *Worksheet: Domain Policy Settings; Row: 11 CCE-9400-36Definition 'oval:gov.nist.usgcb.windowsseven:def:251' 4Rule 'restrictions_for_unauthenticated_rpc_clients' Setting Index #235: This policy setting configures the RPC Runtime on an RPC server to restrict unauthenticated RPC clients from connecting to the RPC server. -Worksheet: Computer Policy Settings; Row: 180(1) GPO: Computer Configuration\Administrative Templates\System\Remote Procedure Call\Restrictions for Unauthenticated RPC clients (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Rpc\RestrictRemoteClientsTEnabled:Authenticated/Enabled:Authenticated without exceptions/Enabled:None/DisabledZThe 'Restrictions for Unauthenticated RPC clients' setting should be configured correctly. CCE-9396-36Definition 'oval:gov.nist.usgcb.windowsseven:def:120' VRule 'user_account_control_switch_to_the_secure_desktop_when_prompting_for_elevation' Setting Index #164: This setting helps to prevent malicious use of the elevation prompt. The Windows Vista secure desktop can only run SYSTEM processes, which generally eliminates messages from malicious software.-Worksheet: Computer Policy Settings; Row: 134 CCE-9395-55Definition 'oval:gov.nist.usgcb.windowsseven:def:15' %Rule 'back_up_files_and_directories' wSetting Index #30: This policy setting allows users to circumvent file and directory permissions to back up the system.,Worksheet: Computer Policy Settings; Row: 10 CCE-9389-85Definition 'oval:gov.nist.usgcb.windowsseven:def:43' Rule 'profile_single_process' Setting Index #58: This policy setting determines which users can use tools to monitor the performance of non-system processes. if System Monitor is configured to collect data using Windows Management Instrumentation (WMI) this setting is required.,Worksheet: Computer Policy Settings; Row: 29 CCE-9388-05Definition 'oval:gov.nist.usgcb.windowsseven:def:68' FRule 'domain_member_require_strong_windows_2000_or_later_session_key' Setting Index #91: When this policy setting is enabled, a secure channel can only be established with domain controllers that are capable of encr< ypting secure channel data with a strong (128-bit) session key.,Worksheet: Computer Policy Settings; Row: 75 CCE-9387-25Definition 'oval:gov.nist.usgcb.windowsseven:def:92' GRule 'network_access_remotely_accessible_registry_paths_and_sub_paths' Setting Index #136: This policy setting determines which registry paths and sub-paths will be accessible when an application or process references the WinReg key to determine access permissions.,Worksheet: Computer Policy Settings; Row: 50 CCE-9386-4Setting Index #150: This policy setting determines whether users' private keys (such as their S-MIME keys) require a password to be used. -Worksheet: Computer Policy Settings; Row: 136 CCE-9381-5bSetting Index #581: This security setting is used by Credential Manager during Backup and Restore.,Worksheet: Computer Policy Settings; Row: 48 CCE-9380-7 CCE-9376-55Definition 'oval:gov.nist.usgcb.windowsseven:def:65' FRule 'domain_member_digitally_sign_secure_channel_data_when_possible' Setting Index #88: This policy setting determines whether a domain member should attempt to negotiate whether all secure channel traffic that it initiates must be digitally signed.,Worksheet: Computer Policy Settings; Row: 72 CCE-9375-74Definition 'oval:gov.nist.usgcb.windowsseven:def:8' 3Rule 'password_must_meeet_complexity_requirements' ~Setting Index #5: This policy setting checks all new password to ensure that they meet basic requirements for strong password.)Worksheet: Domain Policy Settings; Row: 7 CCE-9370-8KSetting Index #18: This setting audits and logs logon events as they occur.)Worksheet: Audit Policy Settings; Row: 59 CCE-9365-8 CCE-9364-1VSetting Index #232: This policy setting determines when registry policies are updated.-Worksheet: Computer Policy Settings; Row: 177(1) GPO: Computer Configuration\Administrative Templates\System\Group Policy\Registry policy processing (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}\NoGPOListChangesThe 'Process even if the Group Policy objects have not changed' option for registry policy processing should be enabled or disabled as appropriate. CCE-10417-4*(1) GPO: Computer Configuration\Administrative Templates\System\Group Policy\Registry policy processing\Do not apply during periodic background processing (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}\NoBackgroundPolicyThe 'Do not apply during periodic background processing' option for registry policy processing should be enabled or disabled as appropriate. CCE-9915-06Definition 'oval:gov.nist.usgcb.windowsseven:def:227' "Rule 'registry_policy_processing' g(1) GPO: Computer Configuration\Administrative Templates\System\Group Policy\Registry policy processingVThe 'Registry policy processing' setting should be enabled or disabled as appropriate. CCE-9361-75Definition 'oval:gov.nist.usgcb.windowsseven:def:83' FRule 'microsoft_network_server_disconnect_clients_when_logons_expire' Setting Index #1043: This policy setting determines whether to disconnect users who are connected to the local computer outside their user account s valid logon hours. It affects the SMB component.,Worksheet: Computer Policy Settings; Row: 91 CCE-9358-34Definition 'oval:gov.nist.usgcb.windowsseven:def:7' Rule 'minimum_password_length' {Setting Index #4: This policy setting determines the least number of characters that make up a password for a user account.)Worksheet: Domain Policy Settings; Row: 6 CCE-9357-56Definition 'oval:gov.nist.usgcb.windowsseven:def:135' 9Rule 'mss_safedllsearchmode_enable_safe_dll_search_mode' wSetting Index #123: The entry appears as MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended) in the SCE.-Worksheet: Computer Policy Settings; Row: 103 CCE-9348-4tSetting Index #22: This policy setting determines whether to audit detailed tracking information for process events.)Worksheet: Audit Policy Settings; Row: 63 CCE-9347-65Definition 'oval:gov.nist.usgcb.windowsseven:def:13' Rule 'allow_log_on_locally' xSetting Index #28: This policy setting determines which users can interactively log on to computers in your environment.,Worksheet: Computer Policy Settings; Row: 34 CCE-9345-05Definition 'oval:gov.nist.usgcb.windowsseven:def:78' ORule 'microsoft_network_client_digitally_sign_communications_if_server_agrees' wSetting Index #103: This policy setting determines whether the SMB client will attempt to negotiate SMB packet signing.,Worksheet: Computer Policy Settings; Row: 86 CCE-9344-36Definition 'oval:gov.nist.usgcb.windowsseven:def:122' 7Rule 'mss_autoadminlogon_enable_automatic_admin_logon' Setting Index #109: The registry value entry AutoAdminLogon was added to the template file in the HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ registry key,Worksheet: Computer Policy Settings; Row: 93 CCE-9342-7RSetting Index #925: This policy setting allows you to audit incoming NTLM traffic.-Worksheet: Computer Policy Settings; Row: 149 CCE-9340-1pSetting Index #16: This policy setting determines whether to audit each account management event on a computer. )Worksheet: Audit Policy Settings; Row: 57 CCE-9339-35Definition 'oval:gov.nist.usgcb.windowsseven:def:30' +Rule 'force_shutdown_from_a_remote_system' Setting Index #46: This policy setting allows users to shut down Windows Vista based computers from remote locations on the network.,Worksheet: Computer Policy Settings; Row: 20 CCE-9336-94Definition 'oval:gov.nist.usgcb.windowsseven:def:6' Rule 'minimum_password_age' {Setting Index #3: This policy setting determines the number of days that you must use a password before you can change it. )Worksheet: Domain Policy Settings; Row: 5 CCE-9330-2Setting Index #189: This setting controls whether local administrators are allowed to create connection security rules that apply with other connection security rules enforced by Group Policy.-Worksheet: Computer Policy Settings; Row: 160 CCE-9329-45Definition 'oval:gov.nist.usgcb.windowsseven:def:77' ERule 'microsoft_network_client_digitally_sign_communications_always' sSetting Index #102: This policy setting determines whether packet signing is required by the SMB client component. ,Worksheet: Computer Policy Settings; Row: 85 CCE-9327-85Definition 'oval:gov.nist.usgcb.windowsseven:def:45' ,Rule 'remove_computer_from_docking_station' Setting Index #60: This policy setting allows the user of a portable computer to click Eject PC on the Start menu to undock the computer.,Worksheet: Computer Policy Settings; Row: 31 CCE-9326-0 CCE-9321-15Definition 'oval:gov.nist.usgcb.windowsseven:def:37' Rule 'log_on_as_a_batch_job' bSetting Index #53: This policy setting allows accounts to log on using the task scheduler service.,Worksheet: Computer Policy Settings; Row: 44 CCE-9320-36Definition 'oval:gov.nist.usgcb.windowsseven:def:111' LRule 'system_objects_require_case_insensitivity_for_non_windows_subsystems' Setting Index #153: Determines whether case insensitivity is enforced for all subsystems. Example is case insensitivity for other subsystems, such as the Portable Operating System Interface for UNIX (POSIX) which are normally case sensitive.-Worksheet: Computer Policy Settings; Row: 125 CCE-9319-55Definition 'oval:gov.nist.usgcb.windowsseven:def:70' 5Rule 'interactive_logon_do_not_require_ctrl_alt_del' Setting Index #94: When this setting is configured to Enabled, users are not required to use the CTRL+ALT+DEL key combination to log on to the network.,Worksheet: Computer Policy Settings; Row: 77 CCE-9317-9 CCE-9314-6< 5Definition 'oval:gov.nist.usgcb.windowsseven:def:49' 0Rule 'take_ownership_of_files_or_other_objects' Setting Index #65: This policy setting allows users to take ownership of files, folders, registry keys, processes, or threads. This user right bypasses any permissions that are in place to protect objects and give ownership to the specified user.,Worksheet: Computer Policy Settings; Row: 47 CCE-9309-64Definition 'oval:gov.nist.usgcb.windowsseven:def:1' Rule 'account_lockout_duration' Setting Index #7: This policy setting determines the length of time that must pass before a locked account is unlocked and a user can try to log on again. )Worksheet: Domain Policy Settings; Row: 9 CCE-9308-85Definition 'oval:gov.nist.usgcb.windowsseven:def:74' JRule 'interactive_logon_prompt_user_to_change_password_before_expiration' wSetting Index #98: This policy setting determines how far in advance users are warned that their password will expire. ,Worksheet: Computer Policy Settings; Row: 79 CCE-9307-05Definition 'oval:gov.nist.usgcb.windowsseven:def:61' @Rule 'devices_restrict_cdrom_access_to_locally_logged_on_users' Setting Index #80: This policy setting determines whether a CD-ROM is accessible to both local and remote users simultaneously.,Worksheet: Computer Policy Settings; Row: 68 CCE-9304-7qRule 'user_account_control_allow_uiaccess_applications_to_prompt_for_elevation_without_using_the_secure_desktop' Setting Index #534: Windows Vista SP1 includes a new Security Policy (UAC: Allow UAccess), which allows applications to prompt for elevation without using the secure desktop. This allows a remote helper to enter administrative credentials during a Remote Assistance session.-Worksheet: Computer Policy Settings; Row: 139 CCE-9301-35Definition 'oval:gov.nist.usgcb.windowsseven:def:66' >Rule 'domain_member_disable_machine_account_password_changes' Setting Index #89: This policy setting determines whether a domain member can periodically change its computer account password. ,Worksheet: Computer Policy Settings; Row: 73 CCE-9295-75Definition 'oval:gov.nist.usgcb.windowsseven:def:36' Rule 'lock_pages_in_memory' Setting Index #52: This policy setting allows a process to keep data in physical memory, which prevents the system from paging the data to virtual memory on disk. ,Worksheet: Computer Policy Settings; Row: 24 CCE-9289-0?http://technet.microsoft.com/en-us/library/ee706521(WS.10).aspxSetting Index #914: This is a setting option. Refer to the following parent setting for additional information: Control use of BitLocker on removable drives-Worksheet: Bitlocker Policy Settings; Row: 80(1) GPO: Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Removable Data Drives\s5-o1\Allow users to apply BitLocker protection on removable data drives (2) Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE\RDVAllowBDEpThe 'Allow users to apply BitLocker protection on removable data drives' setting should be configured correctly. CCE-9282-5Setting Index #883: This is a setting option. Refer to the following parent setting for additional information: Configure TPM platform validation profile-Worksheet: Bitlocker Policy Settings; Row: 46(1) GPO: Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives\s4-o21\PCR 20: Reserved for Future Use (2) Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE\PlatformValidation\20Validation of the 'Reserved for Future Use' Platform Configuration Register (aka PCR 20) by the Trusted Platform Module (TPM) should be enabled or disabled as appropriate. CCE-9279-15Definition 'oval:gov.nist.usgcb.windowsseven:def:29' 3Rule 'deny_log_on_through_remote_desktop_services' jSetting Index #1046: This policy setting determines whether users can log on as Terminal Services clients.,Worksheet: Computer Policy Settings; Row: 41 CCE-9274-2aSetting Index #519: The Account Logon audit category generates events for credential validation. )Worksheet: Audit Policy Settings; Row: 54 CCE-9269-26Definition 'oval:gov.nist.usgcb.windowsseven:def:110' \Rule 'system_cryptography_use_fips_compliant_algorithms_for_encryption_hashing_and_signing' Setting Index #530: This policy setting determines whether the Transport Layer Security/Secure Sockets Layer (TLS/SSL) Security Provider supports only the TLS_RSA_WITH_3DES_EDE_CBC_SHA cipher suite.-Worksheet: Computer Policy Settings; Row: 124 CCE-9266-85Definition 'oval:gov.nist.usgcb.windowsseven:def:79' URule 'microsoft_network_client_send_unencrypted_password_to_third_party_smb_servers' Setting Index #104: Disable this policy setting to prevent the SMB redirector from sending plaintext passwords during authentication to third-party SMB servers that do not support password encryption. ,Worksheet: Computer Policy Settings; Row: 87 CCE-9265-04Definition 'oval:gov.nist.usgcb.windowsseven:def:9' 3Rule 'store_passwords_using_reversible_encryption' Setting Index #6: This policy setting determines whether the operating system stores passwords in a way that uses reversible encryption, which provides support for application protocols that require knowledge of the user's password for authentication purposes.)Worksheet: Domain Policy Settings; Row: 8 CCE-9260-1Setting Index #889: This is a setting option. Refer to the following parent setting for additional information: Require additional authentication at startup-Worksheet: Bitlocker Policy Settings; Row: 59(1) GPO: Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives\s5-o2\Configure TPM startup (2) Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE\UseTPMallowed/required/not allowedUse of the Trusted Platform Module (TPM) on startup for operating system drives encyrpted with BitLocker should be configured correctly. CCE-9259-3 CCE-9258-5Setting Index #904: This is a setting option. Refer to the following parent setting for additional information: Choose how BitLocker-protected removable data drives can be recovered-Worksheet: Bitlocker Policy Settings; Row: 70((1) GPO: Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Removable Data Drives\s2-o5\Save BitLocker recovery information to AD DS for removable data drives (2) Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE\RDVActiveDirectoryBackuptThe 'Save BitLocker recovery information to AD DS for removable data drives' setting should be configured correctly. CCE-9256-95Definition 'oval:gov.nist.usgcb.windowsseven:def:22' 'Rule 'create_permanent_shared_objects' fSetting Index #37: This policy setting allows users to create directory objects in the object manager.,Worksheet: Computer Policy Settings; Row: 16 CCE-9254-4-Rule 'access_this_computer_from_the_network' ]Setting Index #24: This setting allows other users on the network to connect to the computer.+Worksheet: Computer Policy Settings; Row: 7 CCE-9253-65Definition 'oval:gov.nist.usgcb.windowsseven:def:64' IRule 'domain_member_digitally_encrypt_secure_channel_data_when_possible' Setting Index #87: This policy setting determines whether a domain member should attempt to negotiate encryption for all secure channel traffic that it initiates.,Worksheet: Computer Policy Settings; Row: 71 CCE-9251-05Definition 'oval:gov.nist.usgcb.windowsseven:def:86' HRule 'network_acces_do_not_allow_anonymous_enumeration_of_sam_accounts' Setting Index #130: This policy setting controls the ability of anonymous users to enumerate the accounts in the Security Accounts Manager (SAM).-Worksheet: Computer Policy Settings; Row: 107 CCE-9249-4Setting Index #858: This is a setting option. Refer to the following parent setting for additional information: Choose how BitLocker-protected operating system drives can be recovered-Worksheet: Bitlocker Policy Settings; Row: 29$(1) GPO: Computer Configuration\Administrative Templates\Windows Component< s\BitLocker Drive Encryption\Operating System Drives\s2-o6\Configure storage of BitLocker recovery information to AD DS (2) Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE\OSActiveDirectoryInfoToStoreRBackup recovery passwords and key packages/Backup recovery passwords only/disabledThe 'Configure storage of BitLocker recovery information to AD DS' setting should be configured correctly for operating system drives. CCE-9248-6{Setting Index #75: This policy setting determines which users or groups might access DCOM application remotely or locally. ,Worksheet: Computer Policy Settings; Row: 63 CCE-9247-85Definition 'oval:gov.nist.usgcb.windowsseven:def:25' 2Rule 'deny_access_this_computer_from_the_network' Setting Index #40: This policy setting prohibits users from connecting to a computer from across the network, which would allow users to access and potentially modify data remotely.,Worksheet: Computer Policy Settings; Row: 18 CCE-9244-5Setting Index #888: This is a setting option. Refer to the following parent setting for additional information: Require additional authentication at startup-Worksheet: Bitlocker Policy Settings; Row: 58(1) GPO: Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives\s5-o1\Allow BitLocker without a compatible TPM (2) Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE\EnableBDEWithNoTPMVThe 'Allow BitLocker without a compatible TPM' setting should be configured correctly. CCE-9241-15Definition 'oval:gov.nist.usgcb.windowsseven:def:28' Rule 'deny_log_on_locally' nSetting Index #43: This security setting determines which users are prevented from logging on at the computer.,Worksheet: Computer Policy Settings; Row: 40 CCE-9239-5Setting Index #843: This is a setting option. Refer to the following parent setting for additional information: Choose how BitLocker-protected fixed data drives can be recovered-Worksheet: Bitlocker Policy Settings; Row: 14@(1) GPO: Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Fixed Data Drives\s2-o7\Do not enable BitLocker until recovery information is stored to AD DS for fixed data drives (2) Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE\FDVRequireActiveDirectoryBackupThe 'Do not enable BitLocker until recovery information is stored to AD DS for fixed data drives' setting should be configured correctly. CCE-9236-1Setting Index #395: The Policy Change audit category determines whether to audit every incident of a change to user rights assignment policies, Windows Firewall policies, Trust policies, or changes to the Audit policy itself.)Worksheet: Audit Policy Settings; Row: 36 CCE-9235-35Definition 'oval:gov.nist.usgcb.windowsseven:def:54' %Rule 'accounts_rename_guest_account' OSetting Index #70: This setting allows the name of the guest account to change.,Worksheet: Computer Policy Settings; Row: 52 CCE-9229-6 CCE-9227-05Definition 'oval:gov.nist.usgcb.windowsseven:def:31' Rule 'generate_security_audits' zSetting Index #47: This policy setting determines which users or processes can generate audit records in the Security log.,Worksheet: Computer Policy Settings; Row: 42 CCE-9226-2Setting Index #17: This policy setting determines whether to audit user access to an Active Directory object that has its own specified system access control list (SACL).)Worksheet: Audit Policy Settings; Row: 58 CCE-9224-75Definition 'oval:gov.nist.usgcb.windowsseven:def:39' (Rule 'manage_auditing_and_security_log' Setting Index #55: This policy setting determines which users can change the auditing options for files and directories and clear the Security log.,Worksheet: Computer Policy Settings; Row: 25 CCE-9223-96Definition 'oval:gov.nist.usgcb.windowsseven:def:109' .Rule 'shutdown_clear_virtual_memory_pagefile' Setting Index #149: This policy setting determines whether the virtual memory pagefile is cleared when the system is shut down. -Worksheet: Computer Policy Settings; Row: 122 CCE-9222-1Setting Index #892: This is a setting option. Refer to the following parent setting for additional information: Require additional authentication at startup-Worksheet: Bitlocker Policy Settings; Row: 62(1) GPO: Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives\s5-o5\Configure TPM startup key and PIN (2) Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE\UseTPMKeyPINUse of the combination of both a Trusted Platform Module (TPM) startup key and PIN for operating system drives encrypted with BitLocker should be configured correctly. CCE-9221-3Setting Index #1039: ,Worksheet: Bitlocker Policy Settings; Row: 53(1) GPO: Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Fixed Data Drives\s1-o0\Allow access to BitLocker-protected fixed data drives from earlier versions of Windows (2) Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE\FDVDiscoveryVolumeTypeThe 'Allow access to BitLocker-protected fixed data drives from earlier versions of Windows ' setting should be configured correctly. CCE-9220-55Definition 'oval:gov.nist.usgcb.windowsseven:def:90' CRule 'network_access_named_pipes_that_can_be_accessed_anonymously' Setting Index #134: This policy setting determines which communication sessions, or pipes, will have attributes and permissions that allow anonymous access.-Worksheet: Computer Policy Settings; Row: 111 CCE-9218-9 CCE-9217-15Definition 'oval:gov.nist.usgcb.windowsseven:def:20' Rule 'create_a_token_object' Setting Index #35: This policy setting allows a process to create an access token, which may provide elevated rights to access sensitive data.,Worksheet: Computer Policy Settings; Row: 14 CCE-9215-5 CCE-9214-8 CCE-9213-05Definition 'oval:gov.nist.usgcb.windowsseven:def:26' "Rule 'deny_log_on_as_a_batch_job' {Setting Index #41: This policy setting determines which accounts will not be able to log on to the computer as a batch job.,Worksheet: Computer Policy Settings; Row: 38 CCE-9212-2Setting Index #916: -Worksheet: Bitlocker Policy Settings; Row: 821(1) GPO: Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Removable Data Drives\s6-o0\Deny write access to removable data drives not protected by BitLocker (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Policies\Microsoft\FVE\RDVDenyWriteAccesssThe 'Deny write access to removable data drives not protected by BitLocker' setting should be configured correctly. CCE-9211-4Setting Index #853: This is a setting option. Refer to the following parent setting for additional information: Choose how BitLocker-protected operating system drives can be recovered-Worksheet: Bitlocker Policy Settings; Row: 24(1) GPO: Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives\s2-o1\Allow data recovery agent (2) Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE\OSManageDRA{The BitLocker 'Allow data recovery agent' setting should be enabled or disabled as appropriate for operating system drives. CCE-9200-7-Rule 'accounts_administrator_account_status' vSetting Index #66: This policy setting enables or disables the built-in Administrator account during normal operation.,Worksheet: Computer Policy Settings; Row: 54 CCE-9199-1Setting Index #841: This is a setting option. Refer to the following parent setting for additional information: Choose how BitLocker-protected fixed data drives can be recovered-Worksheet: Bitlocker Policy Settings; Row: 12 (1) GPO: Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Fixed Data Drives\s2-o5\Save BitLocker recovery information to AD DS for fixed data drives (2) Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE\FDVActiveDirectoryBackuppThe 'Save BitLocker recovery informatio< n to AD DS for fixed data drives' setting should be configured correctly. CCE-9197-55Definition 'oval:gov.nist.usgcb.windowsseven:def:94' >Rule 'network_access_shares_that_can_be_accessed_anonymously' lSetting Index #138: This policy setting determines which network shares can be accessed by anonymous users. -Worksheet: Computer Policy Settings; Row: 114 CCE-9196-76Definition 'oval:gov.nist.usgcb.windowsseven:def:229' 7Rule 'turn_off_downloading_of_print_drivers_over_http' Setting Index #238: This policy setting controls whether the computer can download print driver packages over HTTP. To set up HTTP printing, printer drivers that are not available in the standard operating system installation might need to be downloaded over HTTP.-Worksheet: Computer Policy Settings; Row: 182(1) GPO: Computer Configuration\Administrative Templates\System\Internet Communication Management\Internet Communication settings\Turn off downloading of print drivers over HTTP (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Printers\DisableWebPnPDownload]The 'Turn off downloading of print drivers over HTTP' setting should be configured correctly. CCE-9195-9 CCE-9194-24Definition 'oval:gov.nist.usgcb.windowsseven:def:5' Rule 'maximum_password_age' gSetting Index #2: This policy setting defines how long a user can use their password before it expires.)Worksheet: Domain Policy Settings; Row: 4 CCE-9193-46Definition 'oval:gov.nist.usgcb.windowsseven:def:112' PRule 'system_objects_strengthen_default_permissions_on_internal_system_objects' Setting Index #154: This policy setting determines the strength of the default discretionary access control list (DACL) for objects.-Worksheet: Computer Policy Settings; Row: 126 CCE-9191-8Setting Index #389: This setting applies to the Non Sensitive Privilege Use subcategory of events. You can use it to audit users exercising user rights.)Worksheet: Audit Policy Settings; Row: 29 CCE-9190-06Definition 'oval:gov.nist.usgcb.windowsseven:def:119' JRule 'user_account_control_run_all_administrators_in_admin_approval_mode' rSetting Index #163: This is the setting that turns on or off UAC. Disabling this setting effectively disables UAC.-Worksheet: Computer Policy Settings; Row: 133 CCE-9189-25Definition 'oval:gov.nist.usgcb.windowsseven:def:19' Rule 'create_a_pagefile' WSetting Index #34: This policy setting allows users to change the size of the pagefile.,Worksheet: Computer Policy Settings; Row: 13 CCE-9185-0Setting Index #886: This is a setting option. Refer to the following parent setting for additional information: Configure TPM platform validation profile-Worksheet: Bitlocker Policy Settings; Row: 49(1) GPO: Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives\s4-o24\PCR 23: Reserved for Future Use (2) Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE\PlatformValidation\23Validation of the 'Reserved for Future Use' Platform Configuration Register (aka PCR 23) by the Trusted Platform Module (TPM) should be enabled or disabled as appropriate. CCE-9182-7Setting Index #20: This policy setting determines whether to audit every incident of a change to user rights assignment policies, Windows Firewall policies, Trust policies, or changes to the Audit policy itself. )Worksheet: Audit Policy Settings; Row: 61 CCE-9180-1 CCE-9179-3Setting Index #915: This is a setting option. Refer to the following parent setting for additional information: Control use of BitLocker on removable drives-Worksheet: Bitlocker Policy Settings; Row: 81'(1) GPO: Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Removable Data Drives\s5-o2\Allow users to suspend and decrypt BitLocker protection on removable data drives (2) Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE\RDVDisableBDE~The 'Allow users to suspend and decrypt BitLocker protection on removable data drives' setting should be configured correctly. CCE-9176-9Setting Index #849: This is a setting option. Refer to the following parent setting for additional information: Configure use of smart cards on fixed data drives-Worksheet: Bitlocker Policy Settings; Row: 20(1) GPO: Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Fixed Data Drives\s4-o1\Require use of smart cards on fixed data drives (2) Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE\FDVEnforceUserCertgThe BitLocker 'Require use of smart cards on fixed data drives' setting should be configured correctly. CCE-9173-6 CCE-9172-8 CCE-9162-9Setting Index #872: This is a setting option. Refer to the following parent setting for additional information: Configure TPM platform validation profile-Worksheet: Bitlocker Policy Settings; Row: 34(1) GPO: Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives\s4-o10\PCR 9: NTFS Boot Block (2) Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE\PlatformValidation\9Validation of the 'NTFS Boot Block' Platform Configuration Register (aka PCR 9) by the Trusted Platform Module (TPM) should be enabled or disabled as appropriate. CCE-9161-1 CCE-9159-55Definition 'oval:gov.nist.usgcb.windowsseven:def:87' TRule 'network_access_do_not_allow_anonymous_enumeration_of_sam_accounts_and_shares' |Setting Index #131: This policy setting controls the ability of anonymous users to enumerate SAM accounts as well as shares.-Worksheet: Computer Policy Settings; Row: 108 CCE-9156-1 CCE-9153-85Definition 'oval:gov.nist.usgcb.windowsseven:def:55' 7Rule 'audit_audit_the_access_of_global_system_objects' Setting Index #71: This policy setting creates a default system access control list (SACL) for system objects such as mutexes (mutual exclusive), events, semaphores, and MS-DOS devices, and causes access to these system objects to be audited.,Worksheet: Computer Policy Settings; Row: 59 CCE-9150-45Definition 'oval:gov.nist.usgcb.windowsseven:def:40' Rule 'modify_an_object_label' Setting Index #1027: This privilege determines which user accounts can modify the integrity label of objects, such as files, registry keys, or processes owned by other users.,Worksheet: Computer Policy Settings; Row: 27 CCE-9149-6 CCE-9148-8Setting Index #856: This is a setting option. Refer to the following parent setting for additional information: Choose how BitLocker-protected operating system drives can be recovered-Worksheet: Bitlocker Policy Settings; Row: 27(1) GPO: Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives\s2-o4\Omit recovery options from the BitLocker setup wizard (2) Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE\OSHideRecoveryPageThe 'Omit recovery options from the BitLocker setup wizard' setting should be configured correctly for operating system drives. CCE-9147-0Setting Index #900: This is a setting option. Refer to the following parent setting for additional information: Choose how BitLocker-protected removable data drives can be recovered-Worksheet: Bitlocker Policy Settings; Row: 66(1) GPO: Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Removable Data Drives\s2-o1\Allow data recovery agent (2) Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE\RDVManageDRAyThe BitLocker 'Allow data recovery agent' setting should be enabled or disabled as appropriate for removable data drives. CCE-9146-2Setting Index #828: This is a setting option. Refer to the following parent setting for additional information: Provide the unique identifiers for your organization-Worksheet: Bitlocker Policy Settings; Row: 89(1) GPO: Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\s5-o2\Allowed BitLocker identification field (2) Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE\Second< aryIdentificationField6list of allowed BitLocker identification field stringsTThe 'Allowed BitLocker identification field' setting should be configured correctly. CCE-9145-4Setting Index #844: -Worksheet: Bitlocker Policy Settings; Row: 15(1) GPO: Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Fixed Data Drives\s3-o0\Configure use of passwords for fixed data drives (2) Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE\FDVPassphrasehThe BitLocker 'Configure use of passwords for fixed data drives' setting should be configured correctly. CCE-9144-7Setting Index #907: -Worksheet: Bitlocker Policy Settings; Row: 73 (1) GPO: Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Removable Data Drives\s3-o0\Configure use of passwords for removable data drives (2) Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE\RDVPassphraselThe BitLocker 'Configure use of passwords for removable data drives' setting should be configured correctly. CCE-9141-3Setting Index #882: This is a setting option. Refer to the following parent setting for additional information: Configure TPM platform validation profile-Worksheet: Bitlocker Policy Settings; Row: 45(1) GPO: Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives\s4-o20\PCR 19: Reserved for Future Use (2) Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE\PlatformValidation\19Validation of the 'Reserved for Future Use' Platform Configuration Register (aka PCR 19) by the Trusted Platform Module (TPM) should be enabled or disabled as appropriate. CCE-9138-9 CCE-9137-14Definition 'oval:gov.nist.usgcb.windowsseven:def:2' !Rule 'account_lockout_threshold' mSetting Index #8: This policy setting determines the number of failed logon attempts before a lockout occurs.*Worksheet: Domain Policy Settings; Row: 10 CCE-9136-35Definition 'oval:gov.nist.usgcb.windowsseven:def:35' &Rule 'load_and_unload_device_drivers' iSetting Index #51: This policy setting allows users to dynamically load a new device driver on a system. ,Worksheet: Computer Policy Settings; Row: 23 CCE-9135-5Setting Index #385: This settings determines whether to audit the event of a user who attempts to access an object that has a specified system access control list (SACL), effectively enabling auditing to take place. It is targeted to dropped packet events by the Filtering Platform.)Worksheet: Audit Policy Settings; Row: 22 CCE-9133-0Setting Index #817: ,Worksheet: Bitlocker Policy Settings; Row: 4!(1) GPO: Computer Configuration\Administrative Templates\System\Power Management\Sleep Settings\Allow Standby States (S1-S3) When Sleeping (Plugged In) (2) Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Power\PowerSettings\abfc2519-3608-4c2a-94ea-171b0ed546ab\ACSettingIndexeThe 'Allow Standby States (S1-S3) When Sleeping (Plugged In)' setting should be configured correctly. CCE-9126-45Definition 'oval:gov.nist.usgcb.windowsseven:def:47' %Rule 'restore_files_and_directories' Setting Index #62: This policy setting determines which users can bypass file, directory, registry, and other persistent object permissions when restoring backed up files and directories.,Worksheet: Computer Policy Settings; Row: 46 CCE-9124-95Definition 'oval:gov.nist.usgcb.windowsseven:def:67' :Rule 'domain_member_maximum_machine_account_password_age' lSetting Index #90: This policy setting determines the maximum allowable age for a computer account password.,Worksheet: Computer Policy Settings; Row: 74 CCE-9123-15Definition 'oval:gov.nist.usgcb.windowsseven:def:91' 9Rule 'network_access_remotely_accessible_registry_paths' Setting Index #135: This policy setting determines which registry paths will be accessible after referencing the WinReg key to determine access permissions to the paths.-Worksheet: Computer Policy Settings; Row: 112 CCE-9121-5Setting Index #827: This is a setting option. Refer to the following parent setting for additional information: Provide the unique identifiers for your organization-Worksheet: Bitlocker Policy Settings; Row: 88(1) GPO: Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\s5-o1\BitLocker identification field (2) Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE\IdentificationFieldStringLThe 'BitLocker identification field' setting should be configured correctly. CCE-9114-0Setting Index #156: This policy setting determines whether digital certificates are processed when software restriction policies are enabled and a user or process attempts to run software with an .exe file name extension. -Worksheet: Computer Policy Settings; Row: 138 CCE-9112-4kDefinition 'oval:gov.nist.usgcb.windowsseven:def:140' Definition 'oval:gov.nist.usgcb.windowsseven:def:14' 4Rule 'allow_log_on_through_remote_desktop_services' Setting Index #29: This policy setting determines which users or groups have the right to log on as a Terminal Services client.,Worksheet: Computer Policy Settings; Row: 35 CCE-9107-4Setting Index #1047: This is a setting option. Refer to the following parent setting for additional information: Do not install BitLocker To Go Reader on FAT formatted fixed drives,Worksheet: Bitlocker Policy Settings; Row: 6!(1) GPO: Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Fixed Data Drives\s1-o1\Do not install BitLocker To Go Reader on FAT formatted fixed drives (2) Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE\FDVNoBitLockerToGoReaderqThe 'Do not install BitLocker To Go Reader on FAT formatted fixed drives' setting should be configured correctly. CCE-9106-6Setting Index #881: This is a setting option. Refer to the following parent setting for additional information: Configure TPM platform validation profile-Worksheet: Bitlocker Policy Settings; Row: 43(1) GPO: Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives\s4-o19\PCR 18: Reserved for Future Use (2) Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE\PlatformValidation\18Validation of the 'Reserved for Future Use' Platform Configuration Register (aka PCR 18) by the Trusted Platform Module (TPM) should be enabled or disabled as appropriate. CCE-9103-35Definition 'oval:gov.nist.usgcb.windowsseven:def:27' Rule 'deny_log_on_as_a_service' {Setting Index #42: This policy setting determines whether services can be launched in the context of the specified account.,Worksheet: Computer Policy Settings; Row: 39 CCE-9098-5LRule 'network_security_allow_localsystem_to_use_computer_identity_for_ntlm' Setting Index #920: This policy setting allows Local System services that use Negotiate to use the computer identity when reverting to NTLM authentication.-Worksheet: Computer Policy Settings; Row: 144 CCE-9096-9Setting Index #851: -Worksheet: Bitlocker Policy Settings; Row: 22(1) GPO: Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives\s1-o0\Allow enhanced PINs for startup (2) Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE\UseEnhancedPinWThe BitLocker 'Allow enhanced PINs for startup' setting should be configured correctly. CCE-9089-4Setting Index #898: This is a setting option. Refer to the following parent setting for additional information: Allow access to BitLocker-protected removable data drives on earlier versions of Windows -Worksheet: Bitlocker Policy Settings; Row: 64)(1) GPO: Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Removable Data Drives\s1-o1\Do not install BitLocker To Go Reader on FAT formatted removable drives (2) Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE\RDVNoBitLockerToGoReaderuThe 'Do not install BitLocker To Go Reader on FAT formatted removable drives' setting sh< ould be configured correctly. CCE-9088-6Setting Index #847: This is a setting option. Refer to the following parent setting for additional information: Configure use of passwords for fixed data drives-Worksheet: Bitlocker Policy Settings; Row: 18(1) GPO: Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Fixed Data Drives\s3-o3\Minimum password length for fixed data drive (2) Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE\FDVPassphraseLengthdThe BitLocker 'Minimum password length for fixed data drive' setting should be configured correctly. CCE-9087-8Setting Index #866: This is a setting option. Refer to the following parent setting for additional information: Configure TPM platform validation profile-Worksheet: Bitlocker Policy Settings; Row: 51(1) GPO: Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives\s4-o4\PCR 3: Option ROM Configuration and Data (2) Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE\PlatformValidation\3Validation of the 'Option ROM Configuration and Data' Platform Configuration Register (aka PCR 3) by the Trusted Platform Module (TPM) should be enabled or disabled as appropriate. CCE-9082-9Setting Index #876: This is a setting option. Refer to the following parent setting for additional information: Configure TPM platform validation profile-Worksheet: Bitlocker Policy Settings; Row: 38(1) GPO: Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives\s4-o14\PCR 13: Reserved for Future Use (2) Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE\PlatformValidation\13Validation of the 'Reserved for Future Use' Platform Configuration Register (aka PCR 13) by the Trusted Platform Module (TPM) should be enabled or disabled as appropriate. CCE-9079-5 CCE-9076-1Setting Index #187: This option determines if this computer can receive unicast responses to multicast or broadcast messages that it initiates. Unsolicited unicast responses are blocked regardless of this setting.-Worksheet: Computer Policy Settings; Row: 158 CCE-9069-65Definition 'oval:gov.nist.usgcb.windowsseven:def:12' *Rule 'adjust_memory_quotas_for_a_process' |Setting Index #27: This policy setting allows a user to adjust the maximum amount of memory that is available to a process. +Worksheet: Computer Policy Settings; Row: 9 CCE-9068-85Definition 'oval:gov.nist.usgcb.windowsseven:def:76' 5Rule 'interactive_logon_smart_card_removal_behavior' Setting Index #101: This policy setting determines what happens when the smart card for a logged on user is removed from the smart card reader.,Worksheet: Computer Policy Settings; Row: 81 CCE-9067-0tSetting Index #21: This policy setting determines whether to audit each instance of a user exercising a user right. )Worksheet: Audit Policy Settings; Row: 62 CCE-9066-2Setting Index #833: This is a setting option. Refer to the following parent setting for additional information: Validate smart card certificate usage rule compliance-Worksheet: Bitlocker Policy Settings; Row: 90(1) GPO: Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\s7-o1\Object identifier (2) Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE\CertificateOID(smart card certificate object identifierIThe BitLocker 'Object identifier' setting should be configured correctly. CCE-9062-1Setting Index #370: This audit category generates events that record the creation and destruction of logon sessions. This setting targets the Logoff event settings.)Worksheet: Audit Policy Settings; Row: 12 CCE-9058-9 CCE-9056-3Setting Index #897: -Worksheet: Bitlocker Policy Settings; Row: 63;(1) GPO: Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Removable Data Drives\s1-o0\Allow access to BitLocker-protected removable data drives from earlier versions of Windows (2) Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE\RDVDiscoveryVolumeTypeThe 'Allow access to BitLocker-protected removable data drives from earlier versions of Windows ' setting should be configured correctly. CCE-9053-0Setting Index #879: This is a setting option. Refer to the following parent setting for additional information: Configure TPM platform validation profile-Worksheet: Bitlocker Policy Settings; Row: 41(1) GPO: Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives\s4-o17\PCR 16: Reserved for Future Use (2) Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE\PlatformValidation\16Validation of the 'Reserved for Future Use' Platform Configuration Register (aka PCR 16) by the Trusted Platform Module (TPM) should be enabled or disabled as appropriate. CCE-9050-65Definition 'oval:gov.nist.usgcb.windowsseven:def:33' &Rule 'increase_a_process_working_set' Setting Index #49: This policy setting determines which user accounts can increase or decrease the size of a process s working set. The working set of a process is the set of memory pages currently visible to the process in physical random access memory (RAM).,Worksheet: Computer Policy Settings; Row: 43 CCE-9048-0Setting Index #868: This is a setting option. Refer to the following parent setting for additional information: Configure TPM platform validation profile-Worksheet: Bitlocker Policy Settings; Row: 53(1) GPO: Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives\s4-o6\PCR 5: Master Boot Record (MBR) Partition Table (2) Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE\PlatformValidation\5Validation of the 'Master Boot Record (MBR) Partition Table' Platform Configuration Register (aka PCR 5) by the Trusted Platform Module (TPM) should be enabled or disabled as appropriate. CCE-9046-45Definition 'oval:gov.nist.usgcb.windowsseven:def:81' ERule 'microsoft_network_server_digitally_sign_communications_always' }Setting Index #106: This policy setting determines if the server side SMB service is required to perform SMB packet signing. ,Worksheet: Computer Policy Settings; Row: 89 CCE-9040-7 Setting Index #923: This policy setting allows you to create an exception list of remote servers to which clients are allowed to use NTLM authentication if the "Network Security: Restrict NTLM: Outgoing NTLM traffic to remote servers" policy setting is configured.-Worksheet: Computer Policy Settings; Row: 147 CCE-9036-55Definition 'oval:gov.nist.usgcb.windowsseven:def:60' =Rule 'devices_prevent_users_from_installing_printer_drivers' _Setting Index #79: This setting controls which groups has the right to install printer drivers.,Worksheet: Computer Policy Settings; Row: 67 CCE-9026-6Setting Index #371: This audit category generates events that record the creation and destruction of logon sessions. This setting targets the Logon-Logoff Account Lockout setting.(Worksheet: Audit Policy Settings; Row: 8 CCE-9023-36Definition 'oval:gov.nist.usgcb.windowsseven:def:117' TRule 'user_account_control_only_elevate_applications_that_are_signed_and_validated' Setting Index #161: This setting enables the prevention of the execution of unsigned or invalidated applications. Before enabling this setting, it is essential that administrators are certain that all required applications are signed and valid. -Worksheet: Computer Policy Settings; Row: 131 CCE-9021-75Definition 'oval:gov.nist.usgcb.windowsseven:def:48' Rule 'shut_down_the_system' Setting Index #63: This policy setting determines which users who are logged on locally can use the Shut Down command to shut down the operatin< g system.,Worksheet: Computer Policy Settings; Row: 33 CCE-9014-2Setting Index #198: -Worksheet: Computer Policy Settings; Row: 169 CCE-9007-6Setting Index #906: This is a setting option. Refer to the following parent setting for additional information: Choose how BitLocker-protected removable data drives can be recovered-Worksheet: Bitlocker Policy Settings; Row: 72H(1) GPO: Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Removable Data Drives\s2-o7\Do not enable BitLocker until recovery information is stored to AD DS for removable data drives (2) Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE\RDVRequireActiveDirectoryBackupThe 'Do not enable BitLocker until recovery information is stored to AD DS for removable data drives' setting should be configured correctly. CCE-9000-15Definition 'oval:gov.nist.usgcb.windowsseven:def:34' $Rule 'increase_scheduling_priority' oSetting Index #50: This policy setting allows users to change the amount of processor time that a process uses.,Worksheet: Computer Policy Settings; Row: 22 CCE-8999-5Setting Index #913: -Worksheet: Bitlocker Policy Settings; Row: 79(1) GPO: Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Removable Data Drives\s5-o0\Control use of Bitlocker on removable drives (2) Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE\RDVConfigureBDEZThe 'Control use of Bitlocker on removable drives' setting should be configured correctly. CCE-8995-3Setting Index #855: This is a setting option. Refer to the following parent setting for additional information: Choose how BitLocker-protected operating system drives can be recovered-Worksheet: Bitlocker Policy Settings; Row: 26(1) GPO: Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives\s2-o3\Configure user storage of BitLocker 256-digit recovery key (2) Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE\OSRecoveryKeyThe 'Configure user storage of BitLocker 256-digit recovery key' setting should be configured correctly for operating system drives. CCE-8993-8Setting Index #910: This is a setting option. Refer to the following parent setting for additional information: Configure use of passwords for removable data drives-Worksheet: Bitlocker Policy Settings; Row: 76 (1) GPO: Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Removable Data Drives\s3-o3\Minimum password length for removable data drive (2) Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE\RDVPassphraseLengthhThe BitLocker 'Minimum password length for removable data drive' setting should be configured correctly. CCE-8983-95Definition 'oval:gov.nist.usgcb.windowsseven:def:63' JRule 'domain_member_digitally_encrypt_or_sign_secure_channel_data_always' Setting Index #86: This policy setting determines whether all secure channel traffic that is initiated by the domain member must be signed or encrypted.,Worksheet: Computer Policy Settings; Row: 70 CCE-8974-85Definition 'oval:gov.nist.usgcb.windowsseven:def:71' ERule 'interactive_logon_message_text_for_users_attempting_to_log_on' iSetting Index #95: This policy setting specifies a text message that displays to users when they log on. ,Worksheet: Computer Policy Settings; Row: 82 CCE-8973-0Setting Index #905: This is a setting option. Refer to the following parent setting for additional information: Choose how BitLocker-protected removable data drives can be recovered-Worksheet: Bitlocker Policy Settings; Row: 71#(1) GPO: Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Removable Data Drives\s2-o6\Configure storage of BitLocker recovery information to AD DS (2) Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE\RDVActiveDirectoryInfoToStoreThe 'Configure storage of BitLocker recovery information to AD DS' setting should be configured correctly for removable data drives. CCE-8965-66Definition 'oval:gov.nist.usgcb.windowsseven:def:114' gRule 'user_account_control_behavior_of_the_elevation_prompt_for_administrators_in_admin_approval_mode' Setting Index #1048: This setting determines the behavior of Windows Vista when a logged on administrator attempts to complete a task that requires raised privileges.-Worksheet: Computer Policy Settings; Row: 128 CCE-8958-1 CCE-8956-5Setting Index #909: This is a setting option. Refer to the following parent setting for additional information: Configure use of passwords for removable data drives-Worksheet: Bitlocker Policy Settings; Row: 75(1) GPO: Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Removable Data Drives\s3-o2\Configure password complexity for removable data drives (2) Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE\RDVPassphraseComplexityoThe BitLocker 'Configure password complexity for removable data drives' setting should be configured correctly. CCE-8947-46Definition 'oval:gov.nist.usgcb.windowsseven:def:107' ORule 'recovery_console_allow_floppy_copy_and_access_to_all_drives_and_folders' YSetting Index #147: This policy setting makes the Recovery Console SET command available.-Worksheet: Computer Policy Settings; Row: 121 CCE-8945-86Definition 'oval:gov.nist.usgcb.windowsseven:def:100' MRule 'network_security_do_not_store_lanmanager_hash_on_next_password_change' Setting Index #140: This policy setting determines whether the LAN Manager (LM) hash value for the new password is stored when the password is changed. -Worksheet: Computer Policy Settings; Row: 116 CCE-8937-55Definition 'oval:gov.nist.usgcb.windowsseven:def:89' GRule 'network_access_let_everyone_permissions_apply_to_anonymous_user' Setting Index #133: This policy setting determines what additional permissions are assigned for anonymous connections to the computer-Worksheet: Computer Policy Settings; Row: 110 CCE-8936-7Setting Index #45: This policy setting allows users to change the Trusted for Delegation setting on a computer object in Active Directory.,Worksheet: Computer Policy Settings; Row: 19 CCE-8930-0Setting Index #924: This policy setting allows you to create an exception list of servers in this domain to which clients are allowed to use NTLM pass-through authentication if the "Network Security: Restrict NTLM: Deny NTLM authentication in this domain" is set.-Worksheet: Computer Policy Settings; Row: 148 CCE-8917-74Definition 'oval:gov.nist.usgcb.windowsseven:def:4' Rule 'enforce_password_history' Setting Index #1: This policy setting determines the number of renewed, unique passwords that have to be associated with a user account before you can reuse an old password. )Worksheet: Domain Policy Settings; Row: 3(1) GPO: Computer Configuration\Windows Settings\Security Settings\Account Policies\Password Policy\Enforce password history (2) WMI: Namespace = root\rsop\computer; Class = RSOP_SecuritySettingNumeric; Property = Setting; Where = KeyName='PasswordHistorySize' And precedence=1 CCE-8912-8Setting Index #857: This is a setting option. Refer to the following parent setting for additional information: Choose how BitLocker-protected operating system drives can be recovered-Worksheet: Bitlocker Policy Settings; Row: 28+(1) GPO: Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives\s2-o5\Save BitLocker recovery information to AD DS for operating system drives (2) Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE\OSActiveDirectoryBackupvThe 'Save BitLocker recovery information to AD DS for operating system drives' setting should be configured correctly. CCE-8905-2Setting Index #825: -Worksheet: Bitlocker Policy Settings; Row: 86(1) GPO: Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\s4-o0\Prevent memory overwrite on restart (2) Registry Key: HKEY_LOCAL_< MACHINE\SOFTWARE\Policies\Microsoft\FVE\MorBehavior[The BitLocker 'Prevent memory overwrite on restart' setting should be configured correctly. CCE-8899-7Setting Index #193: This profile only applies if a user with local administrator privileges assigns it to a network that was previously set to use the Public profile. Microsoft recommends only changing the profile to Private for a trusted network.-Worksheet: Computer Policy Settings; Row: 164 CCE-8884-9Setting Index #192: This profile only applies if a user with local administrator privileges assigns it to a network that was previously set to use the Public profile. Microsoft recommends only changing the profile to Private for a trusted network. -Worksheet: Computer Policy Settings; Row: 163 CCE-8870-8eSetting Index #78: This policy setting determines who is allowed to format and eject removable media.,Worksheet: Computer Policy Settings; Row: 66 CCE-8868-2 CCE-8861-7 CCE-8860-9 CCE-8857-5 CCE-8856-7Setting Index #874: This is a setting option. Refer to the following parent setting for additional information: Configure TPM platform validation profile-Worksheet: Bitlocker Policy Settings; Row: 36(1) GPO: Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives\s4-o12\PCR 11: BitLocker Access Control (2) Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE\PlatformValidation\11Validation of the 'BitLocker Access Control' Platform Configuration Register (aka PCR 11) by the Trusted Platform Module (TPM) should be enabled or disabled as appropriate. CCE-8855-9 CCE-8853-4 CCE-8850-0Setting Index #816: ,Worksheet: Bitlocker Policy Settings; Row: 3!(1) GPO: Computer Configuration\Administrative Templates\System\Power Management\Sleep Settings\Allow Standby States (S1-S3) When Sleeping (On Battery) (2) Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Power\PowerSettings\abfc2519-3608-4c2a-94ea-171b0ed546ab\DCSettingIndexeThe 'Allow Standby States (S1-S3) When Sleeping (On Battery)' setting should be configured correctly. CCE-8844-3Setting Index #77: This policy setting determines whether a portable computer can be undocked if the user does not log on to the system.,Worksheet: Computer Policy Settings; Row: 65 CCE-8837-7 CCE-8829-45Definition 'oval:gov.nist.usgcb.windowsseven:def:82' ORule 'microsoft_network_server_digitally_sign_communications_if_client_agrees' Setting Index #107: This policy setting determines if the server side SMB service is able to sign SMB packets if it is requested to do so by a client that attempts to establish a connection. ,Worksheet: Computer Policy Settings; Row: 90 CCE-8825-2 CCE-8822-95Definition 'oval:gov.nist.usgcb.windowsseven:def:75' XRule 'interactive_logon_require_domain_controller_authentication_to_unlock_workstation' Setting Index #99: When this policy setting is enabled, a domain controller must authenticate the domain account used to unlock the computer.,Worksheet: Computer Policy Settings; Row: 80 CCE-8818-76Definition 'oval:gov.nist.usgcb.windowsseven:def:121' ^Rule 'user_account_control_virtualize_file_and_registry_write_failures_to_per_user_locations' Setting Index #165: This setting allows the user to create specific locations where the virtualization of file and registry write failures can be stored. This setting is specific to UAC compatibility. See the security guides for more information about this setting.-Worksheet: Computer Policy Settings; Row: 135 CCE-8817-96Definition 'oval:gov.nist.usgcb.windowsseven:def:115' PRule 'user_account_control_behavior_of_the_elevation_prompt_for_standard_users' Setting Index #159: This setting determines the behavior of Windows Vista when a logged on user attempts to complete a task that requires raised privileges. -Worksheet: Computer Policy Settings; Row: 129 CCE-8813-86Definition 'oval:gov.nist.usgcb.windowsseven:def:113' WRule 'user_account_control_admin_approval_mode_for_the_built_in_administrator_account' Setting Index #157: This policy setting configures whether the built-in Administrator account runs in Admin Approval Mode. The default behavior varies because Windows Vista configures the built-in Administrator account dependant on specific installation criteria.-Worksheet: Computer Policy Settings; Row: 127 CCE-8811-26Definition 'oval:gov.nist.usgcb.windowsseven:def:106' >Rule 'recovery_console_allow_automatic_administratiive_logon' Setting Index #146: This policy setting allows the administrator account to automatically log on to the recovery console when it is invoked during startup.-Worksheet: Computer Policy Settings; Row: 120 CCE-8807-06Definition 'oval:gov.nist.usgcb.windowsseven:def:102' 8Rule 'network_security_lanmanager_authentication_level' Setting Index #142: This policy setting specifies the type of challenge/response authentication for network logons. LAN Manager (LM) authentication is the least secure method; it allows encrypted passwords to be cracked because they can be easily intercepted on the network. -Worksheet: Computer Policy Settings; Row: 117 CCE-8806-2@Rule 'network_security_allow_localsystem_null_session_fallback' WSetting Index #919: Allow NTLM to fall back to NULL session when used with LocalSystem.-Worksheet: Computer Policy Settings; Row: 143 CCE-8804-7Setting Index #819: This is a setting option. Refer to the following parent setting for additional information: Choose default folder for recovery password-Worksheet: Bitlocker Policy Settings; Row: 84(1) GPO: Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\s1-o1\Configure the default folder path: (2) Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE\DefaultRecoveryFolderPath folder pathLThe default folder for BitLocker recovery passwords should be set correctly. CCE-8791-65Definition 'oval:gov.nist.usgcb.windowsseven:def:56' ;Rule 'audit_audit_the_use_of_backup_and_restore_privilege' Setting Index #72: This policy setting determines whether to audit the use of all user privileges, including Backup and Restore, when the Audit privilege use setting is in effect.,Worksheet: Computer Policy Settings; Row: 60 CCE-8789-0Setting Index #865: This is a setting option. Refer to the following parent setting for additional information: Configure TPM platform validation profile-Worksheet: Bitlocker Policy Settings; Row: 50(1) GPO: Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives\s4-o3\PCR 2: Options ROM Code (2) Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE\PlatformValidation\2Validation of the 'Options ROM Code'' Platform Configuration Register (aka PCR 2) by the Trusted Platform Module (TPM) should be enabled or disabled as appropriate. CCE-8787-4Setting Index #121: This registry value entry appears as MSS: (NtfsDisable8dot3NameCreation) Enable the computer to stop generating 8.3 style filenames (recommended) in the SCE.-Worksheet: Computer Policy Settings; Row: 101 CCE-8784-1Setting Index #859: This is a setting option. Refer to the following parent setting for additional information: Choose how BitLocker-protected operating system drives can be recovered-Worksheet: Bitlocker Policy Settings; Row: 30K(1) GPO: Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives\s2-o7\Do not enable BitLocker until recovery information is stored to AD DS for operating system drives (2) Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE\OSRequireActiveDirectoryBackupThe 'Do not enable BitLocker until recovery information is stored to AD DS for operating system drives' setting should be configured correctly. CCE-8759-3Setting Index #871: This is a setting option. Refer to the following parent setting for additional information: Configure TPM platform validation profile-Worksheet: Bitlocker Policy Settings; Row: 56(1) GPO: Computer Configuration\Administrativ< e Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives\s4-o9\PCR 8: NTFS Boot Sector (2) Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE\PlatformValidation\8Validation of the 'NTFS Boot Sector' Platform Configuration Register (aka PCR 8) by the Trusted Platform Module (TPM) should be enabled or disabled as appropriate. CCE-8751-0Setting Index #1035: ,Worksheet: Bitlocker Policy Settings; Row: 7 (1) GPO: Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Fixed Data Drives\s2-o0\Choose how BitLocker-protected fixed drives can be recovered (2) Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE\FDVRecoveryxThe 'Choose how BitLocker-protected fixed drives can be recovered' setting should be enabled or disabled as appropriate. CCE-8745-2Setting Index #842: This is a setting option. Refer to the following parent setting for additional information: Choose how BitLocker-protected fixed data drives can be recovered-Worksheet: Bitlocker Policy Settings; Row: 13(1) GPO: Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Fixed Data Drives\s2-o6\Configure storage of BitLocker recovery information to AD DS (2) Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE\FDVActiveDirectoryInfoToStoreThe 'Configure storage of BitLocker recovery information to AD DS' setting should be configured correctly for fixed data drives. CCE-8743-75Definition 'oval:gov.nist.usgcb.windowsseven:def:72' FRule 'interactive_logon_message_title_for_users_attempting_to_log_on' Setting Index #96: This policy setting allows text to be specified in the title bar of the window that users see when they log on to the system.,Worksheet: Computer Policy Settings; Row: 83 CCE-8740-35Definition 'oval:gov.nist.usgcb.windowsseven:def:46' %Rule 'replace_a_process_level_token' Setting Index #61: This policy setting allows one process or service to start another service or process with a different security access token, which can be used to modify the security access token of that sub-process and result in the escalation of privileges.,Worksheet: Computer Policy Settings; Row: 32 CCE-8732-0Setting Index #848: -Worksheet: Bitlocker Policy Settings; Row: 19(1) GPO: Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Fixed Data Drives\s4-o0\Configure use of smart cards on fixed data drives (2) Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE\FDVAllowUserCertiThe BitLocker 'Configure use of smart cards on fixed data drives' setting should be configured correctly. CCE-8721-3Setting Index #850: -Worksheet: Bitlocker Policy Settings; Row: 21$(1) GPO: Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Fixed Data Drives\s5-o0\Deny write access to fixed drives not protected by BitLocker (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Policies\Microsoft\FVE\FDVDenyWriteAccessjThe 'Deny write access to fixed drives not protected by BitLocker' setting should be configured correctly. CCE-8719-75Definition 'oval:gov.nist.usgcb.windowsseven:def:51' %Rule 'accounts_guest_account_status' dSetting Index #67: This policy setting determines whether the Guest account is enabled or disabled. ,Worksheet: Computer Policy Settings; Row: 55 CCE-8714-8Setting Index #869: This is a setting option. Refer to the following parent setting for additional information: Configure TPM platform validation profile-Worksheet: Bitlocker Policy Settings; Row: 54(1) GPO: Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives\s4-o7\PCR 6: State Transition and Wake Events (2) Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE\PlatformValidation\6Validation of the 'State Transition and Wake Events' Platform Configuration Register (aka PCR 6) by the Trusted Platform Module (TPM) should be enabled or disabled as appropriate. CCE-8703-1Setting Index #902: This is a setting option. Refer to the following parent setting for additional information: Choose how BitLocker-protected removable data drives can be recovered-Worksheet: Bitlocker Policy Settings; Row: 68(1) GPO: Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Removable Data Drives\s2-o3\Configure user storage of BitLocker 256-digit recovery key (2) Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE\RDVRecoveryKeyThe 'Configure user storage of BitLocker 256-digit recovery key' setting should be configured correctly for removable data drives. CCE-8701-5Setting Index #861: This is a setting option. Refer to the following parent setting for additional information: Configure minimum PIN length for startup-Worksheet: Bitlocker Policy Settings; Row: 31(1) GPO: Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives\s3-o1\Minimum characters: (2) Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE\MinimumPINThe minimum number of characters required for the BitLocker startup PIN used with the Trusted Platform Module (TPM) should be set correctly. CCE-8688-4Setting Index #908: This is a setting option. Refer to the following parent setting for additional information: Configure use of passwords for removable data drives-Worksheet: Bitlocker Policy Settings; Row: 74(1) GPO: Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Removable Data Drives\s3-o1\Require password for removable data drive (2) Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE\RDVEnforcePassphraseaThe BitLocker 'Require password for removable data drive' setting should be configured correctly. CCE-8683-5Setting Index #845: This is a setting option. Refer to the following parent setting for additional information: Configure use of passwords for fixed data drives-Worksheet: Bitlocker Policy Settings; Row: 16(1) GPO: Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Fixed Data Drives\s3-o1\Require password for fixed data drive (2) Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE\FDVEnforcePassphrase]The BitLocker 'Require password for fixed data drive' setting should be configured correctly. CCE-8673-6IRule 'mss_disableipsourceroutingipv6_ip_source_routing_protection_level' Setting Index #521: The entry appears as MSS: (DisableIPSourceRouting) IPv6 source routing protection level (protects against packet spoofing) in the SCE.-Worksheet: Computer Policy Settings; Row: 140 CCE-8655-35Definition 'oval:gov.nist.usgcb.windowsseven:def:88' cRule 'network_access_do_not_allow_storage_of_passwords_and_credentials_for_network_authentication' uSetting Index #132: This policy setting controls authentication credential storage and passwords on the local system.-Worksheet: Computer Policy Settings; Row: 109 CCE-8654-6Setting Index #885: This is a setting option. Refer to the following parent setting for additional information: Configure TPM platform validation profile-Worksheet: Bitlocker Policy Settings; Row: 48(1) GPO: Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives\s4-o23\PCR 22: Reserved for Future Use (2) Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE\PlatformValidation\22Validation of the 'Reserved for Future Use' Platform Configuration Register (aka PCR 22) by the Trusted Platform Module (TPM) should be enabled or disabled as appropriate. CCE-8653-8Setting Index #864: This is a setting option. Refer to the following parent setting for additional information: Configure TPM platform validation profile-Worksheet: Bitlocker Policy Settings; Row: 44(1) GPO: Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives\s4-o2\PCR 1: Platform and Motherbo< ard Configuration and Data (2) Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE\PlatformValidation\1Validation of the 'Platform and Motherboard Configuration and Data' Platform Configuration Register (aka PCR 1) by the Trusted Platform Module (TPM) should be enabled or disabled as appropriate. CCE-8651-2Setting Index #911: -Worksheet: Bitlocker Policy Settings; Row: 77(1) GPO: Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Removable Data Drives\s4-o0\Configure use of smart cards on removable data drives (2) Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE\RDVAllowUserCert{The BitLocker 'Configure use of smart cards on removable data drives' setting should be enabled or disabled as appropriate. CCE-8648-8Setting Index #899: -Worksheet: Bitlocker Policy Settings; Row: 65(1) GPO: Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Removable Data Drives\s2-o0\Choose how BitLocker-protected removable drives can be recovered (2) Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE\RDVRecovery|The 'Choose how BitLocker-protected removable drives can be recovered' setting should be enabled or disabled as appropriate. CCE-8613-25Definition 'oval:gov.nist.usgcb.windowsseven:def:17' Rule 'change_the_system_time' Setting Index #32: This policy setting determines which users and groups can change the time and date on the internal clock of the computers in your environment.,Worksheet: Computer Policy Settings; Row: 12 CCE-8612-4Setting Index #903: This is a setting option. Refer to the following parent setting for additional information: Choose how BitLocker-protected removable data drives can be recovered-Worksheet: Bitlocker Policy Settings; Row: 69(1) GPO: Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Removable Data Drives\s2-o4\Omit recovery options from the BitLocker setup wizard (2) Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE\RDVHideRecoveryPage}The 'Omit recovery options from the BitLocker setup wizard' setting should be configured correctly for removable data drives. CCE-8595-16Definition 'oval:gov.nist.usgcb.windowsseven:def:136' cRule 'mss_screensavergraceperiod_the_time_in_seconds_before_the_screen_saver_grace_period_expires' Setting Index #124: The entry appears as MSS: (ScreenSaverGracePeriod) The time in seconds before the screen saver grace period expires (0 recommended) in the SCE.-Worksheet: Computer Policy Settings; Row: 104 CCE-8591-0Setting Index #854: This is a setting option. Refer to the following parent setting for additional information: Choose how BitLocker-protected operating system drives can be recovered-Worksheet: Bitlocker Policy Settings; Row: 25(1) GPO: Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives\s2-o2\Configure user storage of BitLocker 48-digit recovery password (2) Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE\OSRecoveryPasswordThe 'Configure user storage of BitLocker 48-digit recovery password' setting should be configured correctly for operating system drives. CCE-8588-6Setting Index #880: This is a setting option. Refer to the following parent setting for additional information: Configure TPM platform validation profile-Worksheet: Bitlocker Policy Settings; Row: 42(1) GPO: Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives\s4-o18\PCR 17: Reserved for Future Use (2) Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE\PlatformValidation\17Validation of the 'Reserved for Future Use' Platform Configuration Register (aka PCR 17) by the Trusted Platform Module (TPM) should be enabled or disabled as appropriate. CCE-8587-85Definition 'oval:gov.nist.usgcb.windowsseven:def:24' Rule 'debug_programs' Setting Index #39: This policy setting determines which user accounts will have the right to attach a debugger to any process or to the kernel, which provides complete access to sensitive and critical operating system components.,Worksheet: Computer Policy Settings; Row: 17 CCE-8583-7Setting Index #826: -Worksheet: Bitlocker Policy Settings; Row: 87(1) GPO: Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\s5-o0\Provide the unique identifiers for your organization (2) Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE\IdentificationFieldzThe BitLocker 'Provide the unique identifiers for your organization' setting should be enabled or disabled as appropriate. CCE-8581-16Definition 'oval:gov.nist.usgcb.windowsseven:def:132' pRule 'mss_nonamereleaseondemand_allow_computer_to_ignore_netbios_name_release_requests_except_from_wins_server' Setting Index #120: The registry value entry appears as MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers in the SCE.-Worksheet: Computer Policy Settings; Row: 100 CCE-8562-16Rule 'mss_hidden_hide_computer_from_the_browser_list' Setting Index #116: The registry value entry appears as MSS: (Hidden) Hide Computer From the Browse List (not recommended except for highly secure environments) in the SCE.,Worksheet: Computer Policy Settings; Row: 97 CCE-8560-5Setting Index #840: This is a setting option. Refer to the following parent setting for additional information: Choose how BitLocker-protected fixed data drives can be recovered-Worksheet: Bitlocker Policy Settings; Row: 11(1) GPO: Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Fixed Data Drives\s2-o4\Omit recovery options from the BitLocker setup wizard (2) Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE\FDVHideRecoveryPageyThe 'Omit recovery options from the BitLocker setup wizard' setting should be configured correctly for fixed data drives. CCE-8553-0Setting Index #890: This is a setting option. Refer to the following parent setting for additional information: Require additional authentication at startup-Worksheet: Bitlocker Policy Settings; Row: 60(1) GPO: Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives\s5-o3\Configure TPM startup PIN (2) Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE\UseTPMPINUse of a Trusted Platform Moduel (TPM) startup PIN for operating system drives encrypted with BitLocker should be configured correctly. CCE-8546-4Setting Index #918: -Worksheet: Computer Policy Settings; Row: 142 CCE-8541-5Setting Index #846: This is a setting option. Refer to the following parent setting for additional information: Configure use of passwords for fixed data drives-Worksheet: Bitlocker Policy Settings; Row: 17(1) GPO: Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Fixed Data Drives\s3-o2\Configure password complexity for fixed data drives (2) Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE\FDVPassphraseComplexitykThe BitLocker 'Configure password complexity for fixed data drives' setting should be configured correctly. CCE-8540-7Setting Index #912: This is a setting option. Refer to the following parent setting for additional information: Configure use of smart cards on removable data drives-Worksheet: Bitlocker Policy Settings; Row: 78(1) GPO: Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Removable Data Drives\s4-o1\Require use of smart cards on removable data drives (2) Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE\RDVEnforceUserCertkThe BitLocker 'Require use of smart cards on removable data drives' setting should be configured correctly. CCE-8538-1Setting Index #867: This is a setting option. Refer to the following parent setting for additional information: Configure TPM platform validation profile< -Worksheet: Bitlocker Policy Settings; Row: 52(1) GPO: Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives\s4-o5\PCR 4: Master Boot Record (MBR) Code (2) Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE\PlatformValidation\4Validation of the 'Master Boot Record (MBR) Code' Platform Configuration Register (aka PCR 4) by the Trusted Platform Module (TPM) should be enabled or disabled as appropriate. CCE-8535-7Setting Index #878: This is a setting option. Refer to the following parent setting for additional information: Configure TPM platform validation profile-Worksheet: Bitlocker Policy Settings; Row: 40(1) GPO: Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives\s4-o16\PCR 15: Reserved for Future Use (2) Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE\PlatformValidation\15Validation of the 'Reserved for Future Use' Platform Configuration Register (aka PCR 15) by the Trusted Platform Module (TPM) should be enabled or disabled as appropriate. CCE-8530-8Setting Index #76: This policy setting determines which users or groups might launch or activate DCOM applications remotely or locally.,Worksheet: Computer Policy Settings; Row: 64 CCE-8525-8Setting Index #884: This is a setting option. Refer to the following parent setting for additional information: Configure TPM platform validation profile-Worksheet: Bitlocker Policy Settings; Row: 47(1) GPO: Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives\s4-o22\PCR 21: Reserved for Future Use (2) Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE\PlatformValidation\21Validation of the 'Reserved for Future Use' Platform Configuration Register (aka PCR 21) by the Trusted Platform Module (TPM) should be enabled or disabled as appropriate. CCE-8517-56Definition 'oval:gov.nist.usgcb.windowsseven:def:127' URule 'mss_enableicmpredirect_allow_icmp_redirects_to_override_ospf_generated_routes' Setting Index #115: The entry appears as MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes in the SCE.,Worksheet: Computer Policy Settings; Row: 96 CCE-8513-4HRule 'microsoft_network_server_server_spn_target_name_validation_level' Setting Index #108: This policy setting controls the level of validation a computer with shared folders or printers performs on the service principal name provided by the client computer when it establishes a session using the server message block (SMB) protocol,Worksheet: Computer Policy Settings; Row: 92 CCE-8503-5Setting Index #863: This is a setting option. Refer to the following parent setting for additional information: Configure TPM platform validation profile-Worksheet: Bitlocker Policy Settings; Row: 33.(1) GPO: Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives\s4-o1\PCR 0: Core Root of Trust of Measurement (CRTM), BIOS, and Platform Extensions (2) Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE\PlatformValidation\0Validation of the 'Core Root of Trust of Measurement (CRTM), BIOS, and Platform Extensions' Platform Configuration Register (aka PCR 0) by the Trusted Platform Module (TPM) should be enabled or disabled as appropriate. CCE-8496-2Setting Index #875: This is a setting option. Refer to the following parent setting for additional information: Configure TPM platform validation profile-Worksheet: Bitlocker Policy Settings; Row: 37(1) GPO: Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives\s4-o13\PCR 12: Reserved for Future Use (2) Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE\PlatformValidation\12Validation of the 'Reserved for Future Use' Platform Configuration Register (aka PCR 12) by the Trusted Platform Module (TPM) should be enabled or disabled as appropriate. CCE-8493-95Definition 'oval:gov.nist.usgcb.windowsseven:def:73' eRule 'interactive_logon_number_of_previous_logons_to_cache_in_case_domain_controller_is_unavailable' Setting Index #97: This policy setting determines whether a user can log on to a Windows domain using cached account information.,Worksheet: Computer Policy Settings; Row: 78 CCE-8487-15Definition 'oval:gov.nist.usgcb.windowsseven:def:53' -Rule 'accounts_rename_administrator_account' jSetting Index #69: This policy setting provides the ability to change the default administrator user name.,Worksheet: Computer Policy Settings; Row: 51 CCE-8484-8Setting Index #870: This is a setting option. Refer to the following parent setting for additional information: Configure TPM platform validation profile-Worksheet: Bitlocker Policy Settings; Row: 55(1) GPO: Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives\s4-o8\PCR 7: Computer Manufacturer-Specific (2) Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE\PlatformValidation\7Validation of the 'Computer Manufacturer-Specific' Platform Configuration Register (aka PCR 7) by the Trusted Platform Module (TPM) should be enabled or disabled as appropriate. CCE-8483-05Definition 'oval:gov.nist.usgcb.windowsseven:def:42' )Rule 'perform_volume_maintainance_tasks' Setting Index #57: This policy setting allows users to manage the system's volume or disk configuration, which could allow a user to delete a volume and cause data loss as well as a denial-of-service condition.,Worksheet: Computer Policy Settings; Row: 28 CCE-8475-65Definition 'oval:gov.nist.usgcb.windowsseven:def:32' 1Rule 'impersonate_a_client_after_authentication' Setting Index #48: The policy setting allows programs that run on behalf of a user to impersonate that user (or another specified account) so that they can act on behalf of the user.,Worksheet: Computer Policy Settings; Row: 21 CCE-8467-35Definition 'oval:gov.nist.usgcb.windowsseven:def:23' Rule 'create_symbolic_links' XSetting Index #38: This policy setting determines which users can create symbolic links.,Worksheet: Computer Policy Settings; Row: 37 CCE-8460-85Definition 'oval:gov.nist.usgcb.windowsseven:def:21' Rule 'create_global_objects' Setting Index #36: This policy setting determines whether users can create global objects that are available to all sessions. Users can still create objects that are specific to their own session if they do not have this user right.,Worksheet: Computer Policy Settings; Row: 15 CCE-8431-95Definition 'oval:gov.nist.usgcb.windowsseven:def:18' Rule 'change_the_time_zone' `Setting Index #33: This setting determines which users can change the time zone of the computer.,Worksheet: Computer Policy Settings; Row: 36 CCE-8423-6Setting Index #1037: This is a setting option. Refer to the following parent setting for additional information: Choose how BitLocker-protected fixed data drives can be recovered-Worksheet: Bitlocker Policy Settings; Row: 10(1) GPO: Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Fixed Data Drives\s2-o3\Configure user storage of BitLocker 256-digit recovery key (2) Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE\FDVRecoveryKey~The 'Configure user storage of BitLocker 256-digit recovery key' setting should be configured correctly for fixed data drives. CCE-8417-8Setting Index #901: This is a setting option. Refer to the following parent setting for additional information: Choose how BitLocker-protected removable data drives can be recovered-Worksheet: Bitlocker Policy Settings; Row: 67(1) GPO: Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Removable Data Drives\s2-o2\Configure user storage of BitLocker 48-digit recovery password (2) Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE\RDVRecoveryPasswordThe 'Configure user storage of BitLocker< 48-digit recovery password' setting should be configured correctly for removable data drives. CCE-8415-25Definition 'oval:gov.nist.usgcb.windowsseven:def:16' Rule 'bypass_traverse_checking' Setting Index #31: This policy setting allows users who do not have the special "Traverse Folder" access permission to "pass through" folders when they browse an object path in the NTFS file system or the registry.,Worksheet: Computer Policy Settings; Row: 11 CCE-8414-5 CCE-8407-9Setting Index #917: This is a setting option. Refer to the following parent setting for additional information: Deny write access to removable data drives not protected by BitLocker-Worksheet: Bitlocker Policy Settings; Row: 83 (1) GPO: Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Removable Data Drives\s6-o1\Do not allow write access to devices configured in another organization (2) Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE\RDVDenyCrossOrgThe BitLocker 'Do not allow write access to devices configured in another organization' setting should be configured correctly. CCE-8405-3Setting Index #821: This is a setting option. Refer to the following parent setting for additional information: Choose drive encryption method and cipher strength-Worksheet: Bitlocker Policy Settings; Row: 85(1) GPO: Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\s2-o2\Select the encryption method (2) Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE\EncryptionMethodbThe BitLocker 'Select the encryption method' setting should be enabled or disabled as appropriate. CCE-8370-9Setting Index #891: This is a setting option. Refer to the following parent setting for additional information: Require additional authentication at startup-Worksheet: Bitlocker Policy Settings; Row: 61(1) GPO: Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives\s5-o4\Configure TPM startup key (2) Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE\UseTPMKeyUse of a Trusted Platform Module (TPM) startup key for operating system drives encrypted with BitLocker should be configured correctly. CCE-8309-7Setting Index #887: -Worksheet: Bitlocker Policy Settings; Row: 57 (1) GPO: Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives\s5-o0\Require additional authentication at startup (2) Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE\UseAdvancedStartupsThe BitLocker 'Require additional authentication at startup' setting should be enabled or disabled as appropriate.. CCE-8303-0Setting Index #877: This is a setting option. Refer to the following parent setting for additional information: Configure TPM platform validation profile-Worksheet: Bitlocker Policy Settings; Row: 39(1) GPO: Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives\s4-o15\PCR 14: Reserved for Future Use (2) Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE\PlatformValidation\14Validation of the 'Reserved for Future Use' Platform Configuration Register (aka PCR 14) by the Trusted Platform Module (TPM) should be enabled or disabled as appropriate. CCE-8301-4Setting Index #873: This is a setting option. Refer to the following parent setting for additional information: Configure TPM platform validation profile-Worksheet: Bitlocker Policy Settings; Row: 35(1) GPO: Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives\s4-o11\PCR 10: Boot Manager (2) Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE\PlatformValidation\10Validation of the 'Boot Manager' Platform Configuration Register (aka PCR 10) by the Trusted Platform Module (TPM) should be enabled or disabled as appropriate. CCE-8299-0Setting Index #862: -Worksheet: Bitlocker Policy Settings; Row: 32(1) GPO: Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives\s4-o0\Configure TPM platform validation profile (2) Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE\PlatformValidation\EnabledoThe BitLocker 'Configure TPM platform validation profile' setting should be enabled or disabled as appropriate. CCE-8284-2Setting Index #852: -Worksheet: Bitlocker Policy Settings; Row: 23(1) GPO: Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives\s2-o0\Choose how BitLocker-protected operating system drives can be recovered (2) Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE\OSRecoveryThe 'Choose how BitLocker-protected operating system drives can be recovered' setting should be enabled or disabled as appropriate. CCE-8278-4Setting Index #1050: This is a setting option. Refer to the following parent setting for additional information: Choose how BitLocker-protected fixed data drives can be recovered,Worksheet: Bitlocker Policy Settings; Row: 9(1) GPO: Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Fixed Data Drives\s2-o2\Configure user storage of BitLocker 48-digit recovery password (2) Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE\FDVRecoveryPasswordThe 'Configure user storage of BitLocker 48-digit recovery password' setting should be configured correctly for fixed data drives. CCE-8242-0Setting Index #1040: This is a setting option. Refer to the following parent setting for additional information: Choose how BitLocker-protected fixed data drives can be recovered,Worksheet: Bitlocker Policy Settings; Row: 8(1) GPO: Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Fixed Data Drives\s2-o1\Allow data recovery agent (2) Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE\FDVManageDRAuThe BitLocker 'Allow data recovery agent' setting should be enabled or disabled as appropriate for fixed data drives. CCE-8235-4Setting Index #362: This policy setting removes the built-in Windows Vista features that allow users to burn CDs through Windows Explorer. 'Worksheet: User Policy Settings; Row: 6(1) GPO: User Configuration\Administrative Templates\Windows Components\ Windows Explorer\Remove CD Burning features (2) Registry Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoCDBurningHThe 'Remove CD Burning features' setting should be configured correctly. CCE-10490-19Definition 'oval:gov.nist.usgcb.windowsseven:def:100214' <Rule 'reschedule_automatic_updates_scheduled_installations' Setting Index #277: This policy setting determines the amount of time before previously scheduled Automatic Update installations will proceed after system startup. -Worksheet: Computer Policy Settings; Row: 195(1) GPO: Computer Configuration\Administrative Templates\Windows Components\Windows Update\Reschedule Automatic Updates scheduled installations (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU\RescheduleWaitTimeEnabledpThe 'Reschedule Automatic Updates scheduled installations' setting should be enabled or disabled as appropriate. CCE-10205-36Definition 'oval:gov.nist.usgcb.windowsseven:def:271' 5Rule 'prevent_the_computer_from_joining_a_homegroup' GSetting Index #932: Controls if a computer can be joined to a HomeGroup-Worksheet: Computer Policy Settings; Row: 208(1) GPO: Computer Configuration\Administrative Templates\Windows Components\HomeGroup\Prevent the computer from joining a homegroup (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\HomeGroup\DisableHomeGroup[The 'Prevent the computer from joining a homegroup' setting should be configured correctly. CCE-10183-26Definition 'oval:gov.nist.usgcb.windowsseven:def:252' 1Rule 'rpc_endpoint_mapper_client_authentication' Setting Ind< ex #236: This policy setting allows client computers that communicate with this computer to be forced to provide authentication before an RPC communication is established.-Worksheet: Computer Policy Settings; Row: 181(1) GPO: Computer Configuration\Administrative Templates\System\Remote Procedure Call\RPC Endpoint Mapper Client Authentication (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Rpc\EnableAuthEpResolutionWThe 'RPC Endpoint Mapper Client Authentication' setting should be configured correctly. CCE-10181-6 CCE-10175-8 CCE-10169-1;Rule 'do_not_preserve_zone_information_in_the_attachments' Setting Index #280: This policy setting allows you to manage whether Windows marks file attachments from Internet Explorer or Microsoft Outlook Express with information about their zone of origin (such as restricted, Internet, intranet, or local). 'Worksheet: User Policy Settings; Row: 3(1) GPO: User Configuration\Administrative Templates\Windows Components\Attachment Manager\Do not preserve zone information in file attachments (2) Registry Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments\SaveZoneInformationbThe 'Do not preserve zone information in file attachments' setting should be configured correctly. CCE-10166-76Definition 'oval:gov.nist.usgcb.windowsseven:def:268' Rule 'maximum_system_log_size' Setting Index #507: This policy requires Windows Vista or later versions of Windows, it specifies the maximum size of the log file in kilobytes.-Worksheet: Computer Policy Settings; Row: 206(1) GPO: Computer Configuration\Administrative Templates\Windows Components\Event Log Service\System\Maximum Log Size (KB) (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\EventLog\System\MaxSizeVThe 'Maximum Log Size (KB)' setting should be configured correctly for the system log. CCE-10156-8^Setting Index #231: This policy setting controls the default behavior of the AutoPlay setting.-Worksheet: Computer Policy Settings; Row: 176(1) GPO: Computer Configuration\Administrative Templates\System\Logon\Do not process the run once list (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisableLocalMachineRunOnceNThe 'Do not process the run once list' setting should be configured correctly. CCE-10154-3Rule 'screen_saver_timeout' Setting Index #502: If the Screen Saver Timeout setting is enabled, then the screen saver will be launched when the specified amount of time has passed since the last user action.(Worksheet: User Policy Settings; Row: 11(1) GPO: User Configuration\Administrative Templates\Control Panel\Display\Screen Saver timeout (2) Registry Key: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Control Panel\Desktop\ScreenSaveTimeOuttime in secondsBThe 'Screen Saver timeout' setting should be configured correctly. CCE-10148-5 CCE-10144-46Definition 'oval:gov.nist.usgcb.windowsseven:def:238' 6Rule 'turn_off_search_companion_content_file_updates' Setting Index #241: This policy setting specifies whether Search Companion should automatically download content updates during local and Internet searches.-Worksheet: Computer Policy Settings; Row: 186(1) GPO: Computer Configuration\Administrative Templates\System\Internet Communication Management\Internet Communication settings\Turn off Search Companion content file updates (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SearchCompanion\DisableContentFileUpdates\The 'Turn off Search Companion content file updates' setting should be configured correctly. CCE-10140-2Setting Index #515-Worksheet: Computer Policy Settings; Row: 203(1) GPO: Computer Configuration\Administrative Templates\Windows Components\Event Log Service\Application\Retain old events (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\EventLog\Application\Retain application logWThe 'Retain old events' setting should be configured correctly for the application log. CCE-10136-0Setting Index #363: This policy setting disables the Security tab on the file and folder properties dialog boxes in Windows Explorer. 'Worksheet: User Policy Settings; Row: 7(1) GPO: User Configuration\Administrative Templates\Windows Components\Windows Explorer\Remove Security tab (2) Registry Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSecurityTabRThe Windows Explorer 'Remove Security tab' setting should be configured correctly. CCE-10129-5 CCE-10118-86Definition 'oval:gov.nist.usgcb.windowsseven:def:275' 2Rule 'always_prompt_for_password_upon_connection' Setting Index #270: This policy setting specifies whether Terminal Services always prompts the client computer for a password upon connection.-Worksheet: Computer Policy Settings; Row: 197%(1) GPO: Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security\Always prompt for password upon connection (2) Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\fPromptForPasswordXThe 'Always prompt for password upon connection' setting should be configured correctly. CCE-10103-0 CCE-10098-2Setting Index #243: This policy setting specifies whether Windows will search Windows Update for device drivers when no local drivers for a device are present.-Worksheet: Computer Policy Settings; Row: 188#(1) GPO: Computer Configuration\Administrative Templates\System\Internet Communication Management\Internet Communication settings\Turn off Windows Update device driver searching (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\DriverSearching\DontSearchWindowsUpdate]The 'Turn off Windows Update device driver searching' setting should be configured correctly. CCE-10093-3Setting Index #246: This policy setting determines whether users must first press CTRL+ALT+DEL to establish a trusted path before typing account and password information to log on to computers in the environment.-Worksheet: Computer Policy Settings; Row: 191(1) GPO: Computer Configuration\Administrative Templates\Windows Components\Credential User Interface\Require trusted path for credential entry (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\CredUI\EnableSecureCredentialPromptingeThe 'Require trusted path for credential entry' setting should be enabled or disabled as appropriate. CCE-10092-56Definition 'oval:gov.nist.usgcb.windowsseven:def:272' *Rule 'do_not_allow_passwords_to_be_saved' tSetting Index #267: This policy setting helps prevent Terminal Services clients from saving passwords on a computer.-Worksheet: Computer Policy Settings; Row: 201 (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security\Do not allow passwords to be saved (2) Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\DisablePasswordSavingPThe 'Do not allow passwords to be saved' setting should be configured correctly. CCE-10090-9 CCE-10088-3 CCE-10082-6 CCE-10081-8 CCE-10078-48Setting Index #1026: Configures access to remote shells.+Worksheet: Computer Policy Settings; Row: 5(1) GPO: Computer Configuration\Administrative Templates\Windows Components\Windows Remote Shell\Allow Remote Shell Access (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WinRM\Service\WinRS\AllowRemoteShellAccessGThe 'Allow Remote Shell Access' setting should be configured correctly. CCE-10077-6:Rule 'notify_antivirus_programs_when_opening_attachments' vSetting Index #282: Antivirus programs are mandatory in many environments and provide a strong defense against attack.'Worksheet: User Policy Settings; Row: 5(1) GPO: User Configuration\Administrative Templates\Windows Components\Attachment Manager\Notify antivirus programs when opening attachments (2) Registry Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Polici< es\Attachments\ScanWithAntiVirus`The 'Notify antivirus programs when opening attachments' setting should be configured correctly. CCE-10076-8Setting Index #517-Worksheet: Computer Policy Settings; Row: 207(1) GPO: Computer Configuration\Administrative Templates\Windows Components\Event Log Service\System\Retain old events (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\EventLog\System\Retain system logRThe 'Retain old events' setting should be configured correctly for the system log. CCE-10064-46Definition 'oval:gov.nist.usgcb.windowsseven:def:236' #Rule 'turn_off_printing_over_http' Setting Index #240: This policy setting allows you to disable the client computer s ability to print over HTTP, which allows the computer to print to printers on the intranet as well as the Internet. -Worksheet: Computer Policy Settings; Row: 185(1) GPO: Computer Configuration\Administrative Templates\System\Internet Communication Management\Internet Communication settings\Turn off printing over HTTP (2) Registry Key: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Printers\DisableHTTPPrintingIThe 'Turn off printing over HTTP' setting should be configured correctly. CCE-10061-0Rule 'enable_screen_saver' _Setting Index #504: This policy setting allows you to manage whether or not screen savers run. (Worksheet: User Policy Settings; Row: 12(1) GPO: User Configuration\Administrative Templates\Control Panel\Personalization\Enable screen saver (2) Registry Key: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Control Panel\Desktop\ScreenSaveActive CCE-10051-1 CCE-10050-3 CCE-10049-5 CCE-10021-4 CCE-10014-9Setting Index #110: This entry appears as MSS: (AutoReboot) Allow Windows to automatically restart after a system crash (recommended except for highly secure environments) in the SCE.,Worksheet: Computer Policy Settings; Row: 94C(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\MSS: (AutoReboot) Allow Windows to automatically restart after a system crash (recommended except for highly secure environments) (2) Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl\AutoRebootThe 'MSS: (AutoReboot) Allow Windows to automatically restart after a system crash (recommended except for highly secure environments)' setting should be configured correctly. CCE-10303-6Setting Index #111: This setting controls the hidden administrative shares on a server. By default, when Windows networking is active on a server, Windows will create hidden administrative shares which is undesirable on highly secure servers.,Worksheet: Computer Policy Settings; Row: 57#(1) GPO: Computer Configuration\Windows Settings\Local Policies\Security Options\MSS: (AutoShareWks) Enable Administrative Shares (recommended except for highly secure environments) (2) Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanServer\Parameters\\AutoShareWksThe 'MSS: (AutoShareWks) Enable Administrative Shares (recommended except for highly secure environments)' setting should be configured correctly. CCE-10814-2!USGCB OVAL (USGCB-Windows-7-oval)#USGCB XCCDF (USGCB-Windows-7-xccdf)9USGCB Beta 2010-08-31 OVAL (USGCB-Windows-7-x86_oval.xml);USGCB Beta 2010-08-31 XCCDF (USGCB-Windows-7-x86_xccdf.xml)nMicrosoft Security Compliance Management Toolkit for Windows 7, Version 1.0: "Windows 7 Security Baseline.xml"Microsoft Security Compliance Management Toolkit for Windows 7, Version 1.0: "Windows 7 Security Baseline Settings.xlsm" spreadsheet1 to 16 charactersVersion: 5.20120314sAlways connect, even if authentication fails/Warn me if authentication fails/Do not connect if authentication failsThe Remote Desktop Connection Client "Configure server authentication for client" machine setting should be configured correctly.UDisabled/Detection and Troubleshooting Only/Detection, Troubleshooting and ResolutionThe Diagnostic Policy Service (DPS) "Configure Scenario Execution Level" machine setting should be configured correctly for Windows System Responsiveness Diagnostics.The Diagnostic Policy Service (DPS) "Configure Scenario Execution Level" machine setting should be configured correctly for Windows Standby/Resume Performance Diagnostics.The Diagnostic Policy Service (DPS) "Configure Scenario Execution Level" machine setting should be configured correctly for Windows Shutdown Performance Diagnostics.The Diagnostic Policy Service (DPS) "Configure Scenario Execution Level" machine setting should be configured correctly for Windows Resource Exhaustion Detection and Resolution.The Diagnostic Policy Service (DPS) "Configure Scenario Execution Level" machine setting should be configured correctly for Windows Memory Leak Diagnosis.The Diagnostic Policy Service (DPS) "Configure Scenario Execution Level" machine setting should be configured correctly for Windows Boot Performance Diagnostics.The Diagnostic Policy Service (DPS) "Configure Scenario Execution Level" machine setting should be configured correctly for Fault Tolerant Heap .Last modified: 2012-03-13on/off[The Windows Vista 'Windows Media Center' feature should be turned on or off as appropriate.RThe Windows Vista 'TFTP Client' feature should be turned on or off as appropriate.TThe Windows Vista 'Telnet Server' feature should be turned on or off as appropriate.TThe Windows Vista 'Telnet Client' feature should be turned on or off as appropriate.YThe Windows Vista 'SimpleTCP Services' feature should be turned on or off as appropriate.dThe Windows Vista 'Internet Information Services' feature should be turned on or off as appropriate.LThe Windows Vista 'Games' feature should be turned on or off as appropriate.dThe Windows XP 'Windows Media Center' component should be installed or not installed as appropriate.bThe Windows XP 'SimpleTCP Services' component should be installed or not installed as appropriate.mThe Windows XP 'Internet Information Services' component should be installed or not installed as appropriate.DEPRECATED. [Was: The OS/2 subsystem should be enabled or disabled as appropriate. Per Microsoft KB308259, the POSIX subsystem is not supported in Windows XP.] DEPRECATED. [Was: The POSIX subsystem should be enabled or disabled as appropriate. Per Microsoft KB308259, the POSIX subsystem is not supported in Windows XP.] Last modified: 2012-03-12page 3 page 4-315page 9-7none%via web and local GUI and API commandv1 / v2cUSNMP: The setting to configure SNMP trap version should be configured as appropriate. CCE-19982-8 page 4-314[SNMP: The setting to configure SNMP system description should be configured as appropriate. CCE-19919-0 page 4-313QSNMP: The setting to configure SNMP location should be configured as appropriate. CCE-19671-7 page 4-312XSNMP: The setting to configure SNMP console address should be configured as appropriate. CCE-19718-6 page 4-311WSNMP: The setting to configure SNMP community name should be configured as appropriate. CCE-19887-9 page 4-310SSNMP: The setting to configure SNMP admin name should be configured as appropriate. CCE-19986-9pages 9-8 to 9-10via web and local GUIuSecurity: The setting to configure the server address of the provisioning server should be configured as appropriate. CCE-19998-4zSecurity: The setting to configure the password to connect to the provisioning server should be configured as appropriate. CCE-19614-7{Security: The setting to configure the user name to connect to the provisioning server should be configured as appropriate. CCE-19699-8< mSecurity: The setting to configure the domain of the provisioning server should be configured as appropriate. CCE-19928-1 page 2-38 auto / manualdSecurity: The setting to configure the preferred dialing method should be configured as appropriate. CCE-19674-1 page 4-24via API command`Security: The setting to allow the system to dial any calls should be configured as appropriate. CCE-19924-0 page 2-37PSecurity: The setting to enable transcoding should be configured as appropriate. CCE-19559-4pages 10-2 to 10-3pSecurity: The setting to configure the channel ID for the IR remote control should be configured as appropriate. CCE-19796-2 page 10-2jSecurity: The setting to allow use of a non-Polycom IR remote control should be configured as appropriate. CCE-19033-0 page 4-211 page 10-1presets / tonesxSecurity: The setting to configure numeric keypad function on the IR remote control should be configured as appropriate. CCE-19647-7 page 4-286off / power / sleep/wakeqSecurity: The setting to configure the power button on the IR remote control should be configured as appropriate. CCE-19764-0 page 4-354 page 3-30content / people / both^Security: The setting to configure VGA quality preference should be configured as appropriate. CCE-19610-5 page 4-169 page 2-36MSecurity: The setting to configure H.239 should be configured as appropriate. CCE-19451-4 page 4-114pages 3-9 to 3-10page 13^Security: The setting to configure dual monitor emulation should be configured as appropriate. CCE-18796-3 page 4-37_Security: The setting to configure diagnostic (basic) mode should be configured as appropriate. CCE-19702-0 page 4-356 page 2-40isdn_phone / pots]Security: The setting to configure voice call dial order should be configured as appropriate. CCE-19377-1 page 4-355isdn / h323 / sip / gateway323]Security: The setting to configure video call dial order should be configured as appropriate. CCE-19229-4 page 4-309page 3-9 off / numberbSecurity: The setting to configure the screen saver wait time should be configured as appropriate. CCE-19706-1pages 10-6 to 10-8ySecurity: The setting to allow a Polycom Touch Control panel to pair with the system should be configured as appropriate. CCE-19383-9 page 4-328page 2-34 to 2-35`Security: The setting to configure the POTS number manually should be configured as appropriate. CCE-19379-7 page 4-327cSecurity: The setting to configure the POTS area code manually should be configured as appropriate. CCE-19720-2ISecurity: The setting to enable POTS should be configured as appropriate. CCE-19681-6 page 4-120pages 2-23 to 2-25]Security: The setting to enable H.460 firewall traversal should be configured as appropriate. CCE-19677-4 page 4-245 page 4-14page 35_Security: The setting to mute a call that is auto answered should be configured as appropriate. CCE-19346-6 page 4-232page 6-1sSecurity: The setting to configure a maximum time that a call can be connected should be configured as appropriate. CCE-19717-8 page 4-347page 9-5Security: The setting to require validation of an account number before allowing a call to be dialed should be configured as appropriate. CCE-19257-5 page 4-288fSecurity: The setting to require an account number to dial a call should be configured as appropriate. CCE-19438-1 page 4-35 page 3-31Security: The setting to configure whether to show content immediately upon connecting a computer to the system should be configured as appropriate. CCE-19645-1 page 8-28manual / auto at thresholdSecurity: The setting to specify the frequency of transferring logs to a storage device then deleting the logs from the system should be configured as appropriate. CCE-19582-6Security: The setting to specify the percent filled threshold above which a warning will be provided if log files exceed it should be configured as appropriate. CCE-19111-4#name+timestamp / manual / timestamp{Security: The setting to specify the folder name to be used when downloading log files should be configured as appropriate. CCE-19260-9page 4page 8-5auto / NTLMv1 / NTLMv2VSecurity: The setting to specify the NTLM version should be configured as appropriate. CCE-19661-8 page 4-26zSecurity: The setting to allow access to security related settings by non-admin users should be configured as appropriate. CCE-19688-1page 5 page 8-13Security: The setting to specify the maximum number of consecutive repeating characters that are allowed when creating a new meeting password should be configured as appropriate. CCE-19235-1off / all / numberSecurity: The setting to specify the minimum number of characters that must be changed when creating a new meeting password should be configured as appropriate. CCE-19071-0Security: The setting to specify how many days ahead of time a password expiration warning should be provided when the meeting password is about to expire should be configured as appropriate. CCE-19583-4Security: The setting to specify a maximum age for the meeting password after which it must be changed should be configured as appropriate. CCE-19468-8Security: The setting to specify a minimum age for the meeting password before it can be changed should be configured as appropriate. CCE-19068-6Security: The setting to reject a certain number of previous meeting passwords when creating a new meeting password should be configured as appropriate. CCE-19516-4zSecurity: The setting to require that the meeting password contain special characters should be configured as appropriate. CCE-19634-5oSecurity: The setting to require that the meeting password contain numbers should be configured as appropriate. CCE-19145-2}Security: The setting to require that the meeting password contain upper case characters should be configured as appropriate. CCE-19698-0}Security: The setting to require that the meeting password contain lower case characters should be configured as appropriate. CCE-19267-4 page 8-12xSecurity: The setting to specify the minimum length required for a meeting password should be configured as appropriate. CCE-19704-6Security: The setting to specify if the local (room) user password can contain the user account name or the reverse of the account name should be configured as appropriate. CCE-19342-5Security: The setting to specify the maximum number of consecutive repeating characters that are allowed when creating a new local (room) user password should be configured as appropriate. CCE-19513-1Security: The setting to specify the minimum number of characters that must be changed when creating a new local (room) user password should be configured as appropriate. CCE-19253-4Security: The setting to specify how many days ahead of time a password expiration warning should be provided when the local (room) user password is about to expire should be configured as appropriate. CCE-19408-4Security: The setting to specify a maximum age for the local (room) user password after which it must be changed should be configured as appropriate. CCE-18722-9Security: The setting to specify a minimum age for the local (room) user password before it can be changed should be configured as appropriate. CCE-19102-3Security: The setting to reject a certain number of previous local (room) user passwords when creating a new password should be configured as appropriate. CCE-19590-9Security: The setting to require that the local (room) user password contain special characters should be configured as appropriate. CCE-19601-4ySecurity: The setting to require that the local (room) user password contain numbers should be configured as appropriate. CCE-19394-6Security: The setting to require that the local (room) user password contain upper case characters should be configured as appropriate. CCE-19428-2Security: The setting to require that the local (room) user password contain lower case characters should be configured as appropriate. CCE-19650-1Security: < The setting to specify the minimum length required for a local (room) user password should be configured as appropriate. CCE-19673-3Security: The setting to specify if the remote admin password can contain the admin account name or the reverse of the account name should be configured as appropriate. CCE-19073-6Security: The setting to specify the maximum number of consecutive repeating characters that are allowed when creating a new remote admin password should be configured as appropriate. CCE-19487-8Security: The setting to specify the minimum number of characters that must be changed when creating a new remote admin password should be configured as appropriate. CCE-19065-2Security: The setting to specify how many days ahead of time a password expiration warning should be provided when the remote admin password is about to expire should be configured as appropriate. CCE-19535-4Security: The setting to specify a maximum age for the remote admin password after which it must be changed should be configured as appropriate. CCE-19632-9Security: The setting to specify a minimum age for the remote admin password before it can be changed should be configured as appropriate. CCE-19596-6Security: The setting to reject a certain number of previous remote admin passwords when creating a new password should be configured as appropriate. CCE-19619-6Security: The setting to require that the remote admin password contain special characters should be configured as appropriate. CCE-19547-9tSecurity: The setting to require that the remote admin password contain numbers should be configured as appropriate. CCE-19504-0Security: The setting to require that the remote admin password contain upper case characters should be configured as appropriate. CCE-19374-8Security: The setting to require that the remote admin password contain lower case characters should be configured as appropriate. CCE-19232-8}Security: The setting to specify the minimum length required for a remote admin password should be configured as appropriate. CCE-19286-4Security: The setting to specify if the local (room) admin password can contain the admin account name or the reverse of the account name should be configured as appropriate. CCE-19518-0Security: The setting to specify the maximum number of consecutive repeating characters that are allowed when creating a new local (room) admin password should be configured as appropriate. CCE-19591-7Security: The setting to specify the minimum number of characters that must be changed when creating a new local (room) admin password should be configured as appropriate. CCE-19510-7Security: The setting to specify how many days ahead of time a password expiration warning should be provided when the local (room) admin password is about to expire should be configured as appropriate. CCE-19373-0Security: The setting to specify a maximum age for the local (room) admin password after which it must be changed should be configured as appropriate. CCE-19420-9Security: The setting to specify a minimum age for the local (room) admin password before it can be changed should be configured as appropriate. CCE-19431-6Security: The setting to reject a certain number of previous local (room) admin passwords when creating a new password should be configured as appropriate. CCE-19602-2Security: The setting to require that the local (room) admin password contain special characters should be configured as appropriate. CCE-19576-8zSecurity: The setting to require that the local (room) admin password contain numbers should be configured as appropriate. CCE-19354-0Security: The setting to require that the local (room) admin password contain upper case characters should be configured as appropriate. CCE-19675-8Security: The setting to require that the local (room) admin password contain lower case characters should be configured as appropriate. CCE-19245-0Security: The setting to specify the minimum length required for a local (room) admin password should be configured as appropriate. CCE-19086-8 page 4-233WSecurity: The setting to configure an MCU password should be configured as appropriate. CCE-19622-0page 9 page 4-234pages 2-18, 5-12, 8-3page 31ZSecurity: The setting to configure a meeting password should be configured as appropriate. CCE-19669-1page 8-4, 8-13 to 8-14dSecurity: The setting to configure a local (room) user password should be configured as appropriate. CCE-18787-2pages 1-17, 8-3, 8-13 to 8-14fSecurity: The setting to configure a remote access admin password should be configured as appropriate. CCE-19140-3 page 4-305gSecurity: The setting to configure the local (room) admin password should be configured as appropriate. CCE-18932-4page 6pages 8-25 to 8-26Security: The setting to specify the web interface and serial port (port lockout) lock duration should (in minutes) be configured as appropriate. CCE-19238-5Security: The setting to specify the number of failed login attempts on the web interface and serial port (port lockout) after which the interface will be locked should be configured as appropriate. CCE-19593-3 page 4-303zSecurity: The setting to specify the maximum number of concurrent active web sessions should be configured as appropriate. CCE-19363-1page 8-7Security: The setting to enable a list of all sessions (local, web and serial) to be visible on the local or web GUI should be configured as appropriate. CCE-19639-4 page 8-22iSecurity: The setting to enable monitoring of inactive web sessions should be configured as appropriate. CCE-19137-9 page 6, 7kSecurity: The setting to specify the idle session timeout (in minutes) should be configured as appropriate. CCE-19585-9 page 4-227pages 8-24 to 8-25qSecurity: The setting to specify the user account lock duration (in minutes) should be configured as appropriate. CCE-19542-0Security: The setting to require the user account to be locked after a certain number of failed login attempts should be configured as appropriate. CCE-19385-4rSecurity: The setting to specify the admin account lock duration (in minutes) should be configured as appropriate. CCE-19548-7Security: The setting to require the admin account to be locked after a certain number of failed login attempts should be configured as appropriate. CCE-19403-5page 7 page 4-239page 6-3mSecurity: The setting to enable Do Not Disturb only for multipoint calls should be configured as appropriate. CCE-19667-5 page 4-34qSecurity: The setting to enable Do Not Disturb only for point to point calls should be configured as appropriate. CCE-19564-4page 7-5xSecurity: The setting to enable Availability Control (Do Not Disturb) for all calls should be configured as appropriate. CCE-19405-0 page 4-60page 6-2uSecurity: The setting to allow a call detail report to be created and maintained should be configured as appropriate. CCE-19558-6 page 4-133 page 3-29fSecurity: The setting to allow far end control of the near camera should be configured as appropriate. CCE-19419-1page 7-6kSecurity: The setting to allow the last number dialed to be accessible should be configured as appropriate. CCE-19210-4 page 4-180eSecurity: The setting to allow recent call list to be accessible should be configured as appropriate. CCE-19313-6 pages 7, 11 page 2-15HSecurity: The setting to enable SIP should be configured as appropriate. CCE-19242-7 pages 3, 9 page 4-126 page 8-11Moff / when available / required for video calls only / required for all callsTSecurity: The setting to require AES encryption should be configured as appropriate. CCE-19169-2pages 6, 7, 11, 16page 3-1, 4-292 page 10-5&via web and local GUIs and API command-9600 / 14400 / 19200 / 38400 / 57600 / 115200dSecurity: The setting to configure RS-232 serial port baud rate should be configured as appropriate. CCE-19475-3page 3-1, 4-293toff / passthru / control / debug / camera ptz / closed caption / vortex mixer / interactive tou< ch board / smartboardfSecurity: The setting to configure RS-232 serial port access mode should be configured as appropriate. CCE-19404-3pages 11 to 12page 8-13 to 8-14eSecurity: The setting to require admin password for remote login should be configured as appropriate. CCE-19522-2page 8 page 8-24fSecurity: The setting to configure an Active Directory user group should be configured as appropriate. CCE-19444-9gSecurity: The setting to configure an Active Directory admin group should be configured as appropriate. CCE-19553-7jSecurity: The setting to configure an Active Directory server address should be configured as appropriate. CCE-19530-5 page 7, 8, 16pages 6-9, 8-23 to 8-24eSecurity: The setting to require Active Directory authentication should be configured as appropriate. CCE-19402-7 page 4-25qSecurity: The setting to allow mixed protocol (IP and ISDN) multipoint calls should be configured as appropriate. CCE-19476-1 page 4-23zSecurity: The setting to allow a non-admin user to make changes to the camera presets should be configured as appropriate. CCE-19381-3 page 4-22page 6-6Security: The setting to allow a non-admin user to make changes to the local system address book should be configured as appropriate. CCE-19461-3page 12page 8-6via weboSecurity: The setting to configure custom text for the web security banner should be configured as appropriate. CCE-19275-7 via local GUIqSecurity: The setting to configure custom text for the local security banner should be configured as appropriate. CCE-19629-5off / custom / DoDmSecurity: The setting to require display of a security banner upon login should be configured as appropriate. CCE-18825-0 page 3-364page 36via local GUI and API command\Security: The setting to allow video display on the web should be configured as appropriate. CCE-19158-5 page 4-125page 8-4ZSecurity: The setting to allow remote access via SNMP should be configured as appropriate. CCE-19212-0page 4-324, D-22\Security: The setting to allow remote access via telnet should be configured as appropriate. CCE-19589-1 page 4-366 page 8-21via web GUI and API commandOSecurity: The setting to require whitelist should be configured as appropriate. CCE-19489-4pages 4-365, D-25`Security: The setting to specify the web access port number should be configured as appropriate. CCE-19183-3YSecurity: The setting to allow remote access via web should be configured as appropriate. CCE-19206-2 page 4-338page 8-3sSecurity: The setting to allow the local password to be used for remote access should be configured as appropriate. CCE-19555-2]Security: The setting to require login for system access should be configured as appropriate. CCE-19486-0 pages 6, 13pages 8-13 to 8-20Security: The setting to specify whether to use the global responder specified in the certificate should be configured as appropriate. CCE-18677-5 page 4-192via web and API command`Security: The setting to allow incomplete revocation checks should be configured as appropriate. CCE-19317-7 ocsp / crlgSecurity: The setting to specify the certificate revocation method should be configured as appropriate. CCE-19182-5 page 4-320nSecurity: The setting to specify the maximum peer certificate chain depth should be configured as appropriate. CCE-19151-0 page 4-73ySecurity: The setting to require certificate validation for peer client applications should be configured as appropriate. CCE-19635-2 page 4-301 via web GUIkSecurity: The setting to require certificate validation for web server should be configured as appropriate. CCE-19631-1page 10page 2-6VSecurity: The setting to allow PC LAN port access should be configured as appropriate. CCE-19546-1page 24via web and local GUI (during out of box setup only)low / medium / high / maximumZSecurity: The setting to specify the security profile should be configured as appropriate. CCE-19386-2 page 4-165page 9-6nManagement: The setting to configure the GMS tech support contact country should be configured as appropriate. CCE-19514-9 page 4-166lManagement: The setting to configure the GMS tech support contact state should be configured as appropriate. CCE-19580-0 page 4-160kManagement: The setting to configure the GMS tech support contact city should be configured as appropriate. CCE-19168-4 page 4-162qManagement: The setting to configure the GMS tech support contact fax number should be configured as appropriate. CCE-19233-6npage 4-163, 4-167 (two values are provided to allow two different tech support contact numbers to be provided)sManagement: The setting to configure the GMS tech support contact phone number should be configured as appropriate. CCE-19588-3 page 4-161lManagement: The setting to configure the GMS tech support contact email should be configured as appropriate. CCE-19417-5 page 4-164kManagement: The setting to configure the GMS tech support contact name should be configured as appropriate. CCE-19347-4 page 4-291Management: The setting to configure the phone number of the room where the system is located should be configured as appropriate. CCE-19541-2page 2-7iLAN Properties: The setting to configure the IPv6 DAD transmit count should be configured as appropriate. CCE-19328-4 page 4-119LAN Properties: The setting to configure whether the system should respond to broadcast and multicast echo requests should be configured as appropriate. CCE-19222-9 page 4-93LAN Properties: The setting to configure whether the system should generate destination unreachable messages should be configured as appropriate. CCE-19538-8 page 4-185LAN Properties: The setting to configure the system ICMP transmission rate limit (in milliseconds) should be configured as appropriate. CCE-19574-3 page 4-186tLAN Properties: The setting to configure the system to ignore redirect messages should be configured as appropriate. CCE-19612-1 page 4-213page 2-5auto / autohdx / autofdxdLAN Properties: The setting to configure the system duplex mode should be configured as appropriate. CCE-19435-7310hdx / 10fdx / 100hdx / 100fdx / 1000hdx / 1000fdxbLAN Properties: The setting to configure the system LAN speed should be configured as appropriate. CCE-19292-2 page 4-110 pages 2-4iLAN Properties: The setting to configure a fourth DNS server address should be configured as appropriate. CCE-19388-8hLAN Properties: The setting to configure a third DNS server address should be configured as appropriate. CCE-19637-8lLAN Properties: The setting to configure a secondary DNS server address should be configured as appropriate. CCE-19272-4jLAN Properties: The setting to configure a primary DNS server address should be configured as appropriate. CCE-19624-6pages 2-4, 8-24dLAN Properties: The setting to configure the system domain name should be configured as appropriate. CCE-19341-7 page 4-200page 2-4fLAN Properties: The setting to configure the IPv6 default gateway should be configured as appropriate. CCE-19529-7 page 4-199eLAN Properties: The setting to configure the IPv6 global address should be configured as appropriate. CCE-19058-7 page 4-202iLAN Properties: The setting to configure the IPv6 site-local address should be configured as appropriate. CCE-19395-3 page 4-201iLAN Properties: The setting to configure the IPv6 link-local address should be configured as appropriate. CCE-19519-8 page 4-198off / automatic / manualpLAN Properties: The setting to configure the IPv6 address assignment method should be configured as appropriate. CCE-19143-7 page 4-321page 2-3kLAN Properties: The setting to configure the IPv4 subnet mask manually should be configured as appropriate. CCE-19273-2 page 4-92oLAN Properties: The setting to configure the IPv4 default gateway manually should be configured as appropriate. CCE-19166-8 page 4-193gLAN Properties: The setting to configure the IPv4 address manually should be configured as appr< opriate. CCE-19477-9 page 4-94automatic / manualpLAN Properties: The setting to configure the IPv4 address assignment method should be configured as appropriate. CCE-19062-9 page 4-175page 2-32 to 2-33h264 / h263+ / h263 / h261iISDN Network: The setting to configure the V.35 H.331 video protocol should be configured as appropriate. CCE-19525-5 page 4-174fcifgISDN Network: The setting to configure the V.35 H.331 video format should be configured as appropriate. CCE-19369-8 page 4-17330 / 15 / 10 / 7.5eISDN Network: The setting to configure the V.35 H.331 frame rate should be configured as appropriate. CCE-19563-6 page 4-172cISDN Network: The setting to enable the V.35 H.331 dual stream should be configured as appropriate. CCE-19473-8 page 4-171ng729 / g728 / g711u / g711a / g722-56 / g722-48 / g7221-16 / g7221-24 / g7221-32 / siren14 / siren14stereoeISDN Network: The setting to configure the V.35 H.331 audio mode should be configured as appropriate. CCE-19520-6 page 4-345adtran / adtran_isu512 / ascend / ascend_vsx / ascend_max / avaya_mcu / custom_1 / fvc.com / initia / lucent_mcu / madge_teleosbISDN Network: The setting to configure the V.35 profile used should be configured as appropriate. CCE-19579-2 page 4-340V.35 / RS-449 / RS-530cISDN Network: The setting to configure the V.35 protocol used should be configured as appropriate. CCE-19621-2 page 4-295WISDN Network: The setting to enable RS-366 dialing should be configured as appropriate. CCE-19152-8 page 4-339cISDN Network: The setting to configure the V.35 broadcast mode should be configured as appropriate. CCE-19170-0 page 4-319normal / invertedWISDN Network: The setting to configure the V.35 ST should be configured as appropriate. CCE-19526-3 page 4-297XISDN Network: The setting to configure the V.35 RTS should be configured as appropriate. CCE-19409-2 page 4-296WISDN Network: The setting to configure the V.35 RT should be configured as appropriate. CCE-19496-9 page 4-113normal / inverted / onXISDN Network: The setting to configure the V.35 DTR should be configured as appropriate. CCE-19539-6 page 4-111XISDN Network: The setting to configure the V.35 DSR should be configured as appropriate. CCE-19224-5 page 4-112_ISDN Network: The setting to configure the V.35 DSR answer should be configured as appropriate. CCE-19399-5 page 4-90XISDN Network: The setting to configure the V.35 DCD should be configured as appropriate. CCE-19536-2 page 4-91\ISDN Network: The setting to enable the V.35 DCD filter should be configured as appropriate. CCE-19638-6 page 4-88normal / inverted / ignoreXISDN Network: The setting to configure the V.35 CTS should be configured as appropriate. CCE-19524-8 page 4-346[ISDN Network: The setting to configure the V.35 suffix should be configured as appropriate. CCE-19478-7 page 4-344[ISDN Network: The setting to configure the V.35 prefix should be configured as appropriate. CCE-19509-9 page 4-341fISDN Network: The setting to configure the V.35 number for port 2 should be configured as appropriate. CCE-19106-4fISDN Network: The setting to configure the V.35 number for port 1 should be configured as appropriate. CCE-19258-3MISDN Network: The setting to enable V.35 should be configured as appropriate. CCE-19087-6 page 4-209_ISDN Network: The setting to configure the ISDN PRI number should be configured as appropriate. CCE-19463-9 page 4-280lISDN Network: The setting to configure the ISDN PRI outside line number should be configured as appropriate. CCE-19595-8 page 4-279page 2-30 to 2-31idsn / unknowngISDN Network: The setting to configure the ISDN PRI numbering plan should be configured as appropriate. CCE-19382-1 page 4-278esf/b8zs / crc4 / hdb3 / hdb3dISDN Network: The setting to configure the ISDN PRI line signal should be configured as appropriate. CCE-19454-8 page 4-277-0-133 / 134-266 / 267-399 / 400-533 / 534-665{ISDN Network: The setting to configure the ISDN PRI T1 line buildout for external CSUs should be configured as appropriate. CCE-19211-20 / -7.5 / -15 / -22.5{ISDN Network: The setting to configure the ISDN PRI T1 line buildout for internal CSUs should be configured as appropriate. CCE-19400-1 page 4-276mISDN Network: The setting to configure the ISDN PRI international prefix should be configured as appropriate. CCE-19364-9 page 4-275ISDN Network: The setting to configure the number of ISDN PRI channels allowed to be dialed in parallel should be configured as appropriate. CCE-19104-9 page 4-274internal / externaliISDN Network: The setting to configure the ISDN PRI T1 CSU mode type should be configured as appropriate. CCE-19605-5 page 4-272 page 2-32on / offbISDN Network: The setting to configure each ISDN PRI channels should be configured as appropriate. CCE-19543-8 page 4-271kISDN Network: The setting to configure the ISDN PRI call by call value should be configured as appropriate. CCE-19293-0 page 4-281Iatt5ess / att4ess / norteldms / ni2 / net5/ctr4 / nttins-1500 / ts-038dISDN Network: The setting to configure the ISDN PRI switch type should be configured as appropriate. CCE-19436-5 page 4-317 page 2-29gISDN Network: The setting to configure the ISDN BRI SPID number 4b should be configured as appropriate. CCE-19300-3gISDN Network: The setting to configure the ISDN BRI SPID number 4a should be configured as appropriate. CCE-19440-7gISDN Network: The setting to configure the ISDN BRI SPID number 3b should be configured as appropriate. CCE-19617-0gISDN Network: The setting to configure the ISDN BRI SPID number 3a should be configured as appropriate. CCE-19531-3gISDN Network: The setting to configure the ISDN BRI SPID number 2b should be configured as appropriate. CCE-19276-5gISDN Network: The setting to configure the ISDN BRI SPID number 2a should be configured as appropriate. CCE-19515-6gISDN Network: The setting to configure the ISDN BRI SPID number 1b should be configured as appropriate. CCE-19032-2gISDN Network: The setting to configure the ISDN BRI SPID number 1a should be configured as appropriate. CCE-19343-3ISDN Network: The setting to configure the auto BRI setting that allows SPID numbers to be assigned in NI1 or NI2 should be configured as appropriate. CCE-19266-6bISDN Network: The setting to configure the ISDN BRI number 4b should be configured as appropriate. CCE-19465-4bISDN Network: The setting to configure the ISDN BRI number 4a should be configured as appropriate. CCE-19085-0bISDN Network: The setting to configure the ISDN BRI number 3b should be configured as appropriate. CCE-19026-4bISDN Network: The setting to configure the ISDN BRI number 3a should be configured as appropriate. CCE-18725-2bISDN Network: The setting to configure the ISDN BRI number 2b should be configured as appropriate. CCE-19326-8bISDN Network: The setting to configure the ISDN BRI number 2a should be configured as appropriate. CCE-19462-1bISDN Network: The setting to configure the ISDN BRI number 1b should be configured as appropriate. CCE-19192-4bISDN Network: The setting to configure the ISDN BRI number 1a should be configured as appropriate. CCE-19492-8 page 4-204bISDN Network: The setting to configure the ISDN BRI area code should be configured as appropriate. CCE-19480-3 page 4-205eISDN Network: The setting to configure the ISDN BRI country code should be configured as appropriate. CCE-19458-9 page 4-38XISDN Network: The setting to enable ISDN BRI line 4 should be configured as appropriate. CCE-19581-8XISDN Network: The setting to enable ISDN BRI line 3 should be configured as appropriate. CCE-19598-2XISDN Network: The setting to enable ISDN BRI line 2 should be configured as appropriate. CCE-19413-4XISDN Network: The setting to enable ISDN BRI line 1 should be configured as appropriate. CCE-19308-6 page 4-39[ISDN Network: The setting to enable all ISDN BRI lines should be configured as appropriate.< CCE-19421-7 page 4-210wpt-to-pt_at&t_5_ess / multipoint_at&t_5_ess / ni-1 / nortel_dms-100 / standard_etsi_euro-isdn / ts-031 / ntt_ins-64dISDN Network: The setting to configure the ISDN BRI switch type should be configured as appropriate. CCE-19572-7page 11 page 2-28[ISDN Network: The setting to enable the ISDN interface should be configured as appropriate. CCE-19497-7 page 2-24public / privateIP Network: The setting to configure which NAT address to be displayed in the Polycom Global Directory Server should be configured as appropriate. CCE-19567-7 page 4-247aIP Network: The setting to enable NAT to be H.323 compatible should be configured as appropriate. CCE-19594-1 page 2-23`IP Network: The setting to configure NAT public WAN address should be configured as appropriate. CCE-19340-9 page 4-246off / auto / manual`IP Network: The setting to configure NAT configuration type should be configured as appropriate. CCE-18743-5 page 2-21cIP Network: The setting to configure maximum receive bandwidth should be configured as appropriate. CCE-19578-4dIP Network: The setting to configure maximum transmit bandwidth should be configured as appropriate. CCE-19265-8pages 4-115, D-9page 2-20 to 2-21XIP Network: The setting to enable dynamic bandwidth should be configured as appropriate. CCE-19072-8 page 4-124KIP Network: The setting to enable RSVP should be configured as appropriate. CCE-19449-8 page 4-123mIP Network: The setting to enable Polycom Video Error Concealment (PVEC) should be configured as appropriate. CCE-19620-4 page 4-243_IP Network: The setting to configure the MTU size manually should be configured as appropriate. CCE-19411-8 page 4-242default / specifyfIP Network: The setting to configure the MTU mode assignment type should be configured as appropriate. CCE-19099-1 page 2-14`IP Network: The setting to configure the gateway dial speed should be configured as appropriate. CCE-19287-2 page 4-258IP Network: The setting to configure the number of digits in the DID gateway number (if set to number+extension) should be configured as appropriate. CCE-19550-3 page 4-149number+extension / didaIP Network: The setting to configure the gateway number type should be configured as appropriate. CCE-18639-5 page 4-152aIP Network: The setting to configure the gateway dial suffix should be configured as appropriate. CCE-19375-5 page 4-150aIP Network: The setting to configure the gateway dial prefix should be configured as appropriate. CCE-19255-9 page 4-147fIP Network: The setting to configure the gateway extension number should be configured as appropriate. CCE-18728-6 page 4-148\IP Network: The setting to configure the gateway number should be configured as appropriate. CCE-19204-7 page 4-145_IP Network: The setting to configure the gateway area code should be configured as appropriate. CCE-19472-0 page 4-146bIP Network: The setting to configure the gateway country code should be configured as appropriate. CCE-19323-5WIP Network: The setting to enable the ISDN gateway should be configured as appropriate. CCE-18681-7UIP Network: The setting to enable the IP gateway should be configured as appropriate. CCE-19491-0 page 2-10fIP Network: The setting to configure a primary gatekeeper address should be configured as appropriate. CCE-19186-6 page 2-11lIP Network: The setting to configure gatekeeper authentication password should be configured as appropriate. CCE-19370-6mIP Network: The setting to configure gatekeeper authentication user name should be configured as appropriate. CCE-19060-3`IP Network: The setting to enable gatekeeper authentication should be configured as appropriate. CCE-19380-5 page 4-335off / auto / specifyQIP Network: The setting to enable gatekeeper should be configured as appropriate. CCE-19447-2 page 4-336page 2-11, 6-4YIP Network: The setting to use Polycom PathNavigator should be configured as appropriate. CCE-19467-0pages 2-39, C-1 to C-2tIP Network: The setting to configure the maximum IP call speed to receive calls should be configured as appropriate. CCE-18560-3page 27rIP Network: The setting to configure the maximum IP call speed to place calls should be configured as appropriate. CCE-19423-3 page 4-116pages 2-10, 2-14eIP Network: The setting to configure the H.323 extension (E.164) should be configured as appropriate. CCE-19445-6}IP Network: The setting to allow display of the H.323 extension (E.164) on the local GUI should be configured as appropriate. CCE-19250-0page 2-8LIP Network: The setting to enable H.323 should be configured as appropriate. CCE-19123-9 page 4-183]IP Network: The setting to configure the system hostname should be configured as appropriate. CCE-19311-0 page 4-332RIP Network:The setting to configure UDP ports should be configured as appropriate. CCE-19422-5 page 4-325RIP Network:The setting to configure TCP ports should be configured as appropriate. CCE-19045-4 page 4-334RIP Network: The setting to enable fixed ports should be configured as appropriate. CCE-19482-9NIP Network: The setting to allow 802.1p/Q should be configured as appropriate. CCE-19330-0PIP Network: The setting to allow EAP/802.1X should be configured as appropriate. CCE-19278-1pages 2-15 to 2-19XIP Network: The setting to configure a SIP password should be configured as appropriate. CCE-19415-9\IP Network: The setting to configure a SIP proxy server should be configured as appropriate. CCE-19387-0`IP Network: The setting to configure a SIP registrar server should be configured as appropriate. CCE-19297-1auto / tcp / udp / tls`IP Network: The setting to specify a SIP transport protocol should be configured as appropriate. CCE-19299-7 page 4-197nIP Network: The setting to configure the value for IP Precedence for fecc should be configured as appropriate. CCE-19466-2oIP Network: The setting to configure the value for IP Precedence for audio should be configured as appropriate. CCE-19089-2oIP Network: The setting to configure the value for IP Precedence for video should be configured as appropriate. CCE-19499-3 page 4-100iIP Network: The setting to configure the value for DiffServ for fecc should be configured as appropriate. CCE-18952-2jIP Network: The setting to configure the value for DiffServ for audio should be configured as appropriate. CCE-19246-8jIP Network: The setting to configure the value for DiffServ for video should be configured as appropriate. CCE-19470-4ip precedence / diffservVIP Network: The setting to configure the QoS type should be configured as appropriate. CCE-19407-6 page 4-238page 3-4black / nosignalxDisplay: The setting to configure output upon screen saver activation for monitor 2 should be configured as appropriate. CCE-19427-4 page 4-236xDisplay: The setting to configure output upon screen saver activation for monitor 1 should be configured as appropriate. CCE-19464-7 page 4-178}Display: The setting to allow display of the system call quality menu on the home screen should be configured as appropriate. CCE-19209-6wDisplay: The setting to allow display of the system SIP address on the home screen should be configured as appropriate. CCE-18823-5Display: The setting to allow display of the system do not disturb control on the home screen should be configured as appropriate. CCE-19316-9 page 4-106Display: The setting to allow display of the system H.323 extension (E.164) on the home screen should be configured as appropriate. CCE-19452-2 page 4-226xDisplay: The setting to allow display of the system IPv4 address on the home screen should be configured as appropriate. CCE-19197-3uDisplay: The setting to allow display of the system date time on the home screen should be configured as appropriate. CCE-19376-3 page 4-182pDisplay: The setting to allow display of the system name on the home screen should be configured as appropriate. CCE-19460-5 page 4-134page 44< kDisplay: The setting to configure far site name display time in a call should be configured as appropriate. CCE-19004-1off / elapsed / localhDisplay: The setting to configure how to display the time in a call should be configured as appropriate. CCE-19230-2 page 4-266page 15on / off / cameraiDisplay: The setting to configure picture in picture (PIP) placement should be configured as appropriate. CCE-19314-4 page 4-308page 7-8\Display: The setting to configure the screen saver text should be configured as appropriate. CCE-19416-7 page 4-352pages 3-7, 5-2 to 5-3pages 9, 18, 21Xnear / far / auto / content / content-or-near / content-or-far / content-or-auto / none`Display: The setting to configure the VCR/DVD record source should be configured as appropriate. CCE-19059-5page 4-85, D-7hDisplay: The setting to enable splash screen on the content monitor should be configured as appropriate. CCE-19282-3 page 4-77pages 3-3 to 3-8C50hz720p / 60hz720p / 50hz1080i / 60hz1080i / 50hz1080p / 60hz1080p]Display: The setting to configure the display resolution should be configured as appropriate. CCE-19503-2 4:3 / 16:9_Display: The setting to configure the display aspect ratio should be configured as appropriate. CCE-19450-6pages 3-1 to 3-8+component / vga / dvi / composite / s_videoWDisplay: The setting to configure the display type should be configured as appropriate. CCE-19429-0 page 4-264page 3-8normal / stretch / zoombDisplay: The setting to configure the people video adjustment should be configured as appropriate. CCE-19446-4 page 4-86cDisplay: The setting to configure the content video adjustment should be configured as appropriate. CCE-19430-8kDirectory: The setting to enable preview of local address book entries should be configured as appropriate. CCE-19281-5 page 4-83Directory: The setting to configure if the system prompts the user before allowing a local address book entry to be deleted should be configured as appropriate. CCE-19225-2 page 4-82Directory: The setting to configure if the system prompts the user to add a local address book entry for a far site upon call disconnection should be configured as appropriate. CCE-19236-9 page 4-260pages 2-17 to 2-18, 6-13pages 39 to 40Directory: The setting to enable retrieval and display of contacts from a Microsoft Lync (Office Communications/OCS) Server should be configured as appropriate. CCE-19397-9 page 6-11private / publicDirectory: The setting to configure whether to display the system address in a Polycom Global Directory Server should be configured as appropriate. CCE-19175-9 page 4-231Directory: The setting to configure the maximum ISDN transmit call speed for a Polycom Global Directory Server should be configured as appropriate. CCE-19501-6 page 4-230Directory: The setting to configure the maximum internet call speed for a Polycom Global Directory Server should be configured as appropriate. CCE-19227-8 page 4-229Directory: The setting to configure the maximum international call speed for a Polycom Global Directory Server should be configured as appropriate. CCE-19161-9 page 4-140 pages 24, 28Directory: The setting to configure the server address of a Polycom Global Directory Server should be configured as appropriate. CCE-19262-52pages 4-11, 4-153, 4-217, 4-260, 4-261, 4-285, E-4pDirectory: The setting to allow access to a Polycom Global Directory Server should be configured as appropriate. CCE-19321-9 page 4-223 page 6-12WDirectory: The setting to configure LDAP user name should be configured as appropriate. CCE-19226-0 page 4-221YDirectory: The setting to configure LDAP server port should be configured as appropriate. CCE-19315-1 page 4-220\Directory: The setting to configure LDAP server address should be configured as appropriate. CCE-18735-1 page 4-216VDirectory: The setting to configure LDAP password should be configured as appropriate. CCE-19279-9 page 4-218UDirectory: The setting to configure LDAP bind DN should be configured as appropriate. CCE-19333-4YDirectory: The setting to configure LDAP NTLM domain should be configured as appropriate. CCE-19469-6 page 4-215UDirectory: The setting to configure LDAP base DN should be configured as appropriate. CCE-19199-9 page 4-222_Directory: The setting to enable LDAP SSL encryption state should be configured as appropriate. CCE-19485-2 page 4-214pages 6-9 to 6-11anonymous / basic / ntlmaDirectory: The setting to configure LDAP authentication type should be configured as appropriate. CCE-19305-2 page 9 to 10pages 7-1 to 7-212 hour / 24 hourbDate Time: The setting to configure if the system time format should be configured as appropriate. CCE-19360-7$MM-dd-yyyy / dd-MM-yyyy / yyyy-MM-ddbDate Time: The setting to configure if the system date format should be configured as appropriate. CCE-19412-6Date Time: The setting to configure if the system should automatically adjust for daylight savings time should be configured as appropriate. CCE-19372-2]Date Time: The setting to configure the system time zone should be configured as appropriate. CCE-19163-5am / pm\Date Time: The setting to configure the system AM or PM should be configured as appropriate. CCE-19495-1[Date Time: The setting to configure the system minutes should be configured as appropriate. CCE-19189-0XDate Time: The setting to configure the system hour should be configured as appropriate. CCE-18505-8XDate Time: The setting to configure the system year should be configured as appropriate. CCE-19084-3YDate Time: The setting to configure the system month should be configured as appropriate. CCE-19223-7WDate Time: The setting to configure the system day should be configured as appropriate. CCE-19117-1 page 4-255page 7-2_Date Time: The setting to configure a secondary NTP server should be configured as appropriate. CCE-19283-1 page 4-256]Date Time: The setting to configure a primary NTP server should be configured as appropriate. CCE-19118-9 page 4-254off / manual / autoIDate Time: The setting to enable NTP should be configured as appropriate. CCE-19105-6 page 4-212nDate Time: The setting to configure the language for the system local GUI should be configured as appropriate. CCE-19027-2 page 4-87pages 2-29, 2-34, 7-2hDate Time: The setting to configure the country name for the system should be configured as appropriate. CCE-19371-4page 5-7yCamera: The setting to configure the background source for Polycom people on content should be configured as appropriate. CCE-19391-2yCamera: The setting to configure the foreground source for Polycom people on content should be configured as appropriate. CCE-19095-9 page 4-67pages 3-34, 3-36, 5-6Jvia web and local GUI and API command (requires Polycom EagleEye Director)QCamera: The setting to allow camera tracking should be configured as appropriate. CCE-19301-1\Camera: The setting to configure camera power frequency should be configured as appropriate. CCE-19319-3page 3-17 to 3-24people / content / both_Camera: The setting to configure camera quality preference should be configured as appropriate. CCE-18499-4hCamera: The setting to configure which camera is the primary camera should be configured as appropriate. CCE-19129-6 page 4-79pages 3-25 to 3-29sharpness / motioniCamera: The setting to configure the camera input video quality type should be configured as appropriate. CCE-19271-6page 7-7[Camera: The setting to configure the camera input name should be configured as appropriate. CCE-19261-7cCamera: The setting to configure the camera input aspect ratio should be configured as appropriate. CCE-19103-1pages 4-70, A-12pages 3-14 to 3-35,s-video / composite / component / dvi / vga aCamera: The setting to configure the camera video input type should be configured as appropriate. CCE-19119-7page 4-269 to 4-270"pages 3-4, 3-36 to 3-38, 5-8, 10-1pages 2, 12, 13, 22, 43XCamera: T< he setting to configure the camera presets should be configured as appropriate. CCE-18484-6 page 4-69normal / reversed^Camera: The setting to configure the camera pan direction should be configured as appropriate. CCE-19110-6page 4-36, A-7page 3-30, 3-34, 8-26 page 44-45YCamera: The setting to enable backlight compensation should be configured as appropriate. CCE-19353-2 page 4-51 page 6-17page 4, 6, 38-39Calendar: The setting to specify whether to play a sound along with the text reminder when the system is not in a call should be configured as appropriate. CCE-19338-3 page 4-53Calendar: The setting to specify the number of minutes before the meeting to display a reminder should be configured as appropriate. CCE-19304-5 page 4-56Calendar: The setting to allow Microsoft Exchange calendar service to display private meetings should be configured as appropriate. CCE-19231-0 page 4-55 page 6-16tCalendar: The setting to configure a Microsoft Exchange calendar server address should be configured as appropriate. CCE-19396-1 page 4-54Calendar: The setting to configure a mailbox to be monitored by Microsoft Exchange calendar service should be configured as appropriate. CCE-19180-9 page 4-50nCalendar: The setting to configure a Microsoft Exchange calendar password should be configured as appropriate. CCE-19038-9 page 4-44lCalendar: The setting to configure a Microsoft Exchange calendar domain should be configured as appropriate. CCE-19390-4 page 4-52pages 6-15 to 6-17, 7-4 to 7-5kCalendar: The setting to allow Microsoft Exchange calendar integration should be configured as appropriate. CCE-18398-8pages 8-27, 10-1[Audio: The setting to enable keypad audio confirmation should be configured as appropriate. CCE-19296-3 page 4-316`Audio: The setting to configure the incoming call ring tone should be configured as appropriate. CCE-19307-8XAudio: The setting to configure the user alert tone should be configured as appropriate. CCE-18366-5 page 4-351 page 4-18YAudio: The setting to enable VCR audio out always on should be configured as appropriate. CCE-19248-4 page 4-122 page 4-15YAudio: The setting to enable Polycom live music mode should be configured as appropriate. CCE-18830-0 page 4-121bAudio: The setting to enable Polycom keyboard noise reduction should be configured as appropriate. CCE-19067-8 page 4-118 page 4-16SAudio: The setting to enable echo cancellation should be configured as appropriate. CCE-19344-1Deployment Guide for Maximum Security Environments - Polycom HDX Systems, Version 3.0.3 http://support.polycom.com/global/documents/support/setup_maintenance/products/video/hdx_security_deployment.pdfXIntegrator's Reference Manual for Polycom HDX Systems, Version 3.0.3 http://support.polycom.com/global/documents/support/setup_maintenance/products/video/hdx_irm.pdfEAdministrator's Guide for Polycom HDX Systems, Version 3.0.3 http://support.polycom.com/global/documents/support/setup_maintenance/products/video/hdx_ag.pdf=User's Guide for Polycom HDX Room Systems, Version 3.0.3 http://supportdocs.polycom.com/PolycomService/support/global/documents/support/user/products/video/hdxroom_ug.pdf9Version: 5.20120521Last modified: 2012-05-18 CCE-18800-3SThe "Check Administrator Group Membership" setting should be configured correctly.(1) Powershell: Get-WmiObject -Class Win32_ComputerSystem to get domain (2) Powershell: Get-WmiObject -Class Win32_Group -ComputerName (3) Powershell: Code logic to extract admin list and compare against desired list (4) If match True else False CCE-19216-1SThe "Check if Windows Updates are missing" setting should be configured correctly.Compliant/Not Compliant(1) Powershell: New-Object -ComObject "Microsoft.Update.Session" (2) CreateupdateSearcher().Search($criteria).Updates.Count (3) If count = 0 "Compliant" else "Not Compliant" CCE-19306-0LThe "Check if AppLocker is Enabled" setting should be configured correctly.Enabled/Disabledg(1) Powershell: Get-AppLockerPolicy -Effective |Select-Object -Skip 1 (2) If NULL Disabled else Enabled1Microsoft Security Compliance Manager Version 2.5Microsoft Tool: Security Compliance Manager (SCM) Microsoft Baseline: Win7SP1ExtendedDCMChecks 1.0 SCM URL: http://go.microsoft.com/fwlink/?LinkId=113940 Note, use SCM global search and baseline filter to locate settings related to CCE ID5http://msdn.microsoft.com/en-us/library/ff648653.aspx; (1) set of accounts (2) events to audit (3) applicabilitygThe required auditing settings for the MetaBase.xml file should be assigned for the specified websites. CCE-19927-3Rule Title: The Enable rapid-fail time period monitor must be enabled. STIG ID: WA000-WI6036 IIS6 Rule ID: SV-38045r1_rule Vuln ID: V-13712(1) Internet Information Services (IIS) Manager => Application Pools => => right click Properties => Health => Enable rapid-fail protection - Time Period2(1) TARGET: application pool (2) number of minutesThe IIS Application Pool "Enable rapid-fail protection - Time Period" setting should be set correctly for the specified application pools. CCE-20055-0Rule Title: The Enable rapid-fail protection monitor must be enabled. STIG ID: WA000-WI6034 IIS6 Rule ID: SV-38044r1_rule Vuln ID: V-13711(1) Internet Information Services (IIS) Manager => Application Pools => => right click Properties => Health => Enable rapid-fail protection - Failures3(1) TARGET: application pool (2) number of failuresThe IIS Application Pool "Enable rapid-fail protection - Failures" setting should be set correctly for the specified application pools. CCE-20141-8(1) Internet Information Services (IIS) Manager => Application Pools => => right click Properties => Health => Enable rapid-fail protection1(1) TARGET: application pool (2) enabled/disabledThe IIS Application Pool "Enable rapid-fail protection" setting should be enabled or disabled as appropriate for the specified application pools. CCE-20069-1Rule Title: The Enable pinging monitor must be enabled. STIG ID: WA000-WI6032 IIS6 Rule ID: SV-38043r1_rule Vuln ID: V-13710(1) Internet Information Services (IIS) Manager => Application Pools => => right click Properties => Health => Ping worker process every (frequency in seconds)2(1) TARGET: application pool (2) number of secondsThe IIS Application Pool "Ping worker process every (frequency in seconds)" setting should be set correctly for the specified application pools. CCE-20073-3(1) Internet Information Services (IIS) Manager => Application Pools => => right click Properties => Health => Enable pingingThe IIS Application Pool "'Enable pinging" setting should be enabled or disabled as appropriate for the specified application pools.. CCE-19160-1Rule Title: The Limit the kernel request queue monitor must be enabled STIG ID: WA000-WI6030 IIS6 Rule ID: SV-38123r1_rule Vuln ID: V-13709(1) Internet Information Services (IIS) Manager => Application Pools => => right click Properties => Performance => Limit the kernel request queue (number of requests)3(1) TARGET: application pool (2) number of requestsThe IIS Application Pool "Limit the kernel request queue (number of requests)" setting should be set correctly for the specified application pools. CCE-20002-2The IIS Application Pool "Limit the kernel request queue (number of requests)" setting should be enabled or disabled as appropriate for the specified application pools. CCE-19912-5Rule Title: The Shutdown worker processes Idle Timeout monitor must be enabled. STIG ID: WA000-WI6028 IIS6 Rule ID: SV-38125r1_rule Vuln ID: V-13708(1) Internet Information Services (IIS) Manager => Application Pools => => right click Properties => Performance => Shutdown worker processes after being idle (time in minutes)The IIS Application Pool "Shutdown worker processes after being idle (time in minutes)" setting should be set correctly fo< r the specified application pools. CCE-19597-4The IIS Application Pool "Shutdown worker processes after being idle (time in minutes)" setting should be enabled or disabled as appropriate for the specified application pools. CCE-19442-3Rule Title: The maximum used memory monitor must be enabled. STIG ID: WA000-WI6026 IIS6 Rule ID: SV-38130r1_rule Vuln ID: V-13707(1) Internet Information Services (IIS) Manager => Application Pools => => right click Properties => Recycling => Maximum used memory (in megabytes)4(1) TARGET: application pool (2) number of megabytesThe IIS Application Pool "Maximum used memory (in megabytes)" setting should be set correctly for the specified application pools. CCE-20004-8The IIS Application Pool "Maximum used memory (in megabytes)" setting should be enabled or disabled as appropriate for the specified application pools. CCE-19633-7Rule Title: The maximum virtual memory monitor must be enabled. STIG ID: WA000-WI6024 IIS6 Rule ID: SV-38033r1_rule Vuln ID: V-13706(1) Internet Information Services (IIS) Manager => Application Pools => => right click Properties => Recycling => Maximum virtual memory (in megabytes)The IIS Application Pool "Maximum virtual memory (in megabytes)" setting should be set correctly for the specified application pools. CCE-19437-3The IIS Application Pool "Maximum virtual memory (in megabytes)" setting should be enabled or disabled as appropriate for the specified application pools. CCE-19934-9Rule Title: The maximum number of requests an application pool can process must be set. STIG ID: WA000-WI6022 IIS6 Rule ID: SV-38132r1_rule Vuln ID: V-13705(1) Internet Information Services (IIS) Manager => Application Pools => => right click Properties => Recycling => Recycle worker processes (number of requests)The IIS Application Pool "Recycle worker process (number of requests)" setting should be set as appropriate for the specified application pools. CCE-19672-5The IIS Application Pool "Recycle worker process (number of requests)" setting should be enabled or disabled as appropriate for the specified application pools. CCE-20054-3The Recycle Worker processes in minutes monitor must be set properly. STIG ID: WA000-WI6020 IIS6 Rule ID: SV-38134r1_rule Vuln ID: V-13704(1) Internet Information Services (IIS) Manager => Application Pools => => right click Properties => Recycling => Recycle worker processes (in minutes)The IIS Application Pool "Recycle worker process (in minutes)" setting should be set as appropriate for the specified application pools. CCE-19414-2The IIS Application Pool "Recycle worker process (in minutes)" setting should be enabled or disabled as appropriate for the specified application pools. CCE-19157-7}http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/ed3c22ba-39fc-4332-bdb7-a0d9c76e4355.mspx?mfr=true(1) Internet Information Services (IIS) Manager => Web Sites => right click Properties => Services => Run WWW service in IIS 5.0@The worker proceess isolation should be configured appropriatly. CCE-19954-7Rule Title: The web site must have a unique application pool. STIG ID: WA000-WI6010 IIS6 Rule ID: SV-38137r1_rule Vuln ID: V-13703(1) Internet Information Services (IIS) Manager => Application Pools => right click Prpoerties => Identity Tab => non-privileged account(1) type of serviceKThe identity of the IIS Application Pools service should be set correctly. CCE-19840-8}http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/2df6ff66-da04-4e7c-997d-8f7aa46af8c8.mspx?mfr=trueO (1) defined by the Services Administrative Tool (2) definied by Group Policy UThe startup type of the HTTP SSL (HTTPFilter) service should be configured correctly. CCE-20091-5}http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/3648346f-e4f5-474b-86c7-5a86e85fa1ff.mspx?mfr=trueP(1) defined by the 'Adjust memory quotas for a process' setting in Local PolicySThe "Adjust memory quotas for a process" setting should be configured appropriatly. CCE-19288-0D(1) defined by the 'User Rights Assignment' setting in Local PolicyPThe 'Replace a process-level token' setting should be configured as appropriate. CCE-20046-9}http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/f9b564d2-d245-4241-ba0d-266a896ca663.mspx?mfr=true~(1) Internet Information Services (IIS) Manage => Web Sites => => right click Properties => ISAPI Filters => URLScan'(1) TARGET: website (2) exist/not existTThe URLScan ISAPI filters should be configured correctly for the specified websites. CCE-19097-5Rule Title: The MaxRequestEntityAllowed metabase value must be defined. STIG ID: WA000-WI6098 IIS6 Rule ID: SV-38047r1_rule Vuln ID: V-137235(1) MaxRequestEntityAllowed key in IIS metabase fileLThe maximum size of the entire request body setting should be set correctly. CCE-20067-5Rule Title: The UriMaxUriBytes registry entry must be set properly. STIG ID: WA000-WI6094 IIS6 Rule ID: SV-38167r1_rule Vuln ID: V-13721W(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HTTP\Parameters\UriMaxUriBytesSThe maximum response size that can be cached in the kernel should be set correctly. CCE-19799-6Rule Title: The PercentUAllowed registry entry must be set properly. STIG ID: WA000-WI6092 IIS6 Rule ID: SV-38166r1_rule Vuln ID: V-13720X(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HTTP\Parameters\PercentUAllowedZThe allowance of %U notation in request URLs should be enabled or disabled as appropriate. CCE-19843-2Rule Title: The UrlSegmentMaxCount registry entry must be set properly. STIG ID: WA000-WI6096 IIS6 Rule ID: SV-38168r1_rule Vuln ID: V-13722[(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HTTP\Parameters\UrlSegmentMaxCount(1) number of URL path segments@The maximum number of URL path segments should be set correctly. CCE-19823-4Rule Title: The UrlSegmentMaxLength registry entry must be set properly. STIG ID: WA000-WI6090 IIS6 Rule ID: SV-38165r1_rule Vuln ID: V-13719\(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HTTP\Parameters\UrlSegmentMaxLengthOThe maximum number of characters in a URL path setting should be set correctly. CCE-19860-6Rule Title: The MaxRequestBytes registry entry must be set properly. STIG ID: WA000-WI6088 IIS6 Rule ID: SV-38164r1_rule Vuln ID: V-13718X(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HTTP\Parameters\MaxRequestBytesWThe maximum possible combined size of request line and headers should be set correctly. CCE-19665-9Rule Title: The MaxFieldLength registry entry must be set properly. STIG ID: WA000-WI6086 IIS6 Rule ID: SV-38163r1_rule Vuln ID: V-13717W(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HTTP\Parameters\MaxFieldLengthEThe maximum possible size of request headers should be set correctly. CCE-19942-2Rule Title: The FavorUTF8 registry key must be set properly. STIG ID: WA000-WI6084 IIS6 Rule ID: SV-38162r1_rule Vuln ID: V-13716R(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HTTP\Parameters\FavorUTF8EThe "FavorUTF8" setting should be enabled or disabled as appropriate. CCE-19270-8Rule Title: The EnableNonUTF8 registry key must be disabled. STIG ID: WA000-WI6082 IIS6 Rule ID: SV-38161r1_rule Vuln ID: V-13715V(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HTTP\Parameters\EnableNonUTF8IThe "EnableNonUTF8" setting should be enabled or disabled as appropriate. CCE-19713-7Rule Title: The AllowRestrictedChars registry key must be disabled. STIG ID: WA000-WI6080 IIS6 Rule ID: SV-38160r1_rule Vuln ID: V-13714](1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HTTP\Parameters\AllowRestrictedCharsPThe "AllowRestrictedChars" setting should be enabled or disabled as appropriate. CCE-19763-2Rule Title: All web server documentation, sample code, example applications, and tutorials must be removed from a production web server. STIG ID: WG385 IIS< 6 Rule ID: SV-38330r1_rule Vuln ID: V-13621((1) files in %SystemRoot%\web\printers(1) exist/not exist HIIS sample Web Printing files should be installed or not as appropriate. CCE-19991-9Rule Title: The IISADMPWD directory must be removed from the Web server. STIG ID: WA000-WI035 IIS6 Rule ID: SV-38148r1_rule Vuln ID: V-13698 Severity: CAT I Class: Unclass,(1) AuthChangeDisable flag in the Metabase MRemote Account password changes should be enabled or disabled as appropriate. CCE-19797-0'(1) files in %SystemRoot%\help\iishelp 9IIS Help files should be installed or not as appropriate. CCE-19956-2>(1) files in \Program Files\Common Files\System\msadc\Samples GThe sample Data Access files should be installed or not as appropriate. CCE-19737-6#(1) files in \Inetpub\iissamples ;IIS Sample files should be installed or not as appropriate. CCE-20020-4Rule Title: Unused and vulnerable script mappings in IIS 6 must be removed. STIG ID: WA000-WI050 IIS6 Rule ID: SV-16145r2_rule Vuln ID: V-2267(1) Internet Service manager > Server > Right Click on the specified website > Properties > Home Directory tab > Configuration button >App Mappings tab(1) exist/not existXWeb-based password reset IIS application mappings (.htr) should be configured correctly. CCE-19691-5`(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W3SVC\Parameters\SSIEnableCmdDirectivePServer Side Includes command shell should be enabled or disabled as appropriate. CCE-19988-5}http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/8f8364a3-5d84-48fd-b6a7-044dad20c413.mspx?mfr=true"(1) WAMUserName Metabase Property(1) valid name0The IWAM account should be configured correctly. CCE-20015-4%(1) defined by Local or Group Policy>The IUSR account should be enabled or disabled as appropriate. CCE-19611-3Rule Title: Anonymous access accounts must be restricted. STIG ID: WG195 IIS6 Rule ID: SV-29351r2_rule Vuln ID: V-6537 Severity: CAT I Class: UnclassBThe membership of the IUSR account should be configured correctly. CCE-19362-3&http://support.microsoft.com/kb/271071" (1) defined by the object's SACL QThe file auditing for the \Metaback directory should be configured appropriately. CCE-19641-0(1) Internet Information Service Manager > Server > Right Click on the specified website > Properties > Website Tab > Properties"(1) TARGET: website (2) local path[The path of the HTTP Log folder should be configured correctly for the specified websites. CCE-20026-1}http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/676400bc-8969-4aa7-851a-9319490a9bbb.mspx?mfr=true(1) Internet Information Service Manager > Server > Right Click on the specified website > Properties > Website Tab > W3C Extended Log File Format > Properties > Extended Properties ) (1) TARGET: website (2) enabled/disabled]Win32 status logging should be enabled or disabled as appropriate for the specified websites. CCE-20080-8Rule Title: Log file data must contain required data elements. STIG ID: WG242 IIS6 Rule ID: SV-28653r2_rule Vuln ID: V-13688 Severity: CAT II Class: UnclassaProtocol status logging should be enabled or disabled as appropriate for the specified websites. CCE-19940-6]Server port logging should be enabled or disabled as appropriate for the specified websites. CCE-19684-0cServer IP address logging should be enabled or disabled as appropriate for the specified websites. CCE-19838-2[URL query logging should be enabled or disabled as appropriate for the specified websites. CCE-19606-3ZURI stem logging should be enabled or disabled as appropriate for the specified websites. CCE-20028-7WMethod logging should be enabled or disabled as appropriate for the specified websites. CCE-19167-6[User agent logging should be enabled or disabled as appropriate for the specified websites. CCE-19683-2[User name logging should be enabled or disabled as appropriate for the specified websites. CCE-19753-3bClient IP Address logging should be enabled or disabled as appropriate for the specified websites. CCE-19678-2UTime logging should be enabled or disabled as appropriate for the specified websites. CCE-19615-4UDate logging should be enabled or disabled as appropriate for the specified websites. CCE-20024-6((1) TARGET: website (2) enabled/disabled_HTTP protocol logging should be enabled or disabled as appropriate for the specified websites. CCE-19884-6}http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/ebf1885b-7217-4ac6-93a3-633ef248bc8f.mspx?mfr=truePThe file auditing for the Web Root directory should be configured appropriately. CCE-20029-5PThe file auditing for the Inetpub directory should be configured appropriately. CCE-19977-8fThe file auditing for the directory \%SystemRoot%\System32\Inetsrv should be configured appropriately. CCE-20077-4Rule Title: Web server system files must conform to minimum file permission requirements. STIG ID: WG300 IIS6 Rule ID: SV-38327r1_rule Vuln ID: V-2259!(1) defined by the object's DACL=(1) set of accounts (2) list of permissions (3) applicabilityJPermissions on the default Logfiles directory should be set appropriately. CCE-19888-7BPermissions on the Web Root directory should be set appropriately. CCE-20052-7LPermissions on the Web Root "include" directory should be set appropriately. CCE-19618-8IPermissions on the Web Root "home" directory should be set appropriately. CCE-19801-0IPermissions on the Web Root "docs" directory should be set appropriately. CCE-20083-2PPermissions on the Web Root "executables" directory should be set appropriately. CCE-19332-6LPermissions on the Web Root "scripts" directory should be set appropriately. CCE-19643-6KPermissions on the Web Root "Images" directory should be set appropriately. CCE-19433-2<Permissions on inetsrv\asp.dll should be set appropriately. CCE-20014-7APermissions on the inetsrv directory should be set appropriately. CCE-19792-1APermissions on the Inetpub directory should be set appropriately. CCE-20034-5(1) defined by the Services Administrative Tool (2) definied by Group Policy (3) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IISADMIN\Start GThe startup type of the IIS Admin (IISAdmin) service should be correct. CCE-19751-7Rule Title: Interactive scripts must have proper access controls. STIG ID: WG410 IIS6 Rule ID: SV-28848r2_rule Vuln ID: V-2229(1) Internet Information Service Manager > Server > Right Click on the specified website > Properties > Home Directory tab > Configuration button > Enable Parent Paths((1) TARGET: webiste (2) enabled/disabled`Relative path traversal should be enabled or disabled as appropriate for the specified websites. CCE-20044-4(1) Internet Information Service Manager > Server > Right Click on the specified website > Properties > Home Directory tab > Configuration button > App Mappings tab CThe '.shtml' extension mapping should be configured as appropriate. CCE-19545-3AThe '.stm' extension mapping should be configured as appropriate. CCE-20043-6BThe '.shtm' extension mapping should be configured as appropriate. CCE-19732-7AThe '.idc' extension mapping should be configured as appropriate. CCE-19527-1AThe '.idq' extension mapping should be configured as appropriate. CCE-19365-6AThe '.ida' extension mapping should be configured as appropriate. CCE-19946-3AThe '.htw' extension mapping should be configured as appropriate. CCE-19768-1EThe '.printer' extension mapping should be configured as appropriate. CCE-20023-8}http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/7b55d524-60fc-4420-807b-e1797658088a.mspx?mfr=true3(1) 'CreateProcessAsUser' key in IIS metabase fileSThe execution context of the IIS CGI processes should be configured as appropriate. CCE-19690-7=http://technet.microsoft.com/en-us/security/bulletin/fq99-025i(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W3SVC\Parameters\ADCLaunch\VbBusObj.VbBusObjCls< LThe VbBusObj.VbBusObjCls object should be enable or disabeld as appropriate. CCE-19384-7h(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W3SVC\Parameters\ADCLaunch\AdvancedDataFactory KThe AdvancedDataFactory object should be enable or disabeld as appropriate. CCE-19711-1f(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W3SVC\Parameters\ADCLaunch\RDSServer.Factory MThe RDSServer.DataFactory object should be enable or disabeld as appropriate. CCE-20065-9&http://support.microsoft.com/kb/260729_(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders\Schannel\EventLoggingOIIS WWW service SSL error logging should be enabled or disabled as appropriate. CCE-19790-5Bhttp://msdn.microsoft.com/en-us/library/aa711451%28v=vs.71%29.aspxb(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W3SVC\Parameters\AllowSpecialCharsInShellbThe WWW service Special Characters In Shells setting should be enabled or disabled as appropriate. CCE-19432-4~https://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/5f8fe119-4095-4094-bba5-7dec361c7afe.mspx?mfr=true(1) Internet Information Services (IIS) Manager GUI: Server > Right Click on the specified website > Properties > Directory Security > Authentication and Access Control tab > Authenticated AccessfIntegrated Windows Authentication should be enabled or disabled as appropriate the specified websites. CCE-19628-7~https://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/f85f0f16-4fea-4852-980c-4982d53c9948.mspx?mfr=true(1) Internet Information Services (IIS) Manager GUI: Right Click on Server > Properties > Directory Security > Authentication and Access Control tab > Authenticated Access]Basic Authentication should be enabled or disabled as appropriate for the specified websites. CCE-19867-1~https://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/035dcfd0-9a36-4788-b3b6-91dc6a9d9936.mspx?mfr=true(1) Internet Information Services (IIS) Manager GUI: Server > Right Click on the specified website > Properties > Directory Security > Authentication and Access Control tab > Anonymous AccessThe "Anonymous Access" permission should be enabled or disabled as appropriate for the home directory of the specified websites. CCE-19138-7Rule Title: The web client account access to the content and scripts directories must be limited to read and execute. STIG ID: WG290 IIS6 Rule ID: SV-30020r2_rule Vuln ID: V-2258(1) Internet Information Services (IIS) Manager GUI: Server > Right Click on the specified website > Properties > Home Directory tab > Execute Permissions8(1) TARGET: website (2) none/scripts/scripts&executablesXThe "Execute Permissions" permission should be set correctly for the specified websites. CCE-19716-0Rule Title: Indexing Services must only index web content. STIG ID: WA000-WI070 IIS6 Rule ID: SV-38011r1_rule Vuln ID: V-3963(1) Internet Information Services (IIS) Manager GUI: Server > Right Click on the specified website > Properties > Home Directory tab > Index this resourceThe "Index this resource" permission should be enabled or disabled as appropriate for the home directory of the specified websites. CCE-19092-6Rule Title: Logs of web server access and errors must be established and maintained. STIG ID: WG240 IIS6 Rule ID: SV-38065r1_rule Vuln ID: V-2250(1) Internet Information Services (IIS) Manager GUI: Server > Right Click on the specified website > Properties > Home Directory tab > Log VisitsyThe"Log Visits" permission should be enabled or disabled as appropriate for the home directory of the specified websites. CCE-19324-3vRule Title: Directory browsing must be disabled. STIG ID: WA000-WI090 IIS6 Rule ID: SV-38016r1_rule Vuln ID: V-6755(1) Internet Information Services (IIS) Manager GUI: Server > Right Click on the specified website > Properties > Home Directory tab > Directory BrowsingThe "Directory Browsing" permission should be enabled or disabled as appropriate for the home directory of the specified websites. CCE-19655-0Rule Title: The IIS web site permissions "Write" or "Script Source" must not be selected. STIG ID: WA000-WI092 IIS6 Rule ID: SV-38020r1_rule Vuln ID: V-13699|(1) Internet Information Services (IIS) Manager GUI: Right Click on Server > Properties > Home Directory tab > Script SourceThe "Script Source Access" permission should be enabled or disabled as appropriate for the home directory of the specified websites. CCE-20005-5(1) Internet Information Services (IIS) Manager GUI: Server > Right Click on the specified website > Properties > Home Directory tab > WriteuThe "Write" privilege should be enabled or disabled as appropriate for the home directory of the specified websites. CCE-19406-8(1) Internet Information Services (IIS) Manager GUI: Right Click on the specified website > Properties > Home Directory tab > ReadtThe "Read" permission should be enabled or disabled as appropriate for the home directory of the specified websites. CCE-19506-5(1) Internet Information Services (IIS) Manager GUI: Server > Right Click on the specified website > Properties > Server > Enable Logging'(1) TARGET: server (2) enabled/disabledWThe "Enable Logging" setting should be enabled or disabled for the specified web server CCE-19932-34.2.2 Authentication pg 16dThe master home directory "Integrated Windows Authentication" setting should be enabled or disabled. CCE-19685-7WThe master home directory "Basic Authentication" setting should be enabled or disabled. CCE-19259-1(1) Internet Information Services (IIS) Manager GUI: Right Click on Server > Properties > Directory Security > Authentication and Access Control tab > Anonymous AccessvThe master home directory "Anonymous Access" permission for IIS websites should be enabled or disabled as appropriate. CCE-19903-4ATable 6: Web Site Permissions That Are Supported by IIS 6.0 pg 21(1) Internet Information Services (IIS) Manager GUI: Right Click on Server > Properties > Home Directory tab > Execute PermissionshThe master home directory "Execute Permissions" permission should be enabled or disabled as appropriate. CCE-19625-3(1) Internet Information Services (IIS) Manager GUI: Right Click on Server > Properties > Home Directory tab > Index this resource$(1) none/scripts/scripts&executableshThe master home directory "Index this resource" permission should be enabled or disabled as appropriate. CCE-19322-7y(1) Internet Information Services (IIS) Manager GUI: Right Click on Server > Properties > Home Directory tab > Log Visits_The master home directory "Log Visits" permission should be enabled or disabled as appropriate. CCE-19263-3(1) Internet Information Services (IIS) Manager GUI: Right Click on Server > Properties > Home Directory tab > Directory BrowsinggThe master home directory "Directory Browsing" permission should be enabled or disabled as appropriate. CCE-19479-5iThe master home directory "Script Source Access" permission should be enabled or disabled as appropriate. CCE-20017-0t(1) Internet Information Services (IIS) Manager GUI: Right Click on Server > Properties > Home Directory tab > WriteZThe master home directory "Write" permission should be enabled or disabled as appropriate. CCE-20048-5s(1) Internet Information Services (IIS) Manager GUI: Right Click on Server > Properties > Home Directory tab > ReadYThe master home directory "Read" permission should be enabled or disabled as appropriate. CCE-19133-8Ehttp://technet.microsoft.com/en-us/library/cc779359%28v=ws.10%29.aspxq(1) Internet Information Services (IIS) Manager GUI: Right Click on Server > Properties > Server > Enable Logging`The master home directory "Enable Logging" setting should be enabled or disabled as appropriate. CCE-19689-9}http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/1c1d212b-18ae-414a-b5ec-eaf5b000a0c3.mspx?mfr=true(1) Internet Information Services (IIS) Manager GUI: Server > Right Click on the specified website > Properties > Server > Web Site Identification > All< UnassignedVThe specified websites should be configured to use the appropriate network interfaces. CCE-19871-3(1) Internet Information Services (IIS) Manager GUI: Server > Right Click on the specified website > Properties > Server > Web Site Identification > IP address"(1) TARGET: website (2) IP addressWIndividual IP addresses should be configured as appropriate for the specified websites. CCE-19534-784.2.6 Securing the Web Site Directory and Content, pg 21(1) Internet Information Services (IIS) Manager GUI: Server > Right Click on the specified website > Properties > Home Directory tab(1) directory names9The IIS Web Root directory should be named appropriately. CCE-19592-5Rule Title: The web document (home) directory must be on a separate partition from the web servers system files. STIG ID: WG205 IIS6 Rule ID: SV-30041r2_rule Vuln ID: V-3333(1) Internet Information Services (IIS) Manager GUI: Server > Right Click on the specified website > Properties > Home Directory tab(1) local pathCThe path of the IIS Web Root folder should be configured correctly. CCE-19815-0FSTIG IIS6 Server Version: 6 Release: 13 Benchmark Date: 28 Oct 2011 CSTIG IIS6 Site Version: 6 Release: 13 Benchmark Date: 28 Oct 2011#Cert-In Securing IIS 6.0 Web ServerVersion: 5.20130214Last modfied: 2013-02-11tSTIG ID: DTOO256 - Outlook Rule ID: SV-18689r2_rule Vuln ID: V-17575: Configure trusted add-ins behavior for eMail. (1) User Configuration\Administrative Templates\Classic Administrative Templates\Microsoft Office Outlook 2007\Security\Security Form Settings\Programmatic Security\Trusted Add-ins (2) HKCU\Software\Policies\Microsoft\Office\12.0\Outlook\Security\TrustedAddinsEnabled | DisabledT Configure trusted add-ins setting should be configured correctly for Outlook 2007. CCE-19659-2XSTIG ID: DTOO129 - Access Rule ID: SV-18215r3_rule Vuln ID: V-17184: No pop-ups - AccessSTIG ID: DTOO129 - InfoPath Rule ID: SV-18214r3_rule Vuln ID: V-17184: Block pop-ups for links that invoke instances of IE from within InfoPath.STIG ID: DTOO129 - Outlook Rule ID: SV-18213r3_rule Vuln ID: V-17184: Block pop-ups for links that invoke instances of IE from within Outlook.STIG ID: DTOO129 - Word Rule ID: SV-18212r4_rule Vuln ID: V-17184: Block pop-ups for links that invoke instances of IE from within Word.STIG ID: DTOO129 - PowerPoint Rule ID: SV-18211r3_rule Vuln ID: V-17184: Block pop-ups for links that invoke instances of IE from within PowerPoint.STIG ID: DTOO129 - Excel Rule ID: SV-18210r3_rule Vuln ID: V-17184: Block pop-ups for links that invoke instances of IE from within ExcelSTIG ID: DTOO123 - Access Rule ID: SV-18603r4_rule Vuln ID: V-17183: Block navigation to URL embedded in Office products to protect against attack by malformed URL. STIG ID: DTOO123 - InfoPath Rule ID: SV-18601r3_rule Vuln ID: V-17183: Block navigation to URL embedded in Office products to protect against attack by malformed URL. STIG ID: DTOO123 - Outlook Rule ID: SV-18602r4_rule Vuln ID: V-17183: Block navigation to URL embedded in Office products to protect against attack by malformed URL. STIG ID: DTOO123 - Word Rule ID: SV-18604r3_rule Vuln ID: V-17183: Block navigation to URL embedded in Office products to protect against attack by malformed URL. STIG ID: DTOO123 - PowerPoint Rule ID: SV-18208r3_rule Vuln ID: V-17183: Block navigation to URL embedded in Office products to protect against attack by malformed URL.STIG ID: DTOO123 - Excel Rule ID: SV-18207r3_rule Vuln ID: V-17183: Block navigation to URL embedded in Office products to protect against attack by malformed URL.\STIG ID: DTOO117 - Access Rule ID: SV-18205r3_rule Vuln ID: V-17175: Saved from URL - AccessSTIG ID: DTOO117 - InfoPath Rule ID: SV-18204r3_rule Vuln ID: V-17175: Evaluate Saved from URL mark when launched from InfoPath.}STIG ID: DTOO117 - Outlook Rule ID: SV-18203r3_rule Vuln ID: V-17175: Evaluate Saved from URL mark when launched from OutLookXSTIG ID: DTOO117 - Word Rule ID: SV-18202r3_rule Vuln ID: V-17175: Saved from URL - WordEThe Saved from URL - word.exe setting should be configured correctly.STIG ID: DTOO117 - PowerPoint Rule ID: SV-18201r3_rule Vuln ID: V-17175: Evaluate Saved from URL mark when launched from PowerPointySTIG ID: DTOO117 - Excel Rule ID: SV-18200r3_rule Vuln ID: V-17175: Evaluate Saved from URL mark when launched from Excel\STIG ID: DTOO111 - Access Rule ID: SV-18190r3_rule Vuln ID: V-17174: Bind to Object - AccessSTIG ID: DTOO111 - InfoPath Rule ID: SV-18189r3_rule Vuln ID: V-17174: Enable IE Bind to Object functionality for instances of IE launched from InfoPath.STIG ID: DTOO111 - Outlook Rule ID: SV-18188r3_rule Vuln ID: V-17174: Enable IE Bind to Object functionality for instances of IE launched from OutlookSTIG ID: DTOO111 - Word Rule ID: SV-18187r3_rule Vuln ID: V-17174: Enable IE Bind to Object functionality for instances of IE launched from Word.STIG ID: DTOO111 - PowerPoint Rule ID: SV-18186r3_rule Vuln ID: V-17174: Enable IE Bind to Object functionality for instances of IE launched from PowerPoint. ZSTIG ID: DTOO111 - Excel Rule ID: SV-18185r3_rule Vuln ID: V-17174: Bind to Object - ExcelSTIG ID: DTOO104 - Access Rule ID: SV-19429r3_rule Vuln ID: V-17173: Disable user name and password syntax from being used in URLsSTIG ID: DTOO104 - InfoPath Rule ID: SV-18182r3_rule Vuln ID: V-17173 Disable user name and password syntax from being used in URLsSTIG ID: DTOO104 - Outlook Rule ID: SV-18181r3_rule Vuln ID: V-17173 Disable user name and password syntax from being used in URLskSTIG ID: DTOO104 - Word Rule ID: SV-18180r3_rule Vuln ID: V-17173: Disable user name and password for Word.STIG ID: DTOO104 - PowerPoint Rule ID: SV-18179r3_rule Vuln ID: V-17173: Disable user name and password syntax from being used in URLs. STIG ID: DTOO104 - Excel Rule ID: SV-18567r3_rule Vuln ID: V-17173: Disable user name and password syntax from being used in URLs. STIG ID: DTOO212 - Office Rule ID: SV-18701r3_rule Vuln ID: V-17581: Control Blogging entries created from inside Office products. STIG ID: DTOO208 - Office Rule ID: SV-18836r3_rule Vuln ID: V-17670: Disable the Office client from polling the Sharepoint server for published links. STIG ID: DTOO207 - Office 2007 Rule ID: SV-18740r3_rule Vuln ID: V-17605: Always show Document Information Panel Beaconing UI - OfficeSTIG ID: DTOO206 - Office Rule ID: SV-18816r3_rule Vuln ID: V-17660: Disable inclusion of document properties for PDF and XPS output - Office. ~STIG ID: DTOO205 - Office 2007 Rule ID: SV-18802r3_rule Vuln ID: V-17653: Enable the "Disable Check for Solutions" in Office. STIG ID: DTOO204 - Office Rule ID: SV-19036r3_rule Vuln ID: V-17805: Enable the feature to suppress external Signature Services Menu for Office. xSTIG ID: DTOO203 - Office Rule ID: SV-18937r3_rule Vuln ID: V-17749: Legacy format signatures should be enabled - OfficeSTIG ID: DTOO202 - Office Rule ID: SV-18820r3_rule Vuln ID: V-17662: Disable Microsoft passport Service for content with restricted permissions - Office. STIG ID: DTOO201 - Office Rule ID: SV-18906r3_rule Vuln ID: V-17731: Always require users to connect to verify permissions - Office. STIG ID: DTOO200 - Office 2007 Rule ID: SV-18782r3_rule Vuln ID: V-17583: Allow users with earlier versions of Office to read with browsers - SystemSTIG ID: DTOO199 - Office Rule ID: SV-18968r3_rule Vuln ID: V-17765: Prevent permissions change on 'rights managed' content - OfficeSTIG ID: DTOO198 - Office Rule ID: SV-18818r3_rule Vuln ID: V-17661: Disable the ability for Office users to use the Internet Fax Feature. wSTIG ID: DTOO197 - Office Rule ID: SV-18834r3_rule Vuln ID: V-17669: Disable Smart Documents use of Manifests in OfficeSTIG ID: DTOO196 - Office Rule ID: SV-18659r3_rule Vuln ID: V-17560: Do not allow a mix of policy and user locations for Office Products. STIG ID: DTOO195 - Office Rule ID: SV-18826r3_rule Vuln ID: V-17665: Configure the "Disable Password to Open UI" for password secured d< ocuments. STIG ID: DTOO194 - Office Rule ID: SV-18814r3_rule Vuln ID: V-17659: Configure the "disable hyperlink warnings" for Office to Disable. STIG ID: DTOO193 - Office Rule ID: SV-18924r3_rule Vuln ID: V-17741: Enable Automation Security to enforce macro level security in Office documentsmSTIG ID: DTOO192 - Office Rule ID: SV-18939r3_rule Vuln ID: V-17750: Enable Load controls in forms3 - OfficeSTIG ID: DTOO190 - Office 2007 Rule ID: SV-18755r6_rule Vuln ID: V-17617: Set encryption type for password protected Office 97 thru Office 2003 files - OfficeSTIG ID: DTOO189 - Office 2007 Rule ID: SV-18758r5_rule Vuln ID: V-17619: Encryption type for password protected Open XML files - OfficeSTIG ID: DTOO188 - Office Rule ID: SV-18974r3_rule Vuln ID: V-17768: Protect document metadata for password protected files - OfficeSTIG ID: DTOO187 - Office Rule ID: SV-18976r3_rule Vuln ID: V-17769: Protect document metadata for rights managed Office Open XML fiiles - OfficeSTIG ID: DTOO186 - Office Rule ID: SV-18717r3_rule Vuln ID: V-17590: Disable the ability for users to Disable Trust Bar notifications for Security messages - OfficeSTIG ID: DTOO183 - Office Rule ID: SV-18824r1_rule Vuln ID: V-17664: Disable the Opt-In Wizard that enables first time users to opt into Internet based Microsoft services. STIG ID: DTOO182 - Office Rule ID: SV-18770r3_rule Vuln ID: V-17627: Configure the Help Improve Proofing Tools feature for Office. STIG ID: DTOO181 - Office Rule ID: SV-18661r3_rule Vuln ID: V-17561: Do not allow choice of output to include PNG (Portable Network Graphics)STIG ID: DTOO180 - Office Rule ID: SV-18983r3_rule Vuln ID: V-17773: Do Not rely on Vector markup Language (VML) for displaying graphics in browsers. STIG ID: DTOO179 - Office Rule ID: SV-18956r3_rule Vuln ID: V-17759: Disable "Open documents as Read Write when browsing" feature. - Office|STIG ID: DTOO178 - Office Rule ID: SV-18972r3_rule Vuln ID: V-17767: Prevent upload of document templates to Office Online. STIG ID: DTOO177 - Office Rule ID: SV-18714r3_rule Vuln ID: V-17588: Disable access to updates, add-ins, and patches on the Office Online Website - Office. sSTIG ID: DTOO136 - Access Rule ID: SV-18706r2_rule Vuln ID: V-17584: Set the default saved file format for Access. STIG ID: DTOO131 - Access Rule ID: SV-18219r2_rule Vuln ID: V-17187: Disable Trust Bar Notification for unsigned application add-ins - AccessSTIG ID: DTOO213 - Office 2007 Rule ID: SV-18669r3_rule Vuln ID: V-17565: Block Office from receiving updates from the Office Update Site. STIG ID: DTOO304 - Excel Rule ID: SV-18638r2_rule Vuln ID: V-17545: Enable Warning Bar settings for VBA macros contained in Excel Files.STIG ID: DTOO304 - Access Rule ID: SV-18637r2_rule Vuln ID: V-17545: Enable Warning Bar settings for VBA macros contained in Access Files.STIG ID: DTOO185 - Office Rule ID: SV-18922r1_rule Vuln ID: V-17740: Disable Automatic receiving of small updates to improve reliability - Office. STIG ID: DTOO184 - Office 2007 Rule ID: SV-18747r3_rule Vuln ID: V-17612: Disable the "Enable Customer Experience Improvement Program" for Office. Microsoft Office 2007 DISA STIGsLast modified: 2013-02-11 CCI-000366STIG ID: DTOO305 - Access Rule ID: SV-33808r1_rule Vuln ID: V-26625: Disable UI extending from documents and templates must be disallowed.User Configuration\Administrative Templates\Microsoft Office 2010\Global Options\Customize\Disable UI extending from documents and templates HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\toolbars\accessfThe "Disable UI extending from documents and templates" Access setting should be configured correctly. CCE-27925-7STIG ID: DTOO305 - Excel Rule ID: SV-33809r1_rule Vuln ID: V-26625: Disable UI extending from documents and templates must be disallowed.User Configuration\Administrative Templates\Microsoft Office 2010\Global Options\Customize\Disable UI extending from documents and templates HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\toolbars\exceleThe "Disable UI extending from documents and templates" Excel setting should be configured correctly. CCE-28040-4STIG ID: DTOO305 - InfoPath Rule ID: SV-33810r1_rule Vuln ID: V-26625: Disable UI extending from documents and templates must be disallowed.User Configuration\Administrative Templates\Microsoft Office 2010\Global Options\Customize\Disable UI extending from documents and templates HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\toolbars\infopathhThe "Disable UI extending from documents and templates" Infopath setting should be configured correctly. CCE-27338-3STIG ID: DTOO305 - Outlook Rule ID: SV-33811r1_rule Vuln ID: V-26625: Disable UI extending from documents and templates must be disallowed.User Configuration\Administrative Templates\Microsoft Office 2010\Global Options\Customize\Disable UI extending from documents and templates HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\toolbars\outlookgThe "Disable UI extending from documents and templates" Outlook setting should be configured correctly. CCE-27994-3STIG ID: DTOO305 - PowerPoint Rule ID: SV-33813r1_rule Vuln ID: V-26625: Disable UI extending from documents and templates must be disallowed.User Configuration\Administrative Templates\Microsoft Office 2010\Global Options\Customize\Disable UI extending from documents and templates HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\toolbars\powerpointjThe "Disable UI extending from documents and templates" PowerPoint setting should be configured correctly. CCE-28223-6STIG ID: DTOO305 - Word Rule ID: SV-33812r1_rule Vuln ID: V-26625: Disable UI extending from documents and templates must be disallowed.User Configuration\Administrative Templates\Microsoft Office 2010\Global Options\Customize\Disable UI extending from documents and templates HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\toolbars\worddThe "Disable UI extending from documents and templates" Word setting should be configured correctly. CCE-28015-6qSTIG ID: DTOO139 - Word Rule ID: SV-33610r1_rule Vuln ID: V-17521: Save files default format must be configured.User Configuration\Administrative Templates\Microsoft Word 2010\Word Options\Save "default file format" HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\word\options@The "DefaultFormat" Word setting should be configured correctly. CCE-28233-5CCI Microsoft Office 2010 DISA STIGsRule ID: V0015211 Title: The SMO and DMO SPs option should be set to disabled if not required. STIG ID: DM6199 Severity: CAT II Class: Unclass(1) EXEC SP_CONFIGURE * (1) SMO and DMO XPs (2) enabled/disabled @The SMO and DMO XPs options should be configured appropriately CCE-19944-8Rule ID: V0015210 Rule Title: The Agent XPs option should be set to disabled if not required. STIG ID: DM6198 Severity: CAT II Class: Unclass! (1) Agent XPs (2) enable/disable:The Agent XPs options should be configured appropriately CCE-19552-9Rule ID: V0015173 Rule Title: Database TRUSTWORTHY status should be authorized and documented or set to off. STIG ID: DM6195 Severity: CAT II Class: Unclass(1) ALTER DATABASE0(1) database name (2) SET TRUSTWORTHY [on | off]XDatabase TRUSTWORTHY status for a specific database should be configured appropriately CCE-19882-0{Rule ID: V0015180 Rule Title: Analysis Services permissions to data sources STIG ID: DM6193 Severity: CAT II Class: Unclass(1) Analysis Services Database(1) list of rolesLAccess to Analysis Services data sources should be configured appropriately. CCE-19443-1Rule ID: V0015166 Rule Title: Database Engine Ad Hoc distributed queries should be disabled. STIG ID: DM6160 Severity: CAT II Class: Unclass2 (1) ad hoc distributed queries (2) enable/disable ?Ad Hoc distributed queries should be configured appropriately CCE-19455-5Rule ID: V0015187 Ru< le Title: Linked server providers should not allow ad hoc access. STIG ID: DM6155 Severity: CAT II Class: Unclass8 From the SQL Server Management Studio GUI: 1. Expand Database 2. Expand Server Objects 3. Expand Linked Servers 4. Expand Providers 5. For each Provider listed: a. Right click on Provider name b. Select Properties c. Click on do not click the Enable check box for Name = Disallow adhoc access d. Click OK button(1) enable/disableO"Disallow adhoc access" for linked servers should be configured appropriately CCE-19805-1Rule ID: V0015197 Rule Title: Dedicated accounts should be designated for SQL Server Agent proxies. STIG ID: DM6140 Severity: CAT II Class: Unclass(1) server agent proxies+(1) account creation (2) list of priveleges\The permissions of the SQL Server Agent proxy accounts should be configured appropriately. CCE-19868-9Rule ID: V0015198 Rule Title: The Web Assistant procedures configuration option should be disabled if not required. STIG ID: DM6130 Severity: CAT II Class: Unclass%(1) EXEC SP_CONFIGURE (2) RECONFIGURE1(1) enable/disable (2) 'Web Assistant procedures'VThe Web Assistant procedures configuration option should be configured appropriately CCE-19965-3Rule ID: V0015178 Rule Title: Replication databases should have authorized db_owner role members. The replication monitor role should have authorized members. STIG ID: DM6070 Severity: CAT II Class: Unclass5(1) EXEC SP_DROPROLEMEMBER (2) EXEC SP_ADDROLEMEMBER 5(1) database_name (2) db_owner' (3) '[account name]'c The db_owner role members for a specified replication database should be configured appropriately. CCE-19484-5Rule ID: V0015206 Rule Title: Only authorized XML Web Service endpoints should be configured on the server STIG ID: DM6126 Severity: CAT II Class: Unclass(1) CREATE / DROP ENDPOINT>XML Web Services endpoints should be configured appropriately CCE-19893-7Rule ID: V0015202 Rule Title: Use of Command Language Runtime objects should be disabled if not required. STIG ID: DM6123 Severity: CAT III Class: Unclass"(1) enable/disable (3) clr_enabledECommand Language Runtime objects should be configured appropriately CCE-19756-6Rule ID: V0015203 Rule Title: Reporting Services Windows Integrated Security should be disabled. STIG ID: DM6122 Severity: CAT II Class: Unclass From Surface Area Configuration for Features: 1. Connect to the Report Services instance 2. Expand the instance 3. Expand Report Services 4. Select Windows Integrated Security 5. Click on or do not click on Windows Integrated Security check box 6. Click OK (1) enable/disable \Reporting Services Windows Integrated Security accounts should be configured appropriately CCE-19662-6Rule ID: V0015205 Rule Title: Reporting Services scheduled events and report delivery should be disabled if not required. STIG ID: DM6121 Severity: CAT III Class: Unclass From Surface Area Configuration for Features: 1. Connect to the Report Services instance 2. Expand the instance 3. Expand Report Services 4. Select Scheduled events and report delivery 5. Click or do not click on the Scheduled events and report delivery check box 6. Click OKf Reporting Services scheduled events and report delivery should be enabled or disabled as appropriate. CCE-19844-0Rule ID: V0015199 Rule Title: Reporting Services Web service requests and HTTP access should be disabled if not required. STIG ID: DM6120 Severity: CAT III Class: Unclass From Surface Area Configuration for Features: 1. Connect to the Report Services instance 2. Expand the instance 3. Expand Report Services 4. Select Web Service Requests and HTTP Access 5. Click on or do not click on Enable Web Service Requests and HTTP access check box 6. Click OK (1) enable/disableTReporting Services Web service requests and HTTP should be configured appropriately CCE-19800-2Rule ID: V0015194 Rule Title: Only authorized accounts should be assigned to one or more Analysis Services database roles. STIG ID: DM6109 Severity: CAT II Class: Unclass< From the SQL Server Management Studio GUI: 1. Connect to the Analysis Services instance 2. Expand the Analysis Services instance 3. Expand Databases 4. Repeat for each database: a. Click on each database role b. Open the member list c. Select any unauthorized users d. Click or unclick the Remove button e. Click OK3 (1) database name (2) database roles (3) usernames]Analysis Services database roles should be configured appropriately for a specified server. \ CCE-19974-5Rule ID: V0015193 Rule Title: The Analysis Services server role should be restricted to authorized users. STIG ID: DM6108 Severity: CAT II Class: Unclass From the SQL Server Management Studio GUI: 1. Connect to the Analysis Services instance 2. Right click on the Analysis Services instance 3. Select Properties 4. Select the Security page 5. Select any unauthorized user to remove 6. Click or do not click the Remove button 7. Click OK (1) usernamesEThe Analysis Services server role should be configured appropriately CCE-19858-0Rule ID: V0015190 Rule Title: Analysis Services Security Package List should be disabled if not required. STIG ID: DM6103 Severity: CAT II Class: Unclass(1) msmdsrv.ini (2) [install dir] \ MSSQL.[#] \ OLAP \ Config directory. From the SQL Server Management Studio GUI: 1. Connect to the Analysis Services instance 2. Right click on the Analysis Services instance 3. Select Properties 4. View the value listed for Security \ SecurityPackageList 5. Select value and delete or do not delete all unauthorized packages from the list 6. Click OK (1) list of packages8MAnalysis Services Security Package List should be configured appropriately CCE-19876-2Rule ID: V0015188 Rule Title: Analysis Services Required Protection Level should be set to 1. STIG ID: DM6101 Severity: CAT I Class:Unclass\(1) msmdsrv.ini (2) HKLM\SOFTWARE\Microsoft\Microsoft SQL Server\MSSQL.1\Setup\SqlProgramDir(1) tag level values PAnalysis Services Required Protection Levels should be configured appropriately CCE-19859-8Rule ID: V0015181 Rule Title: Analysis Services user-defined COM functions should be disabled if not required. STIG ID: DM6099 Severity: CAT II Class: Unclass(1) The configuration file (msmdsrv.ini) may be found in the [install dir] \ MSSQL.[#] \ OLAP \ Config directory. (2) ComUdfEnabled or From the SQL Server Management Studio GUI: 1. Connect to the Analysis Services instance 2. Right click on the Analysis Services instance 3. Select Properties 4. View the value listed for Feature \ ComUdfEnabled 5. Select value = 'true or false' 6. Click OK (1) enable/disable QAnalysis Services user-defined COM functions should be configured appropriately CCE-19664-2Rule ID: V0015186 Rule Title: Analysis Services Links From Objects should be disabled if not required STIG ID: DM 6088 Severity: CAT II Class: Unclass(1) The configuration file (msmdsrv.ini) may be found in the [install dir] \ MSSQL.[#] \ OLAP \ Config directory. (2) LinkFromOtherInstanceEnabled or From the SQL Server Management Studio GUI: 1. Connect to the Analysis Services instance 2. Right click on the Analysis Services instance 3. Select Properties 4. View the value listed for Feature \ LinkFromOtherInstanceEnabled 5. Select value = 'true or false' 6. Click Ok.S Analysis Services Links From Objects should be enabled or disabled as appropriate. CCE-19964-6Rule ID: V0015204 Rule Title: Analysis Services Links to Objects should be disabled if not required. STIG ID: DM6087 Severity: CAT II Class: Unclass(1) The configuration file (msmdsrv.ini) may be found in the [install dir] \ MSSQL.[#] \ OLAP \ Config directory. (2) LinkToOtherInstanceEnabled or From the SQL Server Management Studio GUI: 1. Connect to the Analysis Services instance 2. Right click on the Analysis Services instance 3. Select Properties 4. View the value listed for Feature \ LinkToOtherInstanceEnabled 5. Select value = 'true or false' 6. Click OKJAnalysis Services Links to Objects is should be configured appropriately CCE-20032-9Rule ID: V0015184 Rule Title: An< alysis Services Anonymous Connections should be disabled. STIG ID: DM6086 Severity: CAT II Class: Unclass(1) The configuration file (msmdsrv.ini) may be found in the [install dir] \ MSSQL.[#] \ OLAP \ Config directory. (2) RequireClientAuthentication or From the SQL Server Management Studio GUI: 1. Connect to the Analysis Services instance 2. Right click on the Analysis Services instance 3. Select Properties 4. View the value listed for Security \ RequireClientAuthentication 5. Select value = 'true or false' 6. Click OKMAnalysis Services Anonymous Connections should be configured appropriately L8 CCE-19298-9Rule ID: V0015183 Rule Title: The Analysis Services ad hoc data mining queries configuration option should be disabled if not required. STIG ID: DM6085 Severity: CAT II Class: Unclass^(1) The configuration file (msmdsrv.ini) may be found in the [install dir] \ MSSQL.[#] \ OLAP \ Config directory. (2) AllowAdHocOpenRowsetQueries or From the SQL Server 2005 Surface Area Configuration GUI: 1. Click on Surface Area config for features 2. Expand Analysis Services 3. Select Ad Hoc Data Mining Queries 4. Enable or disable as necessary8TAd hoc data mining queries configuration option should be configured appropriately CCE-19897-8Rule ID: V0015182 Rule Title: Replication snapshot folders should be protected from unauthorized access. STIG ID: DM6075 Severity: CAT II Class: Unclass From Windows Explorer: 1. Administrators/DBAs: assign appropriate permission 2. Snapshot Agents: assign appropriate permission 3. Merge, Subscription, and Distribution agents: assign appropriate permission3(1) list of permissions/roles (2) group of accounts@Replication snapshot folders should be configured appropriately. CCE-19561-0Rule ID: V0015125 Rule Title: Only authorized users should be assigned permissions to SQL Server Agent proxies. STIG ID: DM6045 Severity: CAT II Class: UnclassC(1) SP_ENUM_PROXY_FOR_SUBSYSTEM (2) EXEC SP_REVOKE_LOGIN_FROM_PROXY;(1) '[proxy name]' (2) set of permissons (3) group of users= SQL Server Agent proxies should be configured appropriately. CCE-19744-2Rule ID: V0015176 Rule Title: SQL Server event forwarding, if enabled, should be operational. STIG ID: DM6030 Severity: CAT II Class: Unclass(1) HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Microsoft SQL Sever \ MSSQL.[#] \SQLServerAgent \ AlertForwardingServer or From the SQL Server Management Studio GUI: 1. Expand instance 2. Right-click on SQL Server Agent 3. Select Properties 4. Select the Advanced page 5. Click or do not click on Forward events to a different server check box 6. Click the OK button to save and close@SQL Server event forwarding should be configured appropriately CCE-20000-6Rule ID: V0015124 Rule Title: The Named Pipes network protocol should be documented and approved if enabled. STIG ID: DM6015 Severity: CAT II Class: UnclassdFrom the SQL Server Configuration Manager GUI: 1. Expand SQL Server 2005 Network Configuration 2. Repeat for each instance: a. Select Protocols for [instance name] b. Double-click Named Pipes. c. Select Yes or No as the value. d. Click OK 3. Click OK (acknowledge change won't take place until next restart) 4. Exit the SQL Server Configuration Manager GUI (1) enable/disable 8ANamed Pipes network protocol should be configured appropriately. CCE-19244-3Rule ID: V0002500 Rule Title: Trace Rollover should be enabled for audit traces that have a maximum trace file size. STIG ID: DM5267 Severity: CAT II Class: Unclass(1) EXEC SP_TRACE_CREATE [ @traceid = ] trace_id OUTPUT , [ @options = ] option_value , [ @tracefile = ] 'trace_file' [ , [ @maxfilesize = ] max_file_size ] [ , [ @stoptime = ] 'stop_time' ] [ , [ @filecount = ] 'max_rollover_files' ]~(1) enable/disable (2) trace_id (3) trace_file (4) max_file_size (5) stop_time (6) max_rollover_files (2) value query (remove)4Trace rollover should be configured appropriately. CCE-19237-7Rule ID: V0015137 Rule Title: Error log retention shoud be set to meet log retention policy. STIG ID: DM3930 Severity: CAT II Class: Unclass@(1) HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Microsoft SQL Server \ MSSQL.# \MSSQLServer \ NumErrorLogs (2) HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Microsoft SQL Server \ Instance Names \ SQL\[instance name] or From the SQL Server Management Studio GUI: 1. Connect to and expand the SQL Server instance 2. Expand Management 3. Right-click on SQL Server Logs 4. Select Configure 5. Under the General Page, select or deselect Limit the number of error logs before they are recycled 6. Enter the number of error log files determined for the SQL Server instance 7. Click OK (1) number of error logs7Error log retention should be configured appropriately. CCE-19771-5Rule ID: V0002488 Rule Title: SQL Server Agent CmdExec or ActiveScripting jobs should be restricted to sysadmins. STIG ID: DM3763 Severity: CAT II Class: Unclass #(1) EXEC SP_REVOKE_LOGIN_FROM_PROXY"(1) '[login name]' (2) @proxy_nameBAccess to ActiveScripting jobs should be configured appropriately. CCE-19320-1FAccess to SQL Server Agent CmdExec should be configured appropriately. CCE-19839-0Rule ID: V0002487 Rule Title: SQL Server authentication mode should be set to Windows authentication mode or Mixed mode. STIG ID: DM3566 Severity: CAT II Class: Unclass(1) EXEC XP_LOGINCONFIG (1) 'login mode' (2) number=SQL Server authentication should be configured appropriately. CCE-19936-4Rule ID: V0002485 Rule Title: Remote access should be disabled if not authorized. STIG ID: DM2142 Severity: CAT II Class: Unclass((1) remote access', (2) enabled/disabled82Remote access should be configured appropriately CCE-19786-3Rule ID: V0002473 Rule Title: Registry extended stored procedures should be restricted to sysadmin access. STIG ID: DM2119 Severity: CAT II Class: UnclassFrom the SQL Server Management Studio GUI: 1. Connect/expand SQL Server 2. Expand Databases 3. Expand System databases 4. Expand Master 5. Expand Programmability 6. Expand Extended Stored Procedures 7. Expand System Extended Stored Procedures 8. Locate and select each of the Registry extended stored procedures listed in the Check section 9. Right click on the extended stored procedure 10. Select Properties 11. Click on the Permissions page 12. Select each user or role and select or deselect the Grant (and With Grant if checked) permissions from all users, database roles and public except from SYSADMINs and authorized roles when permitted 13. Click OK(1) user/role (2) Grant/RevokePAccess to registry exended stored procedures should be configured appropriately. CCE-20018-8Rule ID; V0002472 Rule Title: OLE Automation extended stored procedures should be restricted to sysadmin access STIG ID: DM2095 Severity: CAT II Class: UnclassKOLE Automation extended stored procedures should configured appropriately. CCE-19172-6Rule ID: V0002464 Rule Title: Execute stored procedures at startup, if enabled, should have a custom audit trace defined. STIG ID: DM1761 Severity: CAT II Class: Unclass&(1) EXEC SP_CONFIGURE (2) RECONFIGURE3 (1) 'scan for startup procs' (2) enabled/disabledS The "scan for startup procs" setting should be enabled or disabled as appropriate. CCE-19976-0%(1) enabled/disabled (2) xp_cmdshell=The xp_cmdshell should be enabled or disabled as appropriate. CCE-19967-9Rule ID: V0002461 Rule Title: Extended stored procedure xp_cmdshell should be restricted to authorized accounts. STIG ID: DM1758 Severity: CAT I Class: Unclass(2) REVOKE / GRANT EXECUTE (1) revoke/grant 8QAccess extended stored procedure xp_cmdshell should be configured appropriately CCE-19896-0(1) EXEC SP_CONFIGURE(1) user (2) xp_cmdshell 8 CCE-19356-5Rule ID: V0003838 Rule Title: SQL Server registry keys should be properly secured. STIG ID: DM0927 Severity: CAT II Class: UnclassWHKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Microsoft SQL Server \ Instance Names \RS \(1) granted/revokedNThe SQL Server RS registry key permissions should be configured appropriately. CCE-19776-4< HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Microsoft SQL Server \ MSSQL.1\SQLServerAgent\SQLServer2005SQLServerADHelperUser$[instance name]VThe SQLServerADHelperUser registry key permissions should be configured appropriately. CCE-19325-0\HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Microsoft SQL Server \ MSSQL.1 \SQLServerAgent \QThe SQL Server Agent registry key permissions should be configured appropriately. CCE-19254-2VHKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Microsoft SQL Server \ MSSQL.1 \MSSearch \TThe SQL Server MSSearch registry key permissions should be configured appropriately. CCE-19494-4HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Microsoft SQL Server \ Instance Names \RS \SQLServer2005ReportServerUser$[instancename]_ The SQLServer2005ReportServerUser registry key permissions should be configured appropriately. CCE-19852-3Rule ID: V0003835 Rule Title: The SQL Server service should use a least-privileged local or domain user account STIG ID: DM0924 Severity: CAT II Class: Unclass'(1) net user /add (1) local accountS The SQL Server Service for a specified instance should be configure appropriately. CCE-19738-4Rule ID: V0015170 Rule Title: SQL Server services should be assigned least privileges on the SQL Server Windows host. STIG ID: DM0919 Severity: CAT II Class: UnclassF(1) Configure the SQL Writer account via the Computer Management Tool.(1) member/not member:The SQL Writer account should be configured appropriately. CCE-19923-2^(1) Configure the SQL Server Active Directory Helper account via the Computer Management Tool.RThe SQL Server Active Directory Helper account should be configured appropriately. CCE-19302-9N(1) Configure the SQL Server Browser account via the Computer Management Tool.BThe SQL Server Browser account should be configured appropriately. CCE-19318-5L(1) Configure the Full Text Search account via the Computer Management Tool.@The Full Text Search account should be configured appropriately. CCE-19418-3Q(1) Configure the Notification Services account via the Computer Management Tool.EThe Notification Services account should be configured appropriately. CCE-20033-7N(1) Configure the Reporting Services account via the Computer Management Tool.BThe Reporting Services account should be configured appropriately. CCE-19802-8P(1) Configure the Integration Services account via the Computer Management Tool.DThe Integration Services account should be configured appropriately. CCE-19703-8M(1) Configure the Analysis Services account via the Computer Management Tool.AThe Analysis Services account should be configured appropriately. CCE-19560-2T(1) Configure the SQL Server Agent Service account via the Computer Management Tool.@The SQL Server Agent account should be configured appropriately. CCE-19879-6W(1) Configure the SQL Server Database Service account via the Computer Management Tool.KThe SQL Server Database Service account should be configured appropriately. CCE-19640-2Rule ID: V0003336 Rule Title: SQL Server Agent email notification usage if enabled should be documented and approved by the IAO. STIG ID: DM0901 Severity: CAT II Class: UnclassFrom the SQL Server Management Studio GUI: 1. Right click on SQL Server Agent 2. Select Properties 3. Select Alert System 4. Check or uncheck the "Enable Mail profile.;SQL Server Agent Email should be configured appropriately CCE-19785-5Rule ID: V0003335 Rule Title: SQL Mail, SQL Mail Extended Stored Procedures (XPs) and Database Mail XPs are required and enabled. STIG ID DM0900 Severity: CAT II Class: UnclassCThe Database Mail XPs should be enabled or disabled as appropriate. CCE-19577-6? The SQL Mail XPs should be enabled or disabled as appropriate. CCE-19866-3Rule ID: V0002426 Rule Title: C2 Audit mode should be enabled or custom audit traces defined. STIG ID: DG0510 Severity: CAT II Class: Unclass$(1) enable/disable (2) c2 audit mode5C2 Audit records should be configured appropriately CCE-19808-5Rule ID: V0002427 Rule Title: Fixed Server roles should have only authorized users or groups assigned as members STIG ID: DG0510 Severity: CAT II Class: Unclass0(1) SP_DROPSRVROLEMEMBER (2) SP_ADDSRVROLEMEMBER(1) @loginname (2) @rolename@Fixed server roll membership should be configured appropriately. CCE-19727-7Rule ID: V0015651 Rule Title: Remote DBMS administration should be documented and authorized or disabled. STIG ID: DG0157 Severity: CAT II Class: Unclass/(1) remote admin connections (2) enable/disableHRemote DBMS administration should be enabled or disabled as appropriate. CCE-19453-0Rule ID: V0015148 Rule Title: DBMS network communications should comply with PPS usage restrictions. STIG ID: DG0152 Severity: CAT II Class: Unclass(1) HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Microsoft SQL Server \ MSSQL.[#] \ MSSQLServer \ SuperSocketNetLib \ IPAll \ TCPDynamicPorts (2) HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Microsoft SQL Server \ MSSQL.[#] \ MSSQLServer \ SuperSocketNetLib \ IPAll \ TcpPort(1) [ 0 | port number ]AThe ports which the DBMS uses should be configured appropriately. CCE-19891-1Rule ID: V0015648 Rule Title: Access to the DBMS should be restricted to static, default network ports. STIG ID: DG0151 Severity: CAT II Class: Unclass1(1) Sql Server Management Studio GUI \ Analysis Services Instance From the SQL Server Management Studio GUI: 1. Connect to the Analysis Services instance 2. Right click on the Analysis Services instance 3. Select Properties 4. View the value listed for Port 5. Set value to IAO-approved value 6. Click OK TThe port which Sql Server Analysis Services uses should be configured appropriately. CCE-19741-8?http://msdn.microsoft.com/en-us/library/ms186265(v=sql.90).aspxRule ID: V0015646 Rule Title: Audit records should contain required information. STIG ID: DG0145 Severity: CAT II Class: Unclass(1) EXEC SP_TRACE_SETEVENT/(1) @traceid (2) @eventid (3) @columnid (4) @on:Audit records contents should be configured appropriately. CCE-19813-5Rule ID: V0015645 Rule Title: Changes to configuration options should be audited. STIG ID: DG0142 Severity CAT II Class: Unclass3(1) show advanced options (2) default trace enabledC The default audit trace option should be configured appropriately. CCE-19950-5Rule ID: V0015644 Rule Title: Attempts to bypass access controls should be audited. STIG ID: DG0141 Severity: CAT II Class: Unclass~(1) EXEC XP_LOGINCONFIG From the SQL Server Management Studio GUI: 1. Navigate to the SQL Server instance name 2. Right-click on it 3. Select Properties 4. Select Security tab or page 5. Review Login Auditing selection 6. Select "Failed logins only" or "Both failed and successful logins" from the Login Auditing section 7. Apply changes 8. Exit the SQL Server Management Studio GUI  (1) on/offOAuditing attempts to bypass access controls should be configured appropriately. CCE-19827-5M(1) HKLM\SOFTWARE\Microsoft\Microsoft SQL Server\MSSQL.2\Setup\SQLProgramDir(1) audit/not auditVAccess to the SQLProgramDir directory should be audited or not audited as appropriate. CCE-19916-6H (1) HKLM\SOFTWARE\Microsoft\Microsoft SQL Server\MSSQL.2\Setup\SQLPathPAccess to the SQLPath directory should be audited or not audited as appropriate. CCE-19748-3J (1) HKLM\SOFTWARE\Microsoft\Microsoft SQL Server\MSSQL.2\Setup\SQLBinRootSAccess to the SQLBinRoot directory should be audited or not audited as appropriate. CCE-19837-4G (1) HKLM\SOFTWARE\Microsoft\Microsoft SQL Server\MSSQL.2\Setup\DataDirPAccess to the DataDir directory should be audited or not audited as appropriate. CCE-19959-6THKLM\SOFTWARE\Microsoft\Microsoft SQL Server\MSSQL.1\SQLServerAgent\WorkingDirectoryYAccess to the WorkingDirectory directory should be audited or not audited as appropriate. CCE-19873-9M (1) HKLM\SOFTWARE\Microsoft\Microsoft SQL Server\MSSQL.1\Setup\SQLProgramDir CCE-19575-0G (1) HKLM\SOFTWARE\Microsoft\Microsoft SQL Server\MSSQL.1\Setup\SQLPath CCE-19762-4K (1) HKLM\SOFTWARE\Microsoft\Microsoft SQL Ser< ver\MSSQL.1\Setup\SQLDataRootTAccess to the SQLDataRoot directory should be audited or not audited as appropriate. CCE-19336-7J (1) HKLM\SOFTWARE\Microsoft\Microsoft SQL Server\MSSQL.1\Setup\SQLBinRoot CCE-20001-4U(1) HKLM\SOFTWARE\Microsoft\Microsoft SQL Server\MSSQL.1\Replication\WorkingDirectory CCE-19779-8Y(1) HKLM\SOFTWARE\Microsoft\Microsoft SQL Server\MSSQL.1 \MSSQLServer\FullTextDefaultPath\Access to the FullTextDefaultPath directory should be audited or not audited as appropriate. CCE-19511-5U(1) HKLM\SOFTWARE\Microsoft\Microsoft SQL Server\MSSQL.1 \MSSQLServer\BackupDirectoryYAccess to the BackupDirectory directory should be audited or not audited as appropriate. CCE-19817-6N(1) HKLM\SOFTWARE\Microsoft\Microsoft SQL Server\{INSTANCE NAME}\Setup\SQLPath CCE-19080-1T(1) HKLM\SOFTWARE\Microsoft\Microsoft SQL Server\MSSQL.1\SQLServerAgent\ErrorLogFileKAccess to the ErrorLogFile should be audited or not audited as appropriate. CCE-20011-3O(1) HKLM\SOFTWARE\Microsoft\Microsoft SQL Server\MSSQL.1\MSSQLServer\DefaultLogNAccess to the DefaultLog file should be audited or not audited as appropriate. CCE-19962-0xRule ID: V0015643 Rule Title: Access to DBMS security should be audited. STIG ID: DG0140 Severity: CAT II Class: UnclassI(1) HKLM\SOFTWARE\Microsoft\Microsoft SQL Server\MSSQL.1\CPE\ErrorDumpDirKAccess to the ErrorDumpDir should be audited or not audited as appropriate. CCE-19676-6|Rule ID: V0015638 Rule Title: DBMS default account names should be changed. STIG ID: DG0131 Severity: CAT III Class: Unclass(1) ALTER LOGIN'(1) username (2) WITH NAME = [new name]5The built-in 'sa' account should be correctly named. CCE-19990-1Rule ID: V0015635 Rule Title: DBMS default accounts should be assigned custom passwords. STIG ID: DG0128 Severity: CAT I Class: Unclass(1) ALTER LOGIN /(1) username (2) WITH PASSWORD [ new password ]?Passwords for DBMS default accounts should be set appropriately CCE-19439-9Rule ID: V0015153 Rule Title: DBMS account passwords should be set to expire every 60 days or more frequently. STIG ID: DG0125 Severity: CAT II Class: Unclass4(1) user name (2) WITH CHECK_EXPIRATION [ ON | OFF ]EDBMS account passwords expiration should be configured appropriately CCE-19842-4Rule ID: V0015614 Rule Title: The DBMS should be configured to clear residual data from memory, data objects and files, and other storage locations. STIG ID: DG0084 Severity: CAT III Class: Unclass@(1) show advanced options (2) common criteria compliance enabledDBMS settings to clear residual data from memory, data objects or files, or other storage locations should be configured appropriately. CCE-19787-1Rule ID: V0015152 Rule Title: DBMS login accounts require passwords to meet complexity requirements. STIG ID: DG0079 Severity: CAT II Class: Unclass (1) ALTER LOGIN (2) CHECK_POLICY (1) login name (2) on/off8Z DBMS login account password complexity requirements should be configured appropriately CCE-19947-1Rule ID: V0015107 Rule Title: DBMS privileges to restore database data or other DBMS configurations, features or objects should be restricted to authorized DBMS accounts. STIG ID: DG0063 Severity: CAT II Class: UnclassF(1) Use the SQL command to assign permissions to the appropriate roles(1) database name DBMS privileges to restore database data or other DBMS configurations, features or objects in a specified database should be configured appropriately. CCE-19778-0Rule ID: V0005685 Rule Title: Required auditing parameters for database auditing should be set. STIG ID: DG0029 Severity: CAT II Class: Unclass(1) EXEC SP_TRACE_SETSTATUS (1) TraceIDORequired auditing parameters for database auditing should be set appropriately CCE-19877-0Rule ID: V0015609 Rule Title: Default demonstration and sample database objects and applications should be removed. STIG ID: DG0014 Severity: CAT II Class: Unclass(1) DROP DATABASE-(1) database_name (2) database_snapshot_nameqDefault demonstration and sample database objects and applications should be available or removed as appropriate. CCE-19872-1Rule ID: V0015608 Rule Title: Access to DBMS software files and directories should not be granted to unauthorized users. STIG ID: DG0009 Severity: CAT II Class: Unclass-(1) set of accounts (2) list of permissions QAccess to DBMS software files and directories should be configured appropriately. CCE-19862-2kRule ID: V0015172 Rule Title: Object permissions should not be assigned to PUBLIC or GUEST. STIG ID: DM6196(1) REVOKE / GRANTK(1) list of permissons (2) [object] (3) [public or guest] (4) dtaabase namelObject permissions assigned to PUBLIC or GUEST for a specified database should be configured appropriately. CCE-19613-9Rule ID: V0015168 Rule Title: Symmetric keys should use a master key, certificate, or asymmetric key to encrypt the key. STIG ID: DM6183 Severity: CATII Class: Unclass(1) ALTER SYMMETRIC KEYl(1) key_name (2) ENCRYPTION (3) [certificate | password | symmetric key | asymmetric key] (4) Database name[ZProtection of symmetric keys for a specified database should be configured appropriately CCE-20019-6Rule ID: V0015162 Rule Title: Database Master Key passwords should not be stored in credentials within the database. STIG ID: DM6180 Severity: CATII Class: Unclass#(1) sp_control_dbmasterkey_password(1) database name jStorage of the database master key password for a speicifed database should be configured appropriately. CCE-19922-4Rule ID: V0015161 Rule Title: The Database Master Key should be encrypted by the Service Master Key where required. STIG ID: DM6179 Severity: CATII Class: Unclass(1) ALTER MASTER KEY 9$(1) encryption option (2) key optionUThe Database Master Key for the specified database should be encrypted appropriately. CCE-19670-9?http://msdn.microsoft.com/en-us/library/ms186937(v=sql.90).aspxRule ID: V0015159 Rule Title: The Database Master key encryption password should meet DoD password complexity requirements. STIG ID: DM6175 Severity: CAT II Class: Unclass (1) ALTER MASTER KEYL(1) | (2) password (3) database name.iThe Database Master key encryption password for a specified database should be configured appropriately CCE-19832-5Rule ID: V0002498 Rule Title : Permissions using the WITH GRANT OPTION should be granted only to DBA or application administrator accounts. STIG ID: DM5144 Severity: CAT II Class: UnclassG(1) list of permissons (2) [object] (3) [user name] (4) [database name]4ePermissions using the WITH GRANT OPTION for a specified database should be configured appropriately CCE-19789-7Rule ID: V0002463 Rule Title: DDL permissions should be granted only to authorized accounts. STIG ID: DM1760 Severity: CAT II Class: Unclass6(1) CREATE (2) ALTER (3) DROP (1) REVOKE/GRANT CONTROL>(1) set of accounts (2) list of permissions (3) database name-cDDL permissions for a specified database and specified account should be configured appropriately CCE-19159-3Rule ID: V0002458 Rule Title: Permissions on system tables should be restricted to authorized accounts. STIG ID: DM1749 Severity: CAT II Class: UnclassYPermissions on system tables for a specified database should be configured appropriately CCE-19173-4Rule ID: V0015142 Rule Title: Asymmetric keys should use DoD PKI Certificates and be protected in accordance with NIST (unclassified data) or NSA (classified data) approved key management and processes. STIG ID: DG0166 Severity: CAT II Class: Unclass.(1) object owners (2) defined by objects DACL((1) set of audits (2) list of permissonsYAuditing of unauthorized access to the asymmetric keys should be configured appropriately CCE-19148-6DEncryption of the asymmetric keys should be configured appropriately CCE-19878-8COwnership of the asymmetric keys should be configured appropriately CCE-19853-1Rule ID: V0015654 Rule Title: DBMS symmetric keys should be protected in accordance with NSA or NIST-approved key management technol< ogy or processes. STIG ID: DG0138 Severity: CAT II Class: Unclass(1) REVOKE / GRANT CONTROL#(1) list of users (2) database namef Access to manage the database master key for a specified database should be configured appropriately. CCE-19571-9Rule ID: V0003823 Rule Title: Custom and GOTS application source code stored in the database should be protected with encryption or encoding. STIG ID: DG0091 Severity: CAT III Class: Unclass(1) ALTER PROCEDUREU(1) [procedure name] (2) WITH ENCRYPTION (3) Custom/GOTS procedures (4) Database Name)x Custom and GOTS application source code for a specified databased should be encrypted or not encrypted as appropriate. CCE-19972-9Rule ID: V0003727 Rule Title: Database applications should be restricted from using static DDL statements to modify the application schema for a specified database. STIG ID: DG0015 Severity: CAT II Class: Unclassx(1) USE [database name] SELECT USER_NAME(uid), name, crdate FROM sysobjects WHERE uid NOT IN (1, 3, 4)(1) list of permissons (2) set of accounts (3) database nameDatabase application permissions allowing DDL statements to modify the application schema for a specified database should be configured appropriately. CCE-19358-1Rule ID: V0015607 Rule Title: Application objects should be owned by accounts authorized for ownership. STIG ID: DG0008 Severity: CAT II Class: Unclass(1)From the query prompt: USE [database name] SELECT DISTINCT u.name FROM sysusers u, sysobjects o WHERE u.uid = o.uid AND u.uid NOT IN ('1', '3', '4')%(1) set of accounts (2) database name_ Application object owner accounts for a specified database should be configured appropriately. CCE-19528-9Rule ID: V0005683 Rule Title: Application object owner accounts should be disabled when not performing installation or maintenance actions. STIG ID: DG0004 Severity: CAT II Class: Unclass6(1) login_name (2) enable/disable (3) default_database"i Application object owner accounts for a specified database should be enabled or disabled as appropriate. CCE-19557-8LDISA STIG SQL 2005 INS Version 8, Release 1.7 Benchmark Date: 27 August 2010KDISA STIG SQL 2005 DB Version 8, Release 1.7 Benchmark Date: 27 August 2010 CCE-19788-9From SQL Server Network Utility: Under Enabled protocols: 1. Select Named Pipes 2. Click on the appropriate option (enable or disable) 3. Click OK ( to save) 4. Click OK (to exit) CCE-19855-6 CCE-19734-3 CCE-19498-5enable/disable(1) HKEY_LOCAL_MACHINE / SOFTWARE / MICROSOFT / MSSQLServer / SQLSERVERAGENT / (Click on the SYSAdminOnly value) or From the SQL Server Enterprise Manager GUI: 1. Connect/expand SQL Server 2. Expand Management 3. Right-click on SQL Server Agent 4. Select Properties 5. Select Job System tab 6. Select or do not select the checkbox for  Only users with SysAdmin privileges can execute CmdExec and ActiveScripting job steps 7. Click Ok.NAccess to CmdExec and ActiveScripting jobs should be configured appropriately. CCE-19398-7 CCE-19989-3 CCE-19835-8 (1) user/role CCE-19735-0,(1) permission (2) object name (3) user name(1) GRANT OR REVOKE CommandNOLE Automation extended stored procedures should be configured appropriately. CCE-19289-8 CCE-19930-7 CCE-19361-57HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ MSSQLServerVSQL Server registry keys and sub-keys permissions should be configured appropriately. CCE-19277-3 CCE-19971-1L(1) Configure the SQL Server Agent account via the Computer Management Tool. CCE-19935-6X (1) Configure the SQL Server Database Service account via the Computer Management Tool. CCE-19831-7>The SQL Mail XPs should be enabled or disabled as appropriate. CCE-19784-8 CCE-19781-4 CCE-19749-1 CCE-19857-2 CCE-19392-0 CCE-19687-3 CCE-19909-1 CCE-19147-8 CCE-19886-1 CCE-19220-3 CCE-19822-6 CCE-19926-5 CCE-19649-3 CCE-19448-0 CCE-19517-2^Application object owner accounts for a specified database should be configured appropriately. CCE-19816-8hApplication object owner accounts for a specified database should be enabled or disabled as appropriate. CCE-20013-9LDISA STIG SQL 2000 INS Version 8, Release 1.7 Benchmark Date: 27 August 2010KDISA STIG SQL 2000 DB Version 8, Release 1.7 Benchmark Date: 27 August 2010CCE Technical MechanismNChapter 4 Additional Security Services IIS Default Samples and Printers pg 78 CCE-19651-98(1) files in %SystemRoot%\System32\Inetsrv\iisadmpwd CCE-19985-1 CCE-19830-9 CCE-20039-4 CCE-19599-0PChapter 1 Internet Information Services Installation Securing the Metabase pg 16BThe required auditing for the file Metabase.bin should be enabled. CCE-19951-3VChapter 3 Services Installation and Administration World Wide Web (WWW) Services pg 43(1) Internet Information Services (IIS) Manager GUI: Server > Right Click on the specified website > Properties > Home Directory tab > Application Protection(1) low, medium, high4IIS Application Protection should be set correctly. CCE-19810-1|The required permissions for the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W3SVC should be assigned. CCE-19434-0<Chapter 4 Additional Security Services Script Mappings pg 75 CCE-19630-3&http://support.microsoft.com/kb/195291c(1) 'SSIExecDisable' key in IIS metabase file (2) cscript adsutil.vbs set w3svc/.../SSIExecDisableBServer Side Includes should be enabled or disabled as appropriate. CCE-19644-48http://technet.microsoft.com/en-us/library/bb878118.aspx`(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W3SVC\Parameters\MaxClientRequestBufferIThe size of the IIS client request buffer should should be set correctly. CCE-19794-7LChapter 1 Internet Information Services Installation Post Installation pg 108The Default IWAM account should be configured correctly. CCE-19378-9KChapter 1 Internet Information Services Installation Post Installation pg 9 CCE-19758-2 CCE-20031-1PThe file auditing for the Metaback directory should be configured appropriately. CCE-19540-45Chapter 4 Additional Security Services Auditing pg 72 CCE-19979-4 CCE-19502-4 CCE-19393-8 CCE-19694-9 CCE-19931-5 CCE-19700-4 CCE-20030-3 CCE-19905-9 CCE-19052-0 CCE-19483-7 CCE-19508-1 CCE-19355-7 CCE-19767-3 CCE-19757-45Chapter 4 Additional Security Services Auditing pg 70PThe file auditing for the directory Web Root should be configured appropriately. CCE-19247-6OThe file auditing for the Inetpub directory should be configured appropriately. CCE-19777-2 CCE-19870-5 CCE-19849-9tChapter 1 Internet Information Services Installation The Default Install Directory Table 1 Permission Settings pg 12 CCE-19925-7 CCE-19755-8 CCE-19953-9 CCE-19693-1 CCE-19812-7 CCE-19874-7 CCE-19743-4NPermissions on %SystemDirectory%\inetsrv\asp.dll should be set appropriately. CCE-19834-1XChapter 1 Internet Information Services Installation The Default Install Directory pg 11SPermissions on the %SystemDirectory%\inetsrv directory should be set appropriately. CCE-19957-0GChapter 1 Internet Information Services Installation IIS Services pg 15BPermissions on the \Inetpub directory should be set appropriately. CCE-19586-7 CCE-19918-2 CCE-19992-7<Chapter 4 Additional Security Services Script Mappings pg 76 CCE-19668-3 CCE-19760-8 CCE-19367-2 CCE-20047-7 CCE-19075-1 CCE-19051-2 CCE-20007-1 CCE-19584-2 CCE-19441-5 CCE-19568-5 CCE-19604-8 CCE-19906-75http://msdn.microsoft.com/ja-jp/library/aa711451.aspx CCE-19851-5[Chapter 2 Internet Ser< vices Manager  Master Properties Master Properties WWW Service pg 23 CCE-19474-6 CCE-19570-1VChapter 3 Services Installation and Administration World Wide Web (WWW) Services pg 46 CCE-19900-0VChapter 3 Services Installation and Administration World Wide Web (WWW) Services pg 42 CCE-19841-68http://technet.microsoft.com/en-us/library/bb742408.aspx CCE-19701-2YChapter 3 Services Installation and Administration World Wide Web (WWW) Services pg 41-42 CCE-19889-5 CCE-20027-9 CCE-19920-8 CCE-19724-4 CCE-19921-6cChapter 3 Services Installation and Administration Summary of Web Server Configuration Issues pg 39 CCE-19952-1[Chapter 2 Internet Services Manager  Master Properties Master Properties WWW Service pg 25 CCE-19973-7[Chapter 2 Internet Services Manager  Master Properties Master Properties WWW Service pg 24 CCE-19795-4 CCE-19728-5^Chapter 2 Internet Services Manager  Master Properties Master Properties WWW Service pg 23-24 CCE-19726-9 CCE-19993-5 CCE-19252-6 CCE-19996-8 CCE-19739-2 CCE-19642-8 CCE-19368-0 CCE-19736-8VChapter 3 Services Installation and Administration World Wide Web (WWW) Services pg 39 CCE-19994-3&http://support.microsoft.com/kb/323972 CCE-19914-1XChapter 1 Internet Information Services Installation The Default Install Directory pg 12(1) Internet Information Services (IIS) Manager GUI: Server > Right Click on the desired website > Properties > Home Directory tab(1) directory name CCE-19709-5 CCE-19747-5cGuide to the Secure Configuration and Administration of Microsoft Internet Information Services 5.01.7 Restricting Access p15O (1) TARGET: Directory directive (2) Apache configuration file: Order directive,(1) Allow,Deny / Deny,Allow / Mutual-failure]The Order directive for the specified Directory directive should be configured appropriately. CCE-28116-2T(1) Apache configuration file: Order directive (in DocumentRoot Directory directive)WThe Order directive for all DocumentRoot directives should be configured appropriately. CCE-28125-3B1.8 Directory Functionality Control with the Options Directive p16V(1) Apache configuration file: Options directive (in DocumentRoot Directory directive)'(1) ExecCGI / -ExecCGI/ +ExecCGI / NoneWThe "ExecCGI" setting of the DocumentRoot should be enabled or disabled as appropriate. CCE-27785-5,1.13 Denial of Service Prevention Tuning p228(1) Apache configuration file: MaxSpareServers directive(1) Number valueJThe Apache "MaxSpareServers" directive should be configured appropriately. CCE-27916-68(1) Apache configuration file: MinSpareServers directiveJThe Apache "MinSpareServers" directive should be configured appropriately. CCE-27654-35(1) Apache configuration file: StartServers directiveGThe Apache "StartServers" directive should be configured appropriately. CCE-28139-4+1.19 Updating Ownership and Permissions p34 (1) via chown (1) group;The htpasswd file should be owned by the appropriate group. CCE-28001-6(1) user5The htpasswd should be owned by the appropriate user. CCE-27502-4RThe Unix permissions of Apache's htpasswd file should be configured appropriately. CCE-27949-7=The httpd.conf file should be owned by the appropriate group. CCE-28109-7<The httpd.conf file should be owned by the appropriate user. CCE-27147-88File permissions for httpd.conf should be set correctly. CCE-28027-1/L1 5. Lock Down the Apache Web User Account p11(1) via /etc/passwd(1) locked/unlockedDThe Apache user account should be locked or unlocked as appropriate. CCE-27924-0*L1 8. User Oriented General Directives p143(1) 'ServerAdmin' line in Apache configuration file(1) email addressFThe Apache Server Administrator email address should be set correctly. CCE-27803-6$L1 14. Authentication Mechanisms p22(1) Directory of htpasswd file(1) directory pathAThe location of the Apache htpasswd file should be set correctly. CCE-27802-8CL1 19. Updating Ownership and Permissions for Enhanced Security p27iThe Windows permissions for all files specified by ErrorLog directives should be configured appropriately CCE-27977-8jThe Windows permissions for all files specified by CustomLog directives should be configured appropriately CCE-28009-94(1) defined by (ServerRoot)\conf\httpd.conf's DACL FAccess to Apache's httpd.conf file should be configured appropriately. CCE-27489-4(L1 16. Limiting HTTP Request Methods p254(1) Apache configuration file: LimitExecpt directive)(1) methods (2) access control directivesBPermitted HTTP request methods should be configured appropriately. CCE-27987-7$L1 13. Access Control Directives p21 (1) Order directiveGThe Order directive for the OS root should be configured appropriately. CCE-27071-0B1.8 Directory Functionality Control with the Options Directive p179L1 15. Directory Functionality/Features Directives p24-251(1) MultiViews / -MultiViews / +MultiViews / NoneYThe"MultiViews" setting of the DocumentRoot should be enabled or disabled as appropriate. CCE-27656-86L1 15. Directory Functionality/Features Directives p24+(1) Includes / -Includes / +Includes / NoneXThe"Includes" setting of the DocumentRoot should be enabled or disabled as appropriate. CCE-27874-7ZThe Unix permissions of Apache's configuration directory should be configred appropriately CCE-28019-8OThe permissions of any Apache files in /var/log/httpd/ should be set correctly. CCE-27537-0IThe permissions for the Apache/var/www/html file should be set correctly. CCE-27997-6MThe permissions for the Apache /usr/sbin/httpd file should be set correctly. CCE-27902-6PThe permissions for the Apache /usr/sbin/apachectl file should be set correctly. CCE-27632-9SThe permissions for the Apache /etc/httpd/conf/passwd file should be set correctly. CCE-27929-9NThe permissions for the Apache /etc/httpd/conf.d file should be set correctly. CCE-27956-22.5 Syslog Logging p44-45L2 4. ErrorLog - Syslog p70-711(1) Apache configuration file: ErrorLog directiveMThe path for Apache sites error log files should be configured appropriately. CCE-28004-0 (1) ownerGThe ownership of the Apache /var/www/html file should be set correctly. CCE-27561-0JThe ownership of the Apache /usr/sbin/httpd file should be set correctly. CCE-27932-3MThe ownership of the Apache /usr/sbin/apachectl file should be set correctly. CCE-27136-1PThe ownership of the Apache /etc/httpd/conf/passwd file should be set correctly. CCE-27036-3KThe ownership of the Apache /etc/httpd/conf.d file should be set correctly. CCE-27970-3MThe ownership of log files in Apache /var/log/httpd/ should be set correctly. CCE-28028-931.6 Creating the Apache User and Group Accounts p14,L1 4. Create the Apache Web User Account p11(1) via /etc/groupHThe group membership of the Apache user account should be set correctly. CCE-27475-3 (1) via chgrpNThe group membership of the Apache /var/www/html file should be set correctly. CCE-27770-7QThe group membership of the Apache /usr/sbin/httpd file should be set correctly. CCE-27832-5TThe group membership of the Apache /usr/sbin/apachectl file should be set correctly. CCE-27988-5WThe group membership of the Apache /etc/httpd/conf/passwd file should be set correctly. CCE-27804-4RThe group membership of the Apache /etc/httpd/conf.d file should be set correctly. CCE-27958-8TThe group membership of any Apache files in /var/log/httpd/ should be set correctly. CCE-27755-81.7 Restricting Access p14-15(1) Deny directive2(1) all | hostname/IP address/environment variable\The Deny directive for the specified Directory directive should be configured appropriately. CCE-27592-5EThe Deny Directive for the OS root sh< ould be configured appropriately CCE-27321-9:2.7 Additional Software Information Leakage Protection p50=L1 11. Web Server Software Obfuscation General Directives p17<(1) Apache configuration file: 'ErrorDocument 500' directive(1) message/documentNThe ApacheErrorDocument directive should be set correctly for HTTP 500 errors. CCE-28026-3<(1) Apache configuration file: 'ErrorDocument 405' directiveNThe ApacheErrorDocument directive should be set correctly for HTTP 405 errors. CCE-27963-8<(1) Apache configuration file: 'ErrorDocument 404' directiveNThe ApacheErrorDocument directive should be set correctly for HTTP 404 errors. CCE-27951-3<(1) Apache configuration file: 'ErrorDocument 403' directiveNThe ApacheErrorDocument directive should be set correctly for HTTP 403 errors. CCE-27867-1<(1) Apache configuration file: 'ErrorDocument 401' directiveNThe ApacheErrorDocument directive should be set correctly for HTTP 401 errors. CCE-27029-8*L1 8. User Oriented General Directives p13-(1) Apache configuration file: User directive (1) user name2The Apache User directive should be set correctly. CCE-27942-2(1) allowed/not allowedIThe Apache user account should be allowed root privileges as appropriate. CCE-27983-61.17 Logging p31%L1 17. Logging General Directives p262(1) Apache configuration file: CustomLog directive/(1) File path | pipe (2) LogFormat | nickname =The Apache system logging should be configured appropriately. CCE-27739-201.16 Software Information Leakage Protection p298(1) Apache configuration file: ServerSignature directive(1) On/Off/EMailAThe Apache ServerSignature directive should be set appropriately. CCE-27896-0'1.11 Restrict HTTP Protocol Version p194L1 21. Deny HTTP TRACE Requests with Mod_Rewrite p336(1) Apache configuration file: RewriteEngine directive (1) off/onQThe Apache runtime rewriting engine should be enabled or disabled as appropriate. CCE-27324-3.(1) Apache configuration file: Group directive(1) group name3The Apache Group directive should be set correctly. CCE-27939-8<(1) Apache configuration file: 'ErrorDocument 400' directiveOThe Apache ErrorDocument directive should be set correctly for HTTP 400 errors. CCE-27960-46(1) Apache configuration file: AllowOverride directiveB(1) AuthConfig / FileInfo / Indexes / Limit / Options / All / NonedThe Apache AllowOverride directive should be configured appropriately for web site root directories. CCE-27701-2lThe Apache AllowOverride Directive should be configured appropriately for operating system root directories. CCE-27823-41.17 Logging p302(1) Apache configuration file: LogFormat directive(1) LogFormat Format String^The Apache access log file data should be configured to contain the appropriate data elements. CCE-27855-6,1.13 Denial of Service Prevention Tuning p21BL1 10. Denial of Service (DoS) Protective General Directives pg 160(1) Apache configuration file: Timeout directive(1) Number value (in seconds)BThe Apache "Timeout" directive should be configured appropriately. CCE-27790-55(1) Apache configuration file: ServerTokens directive9(1) Prod[uctOnly] / Major / Minor / Min[imal] / OS / FullGThe Apache "ServerTokens" directive should be configured appropriately. CCE-27863-03(1) Apache configuration file: MaxClients directiveEThe Apache "MaxClients" directive should be configured appropriately. CCE-27264-11(1) Apache configuration file: LogLevel directive?(1) debug / info / notice / warn / error / crit / alert / emergCThe Apache "LogLevel" directive should be configured appropriately. CCE-27805-1*1.14 Buffer Overflow Protection Tuning p24%L2 7. Buffer Overflow Protections p429(1) Apache configuration file: LimitRequestLine directive(1) Number value (in bytes) KThe Apache "LimitRequestline" directive should be configured appropriatley. CCE-28008-1B(1) Apache configuration file: LimitRequestFieldSizeBody directive(1) Number value (in bytes)TThe Apache "LimitRequestFieldSizeBody" directive should be configured appropriately. CCE-27025-6;(1) Apache configuration file: LimitRequestFields directiveLThe Apache "LimitRequestFields" directive should be configured appropriately CCE-27962-0*1.14 Buffer Overflow Protection Tuning p239(1) Apache configuration file: LimitRequestBody directiveKThe Apache "LimitRequestBody" directive should be configured appropriately. CCE-28018-09(1) Apache configuration file: KeepAliveTimeout directiveKThe Apache "KeepAliveTimeout" directive should be configured appropriately. CCE-27797-02(1) Apache configuration file: KeepAlive directive (1) On / OffDThe Apache "KeepAlive" directive should be configured appropriately. CCE-27969-5(1) Allow directive]The Allow directive for the specified Directory directive should be configured appropriately. CCE-27505-7FThe Allow Directive for the OS root should be configured appropriately CCE-27784-8((1) Indexes / -Indexes / +Indexes / NoneWThe "Indexes" setting of the DocumentRoot should be enabled or disabled as appropriate. CCE-27484-5=(1) IncludesNoExec / -IncludesNoExec / +IncludesNoExec / None^The "IncludesNOEXEC" setting of the DocumentRoot should be enabled or disabled as appropriate. CCE-27991-96L1 15. Directory Functionality/Features Directives p23=(1) FollowSymLinks / -FollowSymLinks / +FollowSymLinks / None^The "FollowSymLinks" setting of the DocumentRoot should be enabled or disabled as appropriate. CCE-27885-31.18 Remove Default Content p33/L1 18. Remove Default/Unneeded Apache Files p27(1) cgi-script directory+testcgi should be installed as appropriate. CCE-27923-2I(1) (ServerRoot)\cgi-bin\printenv.pl (2) (ServerRoot)/cgi-bin/printenv.pl(1) exist / not existKApache's demo CGI printenv.pl should be available or removed as appropriate CCE-27582-6IApache's configuration directory should be owned by the appropriate user. CCE-27713-7JApache's configuration directory should be owned by the appropriate group. CCE-27905-9\CIS Security Configuration Benchmark For Apache Web Server 2.2.0 Version 2.2.0 November 2008MCIS Apache Benchmark for Unix For Apache Versions 1.3 and 2.0 Levels I and II CCE-28045-3 CCE-28252-5 CCE-28165-9 CCE-28080-0 CCE-27653-5 CCE-28260-8 CCE-28263-2 CCE-28173-3 CCE-28230-1 CCE-28157-6 CCE-28211-1 CCE-28210-3 CCE-27945-5 CCE-27346-6 CCE-27281-5 CCE-28249-1 CCE-28132-9 CCE-27645-1 CCE-28151-9 CCE-28187-3 CCE-27834-1 CCE-28259-0 CCE-28024-8 CCE-28159-2 CCE-28002-4 CCE-28224-4 CCE-28003-2 CCE-28191-5 CCE-28220-2 CCE-27530-5 CCE-27927-3 CCE-27454-8 CCE-27953-9 CCE-27894-5 CCE-28057-8 CCE-27765-7 CCE-27783-0 CCE-27975-2 CCE-28235-0 CCE-27438-1 CCE-28229-3Rule Title: The ScoreBoard file must be properly secured. STIG ID: WA00535 W22 Rule ID: SV-33178r1_rule Vuln ID: V-26322 Severity: CAT II Class: UnclassRApache's Scoreboard file's Windows permissions should be configured appropriately. CCE-27466-2Rule Title: The process ID (PID) file must be properly secured. STIG ID: WA00530 W22 Rule ID: SV-33177r1_rule Vuln ID: V-26305 Severity: CAT II Class: UnclassYApache's process ID (PID) file's Windows permissions should be configured appropriately. CCE-27732-7Rule Title: The web server, although started by superuser or privileged account, must run using a non-privileged account. STIG ID: WG275 W22 Rule ID: SV-36607r1_rule Vuln ID: V-13619 Severity: CAT II Class: UnclassR(1) My Computer / Manage / Configuration / Local Users and Groups / 1(1) Account type: ( privileged / non privileged )=The Apache web server be run with the appropriate privileges. CCE-27816-8Rule Title: Wscript.exe and Cscript.exe must only be accessible by the SA and/or the web administrator. STIG ID: WG470 W22 Rule ID: SV-33095r1_rule Vuln ID: V-2264 Severity: CAT II Class: Unclass;(1) defined by the %SystemRoot%\System32\cscript.exe DACL ZThe required permissions for the file %SystemRoot%\System32\cscript.exe should be assigned CCE-28056-0< ;(1) defined by the %SystemRoot%\System32\wscript.exe DACL ZThe requried permssions for the file %SystemRoot%\System32\wscript.exe should be assigned. CCE-28195-6Rule Title: Web server system files must conform to minimum file permission requirements. STIG ID: WG300 W22 Rule ID: SV-33078r1_rule Vuln ID: V-2259 Severity: CAT II Class: UnclassWThe Windows permissions of Apache's /htdocs directory should be configred appropriately CCE-28188-1UThe Windows permissions of Apache's /logs directory should be configred appropriately CCE-28005-7TThe Windows permissions of Apache's /bin directory should be configred appropriately CCE-28147-7WThe Windows permissions of Apache's /config directory should be configred appropriately CCE-27271-6pThe Windows permissions for all directories specified by ServerRoot directives should be configred appropriately CCE-28134-5Rule Title: The web client account access to the content and scripts directories must be limited to read and execute. STIG ID: WG290 W22 Rule ID: SV-33136r1_rule Vuln ID: V-2258 Severity: CAT I Class: UnclassmThe Windows permissions for all directories specified by Alias directives should be configured appropriately. CCE-27575-0tThe Windows permissions for all directories specified by DocumentRoot directives should be configured appropriately. CCE-27226-0xThe Windows permissions for all directories specified by ScriptAliasMatch directives should be configured appropriately. CCE-27605-5sThe Windows permissions for all directories specified by ScriptAlias directives should be configured appropriately. CCE-28114-7Rule Title: The web server s htpasswd files (if present) must reflect proper ownership and permissions. STIG ID: WG270 W22 Rule ID: SV-36561r1_rule Vuln ID: V-2255 Severity: CAT II Class: Unclass\The Windows permissions of Apache's htpasswd.exe file(s) should be configured appropriately. CCE-27990-1Rule Title: Log file access must be restricted to System Administrators, Web Administrators or Auditors. STIG ID: WG250 W22 Rule ID: SV-33135r1_rule Vuln ID: V-2252 Severity: CAT II Class: Unclass CCE-28042-0 CCE-27412-6Rule Title: Web administration tools must be restricted to the web manager and the web manager s designees. STIG ID: WG220 W22 Rule ID: SV-33072r1_rule Vuln ID: V-2248 Severity: CAT II Class: Unclass CCE-27628-7Rule Title: The service account used to run the web service must have its password changed at least annually. STIG ID: WG060 W22 Rule ID: SV-36489r1_rule Vuln ID: V-2235 Severity: CAT II Class: UnclassaThe maximum password age setting for Apache's service account should be configured appropriately. CCE-28007-3Rule Title: Web content directories must not be anonymously shared. STIG ID: WG210 W22 Rule ID: SV-33109r1_rule Vuln ID: V-2226 Severity: CAT II Class: Unclass(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\NullSessionShares (2) defined by Local or Group Policy(1) Set of sharesYAnonymous sharing of Apache's web content directories should be configured appropriately. CCE-28033-9Rule Title: HTTP request methods must be limited. STIG ID: WA00565 W22 Rule ID: SV-33238r1_rule Vuln ID: V-26396 Severity: CAT II Class: UnclassRule Title: HTTP request methods must be limited. STIG ID: WA00565 A22 Rule ID: SV-33236r1_rule Vuln ID: V-26396 Severity: CAT II Class: Unclass CCE-28091-7Rule Title: The ability to override the access configuration for the OS root directory must be disabled. STIG ID: WA00547 W22 Rule ID: SV-33237r1_rule Vuln ID: V-26393 Severity: CAT II Class: UnclassRule Title: The ability to override the access configuration for the OS root directory must be disabled. STIG ID: WA00547 A22 Rule ID: SV-33232r1_rule Vuln ID: V-26393 Severity: CAT II Class: Unclass CCE-28070-1Rule Title: Automatic directory indexing must be disabled. STIG ID: WA00515 W20 Rule ID: SV-36620r1_rule Vuln ID: V-26368 Severity: CAT II Class: UnclassRule Title: Automatic directory indexing must be disabled. STIG ID: WA00515 A22 Rule ID: SV-33219r1_rule Vuln ID: V-26368 Severity: CAT II Class: Unclass3(1) Apache configuration file: LoadModule directive(1) autoindex_moduleJAutomatic directory indexing should be enabled or disabled as appropriate. CCE-28111-3Rule Title: The URL-path name must be set to the file path name or the directory path name. STIG ID: WA00560 W22 Rule ID: SV-33185r1_rule Vuln ID: V-26327 Severity: CAT II Class: UnclassRule Title: The URL-path name must be set to the file path name or the directory path name. STIG ID: WA00560 A22 Rule ID: SV-33229r1_rule Vuln ID: V-26327 Severity: CAT II Class: Unclass4(1) Apache configuration file: ScriptAlias directive'(1) url-path (2) TARGET: directory pathOThe ScriptAlias for the specified directory should be configured appropriately. CCE-28163-4Rule Title: The web server must be configured to listen on a specific IP address and port. STIG ID: WA00555 W22 Rule ID: SV-33184r1_rule Vuln ID: V-26326 Severity: CAT II Class: UnclassRule Title: The web server must be configured to listen on a specific IP address and port. STIG ID: WA00555 A22 Rule ID: SV-33228r1_rule Vuln ID: V-26326 Severity: CAT II Class: Unclass/(1) Apache configuration file: Listen directive(1) port number;Apache's listening port should be configured appropriately. CCE-27419-1(1) IP-addressAApache's listening IP address should be configured appropriately. CCE-28152-7Rule Title: The TRACE method must be disabled. STIG ID: WA00550 W22 Rule ID: SV-33183r1_rule Vuln ID: V-26325 Severity: CAT II Class: UnclassRule Title: The TRACE method must be disabled. STIG ID: WA00550 A22 Rule ID: SV-33227r1_rule Vuln ID: V-26325 Severity: CAT II Class: Unclass4(1) Apache configuration file: TraceEnable directive(1) on / off / extendedFThe Apache "TraceEnable" directive should be configured appropriatley. CCE-27748-3Rule Title: Web server options for the OS root must be disabled. STIG ID: WA00545 A22 Rule ID: SV-33213r1_rule Vuln ID: V-26324 Severity: CAT II Class: UnclassQ(1) Apache configuration file: Options directive (in OS root Directory directive)O(1) SymLinksIfOwnerMatch / -SymLinksIfOwnerMatch / +SymLinksIfOwnerMatch / NonezThe Apache "SymLinksIfOwnerMatch" setting for all "Options" directives for the OS root should be configured appropriately. CCE-27769-9pThe Apache "MultiViews" setting for all "Options" directives for the OS root should be configured appropriately. CCE-28206-1mThe Apache "Indexes" setting for all "Options" directives for the OS root should be configured appropriately. CCE-27762-4tThe Apache "IncludesNoExec" setting for all "Options" directives for the OS root should be configured appropriately. CCE-28037-0nThe Apache "Includes" setting for all "Options" directives for the OS root should be configured appropriately. CCE-28064-4tThe Apache "FollowSymLinks" setting for all "Options" directives for the OS root should be configured appropriately. CCE-28113-9mThe Apache "ExecCGI" setting for all "Options" directives for the OS root should be configured appropriately. CCE-27982-8Rule Title: The web server must be configured to explicitly deny access to the OS root. STIG ID: WA00540 W22 Rule ID: SV-33180r1_rule Vuln ID: V-26323 Severity: CAT II Class: UnclassRule Title: The web server must be configured to explicitly deny access to the OS root. STIG ID: WA00540 A22 Rule ID: SV-33226r1_rule Vuln ID: V-26323 Severity: CAT II Class: Unclass CCE-27853-1 CCE-27572-7 CCE-28102-2Rule Title: The ScoreBoard file must be properly secured. STIG ID: WA00535 A22 Rule ID: SV-33223r1_rule Vuln ID: V-263< 22 Severity: CAT II Class: UnclassHApache's scoreboard (PID) file should be owned by the appropriate group. CCE-27606-3AApache's scoreboard file should be owned by the appropriate user. CCE-27715-2OApache's Scoreboard file's Unix permissions should be configured appropriately. CCE-27999-2Rule Title: The process ID (PID) file must be properly secured. STIG ID: WA00530 A22 Rule ID: SV-33222r1_rule Vuln ID: V-26305 Severity: CAT II Class: UnclassHApache's process ID (PID) file should be owned by the appropriate group. CCE-27670-9GApache's process ID (PID) file should be owned by the appropriate user. CCE-28038-8VApache's process ID (PID) file's Unix permissions should be configured appropriately. CCE-28120-4Rule Title: User specific directories must not be globally enabled. STIG ID: WA00525 W20 Rule ID: SV-36614r1_rule Vuln ID: V-26302 Severity: CAT II Class: UnclassRule Title: User specific directories must not be globally enabled. STIG ID: WA00525 A22 Rule ID: SV-33221r1_rule Vuln ID: V-26302 Severity: CAT II Class: Unclass(1) userdir_moduleGUser-specific directories should be enabled or disabled as appropriate. CCE-27827-5Rule Title: The web server must not be configured as a proxy server. STIG ID: WA00520 W20 Rule ID: SV-36613r1_rule Vuln ID: V-26299 Severity: CAT II Class: UnclassRule Title: The web server must not be configured as a proxy server. STIG ID: WA00520 A22 Rule ID: SV-33220r1_rule Vuln ID: V-26299 Severity: CAT II Class: Unclass(1) proxy_connect_moduleKApache's proxy_connect_module should be enabled or disabled as appropriate. CCE-28067-7(1) proxy_http_moduleHApache's proxy_http_module should be enabled or disabled as appropriate. CCE-27846-5(1) proxy_ftp_moduleGApache's proxy_ftp_module should be enabled or disabled as appropriate. CCE-28075-0(1) proxy_moduleCApache's proxy_module should be enabled or disabled as appropriate. CCE-28182-4Rule Title: Web server status module will be disabled. STIG ID: WA00510 W20 Rule ID: SV-36612r1_rule Vuln ID: V-26294 Severity: CAT II Class: UnclassRule Title: Web server status module will be disabled. STIG ID: WA00510 A22 Rule ID: SV-33218r1_rule Vuln ID: V-26294 Severity: CAT II Class: Unclass(1) status_moduleDApache's status_module should be enabled or disabled as appropriate. CCE-27789-7(1) info_moduleBApache's info_module should be enabled or disabled as appropriate. CCE-28200-4Rule Title: Web Distributed Authoring and Versioning (WebDAV) must be disabled. STIG ID: WA00505 W20 Rule ID: SV-36611r1_rule Vuln ID: V-26287 Severity: CAT II Class: UnclassRule Title: Web Distributed Authoring and Versioning (WebDAV) must be disabled. STIG ID: WA00505 A22 Rule ID: SV-33216r1_rule Vuln ID: V-26287 Severity: CAT II Class: Unclass(1) dav_fs_modulemWeb Distributed Authoring and Versioning (WebDav) dav_fs_module should be enabled or disabled as appropriate. CCE-27946-3(1) dav_modulejWeb Distributed Authoring and Versioning (WebDav) dav_module should be enabled or disabled as appropriate. CCE-27207-0Rule Title: The LogLevel directive must be enabled. STIG ID: WA00620 W22 Rule ID: SV-33153r1_rule Vuln ID: V-26282 Severity: CAT II Class: UnclassRule Title: The LogLevel directive must be enabled. STIG ID: WA00620 A22 Rule ID: SV-33207r1_rule Vuln ID: V-26282 Severity: CAT II Class: Unclass CCE-27814-3Rule Title: System logging must be enabled. STIG ID: WA00615 W22 Rule ID: SV-33151r1_rule Vuln ID: V-26281 Severity: CAT II Class: UnclassRule Title: System logging must be enabled. STIG ID: WA00615 A22 Rule ID: SV-33206r1_rule Vuln ID: V-26281 Severity: CAT II Class: Unclass CCE-27798-8Rule Title: Error logging must be enabled. STIG ID: WA00605 W22 Rule ID: SV-33147r1_rule Vuln ID: V-26279 Severity: CAT II Class: UnclassRule Title: Error logging must be enabled. STIG ID: WA00605 A22 Rule ID: SV-33192r1_rule Vuln ID: V-26279 Severity: CAT II Class: Unclass CCE-27847-3Rule Title: The HTTP request line must be limited. STIG ID: WA000-WWA066 W22 Rule ID: SV-33011r1_rule Vuln ID: V-13739 Severity: CAT II Class: UnclassRule Title: The HTTP request line must be limited. STIG ID: WA000-WWA066 A22 Rule ID: SV-32768r1_rule Vuln ID: V-13739 Severity: CAT II Class: Unclass CCE-28106-3Rule Title: The HTTP request header field size must be limited. STIG ID: WA000-WWA064 W22 Rule ID: SV-33010r1_rule Vuln ID: V-13738 Severity: CAT II Class: UnclassRule Title: The HTTP request header field size must be limited. STIG ID: WA000-WWA064 A22 Rule ID: SV-32766r1_rule Vuln ID: V-13738 Severity: CAT II Class: Unclass CCE-27907-5Rule Title: The HTTP request header fields must be limited. STIG ID: WA000-WWA062 W22 Rule ID: SV-33009r1_rule Vuln ID: V-13737 Severity: CAT II Class: UnclassRule Title: The HTTP request header fields must be limited. STIG ID: WA000-WWA062 A22 Rule ID: SV-32757r1_rule Vuln ID: V-13737 Severity: CAT II Class: Unclass CCE-27646-9Rule Title: The HTTP request message body size must be limited. STIG ID: WA000-WWA060 W22 Rule ID: SV-33008r1_rule Vuln ID: V-13736 Severity: CAT II Class: UnclassRule Title: The HTTP request message body size must be limited. STIG ID: WA000-WWA060 A22 Rule ID: SV-32756r1_rule Vuln ID: V-13736 Severity: CAT II Class: Unclass+G66 CCE-28089-1Rule Title: Directory indexing must be disabled on directories not containing index files. STIG ID: WA000-WWA058 A22 Rule ID: SV-32755r1_rule Vuln ID: V-13735 Severity: CAT II Class: Unclass0(1) Apache configuration file: Options directive]The Apache "Indexes" setting for all "Options" directives should be configured appropriately. CCE-27737-6Rule Title: The MultiViews directive must be disabled. STIG ID: WA000-WWA056 A22 Rule ID: SV-32754r1_rule Vuln ID: V-13734 Severity: CAT II Class: Unclass`The Apache "MultiViews" setting for all "Options" directives should be configured appropriately. CCE-28100-6Rule Title: Server side includes (SSIs) must run with execution capability disabled. STIG ID: WA000-WWA054 A22 Rule ID: SV-32753r1_rule Vuln ID: V-13733 Severity: CAT I Class: UnclassdThe Apache "IncludesNoExec" setting for all "Options" directives should be configured appropriately. CCE-28101-4^The Apache "Includes" setting for all "Options" directives should be configured appropriately. CCE-28183-2Rule Title: The FollowSymLinks setting must be disabled. STIG ID: WA000-WWA052 A22 Rule ID: SV-40129r1_rule Vuln ID: V-13732 Severity: CAT II Class: UnclassdThe Apache "FollowSymLinks" setting for all "Options" directives should be configured appropriately. CCE-28066-9Rule Title: The httpd.conf MaxClients directive must be set properly. STIG ID: WA000-WWA032 A22 Rule ID: SV-36649r1_rule Vuln ID: V-13730 Severity: CAT II Class: Unclass CCE-27188-2Rule Title: The httpd.conf MaxSpareServers directive must be set properly. STIG ID: WA000-WWA030 A22 Rule ID: SV-36648r1_rule Vuln ID: V-13729 Severity: CAT III Class: Unclass CCE-28133-7Rule Title: The httpd.conf MinSpareServers directive must be set properly. STIG ID: WA000-WWA028 A22 Rule ID: SV-36646r1_rule Vuln ID: V-13728 Severity: CAT II Class: Unclass CCE-27989-3Rule Title: The httpd.conf StartServers directive must be set properly. STIG ID: WA000-WWA026 A22 Rule ID: SV-36645r1_rule Vuln ID: V-13727 Severity: CAT II Class: Unclass CCE-27479-5Rule Title: The KeepAliveTimeout directive must be defined. STIG ID: WA000-WWA024 W22 Rule ID: SV-32880r1_rule Vuln ID: V-13726 Severity: CAT II Class: UnclassRule Title: The KeepAliveTimeout directive must be defined. STIG ID: WA000-WWA024 A22 Rule ID: SV-32877r1_rule Vuln ID: V-13726 Severity: CAT II Class: Unclass CCE-27938-0Rule Title: The KeepAlive directive must be enabled. STIG ID: WA000-WWA022 W22 Rule ID: SV-32987r1_rule Vuln ID: V-13725 Severity: CAT II Class: UnclassRule Title: The KeepAlive directive must be enabled. STIG ID: WA000-WWA022 A22 Rule ID: SV-32844r1_rule Vuln ID: V-13725 Severity: CAT II Class: Unclass CCE-27148-6Rule Title: T< he Timeout directive must be properly set. STIG ID: WA000-WWA020 W22 Rule ID: SV-32980r1_rule Vuln ID: V-13724 Severity: CAT II Class: UnclassRule Title: The Timeout directive must be properly set. STIG ID: WA000-WWA020 A22 Rule ID: SV-32977r1_rule Vuln ID: V-13724 Severity: CAT II Class: Unclass CCE-28143-6Rule Title: Log file data must contain required data elements. STIG ID: WG242 W22 Rule ID: SV-28654r2_rule Vuln ID: V-13688 Severity: CAT II Class: UnclassRule Title: Log file data must contain required data elements. STIG ID: WG242 A22 Rule ID: SV-36642r1_rule Vuln ID: V-13688 Severity: CAT II Class: Unclass CCE-28010-7Rule Title: All web server documentation, sample code, example applications, and tutorials must be removed from a production web server. STIG ID: WG385 W22 Rule ID: SV-33087r1_rule Vuln ID: V-13621 Severity: CAT I Class: UnclassRule Title: All web server documentation, sample code, example applications, and tutorials must be removed from a production web server. STIG ID: WG385 A22 Rule ID: SV-32933r1_rule Vuln ID: V-13621 Severity: CAT I Class: Unclass CCE-28034-7'(1) manual in the Server Root directoryIAll Apache's online manual should be available or removed as appropriate. CCE-27835-8Rule Title: Web server and/or operating system information must be protected. STIG ID: WG520 W22 Rule ID: SV-33098r1_rule Vuln ID: V-6724 Severity: CAT III Class: UnclassRule Title: Web server and/or operating system information must be protected. STIG ID: WG520 A22 Rule ID: SV-36672r1_rule Vuln ID: V-6724 Severity: CAT III Class: Unclass CCE-27821-8Rule Title: A private web server must utilize TLS v 1.0 or greater. STIG ID: WG340 W20 Rule ID: SV-36740r1_rule Vuln ID: V-2262 Severity: CAT II Class: UnclassRule Title: A private web server must utilize TLS v 1.0 or greater. STIG ID: WG340 A22 Rule ID: SV-33029r1_rule Vuln ID: V-2262 Severity: CAT II Class: Unclass2(1) Apache configuration file: SSLEngine directiveBThe Apache SSLEngine directive should be configured appropriately. CCE-27980-24(1) Apache configuration file: SSLProtocol directive(1) SSLv2 / SSLv3 / TLSv1 / AllDThe Apache SSLProtocol directive should be configured appropriately. CCE-28104-8(1) ssl_moduleAApache's ssl_module should be enabled or disabled as appropriate. CCE-28137-8Rule Title: A private web server must not respond to requests from public search engines. STIG ID: WG310 W22 Rule ID: SV-28798r2_rule Vuln ID: V-2260 Severity: CAT II Class: UnclassRule Title: A private web server must not respond to requests from public search engines. STIG ID: WG310 A22 Rule ID: SV-33028r1_rule Vuln ID: V-2260 Severity: CAT II Class: Unclass(1) robots.txt-(1) User-Agent (2) Disallowed path(s)|file(s)]The Apache site's robots.txt should be configured to disallow paths and files as appropriate. CCE-28044-6Rule Title: Web server system files must conform to minimum file permission requirements. STIG ID: WG300 A22 Rule ID: SV-32938r1_rule Vuln ID: V-2259 Severity: CAT II Class: UnclassEApache's /cgi-bin directory should be owned by the appropriate group. CCE-28030-5DApache's /cgi-bin directory should be owned by the appropriate user. CCE-28068-5UThe Unix permissions of Apache's /cgi-bin directory should be configred appropriately CCE-28115-4DApache's /htdocs directory should be owned by the appropriate group. CCE-27984-4CApache's /htdocs directory should be owned by the appropriate user. CCE-28035-4TThe Unix permissions of Apache's /htdocs directory should be configred appropriately CCE-27643-6BApache's /logs directory should be owned by the appropriate group. CCE-27979-4AApache's /logs directory should be owned by the appropriate user. CCE-28126-1RThe Unix permissions of Apache's /logs directory should be configred appropriately CCE-28046-1AApache's /bin directory should be owned by the appropriate group. CCE-27914-1@Apache's /bin directory should be owned by the appropriate user. CCE-27742-6QThe Unix permissions of Apache's /bin directory should be configred appropriately CCE-28006-5 CCE-28069-3 CCE-28119-6 CCE-28055-2\All directories specified by ServerRoot directives should be owned by the appropriate group. CCE-27647-7[All directories specified by ServerRoot directives should be owned by the appropriate user. CCE-27871-3mThe Unix permissions for all directories specified by ServerRoot directives should be configred appropriately CCE-27957-0Rule Title: The web client account access to the content and scripts directories must be limited to read and execute. STIG ID: WG290 A22 Rule ID: SV-33027r1_rule Vuln ID: V-2258 Severity: CAT I Class: UnclassWAll directories specified by Alias directives should be owned by the appropriate group. CCE-28117-0VAll directories specified by Alias directives should be owned by the appropriate user. CCE-27933-1jThe Unix permissions for all directories specified by Alias directives should be configured appropriately. CCE-27620-4^All directories specified by DocumentRoot directives should be owned by the appropriate group. CCE-27499-3]All directories specified by DocumentRoot directives should be owned by the appropriate user. CCE-28107-1qThe Unix permissions for all directories specified by DocumentRoot directives should be configured appropriately. CCE-27811-9bAll directories specified by ScriptAliasMatch directives should be owned by the appropriate group. CCE-28146-9aAll directories specified by ScriptAliasMatch directives should be owned by the appropriate user. CCE-27611-3uThe Unix permissions for all directories specified by ScriptAliasMatch directives should be configured appropriately. CCE-28084-2]All directories specified by ScriptAlias directives should be owned by the appropriate group. CCE-28020-6\All directories specified by ScriptAlias directives should be owned by the appropriate user. CCE-28141-0pThe Unix permissions for all directories specified by ScriptAlias directives should be configured appropriately. CCE-28013-1Rule Title: The web server s htpasswd files (if present) must reflect proper ownership and permissions. STIG ID: WG270 A22 Rule ID: SV-36478r1_rule Vuln ID: V-2255 Severity: CAT II Class: Unclass CCE-27981-0 CCE-28071-9 CCE-27795-4Rule Title: Log file access must be restricted to System Administrators, Web Administrators or Auditors. STIG ID: WG250 A22 Rule ID: SV-33033r1_rule Vuln ID: V-2252 Severity: CAT II Class: UnclassSAll files specified by ErrorLog directives should be owned by the appropriate group CCE-27889-5RAll files specified by ErrorLog directives should be owned by the appropriate user CCE-27888-7fThe Unix permissions for all files specified by ErrorLog directives should be configured appropriately CCE-28059-4TAll files specified by CustomLog directives should be owned by the appropriate group CCE-27976-0SAll files specified by CustomLog directives should be owned by the appropriate user CCE-27906-7gThe file permissions for all files specified by CustomLog directives should be configured appropriately CCE-27967-9Rule Title: Logs of web server access and errors must be established and maintained. STIG ID: WG240 W20 Rule ID: SV-36668r1_rule Vuln ID: V-2250 Severity: CAT II Class: UnclassRule Title: Logs of web server access and errors must be established and maintained. STIG ID: WG240 A22 Rule ID: SV-33025r1_rule Vuln ID: V-2250 Severity: CAT II Class: Unclass(1) log_config_moduleHApache's log_config_module should be enabled or disabled as appropriate. CCE-27955-4Rule Title: Web administration tools must be restricted to the web manager and the web manager s designees. STIG ID: WG220 A22 Rule ID: SV-3294< 8r1_rule Vuln ID: V-2248 Severity: CAT II Class: Unclass CCE-27952-1 CCE-28118-8 CCE-27490-2Rule Title: Each readable web document directory must contain either a default, home, index, or equivalent file. STIG ID: WG170 W22 Rule ID: SV-33107r1_rule Vuln ID: V-2245 Severity: CAT III Class: UnclassRule Title: Each readable web document directory must contain either a default, home, index, or equivalent file. STIG ID: WG170 A22 Rule ID: SV-33020r1_rule Vuln ID: V-2245 Severity: CAT III Class: UnclassH(1) Directories (from Apache configuration file: DocumentRoot directive)iAll readable Apache web document directories should have their default webpage configured appropriately. CCE-28122-0Rule Title: The number of allowed simultaneous requests must be set. STIG ID: WG110 W22 Rule ID: SV-33105r1_rule Vuln ID: V-2240 Severity: CAT II Class: UnclassRule Title: The number of allowed simultaneous requests must be set. STIG ID: WG110 A22 Rule ID: SV-33018r1_rule Vuln ID: V-2240 Severity: CAT II Class: Unclass=(1) Apache configuration file: MaxKeepAliveRequests directivePThe Apachce "MaxKeepAliveRequests" directive should be configured appropriately. CCE-27660-0Rule Title: All interactive programs must be placed in a designated directory with appropriate permissions. STIG ID: WG400 W22 Rule ID: SV-36644r1_rule Vuln ID: V-2228 Severity: CAT II Class: UnclassRule Title: All interactive programs must be placed in a designated directory with appropriate permissions. STIG ID: WG400 A22 Rule ID: SV-6928r4_rule Vuln ID: V-2228 Severity: CAT II Class: Unclass CCE-28090-9Rule Title: Web content directories must not be anonymously shared. STIG ID: WG210 A22 Rule ID: SV-33022r1_rule Vuln ID: V-2226 Severity: CAT II Class: Unclass(1) via /etc/samba/smb.confbAnonymous sharing of Apache's web content directories with smb should be configured appropriately. CCE-27251-8(1) via /etc/exportsbAnonymous sharing of Apache's web content directories with nfs should be configured appropriately. CCE-28000-8Rule Title: MIME types for csh or sh shell programs must be disabled. STIG ID: WG370 A22 Rule ID: SV-36309r1_rule Vuln ID: V-2225 Severity: CAT II Class: Unclass3(1) Apache configuration file: AddHandler directive(1) handler-name (2) extensionCThe Apache AddHandler directive should be configured appropriately. CCE-28092-5/(1) Apache configuration file: Action directive(1) action-type (2) cgi-script>The Apache Action directive shoud be configured appropriately. CCE-28025-5NDISA STIG Apache SERVER 2.0 for Windows Release: 1 Benchmark Date: 23 Nov 2011LDISA STIG Apache SITE 2.0 for Windows Release: 1 Benchmark Date: 23 Nov 2011KDISA STIG Apache SERVER 2.0 for Unix Release: 1 Benchmark Date: 23 Nov 2011IDISA STIG Apache SITE 2.0 for Unix Release: 1 Benchmark Date: 23 Nov 20111.5.6 Remove Default CGI Content test-cgi (Level 1, Scorable) Remove the test-cgi default CGI in cgi-bin directory if it is installed. # rm $APACHE_PREFIX/cgi-bin/test-cgi Page 39-40 CCE-27913-3Q1.4.2 Allow Appropriate Access to Web Content (Level 1, Not Scorable) Search the Apache configuration files (httpd.conf and any included configuration files) to find all <Directory> and <Location> elements & Include the appropriate Allow and Deny directives, with values that are appropriate for the purposes of the directory. Page 28-29 CCE-27023-1 CCE-26965-41.4.2 Allow Appropriate Access to Web Content (Level 1, Not Scorable) Search the Apache configuration files (httpd.conf and any included configuration files) to find all <Directory> and <Location> elements & Add a single Order directive and set the value to deny, allow. Page 28-29 CCE-27313-61.5.7 Limit HTTP Request Methods (Level 1, Scorable) Search for the <Directory> directive on the document root directory & Ensure that the access control order within the <Directory> directive is allow, deny. Order allow,deny Page 41 CCE-27882-01.5.2 Restrict Options for the Web Root Directory (Level 1, Scorable) Add or modify any existing Options directive to have a value of None or Multiviews, if multiviews are needed. Page 34 CCE-27897-8 CCE-27944-8 CCE-27382-1 CCE-27509-9 CCE-27892-9 CCE-27519-8 CCE-27901-8 CCE-26955-5 CCE-27935-6 CCE-27915-8 CCE-27273-2 CCE-27217-9 CCE-27462-1 CCE-27601-4 CCE-27497-71.3.6 Core Dump Directory Security (Level 1, Scorable) must have no read-write-search access permission for other users. # chmod o-rwx /var/log/httpd Page 23 CCE-27943-01.3.6 Core Dump Directory Security (Level 1, Scorable) must be owned by root and have a group ownership of the Apache group (as defined via the Group directive) # chown root:apache /var/log/httpd Page 23 CCE-27422-5 CCE-27714-5 CCE-27854-9 CCE-27841-6 CCE-27856-4 CCE-27837-4 CCE-27700-4 CCE-27302-91.3.1 Run the Apache Web Server as a non-root user (Level 1, Scorable) Although Apache typically is started with root privileges in order to listen on port 80 and 443, it can and should run as another non-root user in order to perform the web services. Page 19 CCE-27722-8 CCE-27878-81.3.3 Lock the Apache User Account (Level 1, Scorable) Use the passwd command to lock the apache account: # passwd -l apache Page 21 CCE-27781-4 CCE-27817-6 CCE-27860-6 CCE-27390-4 CCE-27680-8 CCE-27910-9 CCE-27791-31.5.9 Restrict HTTP Protocol Versions (Level 1, Scorable) Add the RewriteEngine directive to the configuration within the global server context with the value of on so that the rewrite engine is enabled. RewriteEngine On Page 43-44 CCE-27903-41.8.2 Limit Information in the Server Signature (Level 1, Scorable) Add or modify the ServerSignature directive as shown below to have the value of Off: ServerSignature Off Page 68-69 CCE-27883-81.3.1 Run the Apache Web Server as a non-root user (Level 1, Scorable) Configure the Apache user and group in the Apache configuration file httpd.conf: Group apache Page 19 CCE-27566-91.3.1 Run the Apache Web Server as a non-root user (Level 1, Scorable) Configure the Apache user and group in the Apache configuration file httpd.conf: User apache Page 19 CCE-27756-61.5.10 Restrict Access to .ht* files (Level 1, Scorable) Also a common name for web password and group files is .htpasswd and .htgroup. Neither of these files should be placed in the document root Page 45 CCE-27667-5z1.3.9 ScoreBoard File Security (Level 1, Scorable) Change the ownership and group to be root:root, if not already. Page 26 CCE-27859-8 CCE-27815-01.3.9 ScoreBoard File Security (Level 1, Scorable) Change the permissions so that the directory is only writable by root, or the user under which apache initially starts up (default is root), Page 26 CCE-27126-2s1.3.8 Pid File Security (Level 1, Scorable) Change the ownership and group to be root:root, if not already. Page 25 CCE-27930-7 CCE-27851-51.3.8 Pid File Security (Level 1, Scorable) Change the permissions so that the directory is only writable by root, or the user under which apache initially starts up (default is root), Page 25 CCE-27696-4 CCE-27848-1 CCE-27810-1 CCE-27449-8 CCE-27435-71.3.4 Apache Directory and File Ownership (Level 1, Scorable) The Apache directories and files should be owned by roo< t with the root (or root equivalent) group. Page 21-22 CCE-27820-0 CCE-27919-01.3.5 Apache Directory and File Permissions (Level 1, Scorable) The permission on the Apache directories should be rwxr-xr-x (755) and the file permissions should be similar except not executable if executable is not appropriate. Page 22-23 CCE-27793-91.3.4 Apache Directory and File Ownership (Level 1, Scorable) the Apache web document root ($APACHE_PREFIX/htdocs) are likely to need a designated group to allow web content to be updated (such as webupdate) through a change management process. Page 21 CCE-27866-31.3.4 Apache Directory and File Ownership (Level 1, Scorable) The Apache directories and files should be owned by root with the root (or root equivalent) group. Page 21 CCE-27699-81.3.5 Apache Directory and File Permissions (Level 1, Scorable) The permission on the Apache directories should be rwxr-xr-x (755) and the file permissions should be similar except not executable if executable is not appropriate. & exception in some cases may have a designated group with write access for the Apache web document root ($APACHE_PREFIX/htdocs) are likely to need a designated group to allow web content to be updated. CCE-27041-3 CCE-27602-2 CCE-27818-4 CCE-27540-4 CCE-27685-7 CCE-27709-5M1.3.5 Apache Directory and File Permissions (Level 1, Scorable) Perform the following to set the permissions on the $APACHE_PREFIX directories, and then remove other read permissions on the bin directory and its contents: 23 | P a g e # chmod  R u=rwX,g=rX,o=rX $APACHE_PREFIX # chmod  R u=rwX,g=rX,o=X $APACHE_PREFIX/bin Page 22-23 CCE-27911-7 CCE-27800-2 CCE-27833-3 CCE-26950-6 CCE-27826-7 CCE-27548-7 CCE-27787-1 CCE-27460-5 CCE-27672-5 CCE-27627-9 CCE-27664-2 CCE-27492-8 CCE-27772-3 CCE-27384-7 CCE-27884-6 CCE-27619-6 CCE-27777-2 CCE-27282-3 CCE-27292-2 CCE-27873-9 CCE-27332-6 CCE-27481-1 CCE-27494-4 CCE-27724-4 CCE-27864-8 CCE-27876-2 CCE-27304-5 CCE-27400-1 CCE-27648-5 CCE-27890-3 CCE-27000-9 CCE-27612-1 CCI-001362 CCI-001588 CCI-000381!AC-3(4).1 CM-6.1 (ii) CM-7.1 (ii) CCE-27677-41.5.7 Limit HTTP Request Methods (Level 1, Scorable) For normal web server operation, you will typically need to allow only the GET, HEAD and POST request methods. Page 40-41 CCE-27776-4y1.4.3 Restrict OverRide for the OS Root Directory (Level 1, Scorable) Set the value for AllowOverride to None. Page 30-31 CCE-27536-2Rule Title: Automatic directory indexing must be disabled. STIG ID: WA00515 W22 Rule ID: SV-33225r1_rule Vuln ID: V-26368 Severity: CAT II Class: Unclass1.2.5 Disable Autoindex module (Level 1, Scorable) For source builds with static modules run the Apache ./configure script with the --disable-autoindex configure script options. $ cd $DOWNLOAD/httpd-2.2.22 $ ./configure  disable-autoindex b) For dynamically loaded modules comment out or remove the LoadModule directive for mod_autoindex module the from the httpd.conf file. ## LoadModule autoindex_module modules/mod_autoindex.so Page 14-15 CCE-27759-0 CCE-27733-51.9.3 Restrict Listen Directive (Level 2, Scorable) The Apache Listen directive specifies the IP addresses and port numbers the Apache web server will listen for requests. Rather than be unrestricted to listen on all IP addresses available to the system, the specific IP address or addresses intended should be explicitly specified. Specifically a Listen directive with no IP address specified, or with an IP address of zeros should not be used. Page 74 CCE-27246-8 CCE-27862-2#1.5.8 Disable HTTP TRACE Method (Level 1, Scorable) Add a TraceEnable directive to the server level configuration with a value of off. Server level configuration is the top level configuration, not nested within any other directives like or . TraceEnable off Page 42-43 CCE-27531-3Rule Title: Web server options for the OS root must be disabled. STIG ID: WA00545 W22 Rule ID: SV-33182r1_rule Vuln ID: V-26324 Severity: CAT II Class: Unclasso1.5.1 Restrict Options for the OS Root Directory (Level 1, Scorable) Set the value for Options to None. Page 33 CCE-27806-9 CCE-27692-3 CCE-27545-3 CCE-27506-5 CCE-27679-0 CCE-27134-6 CCE-27067-81.4.1 Deny Access to OS Root Directory (Level 1, Scorable) Ensure there is a Deny directive, and set the value to from all. allow Page 27 CCE-27684-01.4.1 Deny Access to OS Root Directory (Level 1, Scorable) Remove any Allow directives from the root element. allow Page 27 CCE-27415-91.4.1 Deny Access to OS Root Directory (Level 1, Scorable) Ensure there is a single Order directive and set the value to deny, allow Page 27 CCE-27510-7 CCE-27819-2 CCE-27845-7Rule Title: User specific directories must not be globally enabled. STIG ID: WA00525 W22 Rule ID: SV-33175r1_rule Vuln ID: V-26302 Severity: CAT II Class: Unclass1.2.7 Disable User Directories Modules (Level 1, Scorable) 1. For source builds with static modules run the Apache ./configure script with the --disable-userdir configure script options. $ cd $DOWNLOAD/httpd-2.2.22 $ ./configure --disable-userdir 2. For dynamically loaded modules comment out or remove the LoadModule directive for mod_userdir module from the httpd.conf file. ##LoadModule userdir_module modules/mod_userdir.so Page 17 CCE-27682-4Rule Title: The web server must not be configured as a proxy server. STIG ID: WA00520 W22 Rule ID: SV-33173r1_rule Vuln ID: V-26299 Severity: CAT II Class: Unclass1.2.6 Disable Proxy Modules (Level 1, Scorable) a) For source builds with static modules run the Apache ./configure script without including the mod_proxy in the --enable-modules= configure script options. $ cd $DOWNLOAD/httpd-2.2.22 $ ./configure b) For dynamically loaded modules comment out or remove the LoadModule directive for mod_proxy module and all other proxy modules the from the httpd.conf file. ##LoadModule proxy_balancer_module modules/mod_proxy_balancer.so Page 16(1) proxy_balancer_moduleLApache's proxy_balancer_module should be enabled or disabled as appropriate. CCE-27887-91.2.6 Disable Proxy Modules (Level 1, Scorable) a) For source builds with static modules run the Apache ./configure script without including the mod_proxy in the --enable-modules= configure script options. $ cd $DOWNLOAD/httpd-2.2.22 $ ./configure b) For dynamically loaded modules comment out or remove the LoadModule directive for mod_proxy module and all other proxy modules the from the httpd.conf file. ##LoadModule proxy_connect_module modules/mod_proxy_ajp.so Page 16(1) proxy_ajp_moduleFApache's proxy_ajp_module should be enabled or disabled as appropriate CCE-27824-21.2.6 Disable Proxy Modules (Level 1, Scorable) a) For source builds with static modules run the Apache ./configure script without including the mod_proxy in the --enable-modules= configure script options. $ cd $DOWNLOAD/httpd-2.2.< 22 $ ./configure b) For dynamically loaded modules comment out or remove the LoadModule directive for mod_proxy module and all other proxy modules the from the httpd.conf file. ##LoadModule proxy_connect_module modules/mod_proxy_connect.so Page 16 CCE-27579-21.2.6 Disable Proxy Modules (Level 1, Scorable) a) For source builds with static modules run the Apache ./configure script without including the mod_proxy in the --enable-modules= configure script options. $ cd $DOWNLOAD/httpd-2.2.22 $ ./configure b) For dynamically loaded modules comment out or remove the LoadModule directive for mod_proxy module and all other proxy modules the from the httpd.conf file. ##LoadModule proxy_http_module modules/mod_proxy_http.so Page 16 CCE-27881-21.2.6 Disable Proxy Modules (Level 1, Scorable) a) For source builds with static modules run the Apache ./configure script without including the mod_proxy in the --enable-modules= configure script options. $ cd $DOWNLOAD/httpd-2.2.22 $ ./configure b) For dynamically loaded modules comment out or remove the LoadModule directive for mod_proxy module and all other proxy modules the from the httpd.conf file. ##LoadModule proxy_ftp_module modules/mod_proxy_ftp.so Page 16 CCE-27788-91.2.6 Disable Proxy Modules (Level 1, Scorable) a) For source builds with static modules run the Apache ./configure script without including the mod_proxy in the --enable-modules= configure script options. $ cd $DOWNLOAD/httpd-2.2.22 $ ./configure b) For dynamically loaded modules comment out or remove the LoadModule directive for mod_proxy module and all other proxy modules the from the httpd.conf file. ##LoadModule proxy_module modules/mod_proxy.so Page 16 CCE-27825-9Rule Title: Web server status module will be disabled. STIG ID: WA00510 W22 Rule ID: SV-33171r1_rule Vuln ID: V-26294 Severity: CAT II Class: Unclass1.2.4 Disable Status module (Level 1, Scorable) a) For source builds with static modules run the Apache ./configure script with the --disable-status configure script options. $ cd $DOWNLOAD/httpd-2.2.22 $ ./configure --disable-status b) For dynamically loaded modules comment out or remove the LoadModule directive for the mod_status module from the httpd.conf file. ##LoadModule status_module modules/mod_status.so page 14 CCE-27357-31.2.8 Disable Info module (Level 1, Scorable) a) For source builds with static modules run the Apache ./configure script without including the mod_info in the --enable-modules= configure script options. $ cd $DOWNLOAD/httpd-2.2.22 $ ./configure b) For dynamically loaded modules comment out or remove the LoadModule directive for the mod_info module from the httpd.conf file. ##LoadModule info_module modules/mod_info.so Page 185(1) Apache configuration file: LoadModule directive CCE-27852-3Rule Title: Web Distributed Authoring and Versioning (WebDAV) must be disabled. STIG ID: WA00505 W22 Rule ID: SV-33169r1_rule Vuln ID: V-26287 Severity: CAT II Class: Unclass(1) dav_lock_moduleoWeb Distributed Authoring and Versioning (WebDav) dav_lock_module should be enabled or disabled as appropriate. CCE-27583-4$1.2.3 Disable WebDAV modules (Level 1, Scorable) For dynamically loaded modules comment out or remove the LoadModule directive for mod_dav, and mod_dav_fs modules the from the httpd.conf file. ##LoadModule dav_module modules/mod_dav.so ##LoadModule dav_fs_module modules/mod_dav_fs.so page 13 CCE-27861-4 CCE-27132-0~1.6.1 Configure the Error Log (Level 1, Scorable) Add or modify the LogLevel in the apache configuration to have a value of notice or lower. Note that is it is compliant to have a value of info or debug if there is a need for a more verbose log and the storage and monitoring processes are capable of handling the extra load. The recommended value is notice. LogLevel notice page 50 CCE-27879-61.6.2 Configure the Access Log (Level 1, Scorable) Add or modify the CustomLog directives in the Apache configuration to use the combined format with an appropriate log file, syslog facility or piped logging utility. CustomLog log/access_log combined Add a similar CustomLog directives for each virtual host configured if the virtual host will have different people responsible for the web site. Each responsible individual or organization needs access to their own web logs, and needs the skills/training/tools for monitor the logs. page 51 CCE-27794-7 1.6.1 Configure the Error Log (Level 1, Scorable) Add an ErrorLog directive if not already configured. The file path may be relative or absolute, or the logs may be configured to be sent to a syslog server. ErrorLog "logs/error_log" Add a similar ErrorLog directive for each virtual host configured if the virtual host will have different people responsible for the web site. Each responsible individual or organization needs access to their own web logs, and needs the skills/training/tools for monitor the logs. page 50 CCE-27822-61.9.2 Buffer Overflow Mitigation (Level 2, Scorable) Add or modify the LimitRequestline directive in the Apache configuration to have a value of 512 or shorter. LimitRequestline 512 page 72 CCE-27426-61.9.2 Buffer Overflow Mitigation (Level 2, Scorable) Add or modify the LimitRequestFieldsize directive in the Apache configuration to have a value of 1024 or less. LimitRequestFieldsize 1024 page 73 CCE-27554-531.9.2 Buffer Overflow Mitigation (Level 2, Scorable) Add or modify the LimitRequestFields directive in the Apache configuration to have a value of 100 or less. If the directive is not present the default depends on a compile time configuration, but defaults to a value of 100. LimitRequestFields 100 page 73 CCE-27741-8Q1.9.2 Buffer Overflow Mitigation (Level 2, Scorable) Add or modify the LimitRequestBody directive in the Apache configuration to have a value of 102400 (100K) or less. Please read the Apache documentation so that it is understood that this directive will limit the size of file up-loads to the web server. LimitRequestBody 102400 page 73 CCE-27618-8Rule Title: Directory indexing must be disabled on directories not containing index files. STIG ID: WA000-WWA058 W22 Rule ID: SV-33006r1_rule Vuln ID: V-13735 Severity: CAT II Class: Unclass1.5.3 Minimize Options for Other Directories (Level 1, Scorable) Indexes  The Indexes option causes automatic generation of indexes, if the default index page is missing, and should be disabled unless required. Page 35 CCE-27657-6Rule Title: The MultiViews directive must be disabled. STIG ID: WA000-WWA056 W22 Rule ID: SV-33004r1_rule Vuln ID: V-13734 Severity: CAT II Class: Unclass1.5.3 Minimize Options for Other Directories (Level 1, Scorable) Multiviews  Is appropriate if content negotiation is required such as for multiple language are supported. Page 35 CCE-27757-4Rule Title: Server side includes (SSIs) must run with execution capability disabled. STIG ID: WA000-WWA054 W22 Rule ID: SV-33003r1_rule Vuln ID: V-13733 Severity: CAT I Class: Unclass 1.5.3 Minimize Options for Other Directories Includes & IncludesNOEXEC  The IncludesNOEXEC option should only be needed when server side includes are required. The full Includes option should not be used as it also allows execution of arbitrary shell commands. Page 35 CCE-27666-7 CCE-27764-0Rule Title: The FollowSymLinks setting must be disabled. STIG ID: WA000-WWA052 W22 Rule ID: SV-33001r1_rule Vuln ID: V-13732 Severity: CAT II Class: Unclass1.5.3 Minimize Options for Other Directories (Level 1< , Scorable) FollowSymLinks & SymLinksIfOwnerMatch  The following of symbolic links is not recommended and should be disabled if possible. Page 35 CCE-27877-01.9.1 Denial of Service Mitigation (Level 1, Scorable) Add or modify the KeepAliveTimeout directive in the Apache configuration to have a value of 15 or less. KeepAliveTimeout 15 page 71 CCE-27330-01.9.1 Denial of Service Mitigation (Level 1, Scorable) Add or modify the KeepAlive directive in the Apache configuration to have a value of On, so that Keepalive connections are enabled. KeepAlive On page 71 CCE-27456-31.9.1 Denial of Service Mitigation (Level 1, Scorable) Add or modify the Timeout directive in the Apache configuration to have a value of 10 seconds or shorter. Timeout 10 page 71 CCE-27688-11.6.2 Configure the Access Log (Level 1, Scorable) Add or modify the LogFormat directives in the Apache configuration to use the standard and recommended combined format show as shown below. LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" combined CCE-27639-41.5.5 Remove Default CGI Content printenv (Level 1, Scorable) Remove the printenv default CGI in cgi-bin directory if it is installed. # rm $APACHE_PREFIX/cgi-bin/printenv page 39 CCE-27870-51.5.4 Remove Default HTML Content (Level 1, Scorable) Remove the Apache user manual content or comment out configurations referencing the manual # yum erase httpd-manual page 37 CCE-27469-6 CCE-27686-51.8.1 Limit Information in the Server Token (Level 1, Scorable) Add or modify the ServerTokens directive as shown below to have the value of Prod or ProductOnly: ServerTokens Prod page 68 CCE-27380-5 CCE-27598-2 CCE-27753-3Rule Title: A private web server must utilize TLS v 1.0 or greater. STIG ID: WG340 W22 Rule ID: SV-14297r4_rule Vuln ID: V-2262 Severity: CAT II Class: Unclass CCE-27576-81.7.4 Restrict weak SSL Protocols and Ciphers (Level 1, Scorable) Add or modify the following line in the Apache server level configuration and every virtual host that is SSL enabled: SSLProtocol -ALL +SSLv3 +TLSv1 p65 CCE-27740-01.7.1 Install mod_ssl and/or mod_nss (Level 1, Scorable) Ensure the mod_ssl and/or mod_nss is loaded in the Apache configuration: # httpd -M | egrep 'ssl_module|nss_module' p59 CCE-27872-1 CCE-27773-1 CCE-27813-5 CCE-27306-0 CCE-27829-1 CCE-27240-1 CCE-27843-2 CCE-27771-5 CCE-27840-8 CCE-27705-3 CCE-27799-6 CCE-27599-0 CCE-27750-9 CCE-27839-0Rule Title: Logs of web server access and errors must be established and maintained. STIG ID: WG240 W22 Rule ID: SV-33132r1_rule Vuln ID: V-2250 Severity: CAT II Class: Unclass 1.2.2 Enable the Log Config Module (Level 1, Scorable) For dynamically loaded modules, add or modify the LoadModule directive so that it is present in the apache configuration as below and not commented out : LoadModule log_config_module modules/mod_log_config.so p12 CCE-27782-2 CCE-27780-6 CCE-27745-91.9.1 Denial of Service Mitigation (Level 1, Scorable) Add or modify the MaxKeepAliveRequests directive in the Apache configuration to have a value of 100 or more. p71 CCE-27830-9 CCE-27868-9 CCE-27516-4 CCE-27779-8KDISA STIG Apache SERVER 2.2 for Unix Release: 1 Benchmark Date: 23 Nov 2011IDISA STIG Apache SITE 2.2 for Unix Release: 1 Benchmark Date: 23 Nov 2011NDISA STIG Apache SERVER 2.2 for Windows Release: 1 Benchmark Date: 23 Nov 2011LDISA STIG Apache SITE 2.2 for Windows Release: 1 Benchmark Date: 23 Nov 2011\CIS Security Configuration Benchmark For Apache Web Server 2.2 Version 3.1.0 June 11th, 2012Chttp://tomcat.apache.org/tomcat-4.1-doc/security-manager-howto.htmlE(1) catalina.policy: java.security.AllPermissions in a grant element.((1) TARGET: codebase (2) exist/not existEAll permissions for the specified codebase should exist or not exist. CCE-27559-4 SDID: APS0410 Category: II VULID: V0006209 MAC/Confidentiality Levels: MAC I  CSP, MAC II  CSP, MAC III  CSP IA Controls: ECAR-1, ECAR-2, ECAR-3 SDID Description: Application server does not adequately log security related events. Reference: Application Services STIG, Section 3.4.3 (1) server.xml: verbosityo(1) TARGET: Logger element (2) 0 (fatal messages only), 1 (errors), 2 (warnings), 3 (information), or 4 (debug)RThe verbosity for the specified Logger element should be configured appropriately. CCE-27721-0(1) server.xml: prefix%(1) TARGET: Logger element (2) stringTThe file prefix for the specified Logger element should be configured appropriately. CCE-27523-0&SDID: ASG0520 Category: II VULID: V0006211 MAC/Confidentiality Levels: MAC I  CSP, MAC II  CSP, MAC III  CSP IA Controls: ECLP-1 SDID Description: The application server process runs with privileges not necessary for proper operation. Reference: Application Services STIG, Appendix B.3.5 ;Tomcat should be run with the appropriate group membership. CCE-27253-4/Tomcat should be run by the appropriate account CCE-27431-6SDID: AST0610 Category: II VULID: V0006217 MAC/Confidentiality Levels: MAC I  CSP, MAC II  CSP, MAC III  CSP IA Controls: DCSQ-1 SDID Description: Application server default content has not been removed. Reference: Application Services STIG, Appendix B.6 (1) located at conf/server.xml?The example server.xml file should be installed as appropriate. CCE-27383-9:http://tomcat.apache.org/tomcat-4.0-doc/config/logger.html#(1) server.xml: directory attribute(1) Logger element (2) pathbThe location of the log files directory for the specified Logger element should be set correctly. CCE-27658-4>http://tomcat.apache.org/tomcat-4.1-doc/config/connectors.html(1) server.xml: port attributeX(1) TARGET: Connector (org.apache.catalina.connector.warp.WarpConnector) (2) port numberIThe port number for the specified WARP connector should be set correctly. CCE-27693-1r(1) server.xml: '' elementNThe Tomcat WARP protocol handler should be enabled or disabled as appropriate. CCE-27202-1M(1) TARGET: Connector (org.apache.jk.server.JkCoyoteHandler) (2) port numberTThe port number for the specified JK/JK2 AJP 1.3 connector should be set correctly. CCE-27368-0f(1) server.xml: '' elementXThe Tomcat JK/JK2 AJP 1.3 protocol handler should be enabled or disabled as appropriate. CCE-27560-2r(1) server.xml: secure attribute in a '' elementP(1) TARGET: Connector (org.apache.coyote.tomcat4.CoyoteConnector) (2) true/false^The secure attribute for the specified Tomcat HTTP/1.1 connector should be set as appropriate. CCE-27405-0S(1) TARGET: Connector (org.apache.coyote.tomcat4.CoyoteConnector) (2) port number UThe port number for the specified Tomcat HTTP/1.1 connector should be set correctly. CCE-27719-4^(1) '' element in server.xml(1) exist/not exist KThe Tomcat HTTP/1.1 connector should be enabled or disabled as appropriate.< CCE-27836-6SDID: AST0310 Category: II VULID: V0006204 MAC/Confidentiality Levels: MAC I  CSP, MAC II  CSP, MAC III  CSP IA Controls: ECCR-1, ECCR-2 SDID Description: Sensitive application data is not adequately protected at rest. Reference: Application Services STIG, Appendix B.3 k(1) 'digest' attribute inside '' element in server.xml(1) SHA/MD2/MD5HThe JNDIRealm (LDAP) password digest should be configured appropriately. CCE-27796-2lThe password digest algorithm for JNDIRealm (LDAP) connections should be enabled or disabled as appropriate. CCE-27420-9k(1) 'digest' attribute inside '' element in server.xmlJThe JDBCRealm (database) password digest algorithm should be set correctly CCE-27865-5pThe password digest algorithm for JDBCRealm (database) connections should be enabled or disabled as appropriate. CCE-27730-1SDID: AST0340 Category: II VULID: V0006207 MAC/Confidentiality Levels: MAC I  CSP, MAC II  CSP, MAC III  CSP IA Controls: ECCR-1, ECCR-2 SDID Description: OS level file permissions are not adequately restrictive. Reference: Application Services STIG, Appendix B.2 FThe permissions for the tomcat-users.xml file should be set correctly. CCE-27591-7?The group of the tomcat-users.xml file should be set correctly. CCE-26893-8?The owner of the tomcat-users.xml file should be set correctly. CCE-27312-8GThe permissions for the Tomcat conf/ directory should be set correctly. CCE-27725-1@The group of the Tomcat conf/ directory should be set correctly. CCE-27695-6@The owner of the Tomcat conf/ directory should be set correctly. CCE-27578-4SThe Unix permissions for the Tomcat installation directory should be set correctly. CCE-27546-1JThe group of the Tomcat installation installation should be set correctly. CCE-27501-6GThe owner of the Tomcat installation directory should be set correctly. CCE-27631-1SDID: AST0820 Category: II VULID: V0006225 MAC/Confidentiality Levels: MAC I  CSP, MAC II  CSP, MAC III  CSP IA Controls: ECLP-1 SDID Description: Admin and Manager Web Applications are not adequately restrictive. Reference: Application Services STIG, Section 3.4.1 Rule Title: Access to web administration tools is restricted to the web manager and the web manager s designees. STIG ID: WG220 Rule ID: SV-2248r5_rule Vuln ID:V-2248 Severity: CAT II Class: Unclassz(1) Tomcat manager.xml: element inside the element(1) list of IPsBAccess to the Tomcat manager app should be allowed as appropriate. CCE-27604-8r(1) Tomcat manager.xml: element inside the AAccess to the Tomcat manager app should be denied as appropriate. CCE-27650-1x(1) Tomcat admin.xml: element inside the element@Access to the Tomcat Admin app should be allowed as appropriate. CCE-27622-0p(1) Tomcat admin.xml: element inside the ?Access to the Tomcat Admin app should be denied as appropriate. CCE-27517-2J(1) Tomcat admin.xml: element inside a element(1) security role name@Security roles for the Tomcat admin app should be set correctly. CCE-27663-4L(1) Tomcat manager.xml: element inside a elementBSecurity roles for the Tomcat manager app should be set correctly. CCE-27678-2$SDID: APS0140 Category: II VULID: V0006202 MAC/Confidentiality Levels: MAC I  CSP, MAC II  CSP, MAC III  CSP IA Controls: IAIA-1, ECLO-2 SDID Description: Application server s client authentication process is inadequate. Reference: Application Services STIG, Appendix B.4.2, B.4.3, B.4.4)(1) Tomcat web.xml: element!(1) BASIC/FORM/DIGEST/CLIENT_CERT?The Tomcat login authentication method should be set correctly. CCE-27441-5X(1) TARGET: Connector (org.apache.catalina.connector.http.HttpConnector) (2) port number[The port number for the specified Tomcat Legacy HTTP/1.1 connector should be set correctly. CCE-27702-0q(1) server.xml: '' elementYThe Tomcat Legacy HTTP/1.1 protocol handler should be enabled or disabled as appropriate. CCE-27616-2M(1) TARGET: Connector (org.apache.ajp.tomcat4.Ajp13Connector) (2) port number]The port number for the specified Tomcat Legacy JK AJP 1.3 connector should be set correctly. CCE-27697-2f(1) server.xml: '' element[The Tomcat Legacy JK AJP 1.3 protocol handler should be enabled or disabled as appropriate. CCE-27716-0,SDID: APS0560 Category: II VULID: V0012322 MAC/Confidentiality Levels: MAC I  CSP, MAC II  CSP, MAC III  CSP IA Controls: DCFA-1 SDID Description: Interfaces between the application server and external systems are not identified and secured. Reference: Application Services STIG, Section 3.2.6 3(1) server.xml: Port atribute in the Server element>The Tomcat server shutdown port number should be set correctly CCE-27242-7SDID: AST0560 Category: 1 VULID: V0006215 MAC/Confidentiality Levels: MAC I  CSP, MAC II  CSP, MAC III  CSP IA Controls: ECRC-1 SDID Description: Application Security Manager is not turned on. Reference: Application Services STIG, Appendix B.3.5 k(1) '-security' command-line parameter on Tomcat startup (2) -Djava.security.manager command line parameterZTomcat should be configured to run with or without the Java Security Manager upon startup. CCE-27671-7,(1) catalina.policy file under Catalina HomeMThe Java Security Manager (JSM) should be enabled or disabled as appropriate. CCE-27369-8Jhttp://tomcat.apache.org/tomcat-4.1-doc/config/valve.html#Access_Log_ValveRule Title: Log file data must contain required data elements. STIG ID: WG242 Rule ID: SV-14282r3_rule Vuln ID:V-13688 Severity: CAT II Class: UnclassE(1) $CATALINA_BASE\\METAINF\context.xml # pattern attribute3(1) %a/%A/%b/%B/%h/%H/%l/%m/%p/%q/%r/%s/%t/%u/%U/%v< ]The Apache Tomcat pattern attribute should be configured to log the appropriate data elements CCE-27720-2Rule Title: All web server documentation, sample code, example applications, and tutorials will be removed from a production web server. STIG ID: WG385 Rule ID: SV-14207r2_rule Vuln ID:V-13621 Severity: CAT I Class: Unclass#(1) $CATALINA_HOME/webapps/balancerRThe Apache Tomcat's balancer folder should be available or removed as appropriate. CCE-27549-5#(1) $CATALINA_HOME/webapps/examplesRThe Apache Tomcat's examples folder should be available or removed as appropriate. CCE-27322-7!(1) $CATALINA_HOME/webapps/webdavPThe Apache Tomcat's webdav folder should be available or removed as appropriate. CCE-27744-2*(1) $CATALINA_HOME/webapps/servlet-exampleSThe Apache Tomcat's servlet examples should be available or removed as appropriate. CCE-27436-5&(1) $CATALINA_HOME/webapps/js-examplesNThe Apache Tomcat's js examples should be available or removed as appropriate. CCE-27518-0&(1) $CATALINA_HOME/webapps/tomcat-docsXThe Apache Tomcat's server documentation should be available or removed as appropriate. CCE-27718-6Rule Title: The web server, although started by superuser or privileged account, will run using a non-privileged account. STIG ID: WG275 Rule ID: SV-30685r1_rule Vuln ID:V-13619 Severity: CAT II Class: UnclassPThe account running the Apache Tomcat service should be configured appropriately CCE-27284-9Rhttp://tomcat.apache.org/tomcat-4.1-doc/config/coyote.html#Standard ImplementationRule Title: Web server and/or operating system information will be protected. STIG ID: WG520 Rule ID: SV-6938r4_rule Vuln ID:V-6724 Severity: CAT III Class: Unclass`(1) server attribute defined in Apache Tomcat configuration file: $CATALINA_HOME/conf/server.xml(1) custom string valueTThe Apache Tomcat server attribute for all Connectors should be configured correctly CCE-27640-2Rule Title: Wscript.exe and Cscript.exe are accessible by users other than the SA and the web administrator. STIG ID: WG470 Rule ID: SV-2264r4_rule Vuln ID:V-2264 Severity: CAT II Class: Unclass CCE-27416-7 CCE-27613-96http://tomcat.apache.org/tomcat-4.1-doc/ssl-howto.htmlRule Title: A private web server will utilize TLS v 1.0 or greater. STIG ID: WG340 Rule ID: SV-2262r6_rule Vuln ID:V-2262 Severity: CAT II Class: UnclassC(1) Apache Tomcat configuration file: Listener\SSLEngine attribute (1) true / falseMThe Apache Tomcat Listener SSLEngine attribute should be configured correctly CCE-26790-6C(1) Apache Tomcat configuration file: Connector\SSLEngine attributeSThe Apache Tomcat Connector SSLEngine attribute should be configured appropriately. CCE-27711-1SDID: APS0110 Category: II VULID: V0006199 MAC/Confidentiality Levels: MAC I  CSP, MAC II  CSP, MAC III  CSP IA Controls: DCBP-1, IATS-2 SDID Description: Application server does not utilize a Public Key Infrastructure (PKI). Reference: Application Services STIG, Section 3.5 <(1) Apache Tomcat configuration file: SSLProtocol attribute JThe Apache Tomcat SSLProtocol atribute should be configured appropriately. CCE-27344-1Rule Title: A private web server will not respond to requests from public search engines. STIG ID: WG310 Rule ID: SV-2260r5_rule Vuln ID:V-2260 Severity: CAT III Class: Unclass(1) via robots.txtdThe Apache Tomcat site's robots.txt should be configured to disallow paths and files as appropriate. CCE-27630-32http://tomcat.apache.org/tomcat-4.1-doc/README.txtRule Title: Web server system files will conform to minimum file permission requirements. STIG ID: WG300 Rule ID: SV-2259r7_rule Vuln ID:V-2259 Severity: CAT II Class: Unclass?(1) set of accounts (2) list of permissions (3) applicabilityTThe permissions of Apache Tomcat's /temp directory should be configred appropriately CCE-27298-9TThe permissions of Apache Tomcat's /work directory should be configred appropriately CCE-27453-0WThe permissions of Apache Tomcat's /webapps directory should be configred appropriately CCE-27569-3VThe permissions of Apache Tomcat's /shared directory should be configred appropriately CCE-27587-5VThe permissions of Apache Tomcat's /server directory should be configred appropriately CCE-27698-0TThe permissions of Apache Tomcat's /logs directory should be configred appropriately CCE-27683-2TThe permissions of Apache Tomcat's /conf directory should be configred appropriately CCE-27621-2VThe permissions of Apache Tomcat's /common directory should be configred appropriately CCE-26996-9SThe permissions of Apache Tomcat's /bin directory should be configred appropriately CCE-27649-3[The permissions of Apache Tomcat's installation directory should be configred appropriately CCE-27248-4Rule Title: The web client account access to the content and scripts directories will be limited to read and execute. STIG ID: WG290 Rule ID: SV-2258r5_rule Vuln ID:V-2258 Severity: CAT I Class: UnclassJThe permissions for \webapps directory should be configured appropriately. CCE-27735-06http://tomcat.apache.org/tomcat-4.1-doc/cgi-howto.htmlJThe permissions for \cgi-bin directory should be configured appropriately. CCE-27728-5:http://tomcat.apache.org/tomcat-4.1-doc/config/logger.htmlRule Title: Only auditors, SAs or web administrators may access web server log files. STIG ID: WG250 Rule ID: SV-2252r4_rule Vuln ID:V-2252 Severity: CAT II Class: Unclass^(1) Logger element defined in Apache Tomcat configuration file: $CATALINA_HOME/conf/server.xmlThe permissions for all files located in the folder specified by the Logger component (server.xml) should be configured appropriately. CCE-26804-5Nhttp://tomcat.apache.org/tomcat-4.1-doc/config/valve.html#Access%20Log%20ValveRule Title: Logs of web server access and errors will be established and maintained STIG ID: WG240 Rule ID: SV-2250r6_rule Vuln ID:V-2250 Severity: CAT II Class: Unclassr(1) Logger element defined in Apache Tomcat configuration file: $CATALINA_HOME/conf/server.xml # Context containerlThe access log valve for the Apache Tomcat's Context container should be enabled or disabled as appropriate. CCE-27483-7o(1) Logger element defined in Apache Tomcat configuration file: $CATALINA_HOME/conf/server.xml # Host containeriThe access log valve for the Apache Tomcat's Host container should be enabled or disabled as appropriate. CCE-27712-9q(1) Logger element defined in Apache Tomcat configuration file: $CATALINA_HOME/conf/server.xml # Engine containerkThe access log valve for the Apache Tomcat's Engine container should be enabled or disabled as appropriate. CCE-27573-5;http://tomcat.apache.org/tomcat-4.1-doc/config/context.htmlRule Title: Each readable web document directory will contain either default, home, index, or equivalent file. STIG ID: WG170 Rule ID: SV-2245r6_rule Vuln ID:V-2245 Severity: CAT III Class: UnclassH(1) Directories (from Apache Tomcat web.xml configuration file: docBase)pAll readable Tomcat Apache web document directories should have their default webpage configured appropriately. CCE-27535-4:http://tomcat.apache.org/tomcat-4.1-doc/config/coyote.htmlRule Title: The number of allowed simultaneous requests will be limited for web sites. STIG ID: WG110 Rule ID: SV-2240r6_rule Vuln ID:V-2240 Severity: CAT II Class: Unclass<(1) Apache Tomcat configuration file:maxProcessors attributeOThe Apache Tomcat "maxProcessors" attribute should be configured appropriately. CCE-27171-8Rule Title: The service account ID used to run the web site will have its password changed at least annually. STIG ID: WG060 Rule ID: SV-2235r4_rule Vuln ID:V-2235 Severity: CAT II Class: Unclass$(1) defined by Local or Group PolicyaThe maximum password age setting for Tomcat's service account should be config< ured appropriately. CCE-27675-8Rule Title: Backup interactive scripts on the production web server are prohibited. STIG ID: WG420 Rule ID: SV-2230r8_rule Vuln ID: V-2230 Severity: CAT III Class: Unclass*(1) ServerRoot)\(cgiPathPrefix)/copy of*.*PTomcat Apache's backup CGI "copy of*.*" files should exist or not as appropriate CCE-27266-6((1) ServerRoot)\(cgiPathPrefix)/*.backupLTomcat Apache's backup CGI *.backup files should exist or not as appropriate CCE-27669-1%(1) ServerRoot)\(cgiPathPrefix)/*.tmpITomcat Apache's backup CGI *.tmp files should exist or not as appropriate CCE-27513-1&(1) ServerRoot)\(cgiPathPrefix)/*.tempJTomcat Apache's backup CGI *.temp files should exist or not as appropriate CCE-27562-8%(1) ServerRoot)\(cgiPathPrefix)/*.oldITomcat Apache's backup CGI *.old files should exist or not as appropriate CCE-27691-5%(1) ServerRoot)\(cgiPathPrefix)/*.bakITomcat Apache's backup CGI *.bak files should exist or not as appropriate CCE-27625-3Rule Title: Interactive scripts used on a web server will have proper access controls. STIG ID: WG410 Rule ID: SV-2229r5_rule Vuln ID: V-2229 Severity: CAT II Class: Unclasss(1) defined by (ServerRoot)\(cgiPathPrefix)/*'s DACL where cgiPathPrefix is defined in $CATALINA_BASE/conf/web.xmlQAccess to Apache Tomcat's interactive scripts should be configured appropriately. CCE-27734-3Rule Title: All interactive programs will be placed in a designated directory with appropriate permissions. STIG ID: WG400 Rule ID: SV-2228r4_rule Vuln ID: V-2228 Severity: CAT II Class: Unclass(1) file system(1) path to CGI scriptsKThe CGI scripts for Apache Tomcat should be installed in designated folders CCE-26926-6~APPLICATION SERVICES SECURITY CHECKLIST Version 1, Release 1.1 31 July 2006 Section 3A App_sService_Checklist_Sec3A_V1R1-1.doc8Apache Software Foundation Apache Tomcat 4 DocumentationFDISA STIG Web Server Version 7 Release: 1 Benchmark Date: 20 Sept 2010/Using a Non-root User in the chroot Jail pg 145(1) via passwdDThe Tomcat user account should be locked or unlocked as appropriate. CCE-27659-2 CCE-27028-0 CCE-27629-5Apache Tomcat 5.5 Security Manager HOW-TO Standard Permissions http://tomcat.apache.org/tomcat-5.5-doc/security-manager-howto.htmlf(1) 'permission java.util.PropertyPermission' line(s) inside 'grant{}' statement in catalina.policy (1) TARGET: JVM propertykTomcat web application JVM property write permissions should be set correctly for the specified properties. CCE-27493-6jTomcat web application JVM property read permissions should be set correctly for the specified properties. CCE-27655-0 CCE-27478-7 CCE-27527-1.(1) located in the Tomcat home/conf/ directory CCE-27543-8"(1) located in /balancer directory4The Balancer app should be installed as appropriate. CCE-27585-9%(1) located in /tomcat-docs directory3The Tomcat-docs should be installed as appropriate. CCE-27504-0 (1) located in /webdav directory2The WebDAV app should be installed as appropriate. CCE-27603-0"(1) located in /examples directory5The example files should be installed as appropriate. CCE-26982-9d(1) 'permission java.security.AllPermission' line(s) inside 'grant{}' statement in catalina.policy dGranting of all permissions to Tomcat web applications should be enabled or disabled as appropriate. CCE-27539-6The Apache Tomcat 5.5 Servlet/JSP Container Logging in Tomcat java.util.logging http://tomcat.apache.org/tomcat-5.5-doc/logging.htmlD(1) .org.apache.juli.FileHandler.prefix in logging.properties(1) TARGET: class (2) prefix[The JULI FileHandlerlog file name prefix should be set correctly for the specified classes. CCE-27488-6G(1) .org.apache.juli.FileHandler.directory in logging.properties(1) TARGET: class (2) directory`The JULI FileHandler save directory should be configured appropriately for the specified classes CCE-27552-9D(1) .org.apache.juli.FileHandler.level in logging.propertiesB(1) TARGET: class (2) FINEST/FINER/FINE/CONFIG/INFO/WARNING/SEVEREWThe JULI FileHandler threshold level should be set correctly for the specified classes. CCE-27703-8(1) logging.properties file(1) exists/ not existJJULI container level logging should be enabled or disabled as appropriate. CCE-27637-8M(1) 'port' attribute inside '' element in server.xmlUThe Tomcat WARP connector should be configured appropriately for the specified ports. CCE-27467-06(1) '' element in server.xmlGThe Tomcat WARP connector should be enabled or disabled as appropriate. CCE-27729-3(1) 'port' attribute inside '' element in server.xmlbThe Tomcat Legacy JK AJP 1.3 connector should be configured appropriately for the specified ports. CCE-27665-9h(1) '' element in server.xmlTThe Tomcat Legacy JK AJP 1.3 connector should be enabled or disabled as appropriate. CCE-27551-1qApache Tomcat Configuration Reference The HTTP Connector http://tomcat.apache.org/tomcat-5.5-doc/config/http.htmlT(1) security attribute inside '' element in server.xmleThe secure attribute should be set as appropriate for the specified Tomcat JK/JK2 AJP 1.3 connectors. CCE-27402-7R(1) 'port' attribute inside '' element in server.xml_The Tomcat JK/JK2 AJP 1.3 connector should be configured appropriately for the specified ports. CCE-27450-6:(1) '' element in server.xmlQThe Tomcat JK/JK2 AJP 1.3 connector should be enabled or disabled as appropriate. CCE-27758-2L(1) secure attribute in a line in server.xml$(1) TARGET: connector (2) true/false_The secure attribute should be set as appropriate for the specified Tomcat HTTP/1.1 connectors. CCE-27738-4S(1) 'port' attribute inside '' element in server.xml-(1) TARGET: port number (2) exists/ not existYThe Tomcat HTTP/1.1 connector should be configured appropriately for the specified ports. CCE-27673-3;(1) '' element in server.xml<The Tomcat HTTP/1.1 connector should be enabled or disabled. CCE-27429-0 CCE-27717-8 CCE-27681-6 CCE-27760-8 CCE-27159-3 CCE-27689-9 CCE-27538-8 CCE-27113-0LThe permissions for the Tomcat home/conf/ directory should be set correctly. CCE-27376-3EThe group of the Tomcat home/conf/ directory should be set correctly. CCE-27747-5EThe owner of the Tomcat home/conf/ directory should be set correctly. CCE-27524-8FThe permissions for the Tomcat home directory should be set correctly. CCE-27751-7?The group of the Tomcat home directory should be set correctly. CCE-27532-1?The owner of the Tomcat home directory should be set correctly. CCE-27624-6(1) '' element inside the '' element in the manager.xml file under Tomcat CCE-27269-0(1) '' element inside the '' element in the manager.xml file under Tomcat CCE-27746-7(1) '' element inside the '' element in the admin.xml file under Tomcat CCE-27723-6(1) '' element inside the '' element in the admin.xml file under Tomcat CCE-27644-4_(1) '' element inside '' element in the manager.xml file under Tomcat CCE-27754-1](1) '' element inside '' element in the admin.xml file under Tomcat CCE-27615-4/(1) Value of '' element in web.xml CCE-27704-6(1) 'port' attribute inside '' element in server.xmlKThe Tomcat Legacy HTTP/1.1 connectors should listen on the specified ports. CCE-27614-7<t(1) '' element in server.xmlRThe Tomcat Legacy HTTP/1.1 connector should be enabled or disabled as appropriate. CCE-27706-1(1) 'port' attribute inside '' element in server.xmlNThe Tomcat Legacy JK AJP 1.3 connectors should listen on the specified ports. CCE-27398-7i(1) '' element in server.xml CCE-27391-2;(1) ' >' element in server.xml6The Tomcat server port number should be set correctly. CCE-27749-1h(1) '-security' command-line parameter on Tomcat startup -Djava.security.manager command line parameter CCE-27687-3-(1) catalina.policy file under Catalina Home CCE-27473-8cTomcat The Definitive Guide Ch 6 Tomcat Security http://oreilly.com/catalog/tomcat/chapter/ch06.pdf:Apache Software Foundation Apache Tomcat 5.5 Documentation(1) via passwdlocked/unlocked CCE-27652-7eApache Tomcat 6.0 Realm Configuration HOW-TO http://tomcat.apache.org/tomcat-6.0-doc/realm-howto.html(1) tomcat-users.xml fileZThere exists a password in tomcat-users.xml that is not stored using an authorized digest. CCE-27600-6!Using the -security Option pg 135Apache Tomcat 6.0 Security Manager HOW-TO Standard Permissions http://tomcat.apache.org/tomcat-6.0-doc/security-manager-howto.htmljTomcat web application JVM property write permission should be set correctly for the specified properties. CCE-27761-6iTomcat web application JVM property read permission should be set correctly for the specified properties. CCE-27564-4zApache Tomcat 6.0 Logging in Tomcat Using java.util.logging (default) http://tomcat.apache.org/tomcat-6.0-doc/logging.html&(1) directory property of the handlers(1) TARGET: handler (2) pathXThe save directory for log files should be set appropriatly for the specified handlers. CCE-27668-3QApache Tomcat 6.0 Tomcat Setup http://tomcat.apache.org/tomcat-6.0-doc/setup.html CCE-27707-9 CCE-27661-8A1.3.1 Remove extraneous files and directories (Level 2, Scorable) CCE-27726-9 CCE-27634-5 CCE-27472-0 CCE-27463-9 CCE-27476-1!Using the -security Option pg 134 CCE-27577-6N1.9.4 Ensure directory in context.xml is a secure location (Level 1, Scorable) CCE-27307-8 CCE-27315-1J1.9.2 Specify file handler in logging.properties files (Level 1, Scorable) CCE-27514-961.9.1 Application specific logging (Level 2, Scorable)(1) 'logging.properties' file CCE-27589-1Apache Tomcat 4 Connectors Overview Tomcat connectors Web Server Connectors Table http://tomcat.apache.org/tomcat-4.1-doc/config/connectors.html CCE-27245-0 CCE-27608-9(1) 'port' attribute inside '' element in server.xml CCE-27423-3j(1) '' element in server.xml CCE-27568-5Apache Tomcat Configuration Reference The AJP Connector Common Attributes http://tomcat.apache.org/tomcat-6.0-doc/config/ajp.htmlV(1) security attribute inside '' element in server.xml CCE-27555-2T(1) 'port' attribute inside '' element in server.xmlfThe Tomcat Legacy JK/JK2 AJP 1.3 connector should be configured appropriately for the specified ports. CCE-27607-1<(1) '' element in server.xmlXThe Tomcat Legacy JK/JK2 AJP 1.3 connector should be enabled or disabled as appropriate. CCE-27544-6Apache Tomcat Configuration Reference The HTTP Connector Common Attributes http://tomcat.apache.org/tomcat-6.0-doc/config/http.html CCE-27378-9U(1) 'port' attribute inside '' element in server.xml CCE-27743-4=(1) '' element in server.xml CCE-27521-4xApache Tomcat 6.0 Realm Configuration HOW-TO Digested Passwords http://tomcat.apache.org/tomcat-6.0-doc/realm-howto.html CCE-26765-8oApache Tomcat 6.0 Realm Configuration HOW-TO JNDIRealm http://tomcat.apache.org/tomcat-6.0-doc/realm-howto.html CCE-27491-0 CCE-26939-9oApache Tomcat 6.0 Realm Configuration HOW-TO JDBCRealm http://tomcat.apache.org/tomcat-6.0-doc/realm-howto.html CCE-27500-8E1.6.13 Restrict access to Tomcat tomcat-users.xml (Level 1, Scorable) CCE-27638-6 CCE-27392-0 CCE-27482-9K1.6.3 Restrict access to Tomcat configuration directory (Level 1, Scorable) CCE-27477-9 CCE-27520-6 CCE-27563-6;1.6.1 Restrict access to $CATALINA_HOME (Level 1, Scorable) CCE-27156-9 CCE-27141-1 CCE-27371-4;1.12.3 Restrict manager application (Level 2, Not Scorable)(1) '' element inside the '' element in the manager.xml file under Tomcat CCE-26890-4(1) '' element inside the '' element in the manager.xml file under Tomcat CCE-26882-1 CCE-27610-5Client Certificates pg 171 CCE-26722-9Apache Tomcat 4 Connectors Overview Tomcat connectors HTTP Connectors for Tomcat 4.x Table http://tomcat.apache.org/tomcat-4.1-doc/config/connectors.html CCE-27617-0 CCE-27255-9 CCE-27155-1 CCE-27418-3Apache Tomcat Configuration Reference The Server Component Common Attributes http://tomcat.apache.org/tomcat-6.0-doc/config/server.html CCE-27480-3@1.11.1 Starting Tomcat with Security Manager (Level 1, Scorable) CCE-27451-4 CCE-26789-88Apache Software Foundation Apache Tomcat 6 Documentation`CIS Security Configuration Benchmark For Apache Tomcat 5.5/6.0 Version 1.0.0 December 12th, 20095nz ^ < N7<v7qG4Ə/~4 4 ccB g2ɀ `l,5L:5BH5 V5c5Np5}55b5*55p5T5j5r5z555555  dMbP?_*+%&?'?('}'}?)'}'}?Mb\\mbps1\1S147A-HPS odXXLetterPRIV0'''' \KhCN 7SMTJHP LaserJet 9050 PSESPRITSupportedTrueHPOrientationHPOrientationPortraitHPOrientRotate180FalsePostScriptCustomPageSizeFalseHPConsumerCustomPaperPSCustomHPSmartDuplexSinglePageJobTrueHPSmartDuplexOddPageJobTrueDuplexDuplexNoTumbleHPDuplicateJobNameOverrideSWFWPageSizeLETTERPageRegionLeadingEdgeInputSlot*UseFormTrayTableMediaTypeAutoHPNUseDiffFirstPageChoiceTrueHPPageExceptionsFileHPCPE5r1HPPageExceptionsInterfaceShowPageExceptionsHPPageExceptionsLowEndHPPageExceptionsLowEndVerHPPageExceptionsCoverInsertionHPMediaTypeDuplexConstraintsEXTRA_HEAVYHPDocUISUITruePSAlignmentFileHPCLS5r1PSServices_DeviceandSuppliesStatusTRUEHPSmartHub_OnlinediagnostictoolsTRUEHPSmartHub_SupportandtroubleshootingTRUEHPSmartHub_ProductmanualsTRUEHPSmartHub_CheckfordriverupdatesTRUEPSServicesOptionPrnStat_SID_242_BID_270_HID_15521HPSmartHubInet_SID_263_BID_276_HID_265JCLOptimizeForPLAINCollateFalseOutputBinAutoStapleLocationNoneAlternateLetterHeadFalseHPPaperSizeALMConstraintsENV_10TextAsBlackFalseHPEnableRAWSpoolingTrueHPDocPropResourceDataHPCabFileNameJCLEconomodeFalseJCLResolution600dpiJCLFastResTrueJCLHPPrintOnBothSidesManuallyFalseHPEdgeToEdgeTrueHPPJLEncodingUTF8HPJobAccountingHPJOBACCT_JOBACNTPrintQualityGroupPQGroup_1HPBornOnDateHPBODHPJobByJobOverrideJBJOHPColorModeMONOCHROME_MODEHPXMLFileUsedhpc9050s.xmlHPSendPJLUsageCmdCURIJRConstraintsJRCHDPartialJRHDInstalledJRHDOffJRHDNotInstalledJRHDOffHPJobAccWoPinTrueIUPHxoAǿ 1&M ,0,?V#B Bpă1 'x?/v y{ٙ=^I_>ݳGا[液v!JuWGpr}C_qzy2 o?2 o:p @2} n; oB2 oC2 o:~ D2} n; oF2 oG2 o:~ H2} n; o o oJ2~ K2} n; oM2 oN2 oO2~ P2} n; oR2 oN2 o~ T2} n; oV2 ow o:~ W2} n; oY2 oZ2 o~ [2} n< o]2 o^2 o_2~ [2} n< oa2 ob2 oc2~ d2} n< of2 ob2 o:~ h2} n< oj2 ob2 o~ l2} n< on2 ob2 o~ o2} n< oq2 ob2 o~ s2} n< ou2 ov2 ow2~ x2} n< oz2 ov2 ow2~ |2} n< o~2 o2 o~ 2}D l`ZZZZZZZZZZZZZZZZZPZZZZZPPPZZ @!"@""@#@$@%@&@'@(@)@*/@+/@,(@-@."@/"@0@1@2"@3@4@5(@6@7@8"@9@:@;"@<(@="@>@?@ n < o2 o2 o ~ 2 } !n < !o2 !o2 !o!~ !2!} "n < "o2 "o{ "o2"~ "2"} #n < #o2 #o #o%#~ #2#} $n < $o2 $o $o$~ $2$} %n< %o2 %o2 %o%~ %2%} &n< &o2 &o2 &o"2&~ &2&} 'n< 'o2 'o2 'o"2'~ '2'} (n< (o2 (o2 (o"2(~ (2(} )n< )o2 )o2 )o"2)~ )2)} *n< *o2 *ov2 *oc8*~ *2*} +n< +o2 +ov2 +oc8+~ +2+} ,n< ,o2 ,ov2 ,oc8,~ ,<,} -n< -o2 -o2 -oc8-~ -2-} .n< .o2 .o2 .o<.~ .2.} /n< /o2 /o2 /o</~ /2/} 0n< 0o2 0o 0o<0~ 020} 1n< 1o2 1o 1o<1~ 121} 2n< 2o2 2o2 2o"22~ 222} 3n < 3o!< 3o 3o"23~ 323} 4n"< 4o 4o 4o24~ 424} 5n#< 5o2 5o2 5o$< 5~} 6n%< 6o2 6o2 6o&<6~ 626} 7n'< 7o2 7o2 7o&<7~ 727} 8n(< 8o2 8o2 8o&<8 828} 9n)< 9o2 9o 9oS29 929} :n*< :o2 :o2 :oS2: :2:} ;n+< ;o2 ;o ;oS2; ;2;} <n,< <o2 <o <oS2< <2<} =n-< =o2 =o =oS2= =2=} >n.< >o2 >o >oS2> >2>} ?n/< ?o2 ?o2 ?o2? ?2?}D lZZZZZZZZZZZZZZZZZZZZZHZZZZZZZZZ@@A@B@C@D@E@F@G@H@I@J@K@L@M@N@O@P@Q@R@S@T@U@V@W@X@Y@Z@[@\@]@^@_@ @n0< @o @o @o2@ @2@} An1< Ao2 Ao Ao2A A2A} Bn2< Bo2 Bo Bo2B B2B} Cn3< Co2 Co Co2C C2C} Dn4< Do2 Do Do2D D2D} En5< Eo2 Eo Eo2E E2E} Fn6< Fo3 Fo Fo2F F3F} Gn7< Go3 Go Go2G G3G} Hn8< Ho3 Ho Ho2H H3H} In9< Io 3 Io Io2I I 3I} Jn:< Jo 3 Jo Jo2J J 3J} Kn;< Ko3 Ko Ko2K K3K} Ln<< Lo3 Lo Lo2L L3L} Mn=< Mo3 Mo Mo2M M3M} Nn>< No3 No No2N N3N} On3 On1Ooo} Pn?< Po3 Po Po2P P3P} Qn@< Qo3 Qo Qo2Q Q 3Q} RnA< Ro"3 Ro Ro2R R#3R} SnB< So%3 So So2S S&3S} TnC< To(3 To To2T T)3T} UnD< Uo+3 Uo Uo2U U,3U} VnE< Vo.3 Vo Vo2V V/3V} WnF< Wo13 Wo Wo2W W23W} XnG< Xo43 Xo Xo2X X53X} YnH< Yo:3 Yo Yo2Y Y;3Y} ZnI< Zo=3 Zo Zo2Z Z>3Z} [nJ< [o@3 [o [o2[ [A3[} \nK< \oC3 \o \o2\ \D3\} ]nL< ]oF3 ]o ]o2] ]G3]} ^nM< ^oI3 ^o ^o2^ ^J3^} _nN< _oL3 _o _o2_ _M3_}D lZZZZZZZZZZZZZZZ0ZZZZZZZZZZZZZZZ`@a@b@c"@d@e@f@g@h@i@j@k(@l/@m(@n(@o(@p (@q "@r "@s "t u v w x "@y (@z @{ @| @} "@~ @ @ `nN3 `n1`oo} anO< aoP3 ao ao2a aQ3a} bnP< boS3 bo bo2b bT3b} cnQ< coV3 cot co c cW3c} dnR< doY3 do doS<d dZ3d} enT< eo\3 eo eoU<e e]3e} fnV< fo_3 fo fo f`3f} gnW< gob3 go go2g gc3g} hnX< hoe3 ho ho2h hc3h} inY< iog3 io io2i ic3i} jnZ< joi3 jo jo2j jc3j} kn[< kok3 kol3 ko km3k} ln\< lo7 lol3 lo lm3l} mn]< mo^< mo mo mt3m} nn_< no`< no no nt3n} ona< oob< oo oo ot3o} pnc< pod< po po~ pt3p} qne< qov3 qo qoq~ qw3q} rnf< ro ro ropr~ ry3r} sng< soq9 so sopsp sy3 sggg tnh< to{3 to to2tp t|3 tggg uni< uo~3 uot uo3up u3 uggg vnj< vo3 vo vo3vp v3 vggg wnk< wo3 wo3 wo3wp w3 wggg xnl< xo3 xo} xoxp x3 ynm< yo3 yo} yoyp y3 znn< zo3 zo3 zo3zp z3 {no< {o3 {o3 {o3{p {3 |np< |o3 |o3 |o3|p |3 }nq< }or< }o3 }o3}p }3 ~ns< ~ot< ~o ~o2~p ~3 nu< o3 o3 ov<p 3D l0ZZZZZPZZZZPPPPPPZZ`````PPPPPPP@"@"@@@"@@@"@@@@@@@@@@@@@@@@@@@@@"@@@ nw< o3 o ox<p 3 ny< o3 o3 o3p 3 nz< o3 o3 o3p 3 n{< o3 o og2p 3 n|< o3 o o3p 3 n}< o3 o3 o3p 3 n~< o3 oS2 o3p 3 n< o3 o o3p 3 n< o3 o3 o3p 3 n< o3 o o<p 3 n< o3 o o%p 3 n< o3 o o%p 3 n< o3 o o%p 3 n< o3 o o%p 3 n< o3 o o%p 3 n< o o o%p 3 n< o3 o o%p 3 n< o3 o o%p 3 n< o3 o o%p 3 n< o3 o o%p 3 n< o3 o o%p 3 n< o3 o o%p 3 n< o3 o o%p 3 n< o3 o o%p 3 n< o3 o o%p 3 n< o3 o o%p 3 n< o3 o o%p 3 n< o3 o o%p 4 n< o4 o o%p 4 n< o4 o o%p 4 n< o4 o o%p  4 n< o 4 o o%p  4D lPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPP@(@(@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ n< o4 o o%p 4 n< o4 o o%p 4 n< o4 o o%p 4 n< o4 o o%p 4 n< o4 o o%p 4 n< o4 o o%p 4 n< o 4 o2 o2p !4 n< o#4 o o%p $4 n< o&4 o o%p '4 n< o)4 o o%p *4 n< o,4 o o%p -4 n< o/4 o o%p 04 n< o24 o2 o2p 34 n< o54 o o%p 64 n< o84 o o%p 94 n< o;4 o o%p <4 n< o>4 o o%p ?4 n< oA4 o o%p B4 n< oD4 o2 o2p E4 n< oG4 o o%p H4 n< oJ4 o o%p K4 n< oM4 o o%p N4 n< oP4 o o%p Q4 n< oS4 o o%p T4 n< oV4 o o%p W4 n< oY4 o o%p Z4 n< o\4 o o%p ]4 n< o_4 o o%p `4 n< ob4 o o%p c4 n< oe4 o o%p f4 n< oh4 o o%p i4 n< ok4 o o%p l4D lPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPP@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ n< ot4 o2 o2p u4 n< ow4 o o%p x4 n< oz4 o o%p {4 n< o}4 o o%p ~4 n< o4 o o%p 4 n< o4 o o%p 4 n< o4 o o%p 4 n< o4 o o%p 4 n< o4 o o%p 4 n< o4 o o%p 4 n< o4 o o%p 4 n< o4 o o%p 4 n< o4 o o%p 4 n< o4 o o%p 4 n< o4 o2 o2p 4 n< o4 o o%p 4 n< o4 o o%p 4 n< o4 o o%p 4 n< o4 o o%p 4 n< o4 o o%p 4 n< n1oop n< o9 o o%p 4 n< n1oop n< o4 o o%p 4 n< o4 o o%p 4 n< o4 o o%p 4 n< o4 o o%p 4 n< o4 o o%p 4 n< o4 o o%p 4 n< o4 o o%p 4 n< o4 o o%p 4 n< o4 o o%p 4D< lPPPPPPPPPPPPPPPPPPPP.P.PPPPPPPP@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ n< o4 o o%p 4 n< o4 o o%p 4 n< o4 o o%p 4 n< o4 o o%p 4 n< o4 o o%p 4 n< o4 o o%p 4 n< o4 o4 op 4 n< o4 o4 o_2p 4 n< o4 o4 op 4 n< o4 o4 o_2p 4 n< o4 o4 op 4 n< o4 o4 o_2p 4 n< o4 o4 op 4 n< o4 o4 o_2p 4 n< o4 o4 op 4 n< o4 o4 o_2p 4 n< o4 o4 op 5 n< o5 o4 o_2p 5 n< o5 o4 op 5 n< o5 o4 o_2p 5 n< o5 o4 op  5 n< o 5 o4 o_2p  5 n< o 5 o4 op 5 n< o5 o4 o_2p 5 n< o5 o4 op 5 n< o5 o4 o_2p 5 n< o5 o4 op 5 n< o5 o4 o_2p 5 n< o"5 o} op #5 n< o%5 o o_2p #5 n< o'5 o} op (5 n< o*5 o o_2p (5D lPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPP@@"@"@@@@@@ @ @ @ @ @(@(@"@"@@@@@@@@@@@@@@@ n< o,5 o4 op -5 n< o< o4 o_2p -5 n< o+8 o4 op 25 n< o45 o4 o_2p 25 n< o<5 o4 op =5 n< o?5 o4 o_2p =5 n= oC5 o4 op D5 n= oF5 o4 o_2p D5 n= oJ5 o4 op K5 n= oM5 o4 o_2 p K5 n= oO5 o4 o p P5 n= oR5 o4 o_2 p P5 n= o= o4 o p = n = o = o4 o_2 p = n = o = o4 op  = n= o= o4 o_2p  = n= oX5 o4 op Y5 n= o[5 o4 o_2p Y5 n= o= o4 op D8 n= o= o4 o_2p D8 n= o`5 o4 op a5 n= oc5 o4 o_2p a5 n= oe5 o4 op f5 n= oh5 o4 o_2p f5 n= oj5 o4 op k5 n= om5 o4 o_2p k5 n= oo5 o4 op p5 n= or5 o4 o_2p p5 n= ou5 o4 op v5 n= ox5 o4 o_2p v5 n = oz5 o4 op {5 n!= o}5 o4 o_2p {5D lPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPP @!@"(@#/@$=@%/@&@'/@(@)@*(@+(@,@-"@.(@/@0@1@2@3@4@5@6@7@8@9@:@;@<@=@>(@?@ n"= o5 o4 o p 5 !n#= !o5 !o4 !o_2!p !5 "n$= "o5 "o5 "o5"p "5 #n%= #o5 #o5 #o5#p #5 $n&= $o'= $o5 $o(=$p $5 %n)= %o5 %o5 %o5%p %5 &n*= &n1&oop 'n+= 'o,= 'o5 'oS2'p '5 (n-= (o5 (o (o5(p (5 )n.= )o5 )o )o5)p )5 *n/= *o5 *o4 *oc8 *p +n0= +o5 +o4 +oc8 +p ,n1= ,o5 ,o ,oS2,p ,5 -n2= -o5 -o4 -oc8 -p .n3= .o5 .o4 .oc8 .p /n4= /o5= /o /o%/p /6= 0n7= 0o8= 0o 0o%0p 09= 1n:= 1o;= 1o 1o%1p 1<= 2n== 2o>= 2o 2o%2p 2?= 3n@= 3oA= 3o 3o%3p 3B= 4nC= 4oD= 4o4 4o4p 46= 5nE= 5oF= 5o4 5o_25p 59= 6nG= 6oH= 6o4 6o6p 6<= 7nI= 7oJ= 7o4 7o7p 7?= 8nK= 8oL= 8o4 8o8p 8B= 9nM= 9oN= 9o4 9o9p 96= :nO= :oP= :o4 :o_2:p :9= ;nQ= ;oR= ;o4 ;o_2;p ;<= <nS= <oT= <o4 <o_2<p <?= =nU= =oV= =o4 =o_2=p =B= >nW= >oX= >oY= >o:>p >Z= ?n[= ?o\= ?o]= ?o:?p ?^=D6 lPPPPPP.PPPFFPFFPPPPPPPPPPPPPPPP@"@A@B"@C@D@E@F@G"@H"@I@J"@K@L@M@N@O@P@Q@R@S"@T@U@V@W@X@Y@Z"@[@\@]@^"@_@ @n_= @o`= @o @oa=@p @b= Anc= Aod= Ao Aoe=Ap Af= Bng= Boh= Bo: Boe=Bp Bi= Cnj= Co: CoJ6 Coe=Cp Ck= Dnl= Do: DoJ6 Doe=Dp Dm= Enn= Eo\6 EoJ6 Eoe=Ep Eo= Fnp= Fo`6 FoJ6 Foe=Fp Fq= Gnr= God6 GoJ6 Goe=Gp Gs= Hnt= Ho: HoJ6 Hoe=Hp Hu= Inv= Iow= IoJ6 Ioe=Ip Ix= Jny= Jo: JoJ6 Joe=Jp Jz= Kn{= Ko|= KoJ6 Koe=Kp K}= Ln~= Lo= Lo Lo%Lp L= Mn= Mo= Mo Mo%Mp M= Nn= No= No No%Np N= On= Oo= Oo Oo%Op O= Pn= Po= Po Po%Pp P= Qn= Qo= Qo Qo%Qp Q= Rn= Ro= Ro Ro%Rp R= Sn= So6 So6 So5Sp S= Tn= To= To= To=Tp T= Un= Uo= UoJ6 Uoe=Up U}= Vn= Vo= VoJ6 Voe=Vp V}= Wn= Wo= WoJ6 Woe=Wp Wx= Xn= Xo= XoJ6 Xoe=Xp Xx= Yn= Yo= YoJ6 Yoe=Yp Yx= Zn= Zo= ZoJ6 Zoe=Zp Zu= [n= [o= [oJ6 [oe=[p [s= \n= \o= \oJ6 \oe=\p \s= ]n= ]o= ]oJ6 ]oe=]p ]s= ^n= ^o= ^oJ6 ^oe=^p ^q= _n= _o= _oJ6 _oe=_p _m=D lPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPP`@a@b@c%@d%@e%@f%@g%@h%@i%@j%@k%@l%@m%@n%@o%@p%@q%@r%@s%@t%@u%@v%@w%@x%@y%@z%@{%@|%@}%@~%@%@ `n= `o= `oJ6 `oe=`p `m= an= ao7 ao&2 ao=ap a(2 bn= bo= bov2 bo?bp b2ccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz{{||}}~~DlPPP%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@Dl%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@Dl%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@Dl%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@Dl%@%@%@%@%@%@%@%@%@ %@ %@ %@ %@ %@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@%@     Dl %@!%@"%@#%@$%@%%@&%@'%@(%@)%@*%@+%@,%@-%@.%@/%@0%@1%@2%@3%@4%@5%@6%@7%@8%@9%@:%@;%@<%@=%@>%@?%@ !"#$%&'()*+,-./0123456789:;<=>?Dl@%@A%@B%@C%@D%@E%@F%@G%@H%@I%@J%@K%@L%@M%@N%@O%@P%@Q%@R%@S%@T%@U%@V%@W%@X%@Y%@Z%@[%@\%@]%@^%@_%@@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_Dl`%@a%@b%@c%@d%@e%@f%@g%@h%@i%@j%@k%@`abcdefghijk>@A I ggD g2ɀ R55Q6 6  dMbP?_*+%&?'?(?)?"d,,??&U} } $2} $)} 2} } %s } R``w @      {  {   z      y S2 x x v g g g f t t u  g ~ g g f t t u } g | g { g zf t v t u u y g x g g wf t v t u u t g s g r g f t q t ~ u p g o g n g f t Ô t ~ u m g l g k g  f t Ô t ~ u j g i g g f f t t u h g g g g f f t t u e g d g c g b f t > t = u a g ` g @ g _ f t > t = u ^ g ] g Q g \f t O t [ u Z g Y g g Xf t O t N u W g V g U g Tf t O t N u S g R g Q g Pf t O t N u M g L g K g Jf t  t  u I g H g g Gf t > t u F g E g D g Cf t  t u B g A g @ g ?f t > t = u < g ; g : g 9f t  t 8 u 7 g 6 g 3 g 2f t Ô t u 5 g 4 g 3 g 2f t Ô t u 1 g 0 g  g /f t  t u . g - g , g +f t t u * g ) g ( g 'f t & t % u $ g # g " g !f t  t u  g  g  g f t  t  u  g  g  g f t t u  g  g  g f t  t D lb^^^^^^^^^^^^^^^^^^^^^^^^^^^^ !"#$%&'()*+,-./0123456789:;<=>? u  g  g  g  f t  t !u  !g !g  !g !f !t  !t "u "g "g  "g "f "t  "t #u  #g  #g  #g #f #t  #t $u  $g  $g  $g $f $t  $t %u %g %g %g %f %t %t &u &g &g &g &f &t &t 'u 'g 'g 'g 'f 't 't (u (g (g (g (f (t (t )u )g )g )g )f )t )t *u *g *g *g *f *t *t +u +g +g +g +f +t +t ,u ,g ,g ,g ,f ,t ,t -u -g -g -g -f -t -t .u .g .g ڔ .g .f .t .t /u /g /g ڔ /g /f /t /t 0u 0g 0g ڔ 0g 0f 0t 0t 1u 1g ߔ 1g ڔ 1g 1f 1t 1t 2u ޔ 2g ݔ 2g ڔ 2g 2f 2t 2t 3u ܔ 3g ۔ 3g ڔ 3g 3f 3t 3t 4u ٔ 4g ؔ 4g  4g ה4f 4t ֔ 4t Ք 5u Ԕ 5g Ӕ 5g GS 5g 5f 5t 5t 6u Ҕ 6g є 6g GS 6g 6f 6t 6t 7u Д 7g ϔ 7g GS 7g 7f 7t 7t 8u Δ 8g ͔ 8g GS 8g 8f 8t 8t 9u ̔ 9g ˔ 9g GS 9g 9f 9t 9t :u ʔ :g ɔ :g GS :g :f :t :t ;u Ȕ ;g ǔ ;g GS ;g R;f ;t ;t <u Ɣ <g Ŕ <g Ĕ <g <f <t Ô <t ~ =u ” =g =g =g =f =t =t >u >g >g x >g >f >t >t ?u ?g ?g ?g ?f ?t ?t D8l^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^Z@ABCDEFGHIJKLMNOPQ @u @g @g 9> @g @f @t @t Au Ag Ag 9> Ag :>Af At At Bu Bg Bg 9> Bg :>Bf Bt Bt Cu Cg Cg Cg Cf Ct Ct Du Dg Dg Dg Df Dt Dt Eu Eg Eg Eg Ef Et Et Fu Fg Fg GS Fg R Ff t  Ft Gu Gg Gg Gg Gf t  Gt Hu Hg Hg Hg Hf t  Ht Iu Ig Ig GS Ig R If t  It Ju Jg Jg Jg Jf t  Jt Ku Kg Kg Kg Kf t  Kt Lu Lg Lg Lg Lf t  Lt Mu Mg Mg Mg Mf t  Mt Nu Ng Ng Ng Nf t  Nt Ou Og Og Og  Of t  Ot ~ Pu } Pg | Pg x Pg { Pf t  Pt v Qu z Qg y Qg x Qg w Qf t  Qt v(tTZZZZZZTTTTTTTTTTT>@A ggD g2ɀ (26A6Q6b6Lr646z6  dMbP?_*+%&?'?(?)?M\\MBPS3\3M232A-HPS od,,LetterPRIV0''''X, \KhC%MSCXSMTJHHP Universal Printing PS (v5.2)HPDocUISUITrueESPRITSupportedTrueHPOrientationHPOrientationPortraitHPSmartDuplexSinglePageJobTrueHPSmartDuplexOddPageJobTrueHPOrientRotate180FalsePostScriptCustomPageSizeFalseDuplexDuplexNoTumbleHPReverseOrderForFold_StitchTrueHPBestGlossDefaultInputSlot*UseFormTrayTableHPDuplicateJobNameOverrideSWFWPageSizeLETTERPageRegionLeadingEdgeMediaTypeAUTOHPMediaTypeTreeviewPopupTrueCollateTrueJCLHPPrintOnBothSidesManuallyFalseJCLEconomodeFalseOutputBinAutoStapleLocationNonePunchingNoneTextAsBlackFalseAlternateLetterHeadFalseJCLResolution600dpiJCLPrintQualityNoneJCLFastResNoneHPConsumerCustomPaperTruePrintQualityGroupPQGroup_23JRHDInstalledJRHDOffHPNUseDiffFirstPageChoiceTrueHPPageExceptionsFileHPCPE112HPPageExceptionsInterfaceShowPageExceptionsHPPageExceptionsLowEndHPPageExceptionsLowEndVerHPPageExceptionsCoverInsertionHPEnableRAWSpoolingTrueHPDocPropResourceDataHPCabFileNameRGBColorNoCmdCMYKInksNoCmdJRConstraintsJRCHDFullHPColorSmartAutomaticHPColorSmart_ColorOptions_EdgeControlNoCmdHPColorSmart_ColorOptions_HalftoneNoCmdHPColorModeCOLOR_MODEHPColorSmart_Text_NeutralGraysNoCmdHPColorSmart_Text_HalftoneNoCmdHPColorSmart_Text_RGBColorNoCmdHPColorSmart_Graphics_NeutralGraysNoCmdHPColorSmart_Graphics_HalftoneNoCmdHPColorSmart_Graphics_RGBColorNoCmdHPColorSmart_Photo_NeutralGraysNoCmdHPColorSmart_Photo_HalftoneNoCmdHPColorSmart_Photo_RGBColorNoCmdHPPJLEncodingUTF8HPJobAccountingHPJOBACCT_JOBACNT_GROUPNAMEHPBornOnDateHPBODHPJobByJobOverrideJBJOHPJobAccWoPinTruePSAlignmentFileHPCLS112HPSmartHubInet_SID_263_BID_514_HID_265HPColorAsGrayFalseCNOutputNoneCNStapleNoneCNOffsetFalseCNPunchingNoneCNFoldingNoneIUPHxMkQ;Aj).M6BQQdji vZMhZwu!_TOp?P0F}dޙF2&9s'3\o84V\P|~*zȧ#svi??G~3umF/ Rqj ˨f"B&ؔ9n'R9}yгsEGN%ϧ\c tcaU 8NmrZ_J̵6JO70V$o;k|-A9vbڜ 0vyao{Fs yﱌ0̏ʛ8َ99Ӹڷ:AYp#{*}[0k@r2i6ԫ=lпW6f9mVX~(o+L:HpYMUg6C{6 oWd5D EL`Х9Re4Y(:^٧v}ӹ[3{.X{ɩo;m+s[~skAAAAHЉtL/Fz"d,,??&U} } /} '} 2} } %} }  %| }    ` ` @ @                             {  {   z      f S2          v  g  g g f       v g g g  f       v  g  g g  f      v  g  g g  f      v g 4 g 3 g 2f  Ô      v g g g f       v g g { g f        v g g GS g R f      v g g g f      v g g g f      v g g g f        v g g GS g R f   ݖ    v g g g f   ݖ    v g g g f   ݖ    v g g GS g R f   ݖ    v g g g f   ݖ    v ߖ g ޖ g g f   ݖ    v ܖ g g GS g R f    ٖ   v ۖ g g g f    ٖ   v ږ g g g f    ٖ   v ؖ g ז g GS g R f      v ֖ g Ֆ g g f      v Ԗ g Ӗ g g f      v Җ g і g GS g R f      v Ж g ϖ g g f      v Ζ g ͖ g g f      v ̖ g ˖ g GS g R f      v ʖ g ɖ g g f      v Ȗ g ǖ g g f      Dlddddvvdddvddddddddddddddddd ! " # $ % & ' ( ) * + , - . / 0 1 2 3 4 5 6 7 8 9 : ; < = > ?  v Ɩ g Ŗ g GS g R f      !v Ė !g Ö !g !g !f  ! !   "v – "g "g "g "f  " "   #v #g #g GS #g R #f   # #  $v $g $g $g $f   $ $  %v %g %g %g %f   % %  &v &g ǔ &g GS &g R&f & & & &  'v 'g ~ 'g 'g 'f ' ' ' '  (v (g (g (g (f ( ( ( (  )v )g )g GS )g R )f   ) )  *v *g *g *g *f   * *  +v +g +g +g +f   + +  ,v ,g ,g GS ,g R ,f   , ,  -v -g -g -g -f   - -  .v .g .g .g .f   . .  /v /g /g GS /g R /f   / /  0v 0g 0g 0g 0f   0 0  1v 1g 1g 1g 1f   1 1  2v 2g 2g GS 2g R 2f   2 2  3v 3g 3g 3g 3f   3 3  4v 4g 4g 4g 4f   4 4  5v 5g 5g 5g 5f  5 5 5 5  6v 6g 6g 6g 6f  6 6 6 6  7v 7g 7g 7g 7f  7 7 7 7  8v 8g 8g c 8g 8f  8 8 8 8  9v 9g E 9g D 9g C9f 9 9 9 9 9  :v :g :g { :g :f   : : :  ;v ;g | ;g { ;g z;f ; v; ; ; ;  <v <g ; <g : <g 9<f <  < < < <  =v  =g A =g @ =g ?=f = >= = ~= =  } >v | >g d >g c >g b>f > >> > {> >  z ?v y ?g ` ?g @ ?g _?f ? >? ? x? ?  wD0lddddddvvvddddddddddddvvvvn@ A B C D E F G H I J K L M N O P Q R S T U V W X Y Z [ \ ] ^ _  @v v @g @g @g @f   @ u @  Av t Ag Ag Ag Af   A s A  Bv r Bg Bg Bg Bf   B q B  Cv p Cg H Cg Cg GCf C >C C o C  Dv n Dg m Dg r Dg a Df   D l D  Ev k Eg j Eg Ĕ Eg a Ef   E g E  Fv i Fg h Fg n Fg a Ff   F g F  Gv f Gg e Gg Gg a Gf   G d G  Hv c Hg b Hg k Hg a Hf   H ` H  Iv _ Ig ] Ig Q Ig \If I OI I ^I I  ] Jv \ Jg Y Jg Jg XJf J OJ J [J J  Z Kv Y Kg V Kg U Kg TKf K OK K XK K  W Lv V Lg R Lg Q Lg PLf L OL L UL L  T Mv S Mg ؔ Mg  Mg הMf M ֔ M RM M QM  Nv P Ng  Ng  Ng Nf N  N ON N NN  Ov M Og L Og K Og JOf O  O LO O KO  Pv J Pg I Pg H Pg Pf   P DP P  C Qv G Qg F Qg E Qg Qf   Q DQ Q  C Rv B Rg A Rg @ Rg Rf   R <R R  ; Sv ? Sg > Sg = Sg Sf   S <S S  ; Tv : Tg 9 Tg 8 Tg Tf   T .T T  - Uv 7 Ug 6 Ug 5 Ug Uf   U .U U  - Vv 4 Vg 3 Vg 2 Vg Vf   V .V V  - Wv 1 Wg 0 Wg / Wg Wf   W .W W  - Xv , Xg + Xg * Xg Xf   X )X X  ( Yv ' Yg & Yg GS Yg R Yf   Y ! Y  Zv % Zg $ Zg Zg Zf   Z ! Z  [v # [g " [g [g [f   [ ! [  \v \g  \g GS \g R \f   \  \  ]v  ]g  ]g ]g ]f   ]  ]  ^v  ^g  ^g ^g ^f   ^  ^  _v  _g _g x _g _f _ _ _ _ _  DLldddvdddddnnnnnnnnndddddd` a b c d e f g h i j k l m n o p q r s t u v w x y z e{ e| e} e~ e F `v  `g i `g `g f`f ` ` ` ` `   av  ag ag ag af a a a a a   bv  bg  bg bg  bf   b  b  cv  cg  cg r cg  cf   c  c  dv  dg  dg Ĕ dg  df   d  d  ev  eg eg n eg  ef   e  e  fv fg fg k fg  ff   f  f  gv gg gg gg  gf   g  g  hv  hg  hg  hg  hf   h  h  iv  ig  ig  ig if   i i i  jv jg jg jg jf   j j j  kv kg kg kg kf   k k k  lv lg lg lg lf   l l l  mv mg mg mg mf   m m m  nv ng 6 ng 3 ng 2nf n Ôn n n n  ov og og og of o o o o o  pv pg pg pg ߕpf    p ޕp  qv ݕ qg ܕ qg * qg [>qf     q  ە rv ڕ rg rg 9> rg rf r r    r  ٕ sv ؕ sg sg 9> sg :>sf s s   s ֕s  tv ו tg tg 9> tg :>tf t t   t ֕t  uv Օ ug ԕ ug 9> ug :>uf     u  ӕ vv ҕ vg ѕ vg 9> vg :>vf    v ʕv  wv Е wg ϕ wg 9> wg :>wf    w ʕw  xv Ε xg ͕ xg 9> xg :>xf    x ʕx  yv ̕ yg ˕ yg 9> yg :>yf    y ʕy  zv ɕ zg ȕ zg 9> zg :>zf     z {v Ǖ {g ƕ {g 9> {g :>{f     { |v ŕ |g ĕ |g 9> |g :>|f     | }v Õ }g • }g 9> }g :>}f     } ~v ~g ~g 9> ~g :>~f     ~ v g g 9> g f      DvldddddddnnnnnbZnvvZbbbbZZZZZ F F e e                             v g g 9> g f     v g g g f     v g g 9> g :>f     v g g 9> g :>f     v g g g f     ~ v g  g  g f     ~ v g - g , g +f     ~ v g g g f     ~ v g # g " g !f     ~ v g ) g ( g 'f  &   ~ v g 0 g  g /f     ~ v g  g  g f     ~ v g g  g f     ~ v g g  g f     ~ v g  g  g f     ~ v g  g  g f     ~ v g g g f     ~ v g  g  g f     ~ v g g g f     ~ v g g ڔ g f     ~ v g g g f     ~ v g є g GS g f     ~ v g ۔ g ڔ g f     ~ v g g g f     ~ v g ˔ g GS g f     ~ v g g ڔ g f     ~ v g g g f     ~ v g ɔ g GS g f     ~ v g g ڔ g f     ~ v g g g f     ~ v g Ӕ g GS g f     ~ v g ݔ g ڔ g f     ~ DlZZZZbbbbbbbbbbbbbbbbbbbbbbbbbbb              v g g g f     ~ v g ͔ g GS g f     ~ v g ߔ g ڔ g f     ~ v g g g f     ~ v g ϔ g GS g f     ~ v g g g g ff     ~ v g g g f     ~ v g s g r g f  q   ~ v g Ŕ g Ĕ g f  Ô   ~ v g o g n g f  Ô   ~ v g l g k g f  Ô   ~ v g g g f     ~ v g x g g wf  v   ~ bbbbbbbbbbbb  (  R  C ]F! d ZR  C ]F! d ZR  C ]F! d ZR  C ]F! d ZR  C ]F! d ZR  C ]F! d ZR  C ]F! d ZR  C ]F! d ZR   C  ]F ! d ZR   C  ]F ! d >@A ggD g2ɀ ,566o6?6?7O777  dMbP?_*+%&?'?(?)?M \\MBPS1\1S153A-LX(S odXXLetterPRIV0''''d"\KhC>i$SMTJLexmark Universal PS3Resolution600dpiOutputBinPrinterSettingStapleLocationFalseHolePunchFalseJogFalseFoldLocationFalseCollateTrueBookletNoCoverFalseBookletFFrontCoverFalseBookletBFrontCoverFalseBookletFBackCoverFalseBookletBBackCoverFalseBookletMaintainFalseBasicLayoutTrueFinisherBookletNoFoldJCLTonerDarknessNoneMediaTypeNoneBookletMediaTypeNoneAllColorsToBlackFalseDuplexNoneJCLPortRotationNoneHasKeepPreviousPHJobsTrueHasPrintandHoldTrueAdvancedBoookletAlgorithmTrueStatusWindowFalseShowStatusWindowAfterPrintingFalseHasPrintQualityTrueBitmapIDNoneSmallFontEnhancerFalsePixelBoostTrueNewDuplexTrueIsCustomPageTruePageSizeLetterPageRegionInputSlot*UseFormTrayTableBookletInputSlotAutoSelect"KMXLArialHdArialHd< UseSameSize"d,,??&U} } / }  } 2 }  } %s } % }  %| }       bz                                 q   q z z  z  z   S2                 ߕ    ޕ     4  3  2       ܕ  *  [>    ە  u  g g g f  t       u  g g { g f t      u  g g 9> g f t    ٕ    u  g g g  f   t       u g g 9> g :> f t   ֕    u g g 9> g :> f t   ֕    u g ԕ g 9> g :> f t    ӕ   u g ѕ g 9> g :> f t   ʕ    u  g ϕ g 9> g :> f t   ʕ    u  g ͕ g 9> g :> f t   ʕ    u  g ˕ g 9> g :> f t   ʕ    u  g ȕ g 9> g :>f t       u  g ƕ g 9> g :>f t       u  g ĕ g 9> g :>f t       u  g • g 9> g :>f t       u  g g 9> g :>f t       u g g g f t        u g g g f  t       u g g g f  t       u g g c g f t        u g g 9> g f t       u g g 9> g f t       u g E g D g Cf  t       u g g g f t       u g g { g f  t        u g | g { g zf  t u      D"l**dndffffffffffffffxxfff ! " # $ % & ' ( ) * + , - . / 0 1 2 3 4 5 6 7 8 9 : ; < = > ?  u g ; g : g 9 f  t 8       !u !g A !g @ !g ?!f ! !t =! ! }!  !  ~ "u "g d "g c "g b"f " "t =" " z"  "  { #u #g ` #g @ #g _#f # #t =# # w#  #  x $u $g m $g r $g a$f $ $t   $ $  $  l %u %g j %g Ĕ %g a%f % %t   % %  %  g &u &g h &g n &g a&f & &t   & &  &  g 'u 'g e 'g 'g a'f ' 't   ' ߗ'  '  d (u ޗ (g b (g k (g a(f ( ݗ (t   ( ܗ(  (  ` )u ۗ )g ] )g Q )g \)f ) ڗ )t [) ) ])  )  ^ *u ٗ *g Y *g *g X*f * ؗ *t N* * Z*  *  [ +u ח +g V +g U +g T+f + ֗ +t N+ + W+  +  X ,u ՗ ,g R ,g Q ,g P,f , ԗ ,t N, , T,  ,  U -u ӗ -g ؔ -g  -g ה-f - җ -t Ք - Q- -  R-  .u ї .g  .g  .g .f . З .t  . N. .  O.  /u ϗ /g L / K / J/f / Η /t  / K/ /  L/  0u ͗ 0g I 0g H 0g 0f 0 ˗ 0t   0 Ǘ0  0  D 1u ̗ 1g F 1g E 1g 1f 1 ˗ 1t   1 Ǘ1  1  D 2u ʗ 2g ɗ 2g ȗ 2g 2f t   2 Ǘ2  2  D 3u Ɨ 3g A 3g @ 3g ŗ3f 3 ė 3t   3 3  3  < 4u × 4g > 4g = 4g 4f 4 — 4t   4 4  4  < 5u 5g 9 5g 8 5g 5f 5 5t   5 5  5  . 6u 6g 6 6g 5 6g 6f 6 6t   6 6  6  . 7u 7g 3 7g 2 7g 7f 7 7t   7 7  7  . 8u 8g 0 8g / 8g 8f 8 8t   8 8  8  . 9u 9g 9g 9g 9f 9 9t   9 9  9  . :u :g :g :g :f : :t   : :  :  . ;u ;g + ;g * ;g ;f ; ;t   ; ;  ;  ) <u <g <g 9> <g :><f t   < <   =u =g =g 9> =g :>=f t   = =   >u >g >g x >g >f > >t   > >  >   ?u ?g i ?g ?g f?f ? ?t ? ? ?  ?  D(lpff@ A B C D E F G H I J K L M N O P Q R S T U V W X Y Z [ \ ] ^ _  @u @g @g @g @f @ @t @ @ @  @   Au Ag  Ag Ag Af A At   A A  A   Bu Bg  Bg r Bg Bf B Bt   B B  B   Cu Cg  Cg Ĕ Cg Cf C Ct   C C  C   Du Dg Dg n Dg Df D Dt   D D  D   Eu Eg Eg k Eg Ef E Et   E E  E   Fu Fg Fg Fg Ff F Ft   F F  F   Gu Gg  Gg  Gg Gf G Gt   G G  G   Hu Hg  Hg  Hg Hf H Ht   H H  H  Iu Ig Ig Ig If I It   I I  I  Ju Jg Jg Jg Jf J Jt   J J  J  Ku Kg Kg Kg Kf t   K K  K  Lu Lg Lg Lg Lf L Lt   L L  L  Mu Mg 6 Mg 3 Mg 2Mf M Mt M M M  M  Nu Ng Ng Ng Nf N Nt   N N  N  Ou Og  Og Og  Of t  O O O  O  Pu Pg  Pg Pg Pf t    P  P  Qu Qg Qg GS Qg R Qf  Qt Q   Q  Ru Rg Rg Rg Rf  Rt R   R  Su Sg Sg Sg Sf  St S   S  Tu Tg Tg GS Tg RTf t    T  ݖT  Uu Ug Ug Ug Uf t    U  ݖU  Vu Vg Vg Vg Vf t    V  ݖV  Wu Wg Wg GS Wg RWf t    W  ݖW  Xu Xg Xg Xg Xf t    X  ݖX  Yu Yg ޖ Yg Yg Yf t    Y  ݖY  Zu Zg Zg GS Zg R Zf  Zt Z   Z  ٖ [u [g [g [g [f  [t [   [  ٖ \u  \g \g \g \f  \t \   \  ٖ ]u ~ ]g ז ]g GS ]g R]f ] ^ ]t    ]  ]  ^u } ^g Ֆ ^g ^g ^f ^ [ ^t    ^  ^  _u | _g Ӗ _g _g _f _ [ _t    _  _  Dlp|drrrddddddrrrxx` a b c d e f g h i j k l m n o p q r s t u v w x y z { | } ~   `u { `g і `g GS `g R`f ` ^ `t    `  `  au z ag ϖ ag ag af a [ at    a  a  bu y bg ͖ bg bg bf b [ bt    b  b  cu x cg ˖ cg GS cg Rcf c ^ ct    c  c  du w dg ɖ dg dg df d [ dt    d  d  eu v eg ǖ eg eg ef e [ et    e  e  fu u fg Ŗ fg GS fg Rff f ^ ft    f  f  gu t gg Ö gg gg gf g [ gt    g  g  hu s hg hg hg hf h [ ht    h  h  iu r ig ig GS ig Rif t    i  ju q jg jg jg jf t    j  ku p kg kg kg kf t    k  lu o lg ǔ lg GS lg Rlf l ^ lt l   l  mu n mg ~ mg mg mf m [ mt m   m  nu m ng ng ng nf n [ nt n   n  ou l og og GS og Rof o kot    o  pu j pg pg pg pf p [pt    p  qu i qg qg qg qf q [qt    q  ru h rg rg GS rg Rrf r ^rt    r  su g sg sg sg sf s [st    s  tu f tg tg tg tf t [tt    t  uu e ug ug GS ug Ruf u dut    u  vu c vg vg vg vf v bvt    v  wu a wg wg wg wf w `wt    w  xu _ xg xg GS xg Rxf x ^xt    x  yu ] yg yg yg yf y [yt    y  zu \ zg zg zg zf z [zt    z  {u Z {g {g {g {f  {t {   {  u |u Y |g |g |g |f  |t |   |  s }u X }g }g }g }f  }t }   }  q ~u W ~g H ~g ~g G ~f  ~t ~   ~  o u V g & g GS g Rf  Ut      !Dlxxxxxxxxx\\\|||pppppppppppprrrr                                 u T g $ g g f  Rt     ! u S g " g g f  Rt     ! u Q g  g GS g Rf  Pt      u O g  g g f  Mt      u N g  g g f  Mt      u L g g g f  Kt     u J g  g  g f  I t     u H g - g , g +f  G t     u F g # g " g !f  E t     u D g ) g ( g 'f  C t %    u B g 0 g  g / f  t     u A g  g  g  f  t     u @ g g  g f  t     u ? g g  g f  t     u > g  g  g  f  t     u = g  g  g  f  t     u < g g g f  ;t     u : g  g  g f  8 t     u 9 g g g f  8 t     u 7 g g ڔ g f  t     u 6 g g g f  t     u 5 g є g GS g f  t     u 4 g ۔ g ڔ g f  t     u 3 g g g f  t     u 2 g ˔ g GS g f  t     u 1 g g ڔ g f  / t     u 0 g g g f  / t     u . g ɔ g GS g f  - t     u , g g ڔ g f  t     u + g g g f  t     u * g Ӕ g GS g f  t     u ) g ݔ g ڔ g f  t     Dlpppppdppppffffffdppffffffpppfff                                 u ( g g g f  t     u ' g ͔ g GS g f  t     u & g ߔ g ڔ g f  t     u % g g g f  t     u $ g ϔ g GS g f  t     u # g s g r g f   t ~    u " g Ŕ g Ĕ g f   t ~    u ! g o g n g f   t ~    u g l g k g f   t ~    u  g g g f   t     u  g g g f   t ~    u  g | g x g {f   t v    u  g y g x g wf   t v    u  g g g g ff   t     u  g g g f   t     u  g x g g wf   t u                       D lfffffppppppppppp$                                            04 PH0(  >@A ggD g2ɀ  "7j/72<7B7dH7M7tS7X7^7 d7i7o7t7,z77<7Ċ7L7ԕ7\77l77|77777$77477D77T77d77t8 88 88 8%8,+808<68;8LA8F8\L8Q8lW8\8|b8h8m8s8x8$~88488  dMbP?_*+%,&ffffff?'ffffff?(?)?",333333?333333?&<3U} } } } 2} } #}  } $ X ,                                          G R                                                                   € À Ā  ŀ ƀ  ǀ  Ȁ ɀ  ʀ  ˀ ̀  ̀  ΀ π Ѐ р  Ҁ Ӏ  Ԁ  Հ ր  ׀  ؀ ـ  ڀ  ۀ ܀ ݀ ހ  ߀                                       D lTPPPPPPPPPPPPPPPPPPPPPPPPPPPP  ! " # $ % & ' ( ) * + , - . / 0 1 2 3 4 5 6 7 8 9 : ; < = > ?        ! ! ! !! ! " " " "" " # # # ## # $ $ $ $ $ $ % % % % % % & & & && & ' ' ' '' ' ( ( ( (( ( ) ) ) )) ) * * * ** * + + + ++ + , ,! , ,", , -# -$ - -%- - .& .' . .(. . /) /* / /+/ / 0, 0- 0 0.0 0 1/ 10 1 111 1 22 23 2 242 2 35 36 3 373 3 48 49 4 4:4 4 5; 5< 5 5=5 5 6> 6? 6 6@6 6 7A 7B 7 7C7 7 8D 8' 8E 8F8 8 9G 9H 9 9I9 9 :J :K :L :M: : ;N ;O ;P ;Q; ; <R <S <T <U< < =V =W = =X= = >Y >Z >[ >\> > ?] ?^ ? ?_? ?D lPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPP@ A B C D E,F,G,H,I,J,K,L,M,N,O,P,Q,R,S,T,U,V,W,X,Y,Z,[,\,],^,_, @` @a @ @b@ @ Ac Ad Ae AfA A Bg Bh Bi BjB B Ck Cl C CmC C Dn Do Dp DqD DEFGHIJKLMNOPQRSTUVWXYZ[\]^_DblPPPPP`,a,b,c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u,v,w,x,y,z,{,|,},~,,`abcdefghijklmnopqrstuvwxyz{|}~D@l,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,D@l,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,D@l,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,D@l,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,D@l,,,,,,,,, , , , , ,,,,,,,,,,,,,,,,,,,     D@l ,!,",#,$,%,&,',(,),*,+,,,-,.,/,0,1,2,3,4,5,6,7,8,9,:,;,<,=,>,?, !"#$%&'()*+,-./0123456789:;<=>?D@l@,A,B,C,D,E,F,G,H,I,J,K,L,M,N,O,P,Q,R,S,T,U,V,W,X,Y,Z,[,\,],^,_,@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_D@l`,a,b,c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u,v,w,x,y,z,{,|,},~,,`abcdefghijklmnopqrstuvwxyz{|}~D@l,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,D@l,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,D@l,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,D@l,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,D@l,,,,,,,,, , , , , ,,,,,,,,,,,,,,,,,,,     D@l ,!,",#,$,%,&,',(,),*,+,,,-,.,/,0,1,2,3,4,5,6,7,8,9,:,;,<,=,>,?, !"#$%&'()*+,-./0123456789:;<=>?D@l@,A,B,C,D,E,F,G,H,I,J,K,L,M,N,O,P,Q,R,S,T,U,V,W,X,Y,Z,[,\,],^,_,@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_D@l`,a,b,c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u,v,w,x,y,z,{,|,},~,,`abcdefghijklmnopqrstuvwxyz{|}~D@l,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,D@l,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,D@l,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,D@l,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,D@l,,,,,,,,, , , , , ,,,,,,,,,,,,,,,,,,,     D@l ,!,",#,$,%,&,',(,),*,+,,,-,.,/,0,1,2,3,4,5,6,7,8,9,:,;,<,=,>,?, !"#$%&'()*+,-./0123456789:;<=>?D@l@,A,B,C,D,E,F,G,H,I,J,K,L,M,N,O,P,Q,R,S,T,U,V,W,X,Y,Z,[,\,],^,_,@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_D@l`,a,b,c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u,v,w,x,y,z,{,|,},~,,`abcdefghijklmnopqrstuvwxyz{|}~D@l,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,D@l,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,D@l,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,D@l,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,D@l,,,,,,,,, , , , , ,,,,,,,,,,,,,,,,,,,     D@l ,!,",#,$,%,&,',(,),*,+,,,-,.,/,0,1,2,3,4,5,6,7,8,9,:,;,<,=,>,?, !"#$%&'()*+,-./0123456789:;<=>?D@l@,A,B,C,D,E,F,G,H,I,J,K,L,M,N,O,P,Q,R,S,T,U,V,W,X,Y,Z,[,\,],^,_,@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_D@l`,a,b,c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u,v,w,x,y,z,{,|,},~,,`abcdefghijklmnopqrstuvwxyz{|}~D@l,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,D@l,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,D@l,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,D@l,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,D@l,,,,,,,,, , , , , ,,,,,,,,,,,,,,,,,,,     D@l ,!,",#,$,%,&,',(,),*,+,,,-,.,/,0,1,2,3,4,5,6,7,8,9,:,;,<,=,>,?, !"#$%&'()*+,-./0123456789:;<=>?D@l@,A,B,C,D,E,F,G,H,I,J,K,L,M,N,O,P,Q,R,S,T,U,V,W,X,Y,Z,[,\,],^,_,@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_D@l`,a,b,c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u,v,w,x,y,z,{,|,},~,,`abcdefghijklmnopqrstuvwxyz{|}~D@l,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,D@l,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,D@l,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,D@l,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,D@l,,,,,,,,, , , , , ,,,,,,,,,,,,,,,,,,,     D@l ,!,",#,$,%,&,',(,),*,+,,,-,.,/,0,1,2,3,4,5,6,7,8,9,:,;,<,=,>,?, !"#$%&'()*+,-./0123456789:;<=>?D@l@,A,B,C,D,E,F,G,H,I,J,K,L,M,N,O,P,Q,R,S,T,U,V,W,X,Y,Z,[,\,],^,_,@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_D@l`,a,b,c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u,v,w,x,y,z,{,|,},~,,`abcdefghijklmnopqrstuvwxyz{|}~D@l,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,D@l,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,D@l,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,D@l,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,D@l,,,,,,,,, , , , , ,,,,,,,,,,,,,,,,,,,     D@l ,!,",#,$,%,&,',(,),*,+,,,-,.,/,0,1,2,3,4,5,6,7,8,9,:,;,<,=,>,?, !"#$%&'()*+,-./0123456789:;<=>?D@l@,A,B,C,D,E,F,G,H,I,J,K,L,M,N,O,P,Q,R,S,T,U,V,W,X,Y,Z,[,\,],^,_,@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_D@l`,a,b,c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u,v,w,x,y,z,{,|,},~,,`abcdefghijklmnopqrstuvwxyz{|}~D@l,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,D@l,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,D@l,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,D@l>@A ggD g2ɀ  8M888888#88388C88S88c88s99 9 999"9+(9-9;3989K>9C9[I9N9kT9Y9{_9e9j9p9u9#{99399C9˖9S9ۡ9c99s999 9999+99;99K99[99  dMbP?_*+%,&ffffff?'ffffff?(?)?",333333?333333?&<3U} } } } 2} } #}  } $ X ,                                          G R r s  t u v    u w    u x    u y    u z    u {     u |     u }     u ~     u      u     u     u     u  € À Ā u     u  ɀ  ʀ u  ̀  ̀ u  π  р u  Ӏ  Ԁ u  ր  ׀ u  ـ  ڀ u  ܀  ހ u     u     u     u     u     u     uD lTPPPPPPPPPPPPPPPPPPPPPPPPPPPP  ! " # $ % & ' ( ) * + , - . / 0 1 2 3 4 5 6 7 8 9 : ; < = > ?       u ! ! ! !! !u " " " "" "u # # # ## #u $ $ $ $$ $u % % % %% %u & & & && &u ' ' ' ' ' 'u ( ( ( (( (u ) ) ) )) )u * * * ** *u + + + ++ +u , , , ,, ,u - - - -- -u . . . .. .u / / / // /u 0 0 0 00 0u 1 1! 1 1"1 1u 2 2$ 2 2%2 2u 3 3 3 33 3u 4 4' 4 4(4 4u 5 5 5 55 5u 6 6* 6 6+6 6u 7 7- 7 7.7 7u 8 80 8 818 8u 9 93 9 949 9u : :6 : :7: :u ; ; ; ;; ;u <Á <9 < <:< <u =ā =< = === =u >Ł >? > >@> >u ?Ɓ ?B ? ?C? ?uD lPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPP@ A B C D E F G H I J K L M N O,P,Q,R,S,T,U,V,W,X,Y,Z,[,\,],^,_, @ǁ @' @ @F@ @u Aȁ AH A AIA Au BɁ BK BL BMB Bu Cʁ CO CP CQC Cu Dˁ DS DT DUD Du É EW E EXE Eu F́ FZ F[ F\F Fu G΁ Gρ G GЁG Gu Hс H^ H H_H Hu Iҁ Ia I IbI Iu JӁ Jd Je JfJ Ju Kԁ Kh Ki KjK Ku LՁ Lց L LׁL Lu M؁ Ml M MmM Mu Nف No Np NqN NuOPQRSTUVWXYZ[\]^_DlPPPPPPPPPPPPPPP`,a,b,c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u,v,w,x,y,z,{,|,},~,,`abcdefghijklmnopqrstuvwxyz{|}~D@l,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,D@l,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,D@l,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,D@l,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,D@l,,,,,,,,, , , , , ,,,,,,,,,,,,,,,,,,,     D@l ,!,",#,$,%,&,',(,),*,+,,,-,.,/,0,1,2,3,4,5,6,7,8,9,:,;,<,=,>,?, !"#$%&'()*+,-./0123456789:;<=>?D@l@,A,B,C,D,E,F,G,H,I,J,K,L,M,N,O,P,Q,R,S,T,U,V,W,X,Y,Z,[,\,],^,_,@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_D@l`,a,b,c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u,v,w,x,y,z,{,|,},~,,`abcdefghijklmnopqrstuvwxyz{|}~D@l,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,D@l,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,D@l,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,D@l,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,D@l,,,,,,,,, , , , , ,,,,,,,,,,,,,,,,,,,     D@l ,!,",#,$,%,&,',(,),*,+,,,-,.,/,0,1,2,3,4,5,6,7,8,9,:,;,<,=,>,?, !"#$%&'()*+,-./0123456789:;<=>?D@l@,A,B,C,D,E,F,G,H,I,J,K,L,M,N,O,P,Q,R,S,T,U,V,W,X,Y,Z,[,\,],^,_,@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_D@l`,a,b,c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u,v,w,x,y,z,{,|,},~,,`abcdefghijklmnopqrstuvwxyz{|}~D@l,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,D@l,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,D@l,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,D@l,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,D@l,,,,,,,,, , , , , ,,,,,,,,,,,,,,,,,,,     D@l ,!,",#,$,%,&,',(,),*,+,,,-,.,/,0,1,2,3,4,5,6,7,8,9,:,;,<,=,>,?, !"#$%&'()*+,-./0123456789:;<=>?D@l@,A,B,C,D,E,F,G,H,I,J,K,L,M,N,O,P,Q,R,S,T,U,V,W,X,Y,Z,[,\,],^,_,@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_D@l`,a,b,c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u,v,w,x,y,z,{,|,},~,,`abcdefghijklmnopqrstuvwxyz{|}~D@l,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,D@l,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,D@l,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,D@l,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,D@l,,,,,,,,, , , , , ,,,,,,,,,,,,,,,,,,,     D@l ,!,",#,$,%,&,',(,),*,+,,,-,.,/,0,1,2,3,4,5,6,7,8,9,:,;,<,=,>,?, !"#$%&'()*+,-./0123456789:;<=>?D@l@,A,B,C,D,E,F,G,H,I,J,K,L,M,N,O,P,Q,R,S,T,U,V,W,X,Y,Z,[,\,],^,_,@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_D@l`,a,b,c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u,v,w,x,y,z,{,|,},~,,`abcdefghijklmnopqrstuvwxyz{|}~D@l,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,D@l,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,D@l,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,D@l,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,D@l,,,,,,,,, , , , , ,,,,,,,,,,,,,,,,,,,     D@l ,!,",#,$,%,&,',(,),*,+,,,-,.,/,0,1,2,3,4,5,6,7,8,9,:,;,<,=,>,?, !"#$%&'()*+,-./0123456789:;<=>?D@l@,A,B,C,D,E,F,G,H,I,J,K,L,M,N,O,P,Q,R,S,T,U,V,W,X,Y,Z,[,\,],^,_,@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_D@l`,a,b,c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u,v,w,x,y,z,{,|,},~,,`abcdefghijklmnopqrstuvwxyz{|}~D@l,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,D@l,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,D@l,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,D@l,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,D@l,,,,,,,,, , , , , ,,,,,,,,,,,,,,,,,,,     D@l ,!,",#,$,%,&,',(,),*,+,,,-,.,/,0,1,2,3,4,5,6,7,8,9,:,;,<,=,>,?, !"#$%&'()*+,-./0123456789:;<=>?D@l@,A,B,C,D,E,F,G,H,I,J,K,L,M,N,O,P,Q,R,S,T,U,V,W,X,Y,Z,[,\,],^,_,@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_D@l`,a,b,c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u,v,w,x,y,z,{,|,},~,,`abcdefghijklmnopqrstuvwxyz{|}~D@l,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,D@l,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,D@l,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,D@l,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,D@l,,,,,,,,, , , , , ,,,,,,,,,,,,,,,,,,,     D@l ,!,",#,$,%,&,',(,),*,+,,,-,.,/,0,1,2,3,4,5,6,7,8,9,:,;,<,=,>,?, !"#$%&'()*+,-./0123456789:;<=>?D@l@,A,B,C,D,E,F,G,H,I,J,K,L,M,N,O,P,Q,R,S,T,U,V,W,X,Y,Z,[,\,],^,_,@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_D@l`,a,b,c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u,v,w,x,y,z,{,|,},~,,`abcdefghijklmnopqrstuvwxyz{|}~D@l,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,D@l,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,D@l,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,D@l>@A ggD g2ɀ H::J:-:<:JK:Y:g:u:}:B::Ґ::b:  dMbP?_*+%&?'?('}'}?)'}'}?"d,, ` `? ` `?&`U} t} u} u} 2u} d} ${} -f} g} I h  ` ` m "@ @ @ "@ @ @ @ "@ "@ "@ (@ @ @ "@ (@ "@ "@ (@ @ "@ @ @ @ @ @ @ "@ (@ @ z2 u z2 l | | |j 2 lll M : N : N : N 2O P 2 R R R  M : N : N : N 2O P 2 R R R  M : N : N : N 2O P 2 R R R  M : N !2 N "2 N O P #2 R R R  M : N %2 N &2 N '2O P (2 [ R R  M : N s N t N :O P +2 [ R R  M : N -2 N t N : O P +2 [ R R  M : N 9 N 12 N S2 O P : [ R R  M : N 02 N 12 N : O P 32 [ R R  M : N 52 N 62 N : O P 32 [ R R  M : N 82 N 92 N : O P 32 [ R R  M : N ;2 N  N :O P <2 [ R R  M : N >2 N ?2 N :O P @2 [ R R  M : N B2 N C2 N :\ P D2 [ R R  M : N F2 N G2 N :\ P H2 [ R R  M : N  N N J2\ P K2 [ R R  M : N M2 N N2 N O2\ P P2 [ R R  M : N R2 N N2 N S2\ P T2 [ R R  M : N V2 N w N S2\ P W2 [ R R  M : N Y2 N Z2 N \ P [2 [ R R  M : N ]2 N ^2 N _2\ P [2 [ R R  M : N a2 N b2 N c2\ P d2 [ R R  M : N f2 N b2 N :\ P h2 [ R R  M : N j2 N b2 N :\ P l2 [ R R  M : N n2 N b2 N \  P o2 [ R R  M : N q2 N b2 N r2\ P s2 [ R R  M : N u2 N v2 N w2\ P x2 [ R R  M : N z2 N v2 N w2\ P |2 [ R R  M : N ~2 N 2 N \ P 2 [ R R D l`````````````````````````V``` @! "@" "@# @$ @% @& @' @( @) @* @+ "@, /@- /@. (@/ "@0 @1 @2 "@3 @4 @5 (@6 @7 @8 @9 @: @; @< @= @> @? @ M : N 2 N 2 N  \ P 2 [ R R  !M : !N 2 !N 2 !N !\ !P 2 ![ R R  "M : "N 2 "N { "N 2"\ "P 2 "[ R R  #M : #N 2 #N #N %#\ #P 2 #[ R R  $M : $N 2 $N $N :$\ $P 2 $[ R R  %M : %N 2 %N 2 %N \  %P 2 %[ R R  &M : &N 2 &N 2 &N 2&\ &P 2 &[ R R  'M : 'N 2 'N 2 'N 2'\ 'P 2 '[ R R  (M : (N 2 (N 2 (N 2(\ (P 2 ([ R R  )M : )N 2 )N 2 )N 2)\ )P 2 )[ R R  *M : *N 2 *N 2 *N 2*\ *P 2 *[ R R  +M : +N 2 +N 2 +N 2+\ +P 2 +[ R R  ,U : ,N 2 ,N v2 ,N 2,\ ,P 2 ,[ R R  -U : -N 2 -N v2 -N 2-\ -P 2 -[ R R  .U : .N 2 .N v2 .N 2.\ .P 2 .[ R R  /M : /N 2 /N 2 /N 2/\ /P 2 /[ R R  0M : 0N 2 0N  0N 0\ 0P 2 0[ R R  1M : 1N 2 1N  1N <91\ 1P 2 1[ R R  2M : 2N 2 2N 2 2N 22\ 2P 2 2[ R R  3M : 3N 2 3N  3N 23\ 3P 2 3[ R R  4M : 4N  4N 4N 24\ 4P 2 4[ R R  5M : 5N 2 5N 2 5N 25\ P [ R R  6M : 6N 2 6N 2 6N :6\ 6P 2 6[ R R  7M : 7N  7N 7N 27\ 7P 2 7[ R R  8M : 8N 2 8N 8N 28\ 8P 2 8[ R R  9M : 9N 2 9N 9N 29] 9P 2 9[ R R  :M : :N 2 :N :N 2:] :P 2 :[ R R  ;M : ;N 2 ;N ;N 2;] ;P 2 ;[ R R  <M : <N 2 <N <N 2<] <P 2 <[ R R  =M : =N 3 =N =N 2=] =P 3 =[ R R  >M : >N 3 >N >N 2>] >P 3 >[ R R  ?M : ?N 3 ?N ?N 2?] ?P 3 ?[ R R Dbl`````V```````````````L`````````@ @A @B @C @D @E @F @G @H @I @J @K @L @M @N @O @P @Q @R @S @T @U @V @W @X @Y "@Z @[ @\ @] @^ @_ "@ @M : @N 3 @N @N 2@] @P 3 @[ R R  AM : AN 3 AN AN 2A] AP 3 A[ R R  BM ; BN 3 BN BN 2B] BP 3 B[ R R  CM ; CN 3 CN CN 2C] CP 3 C[ R R  DM ; DN 3 DN DN 2D] DP 3 D[ R R  EM ; EN 3 EN EN 2E^ EP 3 E[ R R  FM ; FM 1FN N ^ P [ R R  GM ; GN 3 GN GN 2G^ GP 3 G[ R R  HM ; HN 3 HN HN 2H^ HP 3 H[ R R  IM ; IN "3 IN IN 2I^ IP #3 I[ R R  JM ; JN (3 JN JN 2J^ JP )3 J[ R R  KM ; KN +3 KN KN 2K^ KP ,3 K[ R R  LM ; LN .3 LN LN 2L^ LP /3 L[ R R  MM ; MN 13 MN MN 2M^ MP 23 M[ R R  NM ; NN 43 NN NN 2N^ NP 53 N[ R R  OM ; ON :3 ON ON 2O^ OP ;3 O[ R R  PM ; PN =3 PN PN 2P^ PP >3 P[ R R  QM ; QN @3 QN QN 2Q^ QP A3 Q[ R R  RM ; RN C3 RN RN 2R^ RP D3 R[ R R  SM ; SN F3 SN SN 2S^ SP G3 S[ R R  TM ; TN I3 TN TN 2T^ TP J3 T[ R R  UM ; UN L3 UN UN 2U^ UP M3 U[ R R  VM ; VM 1VN N ^ P [ R R  WM ; WN P3 WN WN 2W^ WP Q3 W[ R R  XM ; XN S3 XN XN 2X^ XP T3 X[ R R  YM ; YN V3 YN t YN Y^ YP W3 Y[ R R  ZM ; ZN b3 ZN ZN 2Z^ ZP c3 Z[ R R  [M ; [N e3 [N [N 2[^ [P c3 [[ R R  \M ; \N g3 \N \N 2\^ \P c3 \[ R R  ]M ; ]N i3 ]N ]N 2]^ ]P c3 ][ R R  ^M ; ^N q3 ^N r3 ^N ;^] ^P t3 ^[ R R  _M ; _N v3 _N _N _] _P w3 _[ R R D(l``````4```````````````4````````` "@a "@b @c @d @e @f "@g (@h @i @j @k @l @m @n "@o "p q r "s t u "v w x @y @z @{ @| @} @~ @ "@ `M ; `N  `N `N p`] `P y3 `[ R R  aM ; aN q9 aN aN pa] aP y3 a[ R R  bM !; bN {3 bN bN 7b] bP |3 b[ R R  cM "; cN ~3 cN t cN 3c] cP 3 c[ R R  dM #; dN 3 dN dN 3d] dP 3 d[ R R  eM $; eN 3 eN 3 eN 3e] eP 3 e[ R R  fM %; fN 3 fN } fN f] fP 3 f[ R R  gM &; gN 3 gN } gN g] gP 3 g[ R R  hM '; hN 3 hN 3 hN 3h] hP 3 h[ R R  iM (; iN 3 iN 3 iN 3i] iP 3 i[ R R  jM ); jN 3 jN 3 jN 3j] jP 3 j[ R R  kM *; kN 3 kN 3 kN 3k] kP 3 k[ R R  lM +; lN 3 lN 3 lN 3l] lP 3 l[ R R  mM ,; mN 3 mN mN r2m\ mP 3 m[ R R  nM -; nN 3 nN 3 nN 3n\ nP 3 n[ R R  oM .; oN 3 oN 3 oN 3oO oP 3 oR R R  pM /; pN 3 pN pN g2pO pP 3 pR R R  qM 0; qN 3 qN qN 3qO qP 3 qR R R  rM 1; rN 3 rN 3 rN 3rO rP 3 rR R R  sM 2; sN 3 sN S2 sN 3sO sP 3 sR R R  tM 3; tN 3 tN  tN 3tO tP 3 tR R R  uM 4; uN 3 uN 3 uN 3uO uP 3 uR R R  vM 5; vN 3 vN vN pvO vP 3 vR R R  wM 6; wN 3 wN wN %wO wP 3 wR R R  xM 7; xN 3 xN xN %xO xP 3 xQ R R  yM 8; yN 3 yN yN %yO yP 3 yQ R R  zM 9; zN 3 zN zN %zO zP 3 zQ R R  {M :; {N 3 {N {N %{O {P 3 {Q R R  |M ;; |N 3 |N |N %|O |P 3 |Q R R  }M <; }N 3 }N }N %}O }P 4 }Q R R  ~M =; ~N 4 ~N ~N %~O ~P 4 ~Q R R  M >; N 4 N N %O P 4 Q R R Dl``````````````````````````````` @ @ @ (@ (@ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ M ?; N 4 N N %O P 4 Q R R  M @; N 4 N N %O P 4 Q R R  M A; N 4 N N %O P 4 Q R R  M B; N 4 N N %O P 4 Q R R  M C; N 4 N N %O P 4 Q R R  M D; N 4 N N %O P 4 Q R R  M E; N 4 N N %O P 4 Q R R  M F; N 4 N N %O P 4 Q R R  M G; N 4 N 2 N 2O P !4 Q R R  M H; N #4 N N %O P $4 Q R R  M I; N &4 N N %O P '4 Q R R  M J; N )4 N N %O P *4 Q R R  M K; N ,4 N N %O P -4 Q R R  M L; N /4 N N %O P 04 Q R R  M M; N 24 N 2 N 2O P 34 Q R R  M N; N 54 N N %O P 64 Q R R  M O; N 84 N N %O P 94 Q R R  M P; N ;4 N N %O P <4 Q R R  M Q; N >4 N N %O P ?4 Q R R  M R; N A4 N N %O P B4 Q R R  M S; N D4 N 2 N 2O P E4 Q R R  M T; N G4 N N %O P H4 Q R R  M U; N M4 N N %O P N4 Q R R  M V; N P4 N N %O P Q4 Q R R  M W; N S4 N N %O P T4 Q R R  M X; N Y4 N N %O P Z4 Q R R  M Y; N \4 N N %O P ]4 Q R R  M Z; N _4 N N %O P `4 Q R R  M [; N b4 N N %O P c4 Q R R  M \; N e4 N N %O P f4 Q R R  M ]; N h4 N N %O P i4 Q R R  M ^; N k4 N N %O P l4 Q R R Dl``````````````````````````````` @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ M _; N t4 N 2 N 2O P u4 Q R R  M `; N w4 N N %O P x4 Q R R  M a; N z4 N N %O P {4 Q R R  M b; N }4 N N %O P ~4 Q R R  M c; N 4 N N %O P 4 Q R R  M d; N 4 N N %O P 4 Q R R  M e; N 4 N N %O P 4 Q R R  M f; N 4 N N %O P 4 Q R R  M g; N 4 N N %O P 4 Q R R  M h; N 4 N N %O P 4 Q R R  M i; N 4 N N %O P 4 Q R R  M j; N 4 N N %O P 4 Q R R  M k; N 4 N N %O P 4 Q R R  M l; N 4 N N %O P 4 Q R R  M m; N 4 N 2 N 2O P 4 Q R R  M n; N 4 N N %O P 4 Q R R  M o; N 4 N N %O P 4 Q R R  M p; N 4 N N %O P 4 Q R R  M q; N 4 N N %O P 4 Q R R  M r; N 4 N N %O P 4 Q R R  M s; M 1N N O P Q R R  M t; N 9 N N %O P 4 Q R R  M u; M 1N N O P Q R R  M v; N 4 N N %O P 4 Q R R  M w; N 4 N N %O P 4 Q R R  M x; N 4 N N %O P 4 Q R R  M y; N 4 N N %O P 4 Q R R  M z; N 4 N N %O P 4 Q R R  M {; N 4 N N %O P 4 Q R R  M |; N 4 N N %O P 4 Q R R  M }; N 4 N N %O P 4 Q R R  M ~; N 4 N N %O P 4 Q R R D(l````````````````````4`4```````` @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ (@ /@ =@ /@ @ @ M ; N 4 N N %O P 4 Q R R  M ; N 4 N N %O P 4 Q R R  M ; N 4 N N %O P 4 Q R R  M ; N 4 N N %O P 4 Q R R  M ; N 4 N N %O P 4 Q R R  M ; N 4 N N %O P 4 Q R R  M ; N 9 N 4 N O P 9 Q R R  M ; N 9 N 4 N _2O P 9 Q R R  M ; N 9 N 4 N O P 9 Q R R  M ; N 9 N 4 N _2O P 9 Q R R  M ; N 9 N 4 N O P 9 Q R R  M ; N 9 N 4 N _2O P 9 Q R R  M ; N 9 N 4 N O P #5 Q R R  M ; N 9 N 4 N _2O P #5 Q R R  M ; N '5 N 4 N O P (5 Q R R  M ; N *5 N 4 N _2O P (5 Q R R  M ; N <5 N 4 N O P =5 Q R R  M ; N ?5 N 4 N _2O P =5 Q R R  M ; N C5 N 4 N O P D5 Q R R  M ; N F5 N 4 N _2O P D5 Q R R  M ; M 1N N O P Q R R  M ; M 1N N O P Q R R  M ; N u5 N 4 N O P v5 Q R R  M ; N x5 N 4 N _2O P v5 Q R R  M ; N z5 N 4 N O P {5 Q R R  M ; N }5 N 4 N _2O P {5 Q R R  M ; N 5 N 5 N 5O P 5 Q R R  M ; N 5 N 5 N 5O P 5 Q R R  M ; N 9 N 5 N 5O P 5 Q R R  M ; N 9 N 5 N 5O P 5 Q R R  M ; M 1N N O P Q R R  M ; N 5 N  N 5O P 5 Q R R D l````````````````````44````````4 @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ "@ @ @ @ @ @ "@ @ "@ (@ "@ "@ M ; N 5 N  N 5O P 5 Q R R  M ; M 1N N O P Q R R  M ; N ; N 4 N O P ; Q R R  M ; M 1N N O P Q R R  M ; N ; N 4 N O P ; Q R R  M ; N ; N 4 N O P ; Q R R  M ; M 1N N O P Q R R  M ; N ; N 4 N _2O P ; Q R R  M ; M 1N N O P Q R R  M ; N ; N 4 N _2O P ; Q R R  M ; N ; N 4 N _2O P ; Q R R  M ; M 1N N O P Q R R  M ; N ; N N %O P ; Q R R  M ; M ;N N O P Q R R  S ; N 5 N 4 N O P 5 Q R R  S ; N 5 N 4 N O P 5 Q R R  S ; N 5 N 4 N O P 5 Q R R  M ; N 5 N N %O P ; Q R R  M ; N ; N N %O P ; Q R R  M ; M 1N N O P Q R R  M ; N ; N N ;O P ; Q R R  M ; N : N N ;O P ; Q R R  M ; N : N J6 N ;O P ; Q R R  M ; N : N J6 N ;O P ; Q R R  M ; N \6 N J6 N ;O P ; Q R R  M ; N `6 N J6 N ;O P ; Q R R  M ; N d6 N J6 N ;O P ; Q R R  M ; N g6 N J6 N ;O P ; Q R R  M ; N : N J6 N ;O P ; Q R R  M ; N j6 N J6 N ;O P ; Q R R  M ; N : N J6 N ;O P ; Q R R  M ; N : N J6 N ;O P ; Q R R DL l`4`4``4`4``4`4`````4``````````` "@ @ @ @ "@ "@ @ "@ %@  %@  %@  %@  %@  %@ %@ %@ %@ %@ %@ %@ %@ %@ %@ %@ %@ %@ %@ %@ %@ %@ %@ %@ M ; N 6 N 6 N 5O P ; Q R R  M ; N ; N ; N ;O P ; Q R R  M ; N ; N ; N ;O P ; Q R R  M ; N ; N ; N ;O P ; Q R R  M ; N ; N { N ;O P ; Q R R  M ; N ; N ; N ;O P ; Q R R  M ; N 7 N &2 N '2O P (2 Q R R  M ; N 7 N v2 N S2O P 2 Q R R b c c c _ d Q R R  b c c c _ d Q R R  b c c c _ d Q R R  b c c c _ d Q R R  b c c c _ d Q R R  b c c c _ d Q R R b c c c _ d Q R R b c c c _ d Q R R b c c c _ d Q R R b c c c _ d Q R R b c c c _ d Q R R b c c c _ d Q R R b c c c _ d Q R R b c c c _ d Q R R b c c c _ d Q R R b c c c _ d Q R R b c c c _ d Q R R b c c c _ d Q R R b c c c _ d Q R R b c c c _ d Q R R b c c c _ d Q R R b c c c _ d Q R R b c c c _ d Q R R b c c c _ d Q R R D l````````  %@! %@" %@# %@$ %@% %@& %@' %@( %@) %@* %@+ %@, %@- %@. %@/ %@0 %@1 %@2 %@3 %@4 %@5 %@6 %@7 %@8 %@9 %@: %@; %@< %@= %@> %@? %@ b c c c _ d Q R R !b c c c _ d Q R R "b c c c _ d Q R R #b c c c _ d Q R R $b c c c _ d Q R R %b c c c _ d Q R R &b c c c _ d Q R R 'b c c c _ d Q R R (b c c c _ d Q R R )b c c c _ d Q R R *b c c c _ d Q R R +b c c c _ d Q R R ,b c c c _ d Q R R -b c c c _ d Q R R .b c c c _ d Q R R /b c c c _ d Q R R 0b c c c _ d Q R R 1b c c c _ d Q R R 2b c c c _ d Q R R 3b c c c _ d Q R R 4` a a a _ d Q R R 5` a a a _ d Q R R 6` a a a _ d Q R R 7` a a a _ d Q R R 8` a a a _ d Q R R 9` a a a _ d Q R R :` a a a _ d Q R R ;` a a a _ d Q R R <` a a a _ d Q R R =` a a a _ d Q R R >` a a a _ d Q R R ?` a a a _ d Q R R Dl@ %@A %@B %@C %@D %@E %@F %@G %@H %@I %@J %@K %@L %@M %@N %@O %@P %@Q %@R %@S %@T %@U %@V %@W %@X %@Y %@Z %@[ %@\ %@] %@^ %@_ %@@` a a a _ d Q R R A` a a a _ d Q R R B` a a a _ d Q R R C` a a a _ d Q R R D` a a a _ d Q R R E` a a a _ d Q R R F` a a a _ d Q R R G` a a a _ d Q R R H` a a a _ d Q R R I` a a a _ d Q R R J` a a a _ d Q R R K` a a a _ d Q R R L` a a a _ d Q R R M` a a a _ d Q R R N` a a a _ d Q R R O` a a a _ d Q R R P` a a a _ d Q R R Q` a a a _ d Q R R R` a a a _ d Q R R S` a a a _ d Q R R T` a a a _ d Q R R U` a a a _ d Q R R V` a a a _ d Q R R W` a a a _ d Q R R X` a a a _ d Q R R Y` a a a _ d Q R R Z` a a a _ d Q R R [` a a a _ d Q R R \` a a a _ d Q R R ]` a a a _ d Q R R ^` a a a _ d Q R R _` a a a _ d Q R R Dl` %@a %@b %@c %@d %@e %@f %@g %@h %@i %@j %@k %@l %@m %@n %@o %@p %@q %@r %@s %@t %@u %@v %@w %@x %@y %@z %@{ %@| %@} %@~ %@ %@`` a a a _ d Q R R a` a a a _ d Q R R b` a a a _ d Q R R c` a a a _ d Q R R d` a a a _ d Q R R e` a a a _ d Q R R f` a a a _ d Q R R g` a a a _ d Q R R h` a a a _ d Q R R i` a a a _ d Q R R j` a a a _ d Q R R k` a a a _ d Q R R l` a a a _ d Q R R m` a a a _ d Q R R n` a a a _ d Q R R o` a a a _ d Q R R p` a a a _ d Q R R q` a a a _ d Q R R r` a a a _ d Q R R s` a a a _ d Q R R t` a a a _ d Q R R u` a a a _ d Q R R v` a a a _ d Q R R w` a a a _ d Q R R x` a a a _ d Q R R y` a a a _ d Q R R z` a a a _ d Q R R {` a a a _ d Q R R |` a a a _ d Q R R }` a a a _ d Q R R ~` a a a _ d Q R R ` a a a _ d Q R R Dl %@ %@ %@ %@ %@ %@ %@ %@ %@ %@ %@ %@ %@ %@ %@ %@ %@ %@ %@ %@ %@ %@ %@ %@ %@ %@ %@ %@ %@ %@ %@ %@` a a a _ d Q R R ` a a a _ d Q R R ` a a a _ d Q R R ` a a a _ d Q R R ` a a a _ d Q R R ` a a a _ d Q R R ` a a a _ d Q R R ` a a a _ d Q R R ` a a a _ d Q R R ` a a a _ d Q R R ` a a a _ d Q R R ` a a a _ d Q R R ` a a a _ d Q R R ` a a a _ d Q R R ` a a a _ d Q R R ` a a a _ d Q R R ` a a a _ d Q R R ` a a a _ d Q R R ` a a a _ d Q R R ` a a a _ d Q R R ` a a a _ d Q R R ` a a a _ d Q R R ` a a a _ d Q R R ` a a a _ d Q R R ` a a a _ d Q R R ` a a a _ d Q R R ` a a a _ d Q R R ` a a a _ d Q R R ` a a a _ d Q R R ` a a a _ d Q R R ` a a a _ d Q R R ` a a a _ d Q R R Dl %@ %@ %@ %@ %@ %@ %@ %@ %@ %@ %@ %@ %@ %@ %@ %@ %@ %@ %@ %@ %@ %@ %@ %@ %@ %@ %@ %@ %@ %@ %@ %@` a a a _ d Q R R ` a a a _ d Q R R ` a a a _ d Q R R ` a a a _ d Q R R ` a a a _ d Q R R ` a a a _ d Q R R ` a a a _ d Q R R ` a a a _ d Q R R ` a a a _ d Q R R ` a a a _ d Q R R ` a a a _ d Q R R ` a a a _ d Q R R ` a a a _ d Q R R ` a a a _ d Q R R ` a a a _ d Q R R ` a a a _ d Q R R ` a a a _ d Q R R ` a a a _ d Q R R ` a a a _ d Q R R ` a a a _ d Q R R ` a a a _ d Q R R ` a a a _ d Q R R ` a a a _ d Q R R ` a a a _ d Q R R ` a a a _ d Q R R ` a a a _ d Q R R ` a a a _ d Q R R ` a a a _ d Q R R ` a a a _ d Q R R ` a a a _ d Q R R ` a a a _ d Q R R ` a a a _ d Q R R Dl>@a b A I ggD g2ɀ <R:G:?::: ;;+;;;#;);-;  dMbP?_*+%&?'?('}'}?)'}'}?MSend To OneNote 2010 / odXXLetterDINU" ¬QSMTJSend To Microsoft OneNote 2010 DriverRESDLLUniresDLLPaperSizeLETTEROrientationPORTRAITResolutionDPI600ColorMode24bpp"d,, ` `? ` `?&`U} }  }  } 2 } F}  Q} $S} -S}   } % } $ HR     M O O O O O O O O O O O O O O O O O O O O O O O O O O O O O z  z | | | |K J 2 T T       ( ) ) ? ) ? * } }    ( ) ) ? )   } }    ( ) ) ? ) ? * }  }       (  )  ) ? ) ? *  } }    ( )   )   }  }      (  )   )            (     )          ( !  # ) ? )   "  $  %  & ' ( (  * ) ? ) ?  * )  +  ,  - . ( / ) 1  )   0  2  3  4 5 ( 6  8 ) ? ) ?  * 7  9  :  ; < ( =  ? ) ? ) @ * >  @  A  B  C  ( D  F   @ E  G  H  I  J  ( K  M  )  L  N  O  P  Q  ( R  T  )  S  U  V  W  X  ( Y  [ ) ? ) @ * Z  \  ]  ^  _  ( `  b  )  a  c  d  e  f  ~ g  i   @  h  j  k  l  m  ~ n  p   @  o  q  r  s  t  ~ u  w   @  v  x  y  z  {  ~ |  ~   @  }       ~    @       ~    @       ~    @       ~    @       ~    @       ~    @     ~    @     ~    @     Dl~~ O! O" O# O$ O% O& O' O( O) O* O+ O, O- O. O/ O0 O1 O2 O3 O4 O5 O6 O7 O8 O9 O: O; O< O= O> O? O ~    @      !~ ! ! ! @! ! ! ! ! ! ! "~ " " " @" " " " " " " #~ # # # @# # # # # $~ $ $ $ @$ $ $ $ $ %~ % % % @% % % % % % % &~ & & & @& & & & & & & '~ ' ' ' @' ' ' ' ' (~ ( ( ( @( ( ( ( ( )~ ) ) ) @) ) ) ) ) ) ) *~ * * * @* * * * * +~ + + + @+ + + + + + + ,~ ,  , , @, ,  ,  ,  ,  ,  , -~  -  - - @- -  -  - - .~  .  . . @. .  .  .  .  .  . /~  /  / / @/ /  /  /  /  /  / 0~  0  0 0 @0 0  0  0  0  0  0 1~  1 " 1 1 @1 1 ! 1 # 1 $ 1 % 1 & 1 2~ ' 2 ) 2 2 !@2 2 ( 2 * 2 + 2 , 2 - 2 3~ . 3 0 3 3 "@3 3 / 3 1 3 2 3 3 3 4 3 4~ 5 4 7 4 4 #@4 4 6 4 8 4 9 4 : 4 ; 4 5~ < 5 > 5 ? 5 $@5 5 = 5 @ 5 A 5 B 5 C 5 6~ D 6 F 6 ? 6 %@6 6 E 6 G 6 H 6 I 6 J 6 7~ K 7 M 7 ? 7 &@7 7 L 7 N 7 O 7 P 7 Q 7 8~ R 8 T 8 ? 8 '@8 8 S 8 U 8 V 8 W 8 X 8 9~ Y 9 [ 9 9 (@9 9 Z 9 \ 9 ] 9 ^ 9 _ 9 :~ ` : b : ? : )@: : a : c : d : e : f : ;~ g ; i ; ; *@; ; h ; j ; k ; l ; m ; <~ n < p < < +@< < o < q < r < s < t < =~ u = w = ? = ,@= = v = x = y = z = { = >~ | > ~ > ? > -@> > } >  >  >  >  > ?~  ?  ? ? ? .@? ?  ?  ?  ?  ?  ? Dl~~~~~~@ OA OB OC OD OE OF OG OH OI OJ OK OL OM ON OO OP OQ OR OS OT OU OV OW OX OY OZ O[ O\ O] O^ O_ O @~  @  @  @ /@@ @  @  @  @  @  @ A~  A  A ? A 0@A A  A  A  A  A  A B~  B  B  B 1@B B  B  B  B  B  B C~  C  C ? C 2@C C  C  C  C  C  C D~  D  D ? D 3@D D  D  D  D  D  D E~  E  E E 4@E E  E  E  E  E  E F~  F  F  F 5@F F  F  F  F  F  F G~  G  G G 6@G G  G  G  G  G  G H~  H  H H 7@H H  H  H  H  H  H I~  I  I ? I 8@I I  I  I  I  I  I J~  J  J ? J 9@J J  J  J J K~  K  K ? K :@K K  K  K  K  K  K L~  L  L ? L ;@L L  L  L  L  L  L M~  M  M ? M <@M M  M  M  M  M  M N~  N  N ? N =@N N  N  N  N  N  N O~  O  O ? O >@O O  O  O  O  O  O P~  P  P ? P ?@P P  P  P  P  P  P Q~  Q  Q ? Q @@Q Q  Q  Q  Q  Q  Q R~  R  R  R A@R R  R  R  R  R  R S~  S  S ? S B@S S  S  S  S  S  S T~  T  T T C@T T  T  T  T  T  T U~  U ! U ? U D@U U  U " U # U $ U % U V~ & V ( V ? V E@V V ' V ) V * V + V , V W~ - W / W W F@W W . W 0 W 1 W 2 W 3 W X~ 4 X 6 X X G@X X 5 X 7 X 8 X 9 X : X Y~ ; Y = Y ? Y H@Y Y < Y > Y ?Y Z~ @ Z B Z Z I@Z Z A Z C Z D Z E Z F Z [~ G [ I [ [ J@[ [ H [ J [ K [ L [ M [ \~ N \ P \ ? \ I@\ \ O \ Q \ R \ S \ T \ ]~ U ] W ] ? ] K@] ] V ] X ] Y ] Z ] [ ] ^~ \ ^ ^ ^ ? ^ L@^ ^ ] ^ _ ^ ` ^ a ^ b ^ _~ c _ e _  _ M@_ _ d _ f _ g _ h _ i _ Dl~~` Oa Ob Oc Od Oe Of Og Oh Oi Oj Ok Ol Om On Oo Op Oq Or Os Ot Ou Ov Ow Ox Oy Oz O{ O| O} O~ O O `~ j ` l ` ? ` N@` ` k ` m ` n ` o ` p ` a~ q a s a  a O@a a r a t a u a v a w a b~ x b z b ? b P@b b y b { b | b } b ~ b c~  c  c ? c Q@c c  c  c  c  c  c d~  d  d d R@d d  d  d  d  d  d e~  e  e ? e S@e e  e  e  e  e  e f~  f  f ? f T@f f  f  f  f  f  f g~  g  g  g U@g g  g  g  g  g  g h~  h  h ? h V@h h  h  h  h  h  h i~  i  i ? i W@i i  i  i  i  i  i j~  j  j  j X@j j  j  j  j  j  j k~  k  k k Y@k k  k  k  k  k  k l~  l  l l Z@l l  l  l  l  l  l m~  m  m ? m [@m m  m  m  m  m  m n~  n  n ? n \@n n  n  n n o~  o  o ? o ]@o o  o  o  o  o  o p~  p  p ? p ^@p p  p  p  p  p  p q~  q  q ? q _@q q  q  q  q  q  q r~  r  r r `@r r  r  r  r  r  r s~  s  s s s s  s  s  s  s  s t~  t  t t t t  t  t  t  t  t u~  u  u u u u  u  u  u  u  u v~  v  v v v v  v  v  v  v  v w~  w  w w w w  w  w w x~  x  x x x x  x  x x y~  y  y y y y  y  y  y  y  y z~  z  z z z z  z  z  z  z  z {~ ! { # { { { { " { $ { % { & { ' { |~ ( | * | | | | ) | + | , | - | . | }~ / } 1 } } } } 0 } 2 } 3 } 4 } 5 } ~~ 6 ~ 8 ~ ~ 9~ ~ 7 ~ : ~ ;~ ~ <  >   ?  =  @  A Dl~~~~ O O O O O O O O O O O O O O O O O O O O O O O O O O O O O    ~ B  D   E  C  F  G ~ H  J   K  I  L  M ~ N  P   Q  O  R  S ~ T  V   W  U  X  Y ~ Z  \   ]  [  ^  _ ~ `  b   c  a  d  e ~ f  h   i  g  j  k ~ l  n   o  m  p  q ~ r  t    a@  s  u  v  w x ~ y  {    b@  z  |  }  ~  ~       c@          (  )  )  )  '       (  )  ) )  '       (       d@ '       (  )  ) ? )  '       (       e@ '       (       f@ '       (  )  ) )  '       (       g@ '       (  )  ) ) h@ '             i@ '          ?  ' } }   ?  ' } }   ?  ' } }   ?  ' } }   ?  ' } }   ?  ' } }   ?  ' } } ߁ ށ  ݁  ?  ܁' } } ہ ځ( ) ) ) ? ' ( ) ) ) ? ' ( ) ) ) ? ' D,l~~~~~~~~jjjjjjjj                                ( ) ) ) ? ' ( ) ) ) ? ' ( ) ) ) ? ' ( ) ) ) ? ' ( ) ) ) ? ' ( ) ) ) ? ' ( ) ) ) ? ' ( ) ) ) ? ' ( ) ) ) ? ' ( ) ) ) ? ' ( ) ) ) ? ' ( ) ) ) ? ' ( ) ) ) ? ' ( ) ) ) ? ' ( ) ) ) ? ' ( ) ) ) ? ' ( ) ) ) ? ' ( ) ) ) ? ' ( ) ) ) ? ' ( ) ) ) ? ' ( ) ) ) ? ' ( ) ) ) ? ' ( ) ) ) ? ' ( ) ) ) ? ' ( ) ) ) ? ' ( ) ) ) ? ' ( ) ) ) ? ' ( ) ) ) ? ' ( ) ) ) ? ' ( ) ) ) ? ' ( ) ) ) ? ' ( ) ) ) ? ' D@l                                ( ) ) ) ? ' ( ) ) ) ? ' ( ) ) ) ? ' ( ) ) ) ? ' ( ) ) ) ? ' ( ) ) ) ? ' ( ) ) ) ? ' ( ) ) ) ? ' ( ) ) ) ? ' ( ) ) ) ? ' ( ) ) ) ? ' ( ) ) ) ? ' ( ) ) ) ? ' ( ) ) ) ? ' ( ) ) ) ? ' ( ) ) ) ? ' ( ) ) ) ? ' ( ) ) ) ? ' ( ) ) ) ? ' ( ) ) ) ? ' ( ) ) ) ? ' ( ) ) ) ? ' ( ) ) ) ? ' ( ) ) ) ? ' ( ) ) ) ? ' ( ) ) ) ? ' ( ) ) ) ? ' ( ) ) ) ? ' ( ) ) ) ? ' ( ) ) ) ? ' ( ) ) ) ? ' ( ) ) ) ? ' D@l                                ( ) ) ) ? ' ( ) ) ) ? ' ( ) ) ) ? ' ( ) ) ) ? ' ( ) ) ) ? ' ( ) ) ) ? ' ( ) ) ) ? ' ( ) ) ) ? ' ( ) ) ) ? ' ( ) ) ) ? ' ( ) ) ) ? ' ( ) ) ) ? ' ( ) ) ) ? ' ( ) ) ) ? ' ( ) ) ) ? ' ( ) ) ) ? ' ( ) ) ) ? ' ( ) ) ) ? ' ( ) ) ) ? ' ( ) ) ) ? ' ( ) ) ) ? ' ( ) ) ) ? ' ( ) ) ) ? ' ( ) ) ) ? ' ( ) ) ) ? ' ( ) ) ) ? ' ( ) ) ) ? ' ( ) ) ) ? ' ( ) ) ) ? ' ( ) ) ) ? ' ( ) ) ) ? ' ( ) ) ) ? ' D@l                                     ( ) ) ) ? ' ( ) ) ) ? ' ( ) ) ) ? ' ( ) ) ) ? ' ( ) ) ) ? ' ( ) ) ) ? ' ( ) ) ) ? ' ( ) ) ) ? ' ( ) ) ) ? '  ( ) ) ) ? '  ( ) ) ) ? '  ( ) ) ) ? '  ( ) ) ) ? '  ( ) ) ) ? ' ( ) ) ) ? ' ( ) ) ) ? ' ( ) ) ) ? ' ( ) ) ) ? ' ( ) ) ) ? ' ( ) ) ) ? ' ( ) ) ) ? ' ( ) ) ) ? ' ( ) ) ) ? ' ( ) ) ) ? ' ( ) ) ) ? ' ( ) ) ) ? ' ( ) ) ) ? ' ( ) ) ) ? ' ( ) ) ) ? ' ( ) ) ) ? ' ( ) ) ) ? ' ( ) ) ) ? ' D@l  ! " # $ % & ' ( ) * + , - . / 0 1 2 3 4 5 6 7 8 9 : ; < = > ?  ( ) ) ) ? ' !( ) ) ) ? ' "( ) ) ) ? ' #( ) ) ) ? ' $( ) ) ) ? ' %( ) ) ) ? ' &( ) ) ) ? ' '( ) ) ) ? ' (( ) ) ) ? ' )( ) ) ) ? ' *( ) ) ) ? ' +( ) ) ) ? ' ,( ) ) ) ? ' -( ) ) ) ? ' .( ) ) ) ? ' /( ) ) ) ? ' 0( ) ) ) ? ' 1( ) ) ) ? ' 2( ) ) ) ? ' 3( ) ) ) ? ' 4( ) ) ) ? ' 5( ) ) ) ? ' 6( ) ) ) ? ' 7( ) ) ) ? ' 8( ) ) ) ? ' 9( ) ) ) ? ' :( ) ) ) ? ' ;( ) ) ) ? ' <( ) ) ) ? ' =( ) ) ) ? ' >( ) ) ) ? ' ?( ) ) ) ? ' D@l@ A B C D E F G H I J K L M N O P Q @( ) ) ) ? ' A( ) ) ) ? ' B( ) ) ) ? ' C( ) ) ) ? ' D( ) ) ) ? ' E( ) ) ) ? ' F( ) ) ) ? ' G( ) ) ) ? ' H( ) ) ) ? ' I( ) ) ) ? ' J( ) ) ) ? ' K( ) ) ) ? ' L( ) ) ) ? ' M( ) ) ) ? ' N( ) ) ) ? ' O( ) ) ) ? ' P( ) ) ) ? ' Q( ) ) ) ? ' (T>@d) * A ggD g2ɀ "@;Q;c;v;;;N;;;&;n;;;F<<-<=<fL<[<j<>z<<Θ<<^<<<6<~<==V"=1=@=.P=v_=n=~=N==ޫ=&=n===F=  dMbP?_*+%,&ffffff?'ffffff?(?)?M\\MBPS1\1S412-OC.  od XXʀ0CourierArial 0X o   COPIES@PJL JOB NAME="!JOBNAME" @PJL SET GUISTARTJOB=1 @PJL EOJ Сpxxxxb Ц Oce im2830 Series PS3MckinleyU  X !                                                    q q 18050,E211111111111111111111111C,1003,E211,2124,E1,q q q Pq q q @q q q 0q q аq q pq q q `q q q Pq q q @q q q 0q q "dXX333333?333333?&<3U} } } } 2} }  } (} #}  %} %} $   ,  ,  @                                \I ]I     S2  2 } R }  } v } w } w ? w }9 w v x } x bl y y v } w } w w }9 w S2 x } x bl y y v } w } w ? w }9 w E x } x bl y y v } w } w w }9 w Z x } x bl y y v } w } w w }9 w  x } x bl y y v } w } w w }9 w S2 x } x bl y y v } w } w w } 9 w 6 x } x bl y y v } w } w ? w } 9 w  x } x bl y y v } w } w w } 9 w  x } x bl y y v } w } w w } 9 w x } x bl y y v } w } w w } 9 w  x } x bl y y v } w } w w }9 w  x } x bl y y v } w } w w }9 w S2 x } x bl y y v } w } w w }9 w S2 x } x bl z z v } w } w  w }9 w  x } x bl z z v } w } w w }9 w S2 x ~} x bl z z v }} w |} w w {}9 w E x z} x bl z z v y} w x} w w w}9 w x v} x bl z z v u} w t} w w s}9 w " x r} x bl z z v q} w p} w w o}9 w  x n} x bl z z v m} w l} w w k}9 w  x j} x bl z z v i} w h} w ? w g}9 w ] x f} x bl z z v e} w d} w ? w c}9 w k x b} x bl z z v a} w `} w ? w _}9 w = x ^} x bl z z v ]} w \} w w [}9 w x Z} x bl z z v Y} w X} w w W}9 w  x V} x bl z z v U} w T} w w S}9 w o x R} x bl z z v Q} w P} w ? w O}9 w  x N} x bl z z v M} w L} w w K}9 w x J} x bl z z Dlzzzzzzzzzzzzzzzzzzzzzzzzzzzz ! " # $ % & ' ( ) * +  , - . / 0 1 2 3 4 5 6 7 8 9 : ; < = > ?  v I} w H} w w G} 9 w x F} x bl z z !v E} !w D} !w ? !w C}!9 !w L !x B} !x bl !z z "v A} "w @} "w "w ?}"9 "w "x >} "x bl "z z #v =} #w <} #w #w ;}#9 #w  #x :} #x bl #z z $v 9} $w 8} $w $w 7}$9 $w A $x 6} $x bl $z z %v 5} %w 4} %w ? %w 3}%9 %w } %x 2} %x bl %z z &v 1} &w 0} &w &w /}&9 &w &x .} &x bl &z z 'v -} 'w ,} 'w ? 'w +}'9 'w V 'x *} 'x bl 'z z (v )} (w (} (w (w '}(9 (w (x &} (x bl (z z )v %} )w $} )w )w #})9 )w  )x "} )x bl )z z *v !} *w } *w ? *w }*9 *w O *x } *x bl *z z +v } +w } +w | +w }+9 +w  +x } +x bl +z z ,v } ,w } ,w ? ,w },9 ,w ' ,x } ,x bl ,z z -v } -w } -w -w }-9 -w  -x } -x bl -z z .v } .w } .w .w }.9 .w  .x } .x bl .z z /v } /w } /w ? /w }/9 /w  /x } /x bl /z z 0v } 0w } 0w ? 0w }09 0w 0x } 0x bl 0z z 1v } 1w } 1w } 1w }19 1w  1x } 1x bl 1z z 2v } 2w | 2w 2w |29 2w 2x | 2x bl 2z z 3v | 3w | 3w ? 3w |39 3w  3x | 3x bl 3z z 4v | 4w | 4w ? 4w |49 4w  4x | 4x bl 4z z 5v | 5w | 5w 5w |59 5w  5x | 5x bl 5z z 6v | 6w | 6w 6w |69 6w 0 6x | 6x bl 6z z 7v | 7w | 7w 7w |79 7w / 7x | 7x bl 7z z 8v | 8w | 8w 8w |89 8w L 8x | 8x bl 8z z 9v | 9w | 9w 9w |99 9w S 9x | 9x bl 9z z :v | :w | :w :w |:9 :w :x | :x bl :z z ;v | ;w | ;w ;w |;9 ;w  ;x | ;x bl ;z z <v | <w | <w ? <w |<9 <w  <x | <x bl <z z =v | =w | =w  =w |=9 =w  =x | =x bl =z z >v | >w | >w ? >w |>9 >w  >x | >x bl >z z ?v | ?w | ?w ?w |?9 ?w a ?x | ?x bl ?z z Dlzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz@ A B  C D E F G H I J  K L M N O P Q R S T U V W X Y Z [ \ ] ^ _  @v | @w | @w @w |@9 @w @x | @x bl @z z Av | Aw | Aw ? Aw |A9 Aw  Ax | Ax bl Az z Bv | Bw | Bw | Bw |B9 Bw r Bx | Bx bl Bz z Cv | Cw | Cw Cw |C9 Cw . Cx | Cx bl Cz z Dv | Dw | Dw Dw |D9 Dw S2 Dx | Dx bl Dz z Ev | Ew | Ew Ew |E9 Ew S2 Ex | Ex bl Ez z Fv | Fw | Fw Fw |F9 Fw S2 Fx | Fx bl Fz z Gv | Gw | Gw Gw |G9 Gw S2 Gx | Gx bl Gz z Hv | Hw | Hw Hw |H9 Hw S2 Hx | Hx bl Hz z Iv | Iw | Iw Iw |I9 Iw S2 Ix | Ix bl Iz z Jv | Jw | Jw Jw |J9 Jw S2 Jx | Jx bl Jz z Kv | Kw | Kw Kw |K9 Kw S2 Kx | Kx bl Kz z Lv | Lw | Lw Lw |L9 Lw Lx | Lx bl Lz z Mv | Mw | Mw ? Mw |M9 Mw  Mx | Mx bl Mz z Nv | Nw | Nw Y| Nw |N9 Nw  Nx | Nx bl Nz z Ov | Ow | Ow ? Ow |O9 Ow  Ox | Ox bl Oz z Pv | Pw | Pw Pw |P9 Pw h Px | Px bl Py y Qv | Qw | Qw Qw |Q9 Qw  Qx | Qx bl Qy y Rv | Rw ~| Rw ? Rw }|R9 Rw S Rx || Rx bl Ry y Sv {| Sw z| Sw ? Sw y|S9 Sw  Sx x| Sx bl Sy y Tv w| Tw v| Tw Tw u|T9 Tw S2 Tx t| Tx bl T{ s| T { r| Uv q| Uw p| Uw Uw o|U9 Uw 5 Ux n| Ux bl Uy y Vv m| Vw l| Vw ? Vw k|V9 Vw  Vx j| Vx bl Vy y Wv i| Ww h| Ww Ww g|W9 Ww S2 Wx f| Wx bl W{ e| W { d| Xv c| Xw b| Xw ? Xw a|X9 Xw  Xx `| Xx bl Xy y Yv _| Yw ^| Yw Yw ]|Y9 Yw S2 Yx \| Yx bl Yy y Zv [| Zw Z| Zw Y| Zw X|Z9 Zw  Zx W| Z| y y [v V| [w U| [w [w T|[9 [w Z [x S| [x bl [y y \v R| \w Q| \w \w P|\9 \w S2 \x O| \x bl \y y ]v N| ]w M| ]w ? ]w L|]9 ]w  ]x K| ]x bl ]y y ^v J| ^w I| ^w ? ^w H|^9 ^w v ^x G| ^x bl ^y y _v F| _w E| _w _w D|_9 _w H _x C| _x bl _y y Dlzzzzzzzzzzzzzzzzzzzzzzzznzzzz` a b c d e f g h i j k l m n o p q r s t u v w x y z { | } ~   `v B| `w A| `w ? `w @|`9 `w  `x ?| `x bl `y y av >| aw =| aw aw <| a9 z |  ax bl ay y bv ;| bw :| bw bw 9| b9 z |  bx bl b{ 8| b { 7| cv 6| cw 5| cw cw 4| c9 z |  cx bl c{ 3| c { 2| dv 1| dw 0| dw ? dw /| d9 z |  dx bl dy y ev .| ew -| ew ew ,| e9 z |  ex bl e{ +| e { *| fv )| fw (| fw fw '| f9 z |  fx bl fy y gv &| gw %| gw gw $| g9 z |  gx bl g{ #| g { "| hv !| hw | hw hw |h9 z | | y y iv | iw  iw iw |i9 z | | y y jv | jw | jw jw |j9 z | | y y kv | kw | kw ? kw | k9 z |  kx bl ky y lv | lw | lw lw | l9 z |  lx bl ly y mv | mw | mw mw | m9 z |  mx bl m{ | m { | nv | nw | nw nw | n9 z |  nx bl n{ | n { | ov | ow | ow ow | o9 z |  ox bl o{ | o { | pv | pw | pw  pw | p9 z |  px bl py y qv | qw | qw  qw { q9 z |  qx bl qy y rv { rw { rw  rw { r9 z |  rx bl ry y sv { sw { sw  sw { s9 z |  sx bl sy y tv { tw { tw  tw { t9 z |  tx bl ty y uv { uw { uw  uw { u9 z |  ux bl uy y vv { vw { vw  vw { v9 z |  vx bl vy y wv { ww { ww  ww { w9 z |  wx bl wy y xv { xw { xw xw { x9 z |  xx bl x{ { x { { yv { yw { yw yw { y9 z |  yx bl y{ { y { { zv { zw { zw ? zw { z9 z |  zx bl zy y {v { {w { {w ? {w { {9 z |  {x bl {y y |v { |w { |w |w { |9 z |  |x bl |y y }v { }w { }w }w { }9 z |  }x bl }{ { } { { ~v { ~w { ~w ~w { ~9 z |  ~x bl ~y y v { w { w w { 9 z |  x bl y y D`lzdrrdrdrNNNddrrrddddddddrrdddrd                                     v { w { w w { 9 z |  x bl { { { { v { w { w w { 9 z |  x bl { { { { v { w { w  w { 9 z |  x bl y y v { w { w w { 9 z |  x bl y y v { w { w w { 9 z |  x bl y y v { w { w  w {9 z | | y y v { w { w w { 9 z |  x bl y y v { w { w w { 9 z |  x bl y y v { w { w w { 9 z |  x bl { { { { v { w  w w {9 z | | y y v { w { w { w { 9 z |  x bl { { { { v { w { w w { 9 z |  x bl { { { { v { w { w w { 9 z |  x bl { { { { v { w { w w { 9 z |  x bl y y v { w { w w { 9 z |  x bl y y v { w { w w { 9 z |  x bl y y v { w { w w { 9 z |  x bl z z v { w { w S2 w { 9 z |  x bl z z v { w { w S2 w { 9 z |  x bl z z v { w { w S2 w {9 z | | z z v { w { w ? w { 9 z |  x bl z z v { w { w w { 9 z |  x bl z z v { w { w w ~{ 9 z |  x bl z z v }{ w |{ w w {{ 9 z |  x bl z z v z{ w y{ w w x{ 9 z |  x bl z z v w{ w v{ w w u{ 9 z |  x bl z z v t{ w s{ w w r{ 9 z |  x bl z z v q{ w p{ w w o{ 9 z |  x bl z z v n{ w m{ w w l{ 9 z |  x bl z z v k{ w j{ w w i{ 9 z |  x bl z z v h{ w g{ w w f{ 9 z |  x bl z z v e{ w d{ w w c{ 9 z |  x bl z z DlrrdddNddrNrrrddddddNddddddddddd                                 v b{ w a{ w w `{ 9 z |  x bl z z v _{ w ^{ w w ]{ 9 z |  x bl z z v \{ w [{ w w Z{ 9 z |  x bl z z v Y{ w X{ w w W{ 9 z |  x bl z z v V{ w U{ w w T{ 9 z |  x bl z z v S{ w R{ w w Q{ 9 z |  x bl z z v P{ w O{ w w N{ 9 z |  x bl z z v M{ w L{ w w K{ 9 z |  x bl z z v J{ w I{ w w H{ 9 z |  x bl z z v G{ w F{ w w E{ 9 z |  x bl z z v D{ w C{ w w B{ 9 z |  x bl z z v A{ w @{ w w ?{ 9 z |  x bl z z v >{ w ={ w w <{ 9 z |  x bl z z v ;{ w :{ w w 9{ 9 z |  x bl z z v 8{ w 7{ w w 6{ 9 z |  x bl z z v 5{ w 4{ w w 3{ 9 z |  x bl z z v 2{ w 1{ w w 0{ 9 z |  x bl z z v /{ w .{ w w -{ 9 z |  x bl z z v ,{ w +{ w w *{ 9 z |  x bl z z v ){ w ({ w w '{ 9 z |  x bl z z v &{ w %{ w w ${ 9 z |  x bl z z v #{ w "{ w w !{ 9 z |  x bl z z v { w { w w { 9 z |  x bl z z v { w { w w { 9 z |  x bl z z v { w { w w { 9 z |  x bl z z v { w { w w { 9 z |  x bl z z v { w { w w { 9 z |  x bl z z v { w { w w { 9 z |  x bl z z v { w { w w { 9 z |  x bl z z v { w { w w { 9 z |  x bl z z v { w { w w { 9 z |  x bl z z v { w { w w { 9 z |  x bl z z Dlddddddddddddddddddddddddddddddd                                 v { w { w w { 9 z |  x bl z z v z w z w w z 9 z |  x bl z z v z w z w w z 9 z |  x bl z z v z w z w w z 9 z |  x bl z z v z w z w w z 9 z |  x bl z z v z w z w w z 9 z |  x bl z z v z w z w w z 9 z |  x bl z z v z w z w w z 9 z |  x bl z z v z w z w w z 9 z |  x bl z z v z w z w w z 9 z |  x bl z z v z w z w w z 9 z |  x bl z z v z w z w w z 9 z |  x bl z z v z w z w w z 9 z |  x bl z z v z w z w w z 9 z |  x bl z z v z w z w w z 9 z |  x bl z z v z w z w w z 9 z |  x bl z z v z w z w w z 9 z |  x bl z z v z w z w w z 9 z |  x bl z z v z w z w w z 9 z |  x bl z z v z w z w w z 9 z |  x bl z z v z w z w w z 9 z |  x bl z z v z w z w w z 9 z |  x bl z z v z w z w w z 9 z |  x bl z z v z w z w w z 9 z |  x bl z z v z w z w w z 9 z |  x bl z z v z w z w w z 9 z |  x bl z z v z w z w w z 9 z |  x bl z z v z w z w w z 9 z |  x bl z z v z w z w w z 9 z |  x bl z z v z w z w w z 9 z |  x bl z z v z w z w w z 9 z |  x bl z z v z w z w w z 9 z |  x bl z z Dlddddddddddddddddddddddddddddddd                                 v z w z w w z 9 z |  x bl z z v z w z w w z 9 z |  x bl z z v z w z w w z 9 z |  x bl z z v z w z w w z 9 z |  x bl z z v z w z w w z 9 z |  x bl z z v z w z w w z 9 z |  x bl z z v z w z w w z 9 z |  x bl z z v z w z w w z 9 z |  x bl z z v z w z w w z 9 z |  x bl z z v z w z w w z 9 z |  x bl z z v z w z w w z 9 z |  x bl z z v z w z w w z 9 z |  x bl z z v ~z w }z w w |z 9 z |  x bl z z v {z w zz w w yz 9 z |  x bl z z v xz w wz w w vz 9 z |  x bl z z v uz w tz w w sz 9 z |  x bl z z v rz w qz w w pz 9 z |  x bl z z v oz w nz w w mz 9 z |  x bl z z v lz w kz w w jz 9 z |  x bl z z v iz w hz w w gz 9 z |  x bl z z v fz w ez w w dz 9 z |  x bl z z v cz w bz w w az 9 z |  x bl z z v `z w _z w w ^z 9 z |  x bl z z v ]z w \z w w [z 9 z |  x bl z z v Zz w Yz w w Xz 9 z |  x bl z z v Wz w Vz w w Uz 9 z |  x bl z z v Tz w Sz w w Rz 9 z |  x bl z z v Qz w Pz w w Oz 9 z |  x bl z z v Nz w Mz w w Lz 9 z |  x bl z z v Kz w Jz w w Iz 9 z |  x bl z z v Hz w Gz w w Fz 9 z |  x bl z z v Ez w Dz w w Cz 9 z |  x bl z z Dlddddddddddddddddddddddddddddddd                                      v Bz w Az w w @z 9 z |  x bl z z v ?z w >z w w =z 9 z |  x bl z z v  ?  v y w y w w y 9 z |  x bl z z !v y !w y !w !w y !9 z |  !x bl !z z "v y "w y "w "w y "9 z |  "x bl "z z #v y #w y #w #w y #9 z |  #x bl #z z $v y $w y $w $w y $9 z |  $x bl $z z %v y %w y %w %w y %9 z |  %x bl %z z &v y &w y &w &w y &9 z |  &x bl &z z 'v y 'w y 'w 'w y '9 z |  'x bl 'z z (v y (w y (w (w y (9 z |  (x bl (z z )v y )w y )w )w y )9 z |  )x bl )z z *v y *w y *w *w y *9 z |  *x bl *z z +v y +w y +w +w y +9 z |  +x bl +z z ,v y ,w y ,w ,w y ,9 z |  ,x bl ,z z -v y -w y -w -w y -9 z |  -x bl -z z .v y .w y .w .w y .9 z |  .x bl .z z /v y /w y /w /w y /9 z |  /x bl /z z 0v y 0w y 0w 0w y 09 z |  0x bl 0z z 1v y 1w y 1w 1w y 19 z |  1x bl 1z z 2v y 2w y 2w 2w y 29 z |  2x bl 2z z 3v y 3w y 3w 3w y 39 z |  3x bl 3z z 4v y 4w y 4w 4w y 49 z |  4x bl 4z z 5v y 5w y 5w 5w y 59 z |  5x bl 5z z 6v y 6w y 6w 6w y 69 z |  6x bl 6z z 7v y 7w y 7w 7w y 79 z |  7x bl 7z z 8v y 8w y 8w 8w y 89 z |  8x bl 8z z 9v y 9w y 9w 9w y 99 z |  9x bl 9z z :v y :w y :w :w y :9 z |  :x bl :z z ;v y ;w y ;w ;w y ;9 z |  ;x bl ;z z <v y <w y <w <w y <9 z |  <x bl <z z =v y =w y =w =w y =9 z |  =x bl =z z >v y >w y >w >w y >9 z |  >x bl >z z ?v y ?w y ?w ?w y ?9 z |  ?x bl ?z z Dlddddddddddddddddddddddddddddddd@ A B C D E F G H I J K L M N O P Q R S T  U V W X Y Z [ \  ] ^ _  @v y @w y @w @w y @9 z |  @x bl @z z Av y Aw ~y Aw Aw }y A9 z |  Ax bl Az z Bv |y Bw {y Bw Bw zy B9 z |  Bx bl Bz z Cv yy Cw xy Cw Cw wy C9 z |  Cx bl Cz z Dv vy Dw uy Dw Dw ty D9 z |  Dx bl Dz z Ev sy Ew ry Ew Ew qy E9 z |  Ex bl Ez z Fv py Fw oy Fw Fw ny F9 z |  Fx bl Fz z Gv my Gw ly Gw Gw ky G9 z |  Gx bl Gz z Hv jy Hw iy Hw Hw hy H9 z |  Hx bl Hz z Iv gy Iw fy Iw Iw ey I9 z |  Ix bl Iz z Jv dy Jw cy Jw Jw by J9 z |  Jx bl Jz z Kv ay Kw `y Kw Kw _y K9 z |  Kx bl Kz z Lv ^y Lw ]y Lw Lw \y L9 z |  Lx bl Lz z Mv [y Mw Zy Mw Mw Yy M9 z |  Mx bl Mz z Nv Xy Nw Wy Nw Nw Vy N9 z |  Nx bl Nz z Ov Uy Ow Ty Ow Ow Sy O9 z |  Ox bl Oz z Pv Ry Pw Qy Pw Pw Py P9 z |  Px bl Pz z Qv Oy Qw Ny Qw Qw My Q9 z |  Qx bl Qz z Rv Ly Rw Ky Rw Rw Jy R9 z |  Rx bl Rz z Sv Iy Sw Hy Sw Sw Gy S9 z |  Sx bl Sz z Tv Fy Tw Ey Tw Tw Dy T9 z |  Tx bl Tz z Uv Cy Uw By Uw Uw Ay U9 z |  Ux bl Uz z Vv @y Vw ?y Vw Vw >y V9 z |  Vx bl Vz z Wv =y Ww x w =x w w w w w =w 9 z |  x bl z z v  ?  v v w v w w v 9 z |  x bl z z !v v !w v !w !w v !9 z |  !x bl !z z "v v "w v "w "w v "9 z |  "x bl "z z #v v #w v #w #w v #9 z |  #x bl #z z $v v $w v $w $w v $9 z |  $x bl $z z %v v %w v %w %w v %9 z |  %x bl %z z &v v &w v &w &w v &9 z |  &x bl &z z 'v v 'w v 'w 'w v '9 z |  'x bl 'z z (v v (w v (w (w v (9 z |  (x bl (z z )v v )w v )w )w v )9 z |  )x bl )z z *v v *w v *w *w v *9 z |  *x bl *z z +v v +w v +w +w v +9 z |  +x bl +z z ,v v ,w v ,w ,w v ,9 z |  ,x bl ,z z -v v -w v -w -w v -9 z |  -x bl -z z .v v .w v .w .w v .9 z |  .x bl .z z /v v /w v /w /w v /9 z |  /x bl /z z 0v v 0w v 0w 0w v 09 z |  0x bl 0z z 1v v 1w v 1w 1w v 19 z |  1x bl 1z z 2v v 2w v 2w 2w v 29 z |  2x bl 2z z 3v v 3w v 3w 3w v 39 z |  3x bl 3z z 4v v 4w v 4w 4w v 49 z |  4x bl 4z z 5v v 5w v 5w 5w v 59 z |  5x bl 5z z 6v v 6w v 6w 6w v 69 z |  6x bl 6z z 7v v 7w v 7w 7w v 79 z |  7x bl 7z z 8v v 8w v 8w 8w v 89 z |  8x bl 8z z 9v v 9w v 9w 9w v 99 z |  9x bl 9z z :v v :w v :w :w v :9 z |  :x bl :z z ;v v ;w v ;w ;w v ;9 z |  ;x bl ;z z <v v <w v <w <w v <9 z |  <x bl <z z =v v =w v =w =w v =9 z |  =x bl =z z >v v >w v >w >w v >9 z |  >x bl >z z ?v v ?w v ?w ?w v ?9 z |  ?x bl ?z z Dlddddddddddddddddddddddddddddddd@ A B C D E F G H I J K L M N O P Q R S T U V W X Y Z [ \ ] ^ _  @v v @w v @w @w v @9 z |  @x bl @z z Av v Aw ~v Aw Aw }v A9 z |  Ax bl Az z Bv |v Bw {v Bw Bw zv B9 z |  Bx bl Bz z Cv yv Cw xv Cw Cw wv C9 z |  Cx bl Cz z Dv vv Dw uv Dw Dw tv D9 z |  Dx bl Dz z Ev sv Ew rv Ew Ew qv E9 z |  Ex bl Ez z Fv pv Fw ov Fw Fw nv F9 z |  Fx bl Fz z Gv mv Gw lv Gw Gw kv G9 z |  Gx bl Gz z Hv jv Hw iv Hw Hw hv H9 z |  Hx bl Hz z Iv gv Iw fv Iw Iw ev I9 z |  Ix bl Iz z Jv dv Jw cv Jw Jw bv J9 z |  Jx bl Jz z Kv av Kw `v Kw Kw _v K9 z |  Kx bl Kz z Lv ^v Lw ]v Lw Lw \v L9 z |  Lx bl Lz z Mv [v Mw Zv Mw Mw Yv M9 z |  Mx bl Mz z Nv Xv Nw Wv Nw Nw Vv N9 z |  Nx bl Nz z Ov Uv Ow Tv Ow Ow Sv O9 z |  Ox bl Oz z Pv Rv Pw Qv Pw Pw Pv P9 z |  Px bl Pz z Qv Ov Qw Nv Qw Qw Mv Q9 z |  Qx bl Qz z Rv Lv Rw Kv Rw Rw Jv R9 z |  Rx bl Rz z Sv Iv Sw Hv Sw Sw Gv S9 z |  Sx bl Sz z Tv Fv Tw Ev Tw Tw Dv T9 z |  Tx bl Tz z Uv Cv Uw Bv Uw Uw Av U9 z |  Ux bl Uz z Vv @v Vw ?v Vw Vw >v V9 z |  Vx bl Vz z Wv =v Ww u w =u w w t w w =t 9 z |  x bl z z v  ?  v s w s w w s 9 z |  x bl z z !v s !w s !w !w s !9 z |  !x bl !z z "v s "w s "w "w s "9 z |  "x bl "z z #v s #w s #w #w s #9 z |  #x bl #z z $v s $w s $w $w s $9 z |  $x bl $z z %v s %w s %w %w s %9 z |  %x bl %z z &v s &w s &w &w s &9 z |  &x bl &z z 'v s 'w s 'w 'w s '9 z |  'x bl 'z z (v s (w s (w (w s (9 z |  (x bl (z z )v s )w s )w )w s )9 z |  )x bl )z z *v s *w s *w *w s *9 z |  *x bl *z z +v s +w s +w +w s +9 z |  +x bl +z z ,v s ,w s ,w ,w s ,9 z |  ,x bl ,z z -v s -w s -w -w s -9 z |  -x bl -z z .v s .w s .w .w s .9 z |  .x bl .z z /v s /w s /w /w s /9 z |  /x bl /z z 0v s 0w s 0w 0w s 09 z |  0x bl 0z z 1v s 1w s 1w 1w s 19 z |  1x bl 1z z 2v s 2w s 2w 2w s 29 z |  2x bl 2z z 3v s 3w s 3w 3w s 39 z |  3x bl 3z z 4v s 4w s 4w 4w s 49 z |  4x bl 4z z 5v s 5w s 5w 5w s 59 z |  5x bl 5z z 6v s 6w s 6w 6w s 69 z |  6x bl 6z z 7v s 7w s 7w 7w s 79 z |  7x bl 7z z 8v s 8w s 8w 8w s 89 z |  8x bl 8z z 9v s 9w s 9w 9w s 99 z |  9x bl 9z z :v s :w s :w :w s :9 z |  :x bl :z z ;v s ;w s ;w ;w s ;9 z |  ;x bl ;z z <v s <w s <w <w s <9 z |  <x bl <z z =v s =w s =w =w s =9 z |  =x bl =z z >v s >w s >w >w s >9 z |  >x bl >z z ?v s ?w s ?w ?w s ?9 z |  ?x bl ?z z Dlddddddddddddddddddddddddddddddd@ A B C D E F G H I J K L M  N O P Q R S T U V W X Y Z [ \ ] ^ _  @v s @w s @w @w s @9 z |  @x bl @z z Av s Aw ~s Aw Aw }s A9 z |  Ax bl Az z Bv |s Bw {s Bw Bw zs B9 z |  Bx bl Bz z Cv ys Cw xs Cw Cw ws C9 z |  Cx bl Cz z Dv vs Dw us Dw Dw ts D9 z |  Dx bl Dz z Ev ss Ew rs Ew Ew qs E9 z |  Ex bl Ez z Fv ps Fw os Fw Fw ns F9 z |  Fx bl Fz z Gv ms Gw ls Gw Gw ks G9 z |  Gx bl Gz z Hv js Hw is Hw Hw hs H9 z |  Hx bl Hz z Iv gs Iw fs Iw Iw es I9 z |  Ix bl Iz z Jv ds Jw cs Jw Jw bs J9 z |  Jx bl Jz z Kv as Kw `s Kw Kw _s K9 z |  Kx bl Kz z Lv ^s Lw ]s Lw Lw \s L9 z |  Lx bl Lz z Mv [s Mw Zs Mw Mw Ys M9 z |  Mx bl Mz z Nv Xs Nw Ws Nw Nw Vs N9 z |  Nx bl Nz z Ov Us Ow Ts Ow Ow Ss O9 z |  Ox bl Oz z Pv Rs Pw Qs Pw Pw Ps P9 z |  Px bl Pz z Qv Os Qw Ns Qw Qw Ms Q9 z |  Qx bl Qz z Rv Ls Rw Ks Rw Rw Js R9 z |  Rx bl Rz z Sv Is Sw Hs Sw Sw Gs S9 z |  Sx bl Sz z Tv Fs Tw Es Tw Tw Ds T9 z |  Tx bl Tz z Uv Cs Uw Bs Uw Uw As U9 z |  Ux bl Uz z Vv @s Vw ?s Vw Vw >s V9 z |  Vx bl Vz z Wv =s Ww r w =r w w q w w =q 9 z |  x bl z z v  ?  v p w p w w p 9 z |  x bl z z !v p !w p !w !w p !9 z |  !x bl !z z "v p "w p "w "w p "9 z |  "x bl "z z #v p #w p #w #w p #9 z |  #x bl #z z $v p $w p $w $w p $9 z |  $x bl $z z %v p %w p %w %w p %9 z |  %x bl %z z &v p &w p &w &w p &9 z |  &x bl &z z 'v p 'w p 'w 'w p '9 z |  'x bl 'z z (v p (w p (w (w p (9 z |  (x bl (z z )v p )w p )w )w p )9 z |  )x bl )z z *v p *w p *w *w p *9 z |  *x bl *z z +v p +w p +w +w p +9 z |  +x bl +z z ,v p ,w p ,w ,w p ,9 z |  ,x bl ,z z -v p -w p -w -w p -9 z |  -x bl -z z .v p .w p .w .w p .9 z |  .x bl .z z /v p /w p /w /w p /9 z |  /x bl /z z 0v p 0w p 0w 0w p 09 z |  0x bl 0z z 1v p 1w p 1w 1w p 19 z |  1x bl 1z z 2v p 2w p 2w 2w p 29 z |  2x bl 2z z 3v p 3w p 3w 3w p 39 z |  3x bl 3z z 4v p 4w p 4w 4w p 49 z |  4x bl 4z z 5v p 5w p 5w 5w p 59 z |  5x bl 5z z 6v p 6w p 6w 6w p 69 z |  6x bl 6z z 7v p 7w p 7w 7w p 79 z |  7x bl 7z z 8v p 8w p 8w 8w p 89 z |  8x bl 8z z 9v p 9w p 9w 9w p 99 z |  9x bl 9z z :v p :w p :w :w p :9 z |  :x bl :z z ;v p ;w p ;w ;w p ;9 z |  ;x bl ;z z <v p <w p <w <w p <9 z |  <x bl <z z =v p =w p =w =w p =9 z |  =x bl =z z >v p >w p >w >w p >9 z |  >x bl >z z ?v p ?w p ?w ?w p ?9 z |  ?x bl ?z z Dlddddddddddddddddddddddddddddddd@ A B C D E F G H I J K L M N O P Q R S T U V W X Y Z [ \ ] ^ _  @v p @w p @w @w p @9 z |  @x bl @z z Av p Aw ~p Aw Aw }p A9 z |  Ax bl Az z Bv |p Bw {p Bw Bw zp B9 z |  Bx bl Bz z Cv yp Cw xp Cw Cw wp C9 z |  Cx bl Cz z Dv vp Dw up Dw Dw tp D9 z |  Dx bl Dz z Ev sp Ew rp Ew Ew qp E9 z |  Ex bl Ez z Fv pp Fw op Fw Fw np F9 z |  Fx bl Fz z Gv mp Gw lp Gw Gw kp G9 z |  Gx bl Gz z Hv jp Hw ip Hw Hw hp H9 z |  Hx bl Hz z Iv gp Iw fp Iw Iw ep I9 z |  Ix bl Iz z Jv dp Jw cp Jw Jw bp J9 z |  Jx bl Jz z Kv ap Kw `p Kw Kw _p K9 z |  Kx bl Kz z Lv ^p Lw ]p Lw Lw \p L9 z |  Lx bl Lz z Mv [p Mw Zp Mw Mw Yp M9 z |  Mx bl Mz z Nv Xp Nw Wp Nw Nw Vp N9 z |  Nx bl Nz z Ov Up Ow Tp Ow Ow Sp O9 z |  Ox bl Oz z Pv Rp Pw Qp Pw Pw Pp P9 z |  Px bl Pz z Qv Op Qw Np Qw Qw Mp Q9 z |  Qx bl Qz z Rv Lp Rw Kp Rw Rw Jp R9 z |  Rx bl Rz z Sv Ip Sw Hp Sw Sw Gp S9 z |  Sx bl Sz z Tv Fp Tw Ep Tw Tw Dp T9 z |  Tx bl Tz z Uv Cp Uw Bp Uw Uw Ap U9 z |  Ux bl Uz z Vv @p Vw ?p Vw Vw >p V9 z |  Vx bl Vz z Wv =p Ww o w =o w w n w w =n 9 z |  x bl z z v  ?  v m w m w w m 9 z |  x bl z z !v m !w m !w !w m !9 z |  !x bl !z z "v m "w m "w "w m "9 z |  "x bl "z z #v m #w m #w #w m #9 z |  #x bl #z z $v m $w m $w $w m $9 z |  $x bl $z z %v m %w m %w %w m %9 z |  %x bl %z z &v m &w m &w &w m &9 z |  &x bl &z z 'v m 'w m 'w 'w m '9 z |  'x bl 'z z (v m (w m (w (w m (9 z |  (x bl (z z )v m )w m )w )w m )9 z |  )x bl )z z *v m *w m *w *w m *9 z |  *x bl *z z +v m +w m +w +w m +9 z |  +x bl +z z ,v m ,w m ,w ,w m ,9 z |  ,x bl ,z z -v m -w m -w -w m -9 z |  -x bl -z z .v m .w m .w .w m .9 z |  .x bl .z z /v m /w m /w /w m /9 z |  /x bl /z z 0v m 0w m 0w 0w m 09 z |  0x bl 0z z 1v m 1w m 1w 1w m 19 z |  1x bl 1z z 2v m 2w m 2w 2w m 29 z |  2x bl 2z z 3v m 3w m 3w 3w m 39 z |  3x bl 3z z 4v m 4w m 4w 4w m 49 z |  4x bl 4z z 5v m 5w m 5w 5w m 59 z |  5x bl 5z z 6v m 6w m 6w 6w m 69 z |  6x bl 6z z 7v m 7w m 7w 7w m 79 z |  7x bl 7z z 8v m 8w m 8w 8w m 89 z |  8x bl 8z z 9v m 9w m 9w 9w m 99 z |  9x bl 9z z :v m :w m :w :w m :9 z |  :x bl :z z ;v m ;w m ;w ;w m ;9 z |  ;x bl ;z z <v m <w m <w <w m <9 z |  <x bl <z z =v m =w m =w =w m =9 z |  =x bl =z z >v m >w m >w >w m >9 z |  >x bl >z z ?v m ?w m ?w ?w m ?9 z |  ?x bl ?z z Dlddddddddddddddddddddddddddddddd@ A B C D E F G H I J K L M N O P Q R S T U V W X Y Z [ \ ] ^ _  @v m @w m @w @w m @9 z |  @x bl @z z Av m Aw ~m Aw Aw }m A9 z |  Ax bl Az z Bv |m Bw {m Bw Bw zm B9 z |  Bx bl Bz z Cv ym Cw xm Cw Cw wm C9 z |  Cx bl Cz z Dv vm Dw um Dw Dw tm D9 z |  Dx bl Dz z Ev sm Ew rm Ew Ew qm E9 z |  Ex bl Ez z Fv pm Fw om Fw Fw nm F9 z |  Fx bl Fz z Gv mm Gw lm Gw Gw km G9 z |  Gx bl Gz z Hv jm Hw im Hw Hw hm H9 z |  Hx bl Hz z Iv gm Iw fm Iw Iw em I9 z |  Ix bl Iz z Jv dm Jw cm Jw Jw bm J9 z |  Jx bl Jz z Kv am Kw `m Kw Kw _m K9 z |  Kx bl Kz z Lv ^m Lw ]m Lw Lw \m L9 z |  Lx bl Lz z Mv [m Mw Zm Mw Mw Ym M9 z |  Mx bl Mz z Nv Xm Nw Wm Nw Nw Vm N9 z |  Nx bl Nz z Ov Um Ow Tm Ow Ow Sm O9 z |  Ox bl Oz z Pv Rm Pw Qm Pw Pw Pm P9 z |  Px bl Pz z Qv Om Qw Nm Qw Qw Mm Q9 z |  Qx bl Qz z Rv Lm Rw Km Rw Rw Jm R9 z |  Rx bl Rz z Sv Im Sw Hm Sw Sw Gm S9 z |  Sx bl Sz z Tv Fm Tw Em Tw Tw Dm T9 z |  Tx bl Tz z Uv Cm Uw Bm Uw Uw Am U9 z |  Ux bl Uz z Vv @m Vw ?m Vw Vw >m V9 z |  Vx bl Vz z Wv =m Ww @z z A ggD g2ɀ XO=>>q>  dMbP?_*+%&?'?(?)?"d,,??&U} c } < } I } 2}  } % } $b } X``o @         r r  r  r  q S2 p u p |D n t m m l k d pd h s g j r Hqf b p h o g g H f b  b n h m g g y Hf b l h k j j  Hf b c h j g j  Hf b c h i j j  H f b c h h j j  H^ f b c h g g  j  H~ f b c h f g | j  H{ f b c h e g y j x Hw f b c h d g u j  Htf b c h b g q j  Hpf b ` h a g n j  HEf b ` h _ g l j  HEf b ^ h ] g i g h Hgf b \ h [ g e g Hdf b V h Z g b g Haf b V h Y g _ g H^f b V h X g [ g HZf b V h W g W g HVf b V h U g S g HR f b  e T h S g O g N HMf b R h Q g J g HIf b P h O g F g HEf b M h N g B g HAf b M h L g > g  H= f b  e K h J g : g  H9 f b  e 8 i I g 6 g H5 f b  e .D6 lbZPTPPPPPPPPPPPPPPPPPPTPPPPTT !"#$%&'()*+,-./0123456789:;<=>? i H g 3 g H2 f b  e . !i G !g 0 !g !H/ !f b  !e . "h F "g ( "g "H"f "b > #h E #g & #g #H#f #b > $h D $g $ $g $H$f $b > %h C %g " %g %H%f %b > &h B &g &g &H&f &b > 'h A 'g  'g 'H'f 'b > (h @ (g  (g (H(f (b > )h ? )g  )g )H)f )b > *h = *g  *g  *H*f *e +h < +g  +g ? +H+f +b 9 ,h ; ,g : ,g ,H,f ,b 9 -h 8 -g 7 -g -H-f -b 6 .h 5 .g 4 .g .H.f .b , /h 3 /g /g /H/f /b , 0h 2 0g  0g 0H0f 0b , 1h 1 1g  1g 1H1f 1b , 2h 0 2g  2g 2H2f 2b , 3h / 3g  3g 3H3f 3b , 4h . 4g 4g 4H4f 4b , 5h - 5g 5g 5H5f 5b , 6h + 6g 6g 6H6f 6b % 7h * 7g 7g $ 7Hː7f 7b % 8h ) 8g ( 8g $ 8Hː8f 8b % 9h ' 9g & 9g $ 9Hː9f 9b % :h $ :g :g :HӐ:f :e  ;h # ;g ;g Ԑ ;HӐ;f ;b  <h " <g <g Ԑ <HӐ<f <b  =h ! =g =g Ԑ =HӐ=f =b  >h >g >g Ԑ >HӐ>f >b  ?h  ?g ?g Ԑ ?HӐ?f ?b D lTTPPPPPPPPPPPPPPPPPPPPPPPPPPPPP@ABCDEFGHIJKLMNOPQRSTUVW @h  @g @g Ԑ @HӐ@f @b  Ah  Ag Ag Ԑ AHӐAf Ab  Bh  Bg ސ Bg Ԑ BHӐBf Bb  Ch  Cg ܐ Cg Ԑ CHӐCf Cb  Dh  Dg ڐ Dg Ԑ DHӐDf Db  Eh  Eg ؐ Eg Ԑ EHӐEf Eb  Fh  Fg Ր Fg Ԑ FHӐFf Fb  Gh  Gg А Gg ϐ GHΐGf Gb  Hh  Hg  Hg $ HHː Hf b  Hb ʐ Ih  IHȐ IHe" IHĐIf Ib  Jh  JHŐ JH JHĐJf Jb  Kh  KH KH KHĐKf Kb  Lh Lg Lg K~ LH Lf b  Le Mh Mg  Mg  MH Mf b  Me  Nh  Ng Ng NHNf Nb  Oh  Og  Og OH Of b  Oe ʐ Ph  Pg Pg PHPf Pe Qh Qg Qg $ QHːQf Qe Rh Rg RH RHRf Re Sh Sg SH SHSf Se Th Tg TH THTf Te Uh Ug UH UHUf Ue Vh Vg VH VHVf Ve W   W d 4< PPPPPPPPTPPPTTPTPPPPPPP>@d b A ! Identify Technical MechanismsEach technical meachanism should be identifed by a number. Therefore text in this cell should always begin with '(1) ', and additional technical mechanisms should be called out by '(#)'.oL@Bs(1) @  IKggD g2ɀ  vJ>1W>?d>#q>z>  dMbP?_*+%&?'?(?)?M \\MBPS1\1S153A-LX(S odXXLetterPRIV0''''d"\KhC>i$SMTJLexmark Universal PS3Resolution600dpiOutputBinPrinterSettingStapleLocationFalseHolePunchFalseJogFalseFoldLocationFalseCollateTrueBookletNoCoverFalseBookletFFrontCoverFalseBookletBFrontCoverFalseBookletFBackCoverFalseBookletBBackCoverFalseBookletMaintainFalseBasicLayoutTrueFinisherBookletNoFoldJCLTonerDarknessNoneMediaTypeNoneBookletMediaTypeNoneAllColorsToBlackFalseDuplexNoneJCLPortRotationNoneHasKeepPreviousPHJobsTrueHasPrintandHoldTrueAdvancedBoookletAlgorithmTrueStatusWindowFalseShowStatusWindowAfterPrintingFalseHasPrintQualityTrueBitmapIDNoneSmallFontEnhancerFalsePixelBoostTrueNewDuplexTrueIsCustomPageTruePageSizeLetterPageRegionInputSlot*UseFormTrayTableBookletInputSlotAutoSelect"KMXLArialHdArialHd< UseSameSize"d,,??&U} m } 2 } I } 2 }  } % } m }  }  } } v  ` ` * @                       S2  |D                             y           s       s      s     ^  s      ~  s }  |    {  s z  y  x  w  s  v  u    t  s  r  q    p  k  o  n    E  k  m  l    E  k  j  i  h  g  U  f  e   d  ]  c  b   a  ]  `  _   ^  ]  \  [   Z  Y  X  W   V  U  T  S   R  Q  P  O  N  M  L  K  J   I  H  G  F   E  D  C  B   A  @  ?  >    =  <  ;  :    9  8  7  6   5  . D l^FPPTFFFFFFFFFFPPPPPPPPPPPPP ! " # $ % & ' ( ) * + , - . / 0 1 2 3 4 5 6 7 8 9 : ; < = > ?  4  3   2  .  ! 1 ! 0 ! ! / ! .! " - " , "  " + " *" # ) # ( # # # # $ ' $ & $ $ $ $ % % % $ % % % % & # & " & & & & ' ! ' ' ' ' ' (  (  ( ( ( ( )  )  ) ) ) ) *  *  * * * * +  +  +  + + +  ,  ,  , ? ,  , l, -  -  - - - - .  . . . . . / / / / / / 0 0 0 0 0 0 1  1  1 1 1 1 2  2  2 2 2 2 3  3  3 3 3 3 4  4  4 4 4 4 5 5 5 5 5 5 6 6 6 6 6 6 7 7 7 7 7 7 8 8 8 $ 8 ː 8 8 9 9 9 $ 9 ː 9 9 : : : $ : ː : : ; ; ; ; Ӑ ; Ґ; ; א < < < Ԑ < Ӑ < Ґ< < א = = = Ԑ = Ӑ = Ґ= = א > > > Ԑ > Ӑ > Ґ> > א ? ? ? Ԑ ? Ӑ ? Ґ? ? אD lPPPPPPPPPPPPPPPPPPPPPPPPPPP^^^^@ A B C D E F G H I J K L M N O P Q R S T U V W X Y Z [ \ ] ^ _  @ @ @ Ԑ @ Ӑ @ Ґ@ A A A Ԑ A Ӑ A ҐA A א B B B Ԑ B Ӑ B ҐB C ߐ C ސ C Ԑ C Ӑ C ҐC C א D ݐ D ܐ D Ԑ D Ӑ D ҐD E ې E ڐ E Ԑ E Ӑ E ҐE F ِ F ؐ F Ԑ F Ӑ F ҐF F א G ֐ G Ր G Ԑ G Ӑ G ҐG H ѐ H А H ϐ H ΐ H #H I ͐ I ̐ I $ I ː I ʐI J ɐ J Ȑ J e" J ĐJ J ǐ K Ɛ K Ő K  K Đ K #K L Ð L  L L L L M M M  M M N N N N N N O O O O O O P P P P P P Q Q Q Q Q Q R R R R R R S S S S S S T T T  T T T U U U  U U U V V V  V V V W W W K~ W W W X X X K~ X X X Y Y Y 0S Y Y Y Z Z Z Z Z Z [ [ [  [ [ [ \ \ \ K~ \ \ \ ]  ] ~ ] K~ ] }] ] | ^ { ^ z ^ y ^ x ^ w^ _ v _ u _ e" _ t _ p_ D lP^P^PP^PPPPPPBPPPPPPPPPPPPPPPPP`abcdefghijklmnopqrstu ` s ` r ` e" ` q ` p` a o a n a ? a m a la b k b j b i b hb b g c f c e c  c d c cc d b d a d 2 d ^d d ] e ` e _ e ) e ^e e ] f \ f [ f 2 f Xf f W g Z g Y g ? g Xg g W h V h U h 2 h Rh h Q i T i S i L i Ri i Q j P j O j 2 j Kj j J k N k M k L k Kk k J l I l H l 2 l El l D m G m F m ) m Em m D n C n B n 2 n >n n = o A o @ o ? o >o o = p < p ; p 2 p :p p 5 q 9 q 8 q 7 q 6q q 5 r 4 r 3 r 2 r 1r r , s 0 s / s . s -s s , t + t * t ) t (t t ' u & u % u $ u 7> u #u 0PPPPPPPPPPPPPPPPPPPPP>@  A H^^yK ~http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/f9b564d2-d245-4241-ba0d-266a896ca663.mspx?mfr=trueyK http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/f9b564d2-d245-4241-ba0d-266a896ca663.mspx?mfr=trueyX;H,]ą'cHccyK ~http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/ed3c22ba-39fc-4332-bdb7-a0d9c76e4355.mspx?mfr=trueyK http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/ed3c22ba-39fc-4332-bdb7-a0d9c76e4355.mspx?mfr=trueyX;H,]ą'cggD g2ɀ $>έ>p>  dMbP?_*+%&?'?(?)?M\\MBPS3\3M305A-HPS od,,LetterPRIV0''''X, \KhC%MSCXSMTJHHP Universal Printing PS (v5.2)HPDocUISUITrueESPRITSupportedTrueHPOrientationHPOrientationPortraitHPSmartDuplexSinglePageJobTrueHPSmartDuplexOddPageJobTrueHPOrientRotate180FalsePostScriptCustomPageSizeFalseDuplexNoneHPReverseOrderForFold_StitchTrueHPBestGlossDefaultInputSlot*UseFormTrayTableHPDuplicateJobNameOverrideSWFWPageSizeLETTERPageRegionLeadingEdgeMediaTypeAUTOHPMediaTypeTreeviewPopupTrueCollateFalseJCLHPPrintOnBothSidesManuallyFalseJCLEconomodeFalseOutputBinAutoStapleLocationNonePunchingNoneTextAsBlackFalseAlternateLetterHeadFalseJCLResolution600dpiJCLPrintQualityNoneJCLFastRes1bppHPConsumerCustomPaperTruePrintQualityGroupPQGroup_2JRHDInstalledJRHDOffHPNUseDiffFirstPageChoiceTrueHPPageExceptionsFileHPCPE112HPPageExceptionsInterfaceShowPageExceptionsHPPageExceptionsLowEndHPPageExceptionsLowEndVerHPPageExceptionsCoverInsertionHPEnableRAWSpoolingTrueHPDocPropResourceDataHPCabFileNameRGBColorDefault-sRGBCMYKInksDefaultCMYK+JRConstraintsJRCHDFullHPColorSmartAutomaticHPColorSmart_ColorOptions_EdgeControlNormalHPColorSmart_ColorOptions_HalftoneNoCmdHPColorModeCOLOR_MODEHPColorSmart_Text_NeutralGraysBlackOnlyHPColorSmart_Text_HalftoneDetailHPColorSmart_Text_RGBColorNoCmdHPColorSmart_Graphics_NeutralGraysBlackOnlyHPColorSmart_Graphics_HalftoneDetailHPColorSmart_Graphics_RGBColorNoCmdHPColorSmart_Photo_NeutralGrays4-ColorHPColorSmart_Photo_HalftoneDetailHPColorSmart_Photo_RGBColorNoCmdHPPJLEncodingUTF8HPJobAccountingHPJOBACCT_JOBACNT_GROUPNAMEHPBornOnDateHPBODHPJobByJobOverrideJBJOHPJobAccWoPinTruePSAlignmentFileHPCLS112HPSmartHubInet_SID_263_BID_514_HID_265HPColorAsGrayFalseCNOutputNoneCNStapleNoneCNOffsetFalseCNPunchingNoneCNFoldingNoneIUPHxkAǿ"%{  Xdb `@=f#@B{K`^r*x-=Hշ]l!~̾7`&ofޒ,R"iSt*# 5K*S h! /IIA[|DS?,8Ӎ+~j +h{ d,8"^n;ڨPj,a}(jpϊ)AjSNTMo~Abbg|*m{D9BHY'ΰ!dy [ĪU Q&m{d/gKL[.$#zKt>g\q&a^egđ_b!rz3?ӥPB/~Џ)cg^dA<{Cf-KIFK >hTe-'k޲2XF)Xҧ蹹|Msw9zŻ =w?}\G?{'yϖ\].hB!B7w3" d,,??&U} m Y } 'V } )V } IV } X } 0W } I4W } $V $``` [ [ [ [ [ [  [  [  [  [  [ [ [ [ [ [ [ [ [ [ [ [ [ [ [ [ [ [ [ z z S S  S S a Q Q B D @ O @ ] E \ B D @ @ ] E \ B D @ @ ] N \ B D @ @ ] E \ B D @ y @ ] E \ B D @ @ ] E \ B D @ y @  ] E  \ B D { @ y D z ] E x \ B @ v @ :> @ u ] \  E t B @ r @ p @ q ] \  E o B @ m @ k @ l ] \  E j B D h C f @ g ] \  E e B @ c @ a @ b ] \  E ` B @ V @ T @ U ] \  E S B ߓ @  @  D  ] \  E  B ޓ @ @ 0 D ] \  E B ݓ D ܓ D 0 D ' ] \  E B ۓ I H ړ @ Ւ ] \  E Ӓ B ٓ I H ؓ @ Ւ ] \  E Ӓ B ד D ђ @ ϒ D В ] \  E Β B ֓ I Փ @ ԓ @ ] \  E B ӓ @ @ @ ] \  E B ғ D D 0 D ] \  E B ѓ @ Г _ ϓ _ Γ ] \  E B ͓ @ H H ̓ ] \  E B ˓ @ @ 0 @ ] \  E B ʓ @ @ @ ] \  E B ɓ @ ȓ _ Ǔ _ Ɠ ] \  E B œ @ D @ ] \  E D l^ZZZZZZZZTTTTTTTTTTTTTTTTTTTT [ ![ " [ #@ B ē @ D D ] \  E !B Ó !@ !^ “ !@ !] \  !E "B "@ "D "@ e "] \  "E #Z G Z<TTT>@<Z A $ggD g2ɀ  nI>>I>>A?  dMbP?_*+%&?'?(?)?M\\MBPS3\3M232A-HPS od,,LetterPRIV0''''X, \KhC%MSCXSMTJHHP Universal Printing PS (v5.2)HPDocUISUITrueESPRITSupportedTrueHPOrientationHPOrientationPortraitHPSmartDuplexSinglePageJobTrueHPSmartDuplexOddPageJobTrueHPOrientRotate180FalsePostScriptCustomPageSizeFalseDuplexNoneHPReverseOrderForFold_StitchTrueHPBestGlossDefaultInputSlot*UseFormTrayTableHPDuplicateJobNameOverrideSWFWPageSizeLETTERPageRegionLeadingEdgeMediaTypeAUTOHPMediaTypeTreeviewPopupTrueCollateFalseJCLHPPrintOnBothSidesManuallyFalseJCLEconomodeFalseOutputBinAutoStapleLocationNonePunchingNoneTextAsBlackFalseAlternateLetterHeadFalseJCLResolution600dpiJCLPrintQualityNoneJCLFastRes1bppHPConsumerCustomPaperTruePrintQualityGroupPQGroup_2JRHDInstalledJRHDOffHPNUseDiffFirstPageChoiceTrueHPPageExceptionsFileHPCPE112HPPageExceptionsInterfaceShowPageExceptionsHPPageExceptionsLowEndHPPageExceptionsLowEndVerHPPageExceptionsCoverInsertionHPEnableRAWSpoolingTrueHPDocPropResourceDataHPCabFileNameRGBColorNoCmdCMYKInksNoCmdJRConstraintsJRCHDFullHPColorSmartAutomaticHPColorSmart_ColorOptions_EdgeControlNoCmdHPColorSmart_ColorOptions_HalftoneNoCmdHPColorModeCOLOR_MODEHPColorSmart_Text_NeutralGraysNoCmdHPColorSmart_Text_HalftoneNoCmdHPColorSmart_Text_RGBColorNoCmdHPColorSmart_Graphics_NeutralGraysNoCmdHPColorSmart_Graphics_HalftoneNoCmdHPColorSmart_Graphics_RGBColorNoCmdHPColorSmart_Photo_NeutralGraysNoCmdHPColorSmart_Photo_HalftoneNoCmdHPColorSmart_Photo_RGBColorNoCmdHPPJLEncodingUTF8HPJobAccountingHPJOBACCT_JOBACNT_GROUPNAMEHPBornOnDateHPBODHPJobByJobOverrideJBJOHPJobAccWoPinTruePSAlignmentFileHPCLS112HPSmartHubInet_SID_263_BID_514_HID_265HPColorAsGrayFalseCNOutputNoneCNStapleNoneCNOffsetFalseCNPunchingNoneCNFoldingNoneIUPHxMkA e/.dk i6[,&4Io WTGxP0E}fKg7Q0,iYҙ? (+Z]a*&5eUX6l`P;^;DڏN: Dт?eZ i7+|fXjBUz^䚔GV'ܔ0sEFjx$ԖVv`v_TBzX"}?\kqAƉ;pF;u{^B^~,jN؁"oU6n"2}+ېO82ƿfF8RBVP2ʌšErr*M?d"{5X7l+j֜qsA+d,eJ[(ATXƒ+ғMeQ]iI϶Sxs%, /톐Ta0t)BT\_,ҙws܎SwgoTXKoO>WhB!B!$F')%oVx" d,,??&U} m ; } $: } : } ): } 9 } >8 } :8 } .7 } $6 nhhO      t zuudU U T t zuudU U T  S S  S  S R Q Q P |D B D @ @ OF E > <  B D @ @ F E > <  B D @ @ F N > <  B D @ @ F E > <  B D @ @ F E > <  B L C C K E > <  B M C C  K E > <  B L C C  K E > <  B D @ @ y F E > <  B D @ @  F E > <  B D @ @ y F E > <  B D @ @ F E > J B D H H F E > <  B D @ @ F E > <  B D @  @ ~F E } > <  B | D { D z @ yF E x > <  B w @ v @ u @ :> F >  E t< B s @ r @ q @ p F >  E o< B n @ m @ l @ k F >  E j< B i D h @ g C f F >  E e< B d @ c @ b @ a F >  E `< B _ @ ^ @ ] @ F >  E \< B [ @ Z @ Y @ T F >  E X< B W @ V @ U @ T F >  E S< B R @ Q @ P @ O F >  E N< B M I L @ " D K F >  E J< B I I H @ " D GF > E <  B F I E D " D DF > E <  B C I & D " D BF > E < D l..l^^^^^^^^^^^h^^^^^^^^^^^^^^JJ !"#$%&'()*+, -./ 0123456789:;<=>? B A I @ D " D ? F > E <  !B > !I = !D " !D <!F > E <  "B ; "I / "D " "D :"F > E <  #B 9 #I ) #D " #D 8#F > E <  $B 7 $I 6 $D " $D 5$F > E <  %B 4 %I & %D " %D 3%F > E <  &B 2 &I # &D " &D 1&F > E <  'B 0 'I / 'D " 'D .'F > E <  (B - (I , (D " (D +(F > E <  )B * )I ) )D " )D ()F > E <  *B ' *I & *D " *D %*F > E <  +B $ +I # +D " +D !+F > E <  ,B ,@  ,@  ,@  ,F >  ,E ,< -B  -D  -@  -@  -F >  -E -< .B  .@  .@  .@  .F >  .E  .J  /B  /@  /@ /D  /F >  /E /< 0B 0@ 0@ 0@ 0F >  0E 0< 1B  1@  1D  1@  1F >  1E 1< 2B  2@  2D  2@  2F >  2E 2< 3B 3@ 3D 3@ 0 3F >  3E 3< 4B 4D 4@ ' 4@ 0 4F >  4E 4< 5B 5D 5D ' 5D 0 5F >  5E 5< 6B 6@ 6D ^ 6D 6F >  6E 6< 7B 7I 7@ Ւ 7H 7F >  7E Ӓ7< 8B 8I 8@ Ւ 8H 8F >  8E Ӓ8< 9B 9I 9@ Ւ 9H 9F >  9E Ӓ9< :B :I :@ Ւ :H :F >  :E Ӓ:< ;B ;I ;@ Ւ ;H ;F >  ;E Ӓ;< <B <I <@ Ւ <H <F >  <E Ӓ<< =B =I ߒ =@ Ւ =H ޒ =F >  =E Ӓ=< >B ݒ >I ܒ >@ Ւ >H ے >F >  >E Ӓ>< ?B ڒ ?I ْ ?@ Ւ ?H ؒ ?F >  ?E Ӓ?< DT lJJJJJJJJJJJJ^^b^^^^^^^^^^^^^^^^@ABCDEFGHIJKLMNOP@QRS T UVW X Y Z [ \] ^ _  @B ג @I ֒ @@ Ւ @H Ԓ @F >  @E Ӓ@< AB Ғ AI ђ AD В A@ ϒ AF >  AE ΒA< BB ͒ BI ̒ B@ B@ ˒ BF >  BE B< CB ʒ CI ɒ C@ C@ Ȓ CF >  CE C< DB ǒ DI ƒ D@ D@ Œ DF >  DE D< EB Ē EI Ò E@ E@ ’ EF >  EE E< FB FI F@ F@ FF >  FE F< GB G@ G@ G@ GF >  GE G< HB H@ H@ H@ HF >  HE H< IB ID ID ID 0IF > E <  JB JD JD J@ JF >  JE J< KB K@ KD  KD 0 KF >  KE K< LB L@ LH LH LF >  LE L< MB M@ M@ M@ 0 MF >  ME M< NB N@ N@ N@ NF >  NE N< OB O@ O@ O@ OF >  OE O< PB P@ P@ P@ PF >  PE P< QB Q@ Q@ QD QF >  QE Q< RB R@ RD RD RF >  RE R< SB S@ S@ SH SF >  SE S< TB T@ T@ e TD TF >  TE T< UB UD U@  U@ ~ UF >  UE }U< VB | V@ { V@ z VD y VF >  VE xV< WB w W@ v W@ ' WG u WF >  WE tW< XB s X@ r X@ ' XD q XF >  XE pX< YB o Y@ n Y@ ' YD m Y? >  Y= lY< ZB k ZD j Z@ ' ZD i Z? >  Z= hZ< [B g [@ f [@ e [D d [? >  [= c[< \B b \@ a \@ ` \@ _ \? >  \= ^\< ]B ] ]@ \ ]@ [ ]D Z ]? >  ]= Y]< ^B X ^@ W ^@ V ^D U ^? >  ^= T^< _B S _@ R _@ Q _D P _? >  _= O_< D,l^^^^^^^^^J^^^^^^^^^^^^^^^^^^^^^` abcdefgh ijklm `B N `@ M `@ L `D K `? >  `= J`< aB I aD H a@ C aD G a? >  a= Fa< bB E b@ D b@ C bD B b? >  b= Ab< cB @ c@ ? c@ > c@ 0 c? >  c= =c< dB < d@ ; d@ ' d@ : d? >  d= 9d< eB 8 eD 7 eD 6 eD 5 eF >  eE 4e< fB 3 f@ 2 f@ 1 f@ 0 f? >  f= /f< gB . gD - g@ , g@ + g? >  g= *g< hB ) hD ( h@ ' hD & h? >  h= %h< iB $ i@ # i@ " i@  i? >  i= !i< jB j@  j@  j@  j? >  j= j< kB  kD  k@  k@  k? >  k= k< lB  lC  l@  l@  l? >  l= l< mB  mA  m@  m@  m? >  m= m< <^^^^^^^^^^^^^>@<dA $ggD g2ɀ dV.?hB?T?f?x???а?,?l???0 @@1@A@I@O@V@Z]@"d@h@  dMbP?_*+%&?'?('}'}?)'}'}?M \\MBPS1\3M212A-LX(S odXXLetterPRIV0''''d"\KhC>i$SMTJLexmark Universal PS3Resolution600dpiOutputBinPrinterSettingStapleLocationFalseHolePunchFalseJogFalseFoldLocationFalseCollateTrueBookletNoCoverFalseBookletFFrontCoverFalseBookletBFrontCoverFalseBookletFBackCoverFalseBookletBBackCoverFalseBookletMaintainFalseBasicLayoutTrueFinisherBookletNoFoldJCLTonerDarknessNoneMediaTypeNoneBookletMediaTypeNoneAllColorsToBlackFalseDuplexNoneJCLPortRotationNoneHasKeepPreviousPHJobsTrueHasPrintandHoldTrueAdvancedBoookletAlgorithmTrueStatusWindowFalseShowStatusWindowAfterPrintingFalseHasPrintQualityTrueBitmapIDNoneSmallFontEnhancerFalsePixelBoostTrueNewDuplexTrueIsCustomPageTruePageSizeLetterPageRegionInputSlot*UseFormTrayTableBookletInputSlotAutoSelect"KMXLArialHdArialHd< UseSameSize"d,, ` `? ` `?&`U} C} m(E} E} 2E}  }  V}  } ! }  }  } I } $ H   h` M(                                U U 0 .  .  . / . 2 - KH - z , {  , |  +  } *  *  * A)  ~ ( LH '  &   &  %    t A  A!  $ MH               A!  $ NH               A!  $ OH            t A  A!   PH            t A  A!  $ QH            t A  A !  $ QH             A !  $ RH           t A  A !  $ QH              A !  $ RH          SH    TH !  $ $ UH        VH t A  WH!  $ XH  A         YH   !  $ $          A!  $ ZH               A!  $ [H               A!  $ \H               A!  $ ]H               A!  $ ^H            t A  A!  $ _H               A! $            t A  A!  $ `H            t A  A!  $ QH               A!  $ RH               A!  $ $              A!  $ aH              o  > A!    bH         o  A!         o  A!   cH        o  A!   dH      D:lN|x ! " # $ % & ' ( ) * + , - . / 0 1 2 3 4 5 6 7 8 9 : ; < = > ?    o  A !   eH      ! ! !o  !A!! ! ! fH !  !   "! "# "o  "A"! "" " gH " $ "   #% #' #o  # A#! #& # hH # ( #   $) $+ $o  $A$! $* $ iH $ , $   %- %/ %o  %A%! %. % iH % 0 %   &1 &3 &o  &A&! &2 & iH & 4 &   '5 '7 'o  'A'! '6 ' iH ' 8 '   (9 (; (o  (A(! (: ( iH ( < (   )= )? )o  )A)! )> ) iH ) @ )   *A *C *o  *A*! *B * iH * D *   +E +G +o  +A+! +F + iH + H +   ,I ,K ,o  ,A,! ,J , iH , L ,   -M -O -o  -A-! -N - iH - P -   .Q .S .o  .A.! .R. . T .   /U /W /o  /A/! /V/ / X /   0Y 0[ 0o  0A0! 0Z 0 jH 0 \ 0   1] 1_ 1o  1A1! 1^ 1 jH 1 ` 1   2a 2c 2o  2A2! 2b 2 jH 2 d 2   3e 3g 3o  3A3! 3f 3 kH 3 h 3  3 4i 4k 4o  4A4! 4j 4 lH 4 l 4   5m 5o 5o  5A5! 5n 5 mH 5 p 5   6q 6s 6o  6> A6! 6r 6 nH 6 t 6   7u 7w 7o  7A7! 7v 7 oH 7 x 7   8y 8{ 8o  8A8! 8z 8 pH 8 | 8   9} 9 9o  9A9! 9~ 9 qH 9  9   : : :o  :A:! : : rH :  :   ; ; ;o  ;A;! ; ; sH ;  ;   < < <o  <A<! < < dH <  <   = = =o  =A=! = = eH =  =   > > >o  >A>! > > cH >  >   ? ? ?o  ?A?! ? ? gH ?  ?   Dl||||||||||||||xx||||||||||||||@ A B C D E F G H I J K L M N O P Q R S T U V W X Y Z [ \ ] ^ _  @ @ @o  @A@! @ @ fH @  @   A A Ao  ABA! A A tH A  A   B B Bo  BBB! B B uH B  B   C C Co  CBC! CC C  C   D D Do  DBD! D D vH D  D   E E Eo  EBE! E E wH E  E   F F Fo  FBF! F F xH F  F   G G Go  GBG! GG G  G   H H Ho  HBH! HH H  H   I I Io  IBI! II I  I   J J Jo  J BJ! JJ J  J   K K Ko  K BK! KK K  K   L L>  Lo  L BL! LL L  L   M M>  Mo  M BM! MM M  M   N N>  No  N BN! NN N  N   O O>  Oo  OBO! OO O  O   P P>  Po  PBP! PP P  P   Q Q>  Qo  QBQ! QQ Q  Q   R R>  Ro  RBR! RR R  R   S S>  So  SBS! SS S  S   T T>  To  TBT! TT T  T   U U>  Uo  UBU! UU U  U   V V>  Vo  VBV! VV V  V   W W>  Wo  WBW! WW W  W   X X>  Xo  XBX! XX X  X   Y Y Yo  YBY! Y Y jH Y  Y   Z Z>  Zo  ZBZ! Z Z jH Z  Z   [ [>  [o  [B[! [ [ jH [  [   \  \>  \o  \B\! \  \ jH \  \   ]  ] ]o  ]B]! ] ] yH ]  ]   ^ ^ ^o  ^B^! ^ ^ zH ^  ^   _ _ _o  _B_! _ _ {H _  _   Dl|||x|||xxxxxxxxxxxxxxxxxx||||||` a b c d e f g h i j k l m n o p q r s t u v w x y z { | } ~   ` ` `o  `B`! ` ` |H `  `   a a ao  a Ba! a a }H a  a   b! b# bo  b!Bb! b" b ~H b $ b   c% c' co  c"Bc! c& c H c ( c   d) d+ do  d#Bd! d* d H d , d   e- e/ eo  e$Be! e. e H e 0 e   f1 f3 fo  f%Bf! f2 f H f 4 f   g5 g7 go  g&Bg! g6 g H g 8 g   h9 h; ho  h'Bh! h:h h < h   i= i? io  i(Bi! i> i H i @ i   jA jC jo  j)Bj! jBj j D j   kE kG ko  k*Bk! kF k H k H k   lI lK lo  l+Bl! lJ l H l L l   mM mO mo  m,Bm! mNm m P m   nQ nS no  n-Bn! nRn n T n   oU oW oo  o.Bo! oVo o X o   pY p[ po  p/Bp! pZp p \ p   q] q_ qo  q0Bq! q^q q ` q   ra rc ro  r1Br! rb r H r d r   se sg so  s2Bs! sf s iH s h s   ti t> k to  t3Bt! tj t iH t l t   um u> o uo  u4Bu! un u iH u p u   vq v> s vo  v5Bv! vr v iH v t v   wu w> w wo  w6Bw! wv w iH w x w   xy x> { xo  x7Bx! xz x iH x | x   y} y>  yo  y8By! y~ y iH y  y   z z>  zo  z9Bz! z z iH z  z   { {>  {o  {:B{! { { iH {  {   | |>  |o  |;B|! | | iH |  |   } }>  }o  }  ~o  ~=B~! ~ ~ iH ~  ~    >  o  >B!   iH      Dl||||||||x|x||xxxxx|||||||||||||                                  >  o  ?B!   iH        o  @B!   jH       >  o  AB!   jH       >  o  BB!   jH        o  CB!   H        o  DB!   H      ~  o  EB!   H        o  FB!         o  GB!         o  HB!   H        o  IB!   H        o  JB!   H        o  KB!         o  LB!   H        o  MB!   H        o  NB!         o  OB!   H        o  PB!   H        o  QB!   H        o  RB!   dH        o  SB!   eH        o  TB!   cH        o  UB!   H        o  VB!   H        o  WB!   H        o  XB!   H        o  YB!   H        o  ZB!   H          o  [B!    H         o  \B!   H        o  ]B!   H        o  ^B!   H      Dl|||||||xx|||x||x|||||||||||||||                                4   o  _B!   H        o  `B!   H      ! # o  aB! "  H  $    % > ' o  bB! &  H  (    ) > + o  cB! *  H  ,    - > / o  dB! .  H  0    1 3 o  eB! 2  H  4    5 > 7 o  fB! 6  H  8    9 ; o  gB! :  H  <    = > ? o  hB! >  H  @    A > C o  iB! B  H  D    E > G o  jB! F  H  H    I > K o  kB! J  H  L    M > O o  lB! N  H  P    Q S o  mB! R  H  T    U > W o  nB! V  H  X    Y > [ o  oB! Z  H  \    ] > _ o  pB! ^  H  `    a > c o  qB! b  H  d    e > g o  rB! f  H  h    i k o  sB! j  H  l    m o o  tB! n  H  p    q s o  uB! r  H  t    u w o  vB! v  H  x   y { o  wB! z  H  |   }  o  xB! ~  H        o  yB!   H        o  zB!   H       o  {B!   H       o  |B!   H        o  }B!   H          ~B!  $ H     ߑDTl|||||||||||||||||||||||||                                    o  B!         o  B!         o  B!   H     ޑ   o  B!   H     ݑ   o  B!   H     " ܑ   o  B!   H     ۑ   o  B!   H     ڑ   o  B!   H     ّ   o  B!   H     ؑ   o  B!         o  B!   H     ב   o  B!   H     ֑   o  B!         o  B!   H        o  B!   H      Ց   o  B!   H     ԑ   o  B!         o  B!   H     ӑ   o  B!   H     ґ   o  B!   H      ё   o  B!   H     Б   o  B!   H        o  B!   H        o  B!   H     ϑ   o  B!         o  B!   H       o  B!   H        o  B!   H     Α   o  B!   H       o  B!   H     ͑   o  B!   H     ̑   o  B!   H     ˑDlxxxx|x||x|||                                   o  B!   H        o  B!   H    ʑ ! # o  B! "  H  $   ɑ % ' o  B! &  H  (    ) + o  B! *  H  ,    - / o  B! .  H  0    1 3 o  B! 2  H  4    ȑ 5 7 o  B! 6   8    9 ; o  B! :   <    = ? o  B! >  H  @    A C o  B! B   D    E G o  B! F  H  H    I K o  B! J  H  L    M O o  B! N  H  P    Q S o  B! R  H  T    U W o  B! V  H  X    Y [ o  B! Z  H  \    ] _ o  B! ^  H  `    a c o  B! b  H  d    e g o  B! f  H  h    i k o  B! j  H  l    m o o  B! n  H  p    q s o  B! r  H  t    u w o  B! v  H  x    y > { o  B! z  H  |    } >  o  B! ~  H      > o  B!   H       o  B!   H       o  B!         o  B!   H       o  B!   H       o  B!   H     Dl||||xx|x|||||||||||||||||x||                                        o  B!   H       o  B!   H       o  B!   H       o  B!   H       o  B!   H       o  B!   H       o  B!   H       o  B!   H       o  B!   H       o  B !   H       o  B !   H       o  B !   H       o  B !   H       o  B !   H       o  B!         o  B!         o  B!   H       o  B!   H       o  B!   H       o  B!   H       o  B!   H       o  B!   H       o  B!   H       o  B!   H       o  B!   H       o  B!   H       o  B!   H        o  B!   H        o  B!   H       o  B!   H        o  B!   H        o  B!   H      Dl||||||||||||||xx|||||||||||||||  ! " # $ % & ' ( ) * + , - . / 0 1 2 3 4 5 6 7 8 9 : ; < = > ?    o  B !         ! ! !o  !B!! ! ! H ! !   "! "> # "o  "B"! "" " H " $ "   #% #> ' #o  #B#! #& # H # ( #   $) $+ $o  $B$! $* $ H $ , $   %- %> / %o  %B%! %. % H % 0 %   &1 &3 &o  &> B&! &2 & I & 4 &   '5 '7 'o  'B'! '6 ' I ' 8 '   (9 (; (o  (B(! (: ( I ( < (   )= )? )o  )B)! )> ) I ) @ )   *A *C *o  *B*! *B * I * D *   +E +G +o  +B+! +F + I + H +   ,I ,K ,o  ,B,! ,J , I , L ,   -M -O -o  -B-! -N - I - P -   .Q .S .o  .B.! .R . I . T .   /U /W /o  /B/! /V / I / X /   0Y 0> [ 0o  0B0! 0Z 0 I 0 \ 0   1] 1_ 1o  1B1! 1^ 1 I 1 ` 1   2a 2> c 2o  2B2! 2b 2 I 2 d 2   3e 3g 3o  3B3! 3f 3 I 3 h 3   4i 4k 4o  4B4! 4j 4 I 4 l 4   5m 5o 5o  5B5! 5n 5 I 5 p 5   6q 6s 6o  6B6! 6r 6 I 6 t 6   7u 7w 7o  7B7! 7v 7 I 7 x 7   8y 8{ 8o  8B8! 8z 8 I 8 | 8   9} 9 9o  9B9! 9~ 9 I 9 9   : : :o  :B:! : : I : :   ; ; ;o  ;B;! ; ; I ; ;   < < <o  <B<! < < I < <   = = =o  =B=! = = I = =   > > >o  >B>! > > I > >   ? ? ?o  ?B?! ? ? I ? ?   Dlx||||||||||||||||||||||||||||||@ A B C D E F G H I J K L M N O P Q R S T U V W X Y Z [ \ ] ^ _  @ @ @o  @B@! @ @ I @ @   A A Ao  ACA! A A I A A   B B Bo  BCB! B B I B B   C C Co  CCC! C C I C C   D D Do  DCD! D D D D   E E Eo  ECE! E E I E E   F F Fo  FCF! F F I F F   G G Go  GCG! G G I G G   H H Ho  H> CH! H H I H H   I I Io  ICI! I I I I I   J J Jo  J CJ! J J !I J J   K K Ko  K CK! K K K K   L L Lo  L CL! L L "I L L   M M Mo  M CM! M M #I M M   N N No  N CN! N N $I N N   O O Oo  OCO! O O %I O O   P P Po  PCP! P P dH P P   Q Q Qo  QCQ! Q Q eH Q Q   R R Ro  RCR! R R cH R R   S S So  SCS! S S gH S S   T T To  TCT! T T fH T T   U U Uo  UCU! U U iH U U   V V> Vo  VCV! V V iH V V   W W> Wo  WCW! W W iH W W   X X> Xo  XCX! X X iH X X   Y Y> Yo  YCY! Y Y iH Y Y   Z Z>  Zo  ZCZ! Z Z iH Z  Z   [ [>  [o  [C[! [ [ iH [  [   \ \> \o  \C\! \ \ iH \ \   ] ]>  ]o  ]C]! ] ] iH ]  ]   ^ ^>  ^o  ^C^! ^ ^ iH ^  ^   _ _ _o  _C_! _ _ &I _  _   Dl||||x||||||x|||||||||||||||||||` a b c d e f g h i j k l m n o p q r s t u v w x y z { | } ~   ` `>  `o  `C`! ` ` &I `  `   a a>  ao  a Ca! a a &I a a   b! b> # bo  b!Cb! b" b &I b $ b   c% c' co  c"Cc! c& c 'I c ( c   d) d+ do  d#Cd! d* d zH d , d   e- e/ eo  e$Ce! e. e |H e 0 e   f1 f3 fo  f%Cf! f2 f (I f 4 f   g5 g7 go  g&Cg! g6 g )I g 8 g   h9 h; ho  h'Ch! h: h *I h < h   i= i? io  i(Ci! i> i H i @ i   jA jC jo  j)Cj! jB j +I j D j   kE kG ko  k*Ck! kF k ,I k H k   lI lK lo  l+Cl! lJ l -I l L l   mM mO mo  m,Cm! mN m .I m P m   nQ nS no  n-Cn! nR n /I n T n   oU oW oo  o.Co! oV o 0I o X o   pY p[ po  p/Cp! pZ p !I p \ p   q] q_ qo q0Cq! q^ q q ` q   ra rc ro r1Cr! rb r 1I r d r   se sg so  s2Cs! sf s s h s   ti tk to  t3Ct! tj t 2I t l t   um uo uo  u4Cu! un u dH u p u   vq vs vo  v5Cv! vr v eH v t v   wu ww wo  w6Cw! wv w cH w x w   xy x{ xo  x7Cx! xz x gH x | x   y} y yo  y8Cy! y~ y fH y y   z z zo  z9Cz! z z iH z z   { {> {o  {:C{! { { iH { {   | |> |o  |;C|! | | iH | |   } }> }o  } ~o  ~=C~! ~ ~ iH ~ ~    > o  >C!   iH     Dl|||||||||||||||||x|x|||||||||||                                  > o  ?C!   iH      > o  @C!   iH      > o  AC!   iH      > o  BC!   iH      > o  CC!   iH      > o  DC!   iH       o  EC!   jH      > o  FC!   jH      > o  GC!   jH      > o  HC!   jH      > o  IC!   jH       o  JC!   3I       o  KC!   zH       o  LC!   |H       o  MC!   (I       o  NC!   4I       o  OC!   5I       o  PC!   6I       o  QC!   H       o  RC!   7I       o  SC!   8I       o  TC!   H       o  UC!   +I       o  VC!   ,I       o  WC!   9I       o  XC!   :I       o  YC!   ;I        o  ZC!   H      > o !       o  [C!   I        o  _C!   ?I        o  `C!   ?I      Ǒ ! # o  aC! "  ?I  $     Ƒ % ' o  bC! &  ?I  (     Ƒ ) + o  cC! *  ?I  ,     ő - / o  dC! .  ?I  0     đ 1 3 o  eC! 2  ?I  4     Ñ 5 7 o  fC! 6  ?I  8    ‘ 9 ; o  gC! :  @I  <    = ? o  hC! >  @I  @     A C o  iC! B  @I  D     E G o  jC! F  @I  H     I K o  kC! J  @I  L     M O o  lC! N  @I  P     Q S o  mC! R  @I  T     U W o  nC! V  @I  X    Y [ o  oC! Z  AI  \    ] _ o  pC! ^  AI  `    # a c o  qC! b  AI  d     e g o  rC! f  AI  h     i  o  sC! j  AI  k     l n o  tC! m  AI  o     p r o  uC! q  AI  s     t v o  vC! u  AI  w    x z o  wC! y  BI  {    | ~ o  xC! }  BI         o  yC!   BI        o  zC!   BI        o  {C!   BI        o  |C!   BI        o  }C!   BI      DDl|||||                                   o  ~C!   BI       o  C!   CI       o  C!   CI        o  C!   CI        o  C!   CI        o  C!   CI        o  C!   CI        o  C!   CI        o  C!   CI     > > > !      t t C t C!    DI     t t C t C!       t t  t C!       t t C t C!       t t  t C!       t t C t C!       t t  t C!       t t C t C!       t t C t C!       t t C t C!       t t  t C!       t t C t C!       t t  t C!       t t C t C!       t t  t C!       t t  t C!       t t  t C!       EI  FI  GI  HI  u    II     JI  KI  LI  MI  u    NI     OI  PI  GI  QI  u    RI     SI  TI  UI  VI  u    WI     XI  YI  GI  ZI  u    [I    Dl| xddddddddddddddddffff                                      u            u           u           u           u           u           u           u           u           u           u           u           u           u           u           u           u           u           u           u           u           u           u           u           u           u           u           u           u           u           u           u      Dl\                                           u           u           u           u           u           u           u           u           u            u            u            u            u            u           u           u           u           u           u           u           u           u           u           u           u           u           u           u           u           u           u           u      Dl   ! " # $ % & ' ( ) * + , - . / 0 1 2 3 4 5 6 7 8 9 : ; < = > ?       u      !     u      "     u      #     u      $     u      %     u      &     u      '     u      (     u      )     u      *     u      +     u      ,     u      -     u      .     u      /     u      0     u      1     u      2     u      3     u      4     u      5     u      6     u      7     u      8     u      9     u      :     u      ;     u      <     u      =     u      >     u      ?     u      Dl @ A B C D E F G H I J K L M N O P Q R S T U V W X Y Z [ \ ] ^ _ @     u      A     u      B     u      C     u      D     u      E     u      F     u      G     u      H     u      I     u      J     u      K     u      L     u      M     u      N     u      O     u      P     u      Q     u      R     u      S     u      T     u      U     u      V     u      W     u      X     u      Y     u      Z     u      [     u      \     u      ]     u      ^     u      _     u      Dl ` a b c d e f g h i j k l m n o p q r s t u v w x y z { | } ~  `     u      a     u      b     u      c     u      d     u      e     u      f     u      g     u      h     u      i     u      j          k          l          m          n          o          p          q          r          s          t          u          v          w          x          y          z          {          |          }          ~                    Dl                                                                                                                                                                                             q r r r  s     (T >@Kr r A ggD g2ɀ j@w@}@E@ @ժ@@e@-@@@@MAAA*Am7A5DAPA]AjAUwAAAAuA=AAAA]A%ABB}BE*B 7BCBPBe]B-jBvBBBMBBݶBBmB5BBBCUCC)C6CuCC=PC]CiCvC]C%CEC  dMbP?_*+%,&ffffff?'ffffff?(?)?",333333?333333? &<3U} } } } 2} } #} m(1 } I } $ ,`,                                          G R 5 4 al `l  _l T ^l ]l  \l T [l Zl  Yl T Xl Wl  Vl T Ul Tl  Sl T Rl Ql  Pl T Ol e  Nl  T Ml kV  Ll  T Kl hV  Jl  T Il Hl  Gl  T Fl El  Dl  T Cl Bl  Al T @l ?l  >l T =l  ?   l  l   l  T ! l ! l ! !l! !T "l "l " "l" "T #l #l # #l# #T $l $l $ $k$ $T %k %k % %k% %T &k &k & &k& &T 'k 'k ' 'k' 'T (k (k ( (k( (T )k )k ) )k) )T *k *k * *k* *T +k +k + +k+ +T ,k ,k , ,k, ,T -k -k - -k- -T .k .k . .k. .T /k /k / /k/ /T 0k 0k 0 0k0 0T 1k 1_ 1 1k1 1T 2k 2k 2 2k2 2T 3k 3k 3 3k3 3T 4k 4k 4 4k4 4T 5k 5k 5 5k5 5T 6k 6k 6 6k6 6T 7k 7k 7 7k7 7T 8k 8k 8 8k8 8T 9k 9k 9 9k9 9T :k :k : :k: :T ;k ;k ; ;k; ;T <k <k < <k< <T =k =k = =k= =T >k >k > >k> >T ?k ?k ? ?k? ?TD lPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPP@ A B C D E F G H I J K L M N O P Q R S T U V W X Y Z [ \ ] ^ _  @k @k @ @k@ @T Ak Ak A AkA AT Bk Bk B BkB BT Ck Ck C CkC CT Dk Dk D DkD DT Ek Ek E EkE ET Fk Fk F FkF FT Gk Gk G GkG GT Hk Hk H HkH HT Ik Ik I IkI IT Jk J2i J JkJ JT Kk Kk K KkK KT Lk Lk L LkL LT Mk Mk M MkM MT Nk Nk N NkN NT Ok Ok O OkO OT Pk P~k P P}kP PT Q|k Q{k Q QzkQ QT Ryk Rxk R RwkR RT Svk Suk S StkS ST Tsk Trk T TqkT TT Upk Uok U UnkU UT Vmk Vlk V VkkV VT Wjk Wik W WhkW WT Xgk Xfk X XekX XT Ydk Yck Y YbkY YT Zak Z`k Z Z_kZ ZT [^k []k [ [\k[ [T \[k \Zk \ \Yk\ \T ]Xk ]Wk ] ]Vk] ]T ^Uk ^Tk ^ ^Sk^ ^T _Rk _Qk _ _Pk_ _TD lPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPP` a b c d e f g h i j k l m n o p q r s t u v w x y z { | } ~   `Ok `Nk ` `Mk` `T aLk aKk a aJka aT bIk bHk b bGkb bT cFk cEk c cDkc cT dCk dBk d dAkd dT e@k e?k e e>ke eT f=k fj T =j i  =i T  ?  i i  i  T !i !i ! !i! !T "i "i " " i" "T # i # i # # i# #T $ i $i $ $i$ $T %i %i % %i% %T &i &i & &i& &T 'i 'h ' 'h' 'T (h (h ( (h( (T )h )h ) )h) )T *h *h * *h* *T +h +h + +h+ +T ,h ,h , ,h, ,T -h -h - -h- -T .h .h . .h. .T /h /h / /h/ /T 0h 0h 0 0h0 0T 1h 1h 1 1h1 1T 2h 2h 2 2h2 2T 3h 3h 3 3h3 3T 4h 4h 4 4h4 4T 5h 5h 5 5h5 5T 6h 6h 6 6h6 6T 7h 7h 7 7h7 7T 8h 8h 8 8h8 8T 9h 9h 9 9h9 9T :h :h : :h: :T ;h ;h ; ;h; ;T <h <h < <h< <T =h =h = =h= =T >h >h > >h> >T ?h ?h ? ?h? ?TD lPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPP@ A B C D E F G H I J K L M N O P Q R S T U V W X Y Z [ \ ] ^ _  @h @h @ @h@ @T Ah Ah A AhA AT Bh Bh B BhB BT Ch Ch C ChC CT Dh Dh D DhD DT Eh Eh E EhE ET Fh Fh F FhF FT Gh Gh G GhG GT Hh Hh H HhH HT Ih Ih I IhI IT Jh Jh J JhJ JT Kh Kh K KhK KT Lh Lh L LhL LT Mh Mg M MhM MT Nh Nh N NhN NT Oh Oh O OhO OT Ph Ph P PhP PT Qh Qh Q QhQ QT Rh Rh R R~hR RT S}h S|h S S{hS ST Tzh Tyh T TxhT TT Uwh Uvh U UuhU UT Vth Vsh V VrhV VT Wqh Wph W WohW WT Xnh Xmh X XlhX XT Ykh Yjh Y YihY YT Zhh Zgh Z ZfhZ ZT [eh [dh [ [ch[ [T \bh \ah \ \`h\ \T ]_h ]^h ] ]]h] ]T ^\h ^[h ^ ^Zh^ ^T _Yh _Xh _ _Wh_ _TD lPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPP` a b c d e f g h i j k l m n o p q r s t u v w x y z { | } ~   `Vh `Uh ` `Th` `T aSh aRh a aQha aT bPh bOh b bNhb bT cMh cLh c cKhc cT dJh dIh d dHhd dT eGh eFh e eEhe eT fDh fCh f fBhf fT gAh g@h g g?hg gT h>h h=h h hg T =g f T =f  ?  f f  f  T !f !f ! !f! !T "f "f " "f" "T #f #f # #f# #T $ f $ f $ $ f$ $T % f % f % %f% %T &f &f & &f& &T 'f 'f ' 'f' 'T (f (f ( (e( (T )e )e ) )e) )T *e *e * *e* *T +e +e + +e+ +T ,e ,e , ,e, ,T -e -e - -e- -T .e .e . .e. .T /e /e / /e/ /T 0e 0e 0 0e0 0T 1e 1e 1 1e1 1T 2e 2e 2 2e2 2T 3e 3e 3 3e3 3T 4e 4e 4 4e4 4T 5e 5e 5 5e5 5T 6e 6e 6 6e6 6T 7e 7e 7 7e7 7T 8e 8e 8 8e8 8T 9e 9e 9 9e9 9T :e :e : :e: :T ;e ;e ; ;e; ;T <e <e < <e< <T =e =e = =e= =T >e >e > >e> >T ?e ?e ? ?e? ?TD lPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPP@ A B C D E F G H I J K L M N O P Q R S T U V W X Y Z [ \ ] ^ _  @e @e @ @e@ @T Ae Ae A AeA AT Be Be B BeB BT Ce Ce C CeC CT De De D DeD DT Ee Ee E EeE ET Fe Fe F FeF FT Ge Ge G GeG GT He He H HeH HT Ie Ie I IeI IT Je Je J JeJ JT Ke Ke K KeK KT Le Le L LeL LT Me Me M MeM MT Ne Ne N NeN NT Oe Oe O OeO OT Pe Pe P PeP PT Qe Qe Q QeQ QT Re Re R ReR RT Se Se S S~eS ST T}e T|e T T{eT TT Uze Uye U UxeU UT Vwe Vve V VueV VT Wte Wse W WreW WT Xqe Xpe X XoeX XT Yne Yme Y YleY YT Zke Zje Z ZieZ ZT [he [ge [ [fe[ [T \ee \de \ \ce\ \T ]be ]ae ] ]`e] ]T ^_e ^^e ^ ^]e^ ^T _\e _[e _ _Ze_ _TD lPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPP` a b c d e f g h i j k l m n o p q r s t u v w x y z { | } ~   `Ye `Xe ` `We` `T aVe aUe a aTea aT bSe bRe b bQeb bT cPe cOe c cNec cT dMe dLe d dKed dT eJe eIe e eHee eT fGe fFe f fEef fT gDe gCe g gBeg gT hAe h@e h h?eh hT i>e i=e i id T =d c =c   ?  c c  c  T !c !c ! !c! !T "c "c " "c" "T #c #c # #c# #T $c $c $ $c$ $T %c % c % % c% %T & c & c & & c& &T 'c 'c ' 'c' 'T (c (c ( (c( (T )c )c ) )c) )T *b *b * *b* *T +b +b + +b+ +T ,b ,b , ,b, ,T -b -b - -b- -T .b .b . .b. .T /b /b / /b/ /T 0b 0b 0 0b0 0T 1b 1b 1 1b1 1T 2b 2b 2 2b2 2T 3b 3b 3 3b3 3T 4b 4b 4 4b4 4T 5b 5b 5 5b5 5T 6b 6b 6 6b6 6T 7b 7b 7 7b7 7T 8b 8b 8 8b8 8T 9b 9b 9 9b9 9T :b :b : :b: :T ;b ;b ; ;b; ;T <b <b < <b< <T =b =b = =b= =T >b >b > >b> >T ?b ?b ? ?b? ?TD lPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPP@ A B C D E F G H I J K L M N O P Q R S T U V W X Y Z [ \]^ _  @b @b @ @b@ @T Ab Ab A AbA AT Bb Bb B BbB BT Cb Cb C CbC CT Db Db D DbD DT Eb Eb E EbE ET Fb Fb F FbF FT Gb Gb G GbG GT Hb Hb H HbH HT Ib Ib I IbI IT Jb Jb J JbJ JT Kb Kb K KbK KT Lb Lb L LbL LT Mb Mb M MbM MT Nb Nb N NbN NT Ob Ob O ObO OT Pb Pb P PbP PT Qb Qb Q QbQ QT Rb Rb R RbR RT Sb Sb S SbS ST Tb Tb T TbT TT U~b U}b U U|bU UT V{b Vzb V VybV VT Wxb Wwb W WvbW WT Xub Xtb X XsbX XT Yrb Yqb Y YpbY YT Zob Znb Z ZmbZ ZT [lb [kb [ [jb[ [T \ib \hb \ \gb\ \T ]fb ]eb ] ]db] ]T ^cb ^bb ^ ^ab^ ^T _`b __b _ _^b_ _TD lPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPP` a b c d efg h i j k l m n o p q r s t u v w x y z { | } ~   `]b `\b ` `[b` `T aZb aYb a aXba aT bWb bVb b bUbb bT cTb cSb c cRbc cT dQb dPb d dObd dT eNb eMb e eLbe eT fKb fJb f fIbf fT gHb gGb g gFbg gT hEb hDb h hCbh hT iBb iAb i i@bi iT j?b j>b j j=bj jT ka =a  ` T =` <`  ;` T :` 9`  8` T 7` 6`  5` T 4` 3`  2` T 1` 0`  /` T .` -`  ,` T +` *`  )` T (` '`  &` T %` $`  #` TD lPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPP  ! " # $ % & ' ( ) * + , - . / 01 2 3 4 5 6 7 8 9 : ; < = > ?  "` !`   `  T !` !` ! !`! !T "` "` " "`" "T #` #` # #`# #T $` $` $ $`$ $T %` %` % %`% %T &` &` & &`& &T ' ` ' ` ' ' `' 'T ( ` ( ` ( (`( (T )` )` ) )`) )T *` *` * *`* *T +` +` + +_+ +T ,_ ,_ , ,_, ,T -_ -_ - -_- -T ._ ._ . ._. .T /_ /_ / /_/ /T 0_ 0_ 0 0_0 0T 1_ 1_ 1 1_1 1T 2_ 2_ 2 2_2 2T 3_ 3_ 3 3_3 3T 4_ 4_ 4 4_4 4T 5_ 5_ 5 5_5 5T 6_ 6_ 6 6_6 6T 7_ 7_ 7 7_7 7T 8_ 8P_ 8 8_8 8T 9_ 9_ 9 9_9 9T :_ :_ : :_: :T ;_ ;_ ; ;_; ;T <_ <_ < <_< <T =_ =_ = =_= =T >_ >_ > >_> >T ?_ ?_ ? ?_? ?TD lPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPP@ A B C D E F G H I J K L M N O P Q R S T U V W X Y Z [ \ ] ^ _  @_ @_ @ @_@ @T A_ A_ A A_A AT B_ B_ B B_B BT C_ C_ C C_C CT D_ D_ D D_D DT E_ E_ E E_E ET F_ F_ F F_F FT G_ G_ G G_G GT H_ H_ H H_H HT I_ I_ I I_I IT J_ J_ J J_J JT K_ K_ K K_K KT L_ L_ L L_L LT M_ M_ M M_M MT N_ N_ N N_N NT O_ O_ O O_O OT P_ P_ P P_P PT Q_ Q_ Q Q_Q QT R_ R_ R R_R RT S_ S_ S S_S ST T_ T_ T T_T TT U_ U_ U U_U UT V_ V_ V V_V VT W~_ W}_ W W|_W WT X{_ Xz_ X Xy_X XT Yx_ Yw_ Y Yv_Y YT Zu_ Zt_ Z Zs_Z ZT [r_ [q_ [ [p_[ [T \o_ \n_ \ \m_\ \T ]l_ ]k_ ] ]j_] ]T ^i_ ^h_ ^ ^g_^ ^T _f_ _e_ _ _d__ _TD lPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPP` a b c d e f g h i j k l m n o p q r s t u v w x y z { | } ~   `c_ `b_ ` `a_` `T a`_ a__ a a^_a aT b]_ b\_ b b[_b bT cZ_ cY_ c cX_c cT dW_ dV_ d dU_d dT eT_ eS_ e eR_e eT fQ_ fP_ f fO_f fT gN_ gM_ g gL_g gT hK_ hJ_ h hI_h hT iH_ iG_ i iF_i iT jE_ jD_ j jC_j jT kB_ kA_ k k@_k kT l?_ l>_ l l=_l lT m<_ m;_ m m:_m mT n9_ n8_ n n7_n nT o6_ o5_ o o4_o oT p3_ p2_ p p1_p pT q0_ q/_ q q._q qT r-_ r,_ r r+_r rT s*_ s)_ s s(_s sT t'_ t&_ t t%_t tT u$_ u#_ u u"_u uT v!_ v _ v v_v vT w_ w_ w w_w wT x_ x_ x x_x xT y_ y_ y y_y yT z_ z_ z z_z zT {_ {_ { {_{ {T |_ |_ | | _| |T } _ } _ } } _} }T ~ _ ~_ ~ ~_~ ~T _ _  _ TD lPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPP                                 _ VV  _ T _ _  ^ T ^ ^  ^ T ^ ^  ^ T ^ ^  ^ T ^ ^  ^ T ^ ^  ^ T ^ ^  ^ T ^ ^  ^ T ^ ^  ^ T ^ ^  ^ T ^ ^  ^ T ^ ^  ^ T ^ ^  ^ T ^ ^  ^ T ^ ^  ^ T ^ ^  ^ T ^ ^  ^ T ^ ^  ^ T ^ ^  ^ T ^ ^  ^ T ^ ^  ^ T ^ ^  ^ T ^ ^  ^ T ^ ^  ^ T ^ ^  ^ T ^ ^  ^ T ^ ^  ^ T ^ ^  ^ T ^ ^  ^ T ^ ^  ^ T ^ ^  ^ TD lPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPP                                 ^ ^  ^ T ^ ^  ^ T ^ ^  ^ T ^ ^  ^ T ^ ^  ^ T ^ ^  ^ T ^ ^  ^ T ^ ^  ^ T ^ ^  ^ T ^ ^  ^ T ^ ^  ^ T ^ ^  ^ T ^ ^  ~^ T }^ |^  {^ T z^ y^  x^ T w^ v^  u^ T t^ s^  r^ T q^ p^  o^ T n^ m^  l^ T k^ j^  i^ T h^ g^  f^ T e^ d^  c^ T b^ a^  `^ T _^ ^^  ]^ T \^ [^  Z^ T Y^ X^  W^ T V^ U^  T^ T S^ R^  Q^ T P^ O^  N^ T M^ L^  K^ T J^ I^  H^ T G^ F^  E^ TD lPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPP                                 D^ C^  B^ T A^ @^  ?^ T >^ =^  <^ T ;^ :^  9^ T 8^ 7^  6^ T 5^ 4^  3^ T 2^ 1^  0^ T /^ .^  -^ T ,^ +^  *^ T )^ (^  '^ T &^ %^  $^ T #^ "^  !^ T  ^ ^  ^ T ^ ^  ^ T ^ ^  ^ T ^ ^  ^ T ^ ^  ^ T ^ ^  ^ T ^  ^   ^ T  ^  ^   ^ T ^ ^  ^ T ^ ^  ^ T ^ ^  ^ T ] ]  ] T ] ]  ] T ] ]  ] T ] ]  ] T ] ]  ] T ] ]  ] T ] ]  ] T ] ]  ] T ] ]  ] TD lPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPP                                ] ]  ] T ] ]  ] T ] ]  ] T ] ]  ] T ] ]  ] T ] ]  ] T ] ]  ] T ] ]  ] T ] ]  ] T ] ]  ] T ] ]  ] T ] ]  ] T ] ]  ] T ] ]  ] T ] ]  ] T ] ]  ] T ] ]  ] T ] ]  ] T ] ]  ] T ] ]  ] T ] ]  ] T ] ]  ] T ] ]  ] T ] ]  ] T ] ]  ] T ] ]  ] T ] ]  ] T ] ]  ] T ] ]  ] T ] ]  ] T ] ]  ] T ] ]  ] TD lPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPP                                      ] ]  ] T ] ]  ] T ~] }]  |] T {] z]  y] T x] w]  v] T u] t]  s] T r] q]  p] T o] n]  m] T l] k]  j] T i] h]  g]  T f] e]  d]  T c] b]  a]  T `] _]  ^]  T ]] \]  []  T Z] Y]  X] T W] V]  U] T T] S]  R] T Q] P]  O] T N] M]  L] T K] J]  I] T H] G]  F] T E] D]  C] T B] A]  @] T ?] >]  =] T <] ;]  :] T 9] 8]  7] T 6] 5]  4] T 3] 2]  1] T 0] /]  .] T -] ,]  +] T *] )]  (] T '] &]  %] TD lPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPP  ! " # $ % & ' ( ) * + , - . / 0 1 2 3 4 5 67 8 9 : ; < = > ?  $] #]  "]  T !!] ! ] ! !]! !T "] "] " "]" "T #] #] # #]# #T $] $] $ $]$ $T %] %] % %]% %T &] &] & &]& &T '] '] ' ' ]' 'T ( ] ( ] ( ( ]( (T ) ] )] ) )]) )T *] *] * *]* *T +] +] + +]+ +T ,] ,\ , ,\, ,T -\ -\ - -\- -T .\ .\ . .\. .T /\ /\ / /\/ /T 0\ 0\ 0 0\0 0T 1\ 1\ 1 1\1 1T 2\ 2\ 2 2\2 2T 3\ 3\ 3 3\3 3T 4\ 4\ 4 4\4 4T 5\ 5\ 5 5\5 5T 6\ 6\ 6 6\6 6T 7\ 7\ 7 7\7 7T 8\ 8\ 8 8\8 8T 9\ 9\ 9 9\9 9T :\ :\ : :\: :T ;\ ;\ ; ;\; ;T <\ <\ < <\< <T =\ =\ = =\= =T >\ >\ > >\> >T ?\ ?[ ? ?\? ?TD lPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPP@ A B C D E F G H I J K L M N O P Q R S T U V W X Y Z [ \ ] ^ _  @\ @\ @ @\@ @T A\ A\ A A\A AT B\ B\ B B\B BT C\ C\ C C\C CT D\ D\ D D\D DT E\ E\ E E\E ET F\ F\ F F\F FT G\ G\ G G\G GT H\ H\ H H\H HT I\ I\ I I\I IT J\ J\ J J\J JT K\ K\ K K\K KT L\ L\ L L\L LT M\ M\ M M\M MT N\ N\ N N\N NT O\ O\ O O\O OT P\ P\ P P\P PT Q\ Q\ Q Q\Q QT R\ R\ R R\R RT S\ S\ S S\S ST T\ T\ T T\T TT U\ U\ U U\U UT V\ V\ V V\V VT W\ W\ W W~\W WT X}\ X|\ X X{\X XT Yz\ Yy\ Y Yx\Y YT Zw\ Zv\ Z Zu\Z ZT [t\ [s\ [ [r\[ [T \q\ \p\ \ \o\\ \T ]n\ ]m\ ] ]l\] ]T ^k\ ^j\ ^ ^i\^ ^T _h\ _g\ _ _f\_ _TD lPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPP` a b c d e f g h i j k l m n o p q r s t u v w x y z { | } ~   `e\ `d\ ` `c\` `T ab\ aa\ a a`\a aT b_\ b^\ b b]\b bT c\\ c[\ c cZ\c cT dY\ dX\ d dW\d dT eV\ eU\ e eT\e eT fS\ fR\ f fQ\f fT gP\ gO\ g gN\g gT hM\ hL\ h hK\h hT iJ\ iI\ i iH\i iT jG\ jF\ j jE\j jT kD\ kC\ k kB\k kT lA\ l@\ l l?\l lT m>\ m=\ m m<\m mT n;\ n:\ n n9\n nT o8\ o7\ o o6\o oT p5\ p4\ p p3\p pT q2\ q1\ q q0\q qT r/\ r.\ r r-\r rT s,\ s+\ s s*\s sT t)\ t(\ t t'\t tT u&\ u%\ u u$\u uT v#\ v"\ v v!\v vT w \ w\ w w\w wT x\ x\ x x\x xT y\ y\ y y\y yT z\ z\ z z\z zT {\ {\ { {\{ {T |\ |\ | |\| |T }\ } \ } } \} }T ~ \ ~ \ ~ ~ \~ ~T \ \  \ TD lPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPP                                 \ \  \ T \ \  \ T [ [  [ T [ [  [ T [ [  [ T [ [  [ T [ [  [ T [ [  [ T [ [  [ T [ [  [ T [ [  [ T [ [  [ T [ [  [ T [ [  [ T [ [  [ T [ [  [ T [ [  [ T [ [  [ T [ [  [ T [ [  [ T [ [  [ T [ [  [ T [ [  [ T [ [  [ T [ [  [ T [ [  [ T [ [  [ T [ [  [ T [ [  [ T [ [  [ T [ [  [ T [ [  [ TD lPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPP                                 [ [  [ T [ [  [ T [ [  [ T [ [  [ T [ [  [ T [ [  [ T [ [  [ T [ [  [ T [ [  [ T [ [  [ T [ [  [ T [ [  [ T [ [  [ T [ ~[  }[ T |[ {[  z[ T y[ x[  w[ T v[ u[  t[ T s[ r[  q[ T p[ o[  n[ T m[ l[  k[ T j[ i[  h[ T g[ f[  e[ T d[ c[  b[ T a[ `[  _[ T ^[ ][  \[ T [[ Z[  Y[ T X[ W[  V[ T U[ T[  S[ T R[ Q[  P[ T O[ N[  M[ T L[ K[  J[ T I[ H[  G[ TD lPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPP                                 F[ E[  D[ T C[ B[  A[ T @[ ?[  >[ T =[ <[  ;[ T :[ 9[  8[ T 7[ 6[  5[ T 4[ 3[  2[ T 1[ 0[  /[ T .[ -[  ,[ T +[ *[  )[ T ([ '[  &[ T %[ $[  #[ T "[ ![   [ T [ [  [ T [ [  [ T [ [  [ T [ [  [ T [ [  [ T [ [  [ T  [  [   [ T  [  [  [ T [ [  [ T [ [  [ T [ [  Z T Z Z  Z T Z Z  Z T Z Z  Z T Z Z  Z T Z Z  Z T Z Z  Z T Z Z  Z T Z Z  Z TD lPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPP                                 Z Z  Z T Z Z  Z T Z Z  Z T Z Z  Z T Z Z  Z T Z Z  Z T Z Z  Z T Z Z  Z T Z Z  Z T Z Z  Z T Z Z  Z T Z Z  Z T Z Z  Z T Z Z  Z T Z Z  Z T Z Z  Z T Z Z  Z T Z Z  Z T Z Z  Z T Z Z  Z T Z Z  Z T Z Z  Z T Z Z  Z T Z Z  Z T Z Z  Z T Z Z  Z T Z Z  Z T Z Z  Z T Z Z  Z T Z Z  Z T Z Z  Z T Z Z  Z TD lPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPP                                      Z Z  Z T Z Z  Z T Z Z  ~Z T }Z |Z  {Z T zZ yZ  xZ T wZ vZ  uZ T tZ sZ  rZ T qZ pZ  oZ T nZ mZ  lZ T kZ jZ  iZ  T hZ gZ  fZ  T eZ dZ  cZ  T bZ aZ  `Z  T _Z ^Z  ]Z  T \Z [Z  ZZ T YZ XZ  WZ T VZ UZ  TZ T SZ RZ  QZ T PZ OZ  NZ T MZ LZ  KZ T JZ IZ  HZ T GZ FZ  EZ T DZ CZ  BZ T AZ @Z  ?Z T >Z =Z   ?  &Z %Z  $Z  T !#Z !"Z ! !!Z! !T " Z "Z " "Z" "T #Z #Z # #Z# #T $Z $Z $ $Z$ $T %Z %Z % %Z% %T &Z &Z & &Z& &T 'Z 'Z ' 'Z' 'T (Z ( Z ( ( Z( (T ) Z ) Z ) ) Z) )T *Z *Z * *Z* *T +Z +Z + +Z+ +T ,Z ,Z , ,Z, ,T -Y -Y - -Y- -T .Y .Y . .Y. .T /Y /Y / /Y/ /T 0Y 0Y 0 0Y0 0T 1Y 1Y 1 1Y1 1T 2Y 2Y 2 2Y2 2T 3Y 3Y 3 3Y3 3T 4Y 4Y 4 4Y4 4T 5Y 5Y 5 5Y5 5T 6Y 6Y 6 6Y6 6T 7Y 7Y 7 7Y7 7T 8Y 8Y 8 8Y8 8T 9Y 9Y 9 9Y9 9T :Y :Y : :Y: :T ;Y ;Y ; ;Y; ;T <Y <Y < <Y< <T =Y =Y = =Y= =T >Y >Y > >Y> >T ?Y ?Y ? ?Y? ?TD lPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPP@ A B C D E F G H I J K L M N O P Q R S T U V W X Y Z [ \ ] ^ _  @Y @Y @ @Y@ @T AY AY A AYA AT BY BY B BYB BT CY CY C CYC CT DY DY D DYD DT EY EY E EYE ET FY FY F FYF FT GY GY G GYG GT HY HY H HYH HT IY IY I IYI IT JY JY J JYJ JT KY KY K KYK KT LY LY L LYL LT MY MY M MYM MT NY NY N NYN NT OY OY O OYO OT PY PY P PYP PT QY QY Q QYQ QT RY RY R RYR RT SY SY S SYS ST TY TY T TYT TT UY UY U UYU UT VY VY V VYV VT WY WY W WYW WT X~Y X}Y X X|YX XT Y{Y YzY Y YyYY YT ZxY ZwY Z ZvYZ ZT [uY [tY [ [sY[ [T \rY \qY \ \pY\ \T ]oY ]nY ] ]mY] ]T ^lY ^kY ^ ^jY^ ^T _iY _hY _ _gY_ _TD lPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPP` a b c d e f g h i j k l m n o p q r s t u v w x y z { | } ~   `fY `eY ` `dY` `T acY abY a aaYa aT b`Y b_Y b b^Yb bT c]Y c\Y c c[Yc cT dZY dYY d dXYd dT eWY eVY e eUYe eT fTY fSY f fRYf fT gQY gPY g gOYg gT hNY hMY h hLYh hT iKY iJY i iIYi iT jHY jGY j jFYj jT kEY kDY k kCYk kT lBY lAY l l@Yl lT m?Y m>Y m m=Ym mT nX T =X W =W   ?  &W %W  $W  T !#W !"W ! !!W! !T " W "W " "W" "T #W #W # #W# #T $W $W $ $W$ $T %W %W % %W% %T &W &W & &W& &T 'W 'W ' 'W' 'T (W ( W ( ( W( (T ) W ) W ) ) W) )T *W *W * *W* *T +W +W + +W+ +T ,W ,W , ,W, ,T -V -V - -V- -T .V .V . .V. .T /V /V / /V/ /T 0V 0V 0 0V0 0T 1V 1V 1 1V1 1T 2V 2V 2 2V2 2T 3V 3V 3 3V3 3T 4V 4V 4 4V4 4T 5V 5V 5 5V5 5T 6V 6V 6 6V6 6T 7V 7V 7 7V7 7T 8V 8V 8 8V8 8T 9V 9V 9 9V9 9T :V :V : :V: :T ;V ;V ; ;V; ;T <V <V < <V< <T =V =V = =V= =T >V >V > >V> >T ?V ?V ? ?V? ?TD lPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPP@ A B C D E F G H I J K L M N O P Q R S T U V W X Y Z [ \ ] ^ _  @V @V @ @V@ @T AV AV A AVA AT BV BV B BVB BT CV CV C CVC CT DV DV D DVD DT EV EV E EVE ET FV FV F FVF FT GV GV G GVG GT HV HV H HVH HT IV IV I IVI IT JV JV J JVJ JT KV KV K KVK KT LV LV L LVL LT MV MV M MVM MT NV NV N NVN NT OV OV O OVO OT PV PV P PVP PT QV QV Q QVQ QT RV RV R RVR RT SV SV S SVS ST TV TV T TVT TT UV UV U UVU UT VV VV V VVV VT WV WV W WVW WT X~V X}V X X|VX XT Y{V YzV Y YyVY YT ZxV ZwV Z ZvVZ ZT [uV [tV [ [sV[ [T \rV \qV \ \pV\ \T ]oV ]nV ] ]mV] ]T ^lV ^kV ^ ^jV^ ^T _iV _hV _ _gV_ _TD lPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPP` a b c d e f g h i j k l m n o p q r s t u v w x y z { | } ~   `fV `eV ` `dV` `T acV abV a aaVa aT b`V b_V b b^Vb bT c]V c\V c c[Vc cT dZV dYV d dXVd dT eWV eVV e eUVe eT fTV fSV f fRVf fT gQV gPV g gOVg gT hNV hMV h hLVh hT iKV iJV i iIVi iT jHV jGV j jFVj jT kEV kDV k kCVk kT lBV lAV l l@Vl lT m?V m>V m m=Vm mT nU T =U @A ggD g2ɀ `oVCNCVC^CfCnDv!D~3DEDWDiD{DDFDNDVD^DfDnDvDD  dMbP?_*+%&?'?('}'}?)'}'}?M\\MBPS3\3M232A-HPS od,,LetterPRIV0''''X, \KhC%MSCXSMTJHHP Universal Printing PS (v5.2)HPDocUISUITrueESPRITSupportedTrueHPOrientationHPOrientationPortraitHPSmartDuplexSinglePageJobTrueHPSmartDuplexOddPageJobTrueHPOrientRotate180FalsePostScriptCustomPageSizeFalseDuplexNoneHPReverseOrderForFold_StitchTrueHPBestGlossDefaultInputSlot*UseFormTrayTableHPDuplicateJobNameOverrideSWFWPageSizeLETTERPageRegionLeadingEdgeMediaTypeAUTOHPMediaTypeTreeviewPopupTrueCollateFalseJCLHPPrintOnBothSidesManuallyFalseJCLEconomodeFalseOutputBinAutoStapleLocationNonePunchingNoneTextAsBlackFalseAlternateLetterHeadFalseJCLResolution600dpiJCLPrintQualityNoneJCLFastRes1bppHPConsumerCustomPaperTruePrintQualityGroupPQGroup_2JRHDInstalledJRHDOffHPNUseDiffFirstPageChoiceTrueHPPageExceptionsFileHPCPE112HPPageExceptionsInterfaceShowPageExceptionsHPPageExceptionsLowEndHPPageExceptionsLowEndVerHPPageExceptionsCoverInsertionHPEnableRAWSpoolingTrueHPDocPropResourceDataHPCabFileNameRGBColorNoCmdCMYKInksNoCmdJRConstraintsJRCHDFullHPColorSmartAutomaticHPColorSmart_ColorOptions_EdgeControlNoCmdHPColorSmart_ColorOptions_HalftoneNoCmdHPColorModeCOLOR_MODEHPColorSmart_Text_NeutralGraysNoCmdHPColorSmart_Text_HalftoneNoCmdHPColorSmart_Text_RGBColorNoCmdHPColorSmart_Graphics_NeutralGraysNoCmdHPColorSmart_Graphics_HalftoneNoCmdHPColorSmart_Graphics_RGBColorNoCmdHPColorSmart_Photo_NeutralGraysNoCmdHPColorSmart_Photo_HalftoneNoCmdHPColorSmart_Photo_RGBColorNoCmdHPPJLEncodingUTF8HPJobAccountingHPJOBACCT_JOBACNT_GROUPNAMEHPBornOnDateHPBODHPJobByJobOverrideJBJOHPJobAccWoPinTruePSAlignmentFileHPCLS112HPSmartHubInet_SID_263_BID_514_HID_265HPColorAsGrayFalseCNOutputNoneCNStapleNoneCNOffsetFalseCNPunchingNoneCNFoldingNoneIUPHxMkA e/.dk i6[,&4Io WTGxP0E}fKg7Q0,iYҙ? (+Z]a*&5eUX6l`P;^;DڏN: Dт?eZ i7+|fXjBUz^䚔GV'ܔ0sEFjx$ԖVv`v_TBzX"}?\kqAƉ;pF;u{^B^~,jN؁"oU6n"2}+ېO82ƿfF8RBVP2ʌšErr*M?d"{5X7l+j֜qsA+d,eJ[(ATXƒ+ғMeQ]iI϶Sxs%, /톐Ta0t)BT\_,ҙws܎SwgoTXKoO>WhB!B!$F')%oVx"d,, ` `? ` `?&`U} t} u} u} m)u} d} m } $! } # }  } I ho   m(        @               z z               (       y       (    y p        y p         y p          p         p        y  p        y  p  ߏ    Ό   t  p  ߏ    Ό   t  p  ߏ    Ό   t  p  ߏ    Ό   t p  ߏ    Ό   t p  ߏ  ޏ   Ό    p  ߏ  ޏ   Ό   y p  ߏ  ޏ  ݏ  Ό ܏ ۏ y ~  ڏ  ُ  ؏  ׏ ֏ Տ ~    ԏ  ӏ ҏ t ~  я  Џ  Ϗ  Ώ ͏ ̏ ~   ˏ  ʏ  ɏ ȏ 6 Nj~     Ǐ Ə t Nj~   ŏ   ď Ï  ~        Nj~        Nj~        Nj~       y ~  j      t Nj~       t Nj~       t ~     D@lzzzzzzzzzzzzzzzzzzzzzzzzzzz ! " # $ % & ' ( ) * + , - . / 0 1 2 3 4 5 6 7 8 9 : ; < = > ?    t  ~     ! ! ! !!~ ! ! ! ! " " "t ""~ " " " " # # #t ##~ # # # # $ $ $t $Nj$~ $ $ $ $ % % %t %Nj%~ % % % % & & & &Nj&~ & & & & ' ' ' 'Nj'~ ' ' ' ' ( ( ( (Nj(~ ( ( ( ( ) ) ) )Nj)~ ) ) ) ) * * *t *Nj*~ * * * * + + +y +Nj+~ + + + + , , , ,Nj,~ , , , , - - - -Nj-~ - - - - . . . ..~ . .  . ~ . Ό /} /| /y //~ / / g / { / 0z 0y 0t 00~ 0 0 R 0 x 0 1w 1v 1t 11~ 1 1 g 1 s 1 2u 2t 2t 22~ 2 2 g 2 s 2 3r 3q 3t 33~ 3 3 3 p 3 4o 4n 4t 44~ 4 4 R 4 m 4 5l 5k 5 55~ 5 5 R 5 j 5 6i 6h 6t 66~ 6 6 g 6 f 6 7e 7d 7y 77~ 7 ` 7 R 7 c 7 8b 8a 8t 88~ 8 ` 8 R 8 _ 8 9^ 9] 9 99~ 9 9 9 \ 9 :[ :Z : ::~ : : : Y : ;X ;W ; ;;~ ; ; ; V ; <U <T <S << < < R <  < =Q =P =y == = O = N = M = >L >K >y >> > >  > J > ?I ?H ?y ?? ? ?  ? G ? Dlzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz@ A B C D E F G H I J K L M N O P Q R S T U V W X Y Z [ \ ] ^ _  @F @E @y @Nj@ @ @  @ @ AD AC A? AA A A > A B A BA B@ B? BB B B > B = B C< C; C: CC C C 9 C 1 C D8 D7 D6 DD D D 2 D 1 D E5 E4 E3 EE E E 2 E 1 E F0 F/ Fy FF F F F . F G- G, G+ GG G * G ) G ( G H' H& Ht HH H H % H $ H I# I" I! II I I I  I J J J JNjJ J J  J J K K K KK K  K ڌ K  K L L Ly LL L L ֌ L  L Ό M M My MM M M ֌ M  M Ό N N Ny NN N N ֌ N  N Ό O O Oy OO O O ֌ O O Ό P P Py PNjP P P ֌ P P Ό Q Q Qy QNjQ Q Q ֌ Q Q Ό R R Ry RR R R R  R Ό S S S SS S S S  S T T T TT T T T T U U U UUp U U | U U V V V VV V V | V V W W W WW W W | W W X X X XX X X | X X Y Y Y YY Y Y | Y Y Z Z Z ZZ Z Z | Z Z [ [ [ [[ [ [ | [ [ \ \ \ \Nj\ \ \ \ \ ] ] ]t ]Nj] ] ] ] ] ^ ^ ^t ^Nj^ ^ ^ ^ ^ _ _ _t _Nj_ _ _ _ _ Dlzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz` a b c d e f g h i j k l m n o p q r s t u v w x y z { | } ~   ` ` `y `Nj` ` ` ` ` a aߎ ay aNja a a a a bގ bݎ by bb b b u b ܎ b cێ cڎ ct cc c c u c َ c d؎ d׎ dt dd d d u d ֎ d eՎ eԎ et ee e e e ӎ e fҎ fю fy fNjf f f Ў f f j gώ gΎ gy gNjg g g g g h͎ h̎ ht hh h h ˎ h ʎ h iɎ iȎ i iNji i ǎ i Ď i i jƎ jŎ j jj j j Ď j j kÎ kŽ ky kk k k k k l l l ll l l l l m m my mNjm m m m m n n nt nNjn n n n n o o ot oNjo o o o o p p pt pNjp p p p p q q qy qNjq q q ؋ q q r r ry rNjr r r ؋ r r s s s ss~ s s s s t t t tt~ t t t t u u u uu~ u u u u v v v vvp v v v v w w w wwp w w w w x x x xxp x x x x y y y yyp y y y y z z z zzp z z z z { { {t {Nj{p { { { { | | | ||p | | | | } } } }}p } } | } } ~ ~ ~y ~~p ~ ~ ~ ~   y p   |   Dlzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz                                   y p        Njp   |   ~ }  Njp   |   { z y p   u  x  w v t Njp   u   t s y p   n  r  q p o Njp   n   m l y Njp   k   j i h g p   1  f  e d y p   1  c  b a y p   1  Z  ` _ y p   1  Z  ^ ] y p   1  Z  \ [ y p   1  Z  Y X t p   1  W  V U t p   1  T  S R t p   1    Q P t p   1    O N t p   1    M L t p   1    K J t p   1    I H t p   1    G F t p   1    E D t p   1    C B y Njp   1   A @ t p   1  0  ? > t p   1  0  = < t p   1  0  ; : t p   1  0  9 8 t p   1  0  7 6 t p   1  0  5 4 t p   1  0  Dlzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz                                 3 2 t p   1  0  / . - p    ,  + *  p    )  ( ' & p   %  $  # " ! p        p         p         p         p         p         p        p        t p        y p       t p       t p       t p       t p        p       y p       ڍ p       y p       ڍ p        p       ڍ p     ߍ ލ ڍ p    ݍ  ܍ ۍ ڍ p    ٍ  ؍ ׍ y p    ֍  Ս ԍ y p    Ӎ  ҍ э Ѝ p    ύ  ΍ ͍ ̍ p    ˍ  ʍ ɍ ȍ p    Ǎ  Dlzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz                                 ƍ ō y p    č  Í   p        p        p        p       t p       t p       t p        p       t p       t p       t p       t p       t Njp       t p       t p       t p       t p        p        p       y p   S    ~  p   S  }  | { y p   S  z  y x y p   t  w  v u  Njp   t   s r t p   \  q  p o t p   \  n  m l t p   \  k  j i t p   \  h  g f t p   \  e  d c t p   \  b  a ` t p   \  _  Dlzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz                                 ^ ] t p   \  [  Z Y X > Wp   8   V U T y Njp   S   R Q P y Op   >  N  = M L y Bp   >  K  = J I  Bp   >  H  = G F E p   >   = D C y Bp   >  A  = @ ? y p   >   = < ; y Njp   '   : 9 y p   8  7  6 5 y Njp   '   4 3  p   7  2  1 0 y /p   .  -  , + y p   '  *  ) ( y p   '  &  % $ y #p  "  7  !     Njp      6   t p         t p         y p         y Ջp        y p   ڌ     y Njp        t Njp        t Njp        t Njp        y Njp        p        p        p       y Njp     Dlzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz                       d@     T@            y p   ڌ   Ό   y Njp     Ό  ߌ y p   ތ  ݌  Ό ܌ ی y p   ڌ  ٌ  Ό ، ׌ y Njp   ֌   Ό Ռ Ԍ y p   Ќ  ӌ  Ό Ҍ ь y p   Ќ  ό  Ό ͌ ̌  Njp   Ō   > ˌ ʌ  p   Ō  Č  > Ɍ Ȍ  Nj p   Ō   > nj ƌ   p   Ō  Č  > Ì Œ  Nj p        Nj p        Nj p     6    p        Njp        Njp       t p       t Njp       t Njp       t p       t Ջp        Njp   U   6   B Njp   ?   6   B Njp   ?   6   B Njp   ?   6   B Njp   ?   6    Njp   ?   6    Njp   ?   6    Njp   ?   6    Njp   ?   6   B Njp   ?   6Dlzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz  ! " # $ % & ' ( ) * + , - . / 0 1 2 3 4 5 6 7 8 9 : ; < = > ?     Nj p   ?   6 ! ! !y !Nj!p ! ! U ! ! 6 " " " "Nj"p " " U " " 6 # # #B #Nj#p # # ? # # 6 $ $ $B $Nj$p $ $ ? $ $ 6 % % %B %Nj%p % % ? % % 6 & &~ &B &Nj&p & & ? & & 6 '} '| ' 'Nj'p ' ' ? ' ' 6 ({ (z ( (Nj(p ( ( ? ( ( 6 )y )x ) )Nj)p ) ) ? ) ) 6 *w *v * *Nj*p * * ? * * 6 +u +t +B +Nj+p + + ? + + 6 ,s ,r , ,Nj,p , , ? , , 6 -q -p -y -Nj-p - - U - - 6 .o .n . .Nj.p . . U . . 6 /m /l /B /Nj/p / / ? / / 6 0k 0j 0B 0Nj0p 0 0 ? 0 0 6 1i 1h 1B 1Nj1p 1 1 ? 1 1 6 2g 2f 2B 2Nj2p 2 2 ? 2 2 6 3e 3d 3 3Nj3p 3 3 ? 3 3 6 4c 4b 4 4Nj4p 4 4 ? 4 4 6 5a 5` 5 5Nj5p 5 5 ? 5 5 6 6_ 6^ 6 6Nj6p 6 6 ? 6 6 6 7] 7\ 7B 7Nj7p 7 7 ? 7 7 6 8[ 8Z 8 8Nj8p 8 8 ? 8 8 6 9Y 9X 9y 9Nj9p 9 9 U 9 9 6 :W :V : :Nj:p : : U : : > ;T ;S ;B ;Nj;p ; ; ? ; ; > <R <Q <B <Nj<p < < ? < < > =P =O =B =Nj=p = = ? = = > >N >M >B >Nj>p > > ? > > > ?L ?K ? ?Nj?p ? ? ? ? ? >Dlzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz@ A B C D E F G H I J K L M N O P Q R S T U V W X Y Z [ \ ] ^ _  @J @I @ @Nj@p @ @ ? @ @ > AH AG A ANjAp A A ? A A > BF BE B BNjBp B B ? B B > CD CC CB CNjCp C C ? C C > DA D@ D DNjDp D D ? D D > E= E< Ey ENjEp E E 7 E ; E F: F9 F8 FNjFp F F 7 F F 6 G5 G4 G3 GNjGp G G - G G H2 H1 H HNjHp H H - H H I0 I/ I. INjIp I I - I I J, J+ Jy JJp J J * J ) J K( K' Ky KKp K K # K & K L% L$ Ly LLp L L # L " L M! M M MMp M M  M  M N N Ny NNp N  N  N  N O O Oy OOp O O  O  O P P Pt PNjPp P P P P Q Q Qt QQp Q Q Q  Q R R Rt RRp R R R R S S Sy SNjSp S S S S T T T TNjTp T T  T  T U U U UUp U U U U V V V VVp V V V V W W Wy WWp W W ؋ W W X X Xy XXp X X X X Y Y Yy YYp Y Y Y Y Z Z Z ZZp Z Z Z Z [ [ [ [[p [ [ ދ [ [ \ \ \ \\p \ \ \ \ ] ]ߋ ]y ]Nj]p ] ] ދ ] ] ^݋ ^܋ ^ ^^p ^ ^ ۋ ^ ^ _ڋ _ً _y __p _ _ ؋ _ _ Dlzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz` a b c d e f g h i j k l ,m ,n ,o ,p,q,r,s,t,u,v,w,x,y,z,{,|,},~,, `׋ `֋ `y `Ջ`p ` ` ` ԋ ` aӋ aҋ aы aNjap a a Ћ a a bϋ b΋ bt bNjbp b b Ƌ b b c͋ c̋ ct cNjcp c c Ƌ c c dˋ dʋ dt dNjdp d d Ƌ d d eɋ eȋ et eNjep e e Ƌ e e fŋ fċ ft f f f f Ë f g‹ g gt g g g g g h h ht h h h h h i i it i i i i i j j jt j j j j j k k k k k k k k ll mm nn oo pp qq rr ss tt uu vv ww xx yy zz {{ || }} ~~  D, lzzzzzzpppppp,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,                              Dl,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Dl,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Dl,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Dl,,,,,,,,, , , , , ,,,,,,,,,,,,,,,,,,,     Dl ,!,",#,$,%,&,',(,),*,+,,,-,.,/,0,1,2,3,4,5,6,7,8,9,:,;,<,=,>,?, !"#$%&'()*+,-./0123456789:;<=>?Dl@,A,B,C,D,E,F,G,H,I,J,K,L,M,N,O,P,Q,R,S,T,U,V,W,X,Y,Z,[,\,],^,_,@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_Dl`,a,b,c,d,e,f,g,h,i,j,k,l,m,n,`abcdefghijklmn":>@dA  I ggD g2ɀ L{DDDDEE$Ek3EAEwPEXE^E+eEskEqErE  dMbP?_*+%&?'?('}'}?)'}'}?Mb\\mbps1\1S147A-HPS odXXLetterPRIV0'''' \KhCN 7SMTJHP LaserJet 9050 PSESPRITSupportedTrueHPOrientationHPOrientationPortraitHPOrientRotate180FalsePostScriptCustomPageSizeFalseHPConsumerCustomPaperPSCustomHPSmartDuplexSinglePageJobTrueHPSmartDuplexOddPageJobTrueDuplexDuplexNoTumbleHPDuplicateJobNameOverrideSWFWPageSizeLETTERPageRegionLeadingEdgeInputSlot*UseFormTrayTableMediaTypeAutoHPNUseDiffFirstPageChoiceTrueHPPageExceptionsFileHPCPE5r1HPPageExceptionsInterfaceShowPageExceptionsHPPageExceptionsLowEndHPPageExceptionsLowEndVerHPPageExceptionsCoverInsertionHPMediaTypeDuplexConstraintsEXTRA_HEAVYHPDocUISUITruePSAlignmentFileHPCLS5r1PSServices_DeviceandSuppliesStatusTRUEHPSmartHub_OnlinediagnostictoolsTRUEHPSmartHub_SupportandtroubleshootingTRUEHPSmartHub_ProductmanualsTRUEHPSmartHub_CheckfordriverupdatesTRUEPSServicesOptionPrnStat_SID_242_BID_270_HID_15521HPSmartHubInet_SID_263_BID_276_HID_265JCLOptimizeForPLAINCollateFalseOutputBinAutoStapleLocationNoneAlternateLetterHeadFalseHPPaperSizeALMConstraintsENV_10TextAsBlackFalseHPEnableRAWSpoolingTrueHPDocPropResourceDataHPCabFileNameJCLEconomodeFalseJCLResolution600dpiJCLFastResTrueJCLHPPrintOnBothSidesManuallyFalseHPEdgeToEdgeTrueHPPJLEncodingUTF8HPJobAccountingHPJOBACCT_JOBACNTPrintQualityGroupPQGroup_1HPBornOnDateHPBODHPJobByJobOverrideJBJOHPColorModeMONOCHROME_MODEHPXMLFileUsedhpc9050s.xmlHPSendPJLUsageCmdCURIJRConstraintsJRCHDPartialJRHDInstalledJRHDOffJRHDNotInstalledJRHDOffHPJobAccWoPinTrueIUPHxoAǿ 1&M ,0,?V#B Bpă1 'x?/v y{ٙ=^I_>ݳGا[液v!JuWGpr}C_qzy2 N ?2 N j P @2 k    M 9 N B2 N C2 N l P D2 k    M 9 N F2 N G2 N l P H2 k    M 9 N  N N J2l P K2 k    M 9 N M2 N N2 N O2l P P2 k    M 9 N R2 N N2 N 9l P T2 k    M 9 N Y2 N Z2 N l P [2 k    M 9 N ]2 N ^2 N s5l P [2 k    M 9 N a2 N b2 N !9l P d2 k    M "9 N f2 N b2 N #9l P h2 k    M $9 N j2 N b2 N !9l P l2 k    M %9 N n2 N b2 N l  P o2 k    M &9 N q2 N b2 N r2l P s2 k    M '9 N u2 N v2 N w2l P x2 k    M (9 N z2 N v2 N w2l P |2 k    M )9 N ~2 N 2 N l P 2 k    M *9 N 2 N 2 N l P 2 k   D l````````````````````````V```` "@! "@" @# @$ @% @& @' @( @) /@* /@+ (@, "@- @. @/ "@0 @1 @2 (@3 @4 @5 @6 @7 @8 @9 @: @; @< @= @> @? @ M +9 N 2 N 2 N  l P 2 k    !M ,9 !N 2 !N { !N -9!l !P 2 !k    "M .9 "N 2 "N "N %"l "P 2 "k    #M /9 #N 2 #N #N 09#l #P 2 #k    $M 19 $N 2 $N 2 $N $l $P 2 $k    %M 29 %N 2 %N 2 %N 2%l %P 2 %k    &M 39 &N 2 &N 2 &N 2&l &P 2 &k    'M 49 'N 2 'N 2 'N 2'l 'P 2 'k    (M 59 (N 2 (N 2 (N 2(l (P 2 (k    )M 69 )N 2 )N v2 )N 2)l )P 2 )k    *M 79 *N 2 *N v2 *N 2*l *P 2 *k    +M 89 +N 2 +N v2 +N 2+l +P 2 +k    ,M 99 ,N 2 ,N 2 ,N 2,l ,P 2 ,k    -M :9 -N 2 -N  -N -l -P 2 -k    .M ;9 .N 2 .N  .N <9.l .P 2 .k    /M =9 /N 2 /N 2 /N 2/l /P 2 /k    0M >9 0N 2 0N  0N 20l 0P 2 0k    1M ?9 1N  1N 1N 21l 1P 2 1k    2M @9 2N 2 2N 2 2N A92l P k    3M B9 3N 2 3N C9 3N D93l 3P 2 3k    4M E9 4N  4N 4N 24l 4P 2 4k    5M F9 5N 2 5N 5N G95l 5P 2 5k    6M H9 6N 2 6N 6N G96l 6P 2 6k    7M I9 7N 2 7N 7N G97l 7P 2 7k    8M J9 8N 2 8N 8N G98l 8P 2 8k    9M K9 9N 2 9N 9N G99l 9P 2 9k    :M L9 :N 3 :N :N G9:l :P 3 :k    ;M M9 ;N 3 ;N ;N G9;l ;P 3 ;k    <M N9 <N 3 <N <N G9<l <P 3 <k    =M O9 =N 3 =N =N G9=l =P 3 =k    >M P9 >N 3 >N >N G9>m >P 3 >k    ?M Q9 ?N 3 ?N ?N G9?m ?P 3 ?k   Dll``````````````````L````````````@ @A @B @C @D @E @F @G @H @I @J @K @L @M @N @O @P @Q @R @S @T @U @V "@W @X @Y @Z @[ @\ "@] "@^ "@_ @ @M R9 @N 3 @N @N G9@m @P 3 @k    AM S9 AN 3 AN AN G9Am AP 3 Ak    BM T9 BN 3 BN BN G9Bm BP 3 Bk    CM U9 CM 1CN N m P k    DM V9 DN 3 DN DN G9Dm DP 3 Dk    EM W9 EN 3 EN EN G9Em EP 3 Ek    FM X9 FN "3 FN FN G9Fm FP #3 Fk    GM Y9 GN (3 GN GN G9Gm GP )3 Gk    HM Z9 HN +3 HN HN G9Hm HP ,3 Hk    IM [9 IN .3 IN IN G9Im IP /3 Ik    JM \9 JN 13 JN JN G9Jn JP 23 Jk    KM ]9 KN 43 KN KN G9Kn KP 53 Kk    LM ^9 LN :3 LN LN G9Ln LP ;3 Lk    MM _9 MN =3 MN MN G9Mn MP >3 Mk    NM `9 NN @3 NN NN G9Nn NP A3 Nk    OM a9 ON C3 ON ON G9On OP D3 Ok    PM b9 PN F3 PN PN G9Pn PP G3 Pk    QM c9 QM 1QN N n P k    RM d9 RN L3 RN RN G9Rn RP M3 Rk    SM e9 SM 1SN N n P k    TM f9 TN P3 TN TN G9Tn TP Q3 Tk    UM g9 UN S3 UN UN G9Un UP T3 Uk    VM h9 VN V3 VN t VN Vn VP W3 Vk    WM i9 WN b3 WN WN 2Wn WP c3 Wk    XM j9 XN e3 XN XN 2Xn XP c3 Xk    YM k9 YN g3 YN YN 2Yn YP c3 Yk    ZM l9 ZN i3 ZN ZN 2Zn ZP c3 Zk    [M m9 [N q3 [N r3 [N 7[n [P t3 [k    \M n9 \N v3 \N \N \n \P w3 \k    ]M o9 ]N  ]N ]N p]n ]P y3 ]k    ^M p9 ^N q9 ^N ^N p^n ^P y3 ^k    _M r9 _N {3 _N _N 7_n _P |3 _k   D l```4`````````````4`4```````````` @a @b @c "@d (@e @f @g @h @i @j @k "@l "@m @n @o "@p @q @r "@s @t u v w x y @z @{ @| "@} @~ @ @ `M s9 `N ~3 `N t `N 3`n `P 3 `k    aM t9 aN 3 aN aN 3am aP 3 ak    bM u9 bN 3 bN 3 bN 3bm bP 3 bk    cM v9 cN 3 cN } cN cm cP 3 ck    dM w9 dN 3 dN } dN dm dP 3 dk    eM x9 eN 3 eN 3 eN 3em eP 3 ek    fM y9 fN 3 fN 3 fN 3fm fP 3 fk    gM z9 gN 3 gN 3 gN 3gm gP 3 gk    hM {9 hN 3 hN 3 hN |9hm hP 3 hk    iM }9 iN 3 iN 3 iN 3im iP 3 ik    jM ~9 jN 3 jN jN r2jm jP 3 jk    kM 9 kN 3 kN 3 kN 3km kP 3 kk    lM 9 lN 3 lN 3 lN 3lm lP 3 lk    mM 9 mN 3 mN mN g2mm mP 3 mk    nM 9 nN 3 nN nN 3nm nP 3 nk    oM 9 oN 3 oN 3 oN 3om oP 3 ok    pM 9 pN 3 pN S2 pN 3pm pP 3 pk    qM 9 qN 3 qN  qN 3ql qP 3 qk    rM 9 rN 3 rN 3 rN 3rl rP 3 rk    sM 9 sN 3 sN sN psl sP 3 sk    tM 9 tN 3 tN tN %tj tP 3 t    uM 9 uN 3 uN uN %uj uP 3 u    vM 9 vN 3 vN vN %vj vP 3 v    wM 9 wN 3 wN wN %wj wP 3 w    xM 9 xN 3 xN xN %xj xP 3 x    yM 9 yN 3 yN yN %yj yP 3 yo    zM 9 zN 3 zN zN %zj zP 4 zo    {M 9 {N 4 {N {N %{j {P 4 {o    |M 9 |N 4 |N |N %|j |P 4 |o    }M 9 }N 4 }N }N %}j }P 4 }o    ~M 9 ~N 4 ~N ~N %~j ~P 4 ~o    M 9 N 4 N N %j P 4 o   Dl``````````````````````````````` (@ (@ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ M 9 N 4 N N %j P 4 o    M 9 N 4 N N %j P 4 o    M 9 N 4 N N %j P 4 o    M 9 N 4 N N %j P 4 o    M 9 N 4 N N %j P 4 o    M 9 N 4 N 2 N 2j P !4 o    M 9 N #4 N N %j P $4 o    M 9 N &4 N N %j P '4 o    M 9 N )4 N N %j P *4 o    M 9 N ,4 N N %j P -4 o    M 9 N /4 N N %j P 04 o    M 9 N 24 N 2 N 2j P 34 o    M 9 N 54 N N %j P 64 o    M 9 N 84 N N %j P 94 o    M 9 N ;4 N N %j P <4 o    M 9 N >4 N N %j P ?4 o    M 9 N A4 N N %j P B4 o    M 9 N D4 N 2 N 2j P E4 o    M 9 N G4 N N %j P H4 o    M 9 N J4 N N %j P K4 o    M 9 N M4 N N %j P N4 o    M 9 N P4 N N %j P Q4 o    M 9 N S4 N N %j P T4 o    M 9 N Y4 N N %j P Z4 o    M 9 N \4 N N %j P ]4 o    M 9 N _4 N N %j P `4 o    M 9 N b4 N N %j P c4 o    M 9 N e4 N N %j P f4 o    M 9 N h4 N N %j P i4 o    M 9 N k4 N N %j P l4 o    M 9 N t4 N 2 N 2j P u4 o    M 9 N w4 N N %j P x4 o   Dl``````````````````````````````` @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ M 9 N z4 N N %j P {4 o    M 9 N }4 N N %j P ~4 o    M 9 N 9 N N %j P 4 o    M 9 N 4 N N %j P 4 o    M 9 N 4 N N %j P 4 o    M 9 N 4 N N %j P 4 o    M 9 N 4 N N %j P 4 o    M 9 N 4 N N %j P 4 o    M 9 N 4 N N %j P 4 o    M 9 N 4 N N %j P 4 o    M 9 N 4 N N %j P 4 o    M 9 N 4 N N %j P 4 o    M 9 N 4 N 2 N 2j P 4 o    M 9 N 4 N N %j P 4 o    M 9 N 4 N N %j P 4 o    M 9 N 4 N N %j P 4 o    M 9 N 4 N N %j P 4 o    M 9 N 4 N N %j P 4 o    M 9 M 1N N j P o    M 9 N 9 N N %j P 4 o    M 9 M 1N N j P o    M 9 N 4 N N %j P 4 o    M 9 N 4 N N %j P 4 o    M 9 N 4 N N %j P 4 o    M 9 N 4 N N %j P 4 o    M 9 N 4 N N %j P 4 o    M 9 N 4 N N %j P 4 o    M 9 N 4 N N %j P 4 o    M 9 N 4 N N %j P 4 o    M 9 N 4 N N %j P 4 o    M 9 N 4 N N %j P 4 o    M 9 N 4 N N %j P 4 o   D(l``````````````````4`4`````````` @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ (@ /@ =@ /@ "@ @ @ "@ M 9 N 4 N N %j P 4 o    M 9 N 4 N N %j P 4 o    M 9 N 4 N N %j P 4 o    M 9 N 4 N N %j P 4 o    M 9 N 9 N 4 N j P 9 o    M 9 N 9 N 4 N _2j P 9 o    M 9 N 9 N 4 N j P 9 o    M 9 N 9 N 4 N _2j P 9 o    M 9 N 9 N 4 N j P 9 o    M 9 N 9 N 4 N _2j P 9 o    M 9 N 9 N 4 N j P #5 o    M 9 N 9 N 4 N _2j P #5 o    M 9 N '5 N 4 N j P (5 o    M 9 N 9 N 4 N _2j P (5 o    M 9 N <5 N 4 N j P =5 o    M 9 N ?5 N 4 N _2j P =5 o    M 9 N C5 N 4 N j P D5 o    M 9 N F5 N 4 N _2j P D5 o    M 9 M 1N N j P o    M 9 M 1N N j P o    M 9 N u5 N 4 N j P v5 o    M 9 N x5 N 4 N _2j P v5 o    M 9 N z5 N 4 N j P {5 o    M 9 N }5 N 4 N _2j P {5 o    M 9 N 5 N 5 N 5j P 5 o    M 9 N 5 N 5 N 5j P 5 o    M 9 N 9 N 5 N 5j P 5 o    M 9 N 9 N 5 N 5j P 5 o    M : N : N 6 N 5j P : o    M : N 5 N  N 5j P 5 o    M : N 5 N  N 5j P 5 o    M : N : N 6 N j P : o   D(l``````````````````44``````````` @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ M : N 5 N N %j P 5 o    M : N : N N %j P : o    M : N : N 4 N j P : o    M : N : N 4 N _2j P : o    M : N : N N %j P : o    M : N : N N %j P : o    M : N : N N %j P : o    M : N : N N %j P : o    M : N : N N %j P : o    M : N : N N %j P : o    M !: N ": N N %j P #: o    M $: M %:N N j P o    S &: N 5 N 4 N j P 5 o    S ': N 5 N 4 N j P 5 o    M (: N 5 N 4 N j P 5 o    M ): N *: N 4 N j P : o    M +: N ,: N 4 N j P : o    M -: N .: N 4 N j P : o    M /: N 0: N 4 N j P : o    M 1: N 2: N 4 N j P : o    M 3: N 4: N 4 N j P : o    M 5: N 6: N 4 N j P #: o    M 7: M 8:N N j P o    S 9: N 5 N 4 N j P 5 o    S :: N 5 N 4 N j P 5 o    S ;: N 5 N 4 N j P 5 o    M <: N =: N 4 N _2j P : o    M >: N ?: N 4 N _2j P : o    M @: N A: N 4 N _2j P : o    M B: N C: N 4 N _2j P : o    M D: N E: N 4 N _2j P : o    M F: N G: N 4 N _2j P : o   D(l```````````4``````````4```````` @ @ @ @ @ (@ "@ @ @  "@  @  "@  @  @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ M H: N I: N 4 N _2j P #: o    M J: M K:N N j P o    S L: N 5 N 4 N j P 5 o    M M: N 5 N 4 N j P 5 o    S N: N 5 N 4 N j P 5 o    M O: N P: N 06 N Q:j P R: o    M S: N 6 N 6 N 5j P T: o    M U: N V: N N j P W: o    M X: N Y: N Z: N [:j P \: o    M ]: N ^: N _: N `: j P a: o    M b: N c: N d: N S2 j P e: o    G f: N g: N h: N `: j P i: o    M j: N k: N l: N p j P m: o    M n: N o: N N p: j P q: o    M r: N s: N N j P t: o    M u: N v: N w: N x:j P y: o    M z: N {: N { N |:j P y: o    M }: N ~: N N |:j P : o    M : N : N N |:j P : o    M : N : N N |:j P : o    M : N : N N j P : o    M : N : N : N j P : o    M : N : N : N j P : o    M : N : N : N j P : o    M : N : N : N j P : o    M : N : N N :j P : o    M : N : N J6 N :j P : o    M : N : N J6 N :j P : o    M : N \6 N J6 N :j P : o    M : N `6 N J6 N :j P : o    M : N : N J6 N :j P : o    M : N g6 N J6 N S2j P : o   DTl`4`````````````````````````````  "@! (@" "@# "@$ @% @& @' %@( %@) %@* %@+ %@, %@- %@. %@/ %@0 %@1 %@2 %@3 %@4 %@5 %@6 %@7 %@8 %@9 %@: %@; %@< %@= %@> %@? %@ M : N : N J6 N : j P : o    !M : !N j6 !N J6 !N :!j !P : !o    "M : "N : "N J6 "N :"j "P : "o    #M : #N : #N J6 #N :#j #P : #o    $M : $N : $N J6 $N :$j $P : $o    %M : %N : %N J6 %N :%j %P : %o    &M : &N 7 &N &2 &N 7&j &P (2 &o   'b c c c p d o   (b c c c p d o   )b c c c p d o   *b c c c p d o   +b c c c p d o   ,b c c c p d o   -b c c c p d o   .b c c c p d o   /b c c c p d o   0b c c c p d o   1b c c c p d o   2b c c c p d o   3b c c c p d o   4b c c c p d o   5b c c c p d o   6b c c c p d o   7b c c c p d o   8b c c c p d o   9    p d o   :    p d o   ;    p d o   <    p d o   =    p d o   >    p d o   ?    p d o   Dl```````@ %@A %@B %@C %@D %@E %@F %@G %@H %@I %@J %@K %@L %@M %@N %@O %@P %@Q %@R %@S %@T %@U %@V %@W %@X %@Y %@Z %@[ %@\ %@] %@^ %@_ %@@    p d o   A    p d o   B    p d o   C    p d o   D    p d o   E    p d o   F    p d o   G    p d o   H    p d o   I    p d o   J    p d o   K    p d o   L    p d o   M    p d o   N    p d o   O    p d o   P    p d o   Q    p d o   R    p d o   S    p d o   T    p d o   U    p d o   V    p d o   W    p d o   X    p d o   Y    p d o   Z    p d o   [    p d o   \    p d o   ]    p d o   ^    p d o   _    p d o   Dl` %@a %@b %@c %@d %@e %@f %@g %@h %@i %@j %@k %@l %@m %@n %@o %@p %@q %@r %@s %@t %@u %@v %@w %@x %@y %@z %@{ %@| %@} %@~ %@ %@`    p d o   a    p d o   b    p d o   c    p d o   d    p d o   e    p d o   f    p d o   g    p d o   h    p d o   i    p d o   j    p d o   k    p d o   l    p d o   m    p d o   n    p d o   o    p d o   p    p d o   q    p d o   r    p d o   s    p d o   t    p d o   u    p d o   v    p d o   w    p d o   x    p d o   y    p d o   z    p d o   {    p d o   |    p d o   }    p d o   ~    p d o       p d o   Dl %@ %@ %@ %@ %@ %@ %@ %@ %@ %@ %@ %@ %@ %@ %@ %@ %@ %@ %@ %@ %@ %@ %@ %@ %@ %@ %@ %@ %@ %@ %@ %@    p d o       p d o       p d o       p d o       p d o       p d o       p d o       p d o       p d o       p d o       p d o       p d o       p d o       p d o       p d o       p d o       p d o       p d o       p d o       p d o       p d o       p d o       p d o       p d o       p d o       p d o       p d o       p d o       p d o       p d o       p d o       p d o   Dl %@ %@ %@ %@ %@ %@ %@ %@ %@ %@ %@ %@ %@ %@ %@ %@ %@ %@ %@ %@ %@ %@ %@ %@ %@ %@ %@ %@ %@ %@ %@ %@    p d o       p d o       p d o       p d o       p d o       p d o       p d o       p d o       p d o       p d o       p d o       p d o       p d o       p d o       p d o       p d o       p d o       p d o       p d o       p d o       p d o       p d o       p d o       p d o       p d o       p d o       p d o       p d o       p d o       p d o       p d o       p d o   Dl %@ %@ %@ %@ %@    p d o       p d o       p d o       p d o       p d o   P>@  A I ggD g2ɀ d EFEnEDE&EEREE2F2F,F9FtGFUF^`FffFnlFvrF~xF~FF`F  dMbP?_*+%&?'?('}'}?)'}'}?M\\MBPS1\1S171A-HPS od,,LetterPRIV0''''X, \KhC%MSCXSMTJHHP Universal Printing PS (v5.2)HPDocUISUITrueESPRITSupportedTrueHPOrientationHPOrientationPortraitHPSmartDuplexSinglePageJobTrueHPSmartDuplexOddPageJobTrueHPOrientRotate180FalsePostScriptCustomPageSizeFalseDuplexDuplexNoTumbleHPReverseOrderForFold_StitchTrueHPBestGlossDefaultInputSlot*UseFormTrayTableHPDuplicateJobNameOverrideSWFWPageSizeLETTERPageRegionLeadingEdgeMediaTypeAUTOHPMediaTypeTreeviewPopupTrueCollateTrueJCLHPPrintOnBothSidesManuallyFalseJCLEconomodeFalseOutputBinAutoStapleLocationNonePunchingNoneTextAsBlackFalseAlternateLetterHeadFalseJCLResolution600dpiJCLPrintQualityNoneJCLFastRes1bppHPConsumerCustomPaperTruePrintQualityGroupPQGroup_2JRHDInstalledJRHDOffHPNUseDiffFirstPageChoiceTrueHPPageExceptionsFileHPCPE112HPPageExceptionsInterfaceShowPageExceptionsHPPageExceptionsLowEndHPPageExceptionsLowEndVerHPPageExceptionsCoverInsertionHPEnableRAWSpoolingTrueHPDocPropResourceDataHPCabFileNameRGBColorNoCmdCMYKInksNoCmdJRConstraintsJRCHDFullHPColorSmartAutomaticHPColorSmart_ColorOptions_EdgeControlNoCmdHPColorSmart_ColorOptions_HalftoneNoCmdHPColorModeCOLOR_MODEHPColorSmart_Text_NeutralGraysNoCmdHPColorSmart_Text_HalftoneNoCmdHPColorSmart_Text_RGBColorNoCmdHPColorSmart_Graphics_NeutralGraysNoCmdHPColorSmart_Graphics_HalftoneNoCmdHPColorSmart_Graphics_RGBColorNoCmdHPColorSmart_Photo_NeutralGraysNoCmdHPColorSmart_Photo_HalftoneNoCmdHPColorSmart_Photo_RGBColorNoCmdHPPJLEncodingUTF8HPJobAccountingHPJOBACCT_JOBACNT_GROUPNAMEHPBornOnDateHPBODHPJobByJobOverrideJBJOHPJobAccWoPinTruePSAlignmentFileHPCLS112HPSmartHubInet_SID_263_BID_514_HID_265HPColorAsGrayFalseCNOutputNoneCNStapleNoneCNOffsetFalseCNPunchingNoneCNFoldingNoneIUPHxn@;!$Tb ,\ĥE]Z)4QӒt.G`%O?ҀD3s+3ˉ ;s&ZVLL45#Jo#&脁/ uW9F*O֩,2?_/P=(F#3;7ՕL:2F|)puB8lqEUcS1}-bGyS+1SW'V͙ CG<ȚW5湧F,w* N;(G,# "z/0Ο*Q50 g C  G h i y g C  G j k l m C  G n o y p C  G q r y p C s G t u y p C s G v w y W p  C   G x y z {  C  G | } ~   C  G   l   C  G   y   C  G   y  C  G   y g C  G   y " C  G     C  G     C  G   }  C  G    % C  G     C  G   }  C  G   }  C  G    % C  G   }  C  G    % C  G     C  G    % C  G    % C & G   y % C  G    % C Dl lhh^^hhh^^^^^hhhhhhhhhhhhhhhh  ! " # $ % & ' ( ) * + , - . / 0 1 2 3 4 5 6 7 89 : ; < = > ?  G    %  C  !G  ! ! !! !C ! "G  " " "" "C " #G  # #@ ## #C # $G  $ $y $$ $C $ %G  % %y %% %C % &G  & &y && &C & 'G  ' 'y '' 'C ' (G  ( (y (( (C ( )G  ) )y )) )C ) *G  * * ** *C* * +G  + + ++ +C+ + ,G  , , ,, ,C, , -G  - - -- -C- -5 .G  . . .. .C. . /G  / / // /C/ / 0G  0 0 00 0C0 0 1G  1 1 11 1C1 1 2G  2 2 22 2C2 2 3G  3 3 3S3 3C 3S 3 4G  4  4 44 4C4 4 5G  5  5 55 5C5 5 6G  6 6 66 6C6 6 7G  7 7 v2 7 27 7C7 7 8G  8> T 8 8C8 8 9G  9  9 99 9C9 9 :G  : : :: :C: : ;G  ; ; ;%; ;C; ; <G  < < < <C< < =G  =1 = = =C= =3 >G  > > >> >C> >B ?G  ?  ? ?C? ?BDl^^^^^^^^^^hhhhhhhhhlhhhhRhhh^^h@ A B C D E F G H I J K L M N O P Q R S T U V WX Y Z [ \ ] ^_  @G  @  @ @C@ @B AG  A  A} AA ACA A BG  B B B%B BCB B CG  C C CC CC C DG  D D DD DCD D EG  E E EE ECE E FG  F F FF FC F GG  G G{ GG GC G HG  H H{ HH HC H IG  I! I{ I"I ICI I# JG $ J% J{ J"J JC J KG & K' KM K!9K KC K LG ( L) L* L+L LC L MG , M- M. M/M MC M NG 0 N1 N. N/N NC N OG 2 O3 O4 O/O OC O PG 5 P6 Py PgP PCP P QG 7 Q8 Ql QmQ QC Q RG 9 R: Ry RgR RCR R SG ; S< Sy SgS SCS S TG = T> Ty T?T TC T UG @ UA Uy UBU UC U VG C VD Vy VEV VCV VF WG G WH Wy WIW WC W XG J XK Xy XLX XC X YG M YN Yy YOY YC Y ZG P ZQ Zy ZRZ ZC Z [G S [T [y [U[ [C [ \G V \W \y \X\ \C \ ]G Y ]Z ]y ][] ]C ] ^G \ ^] ^y ^^^ ^C ^ _G _ _` _y _a_ _C _DlRhh^hh^^^h^^^^^^h^hh^^h^^^^^^^^` a b c d e f g h i j k l m n op q rstuv w x y z { | } ~   `G b `c `y `d` `C ` aG e af ay aga aC a bG h bi by bjb bC b cG k cl cy cmc cC c dG n do dy dpd dC d eG q er es ete eC e fG u fv fy ff fC f gG w gx gy gyg gC g hG z h{ hy hCh hC h iG | i} iy i2i iC i jG ~ j jy j2j jC j kG  k ky k2k kC k lG  l ly l2l lC l mG  m my m2m mC m nG  n n nn nC n oG  o oy oo oC o pG  p p pp pC p qG  q q qq qC q rG  r r rr rC r sG  s sy ss sC s tG  t ty tt tC t uG  u uy uu uC u vG  v vy vgv vCv v wG  w wy wgw wCw w xG  x xy xgx xCx x yG  y y yy yCy y zG  z z z%z zCz z {G  { {} {{ {C{ { |G  | | || |C | }G  } } }} }C} } ~G  ~ ~y ~~ ~C~ ~ G   y  C Dl^^^^^^^^^^^^^^^^^^^^^^hhhhhh^hh                                 G   y g C  G   y g C  G   y g C  G   l m C  G  2 l m C  G  X y g C Y G   l m C  G   y g C  G   y g C  G   y g C  G  2 l m C  G   y g C  G   l m C  G   y g C h G   l m C  G   y g C  G   y g C  G   y g C  G   y g C  G   y g C  G   y g C  G   y g C  G   y g D  G   y g D  G   y g D  G   y g D  G   y g D  G   y g D  G   y g D  G   y g D  G   y g D  G   y g D DDlhhh^^h^hhh^h^h^hhhhhhhhhhhhhhhh                                 G   y g  D  G   y g  D  G   y g  D  G   y g  D  G   y g  D  G    l m D  G      D  G     % D  G     D  G   }  D  G   }  D  G    % D  G     D  G   }  D  G     D  G   }  D  G   }  D  G  !   D  G " #  % D  G $ % }  D  G & '   D  G ( ) }  D  G * +  % D  G , -  % D  G . /  % D  G 0 1   D  G 2 3  % D  G 4 5 y g D  G 6 7 l m D  G 8 9 : ; D  G < = > ? D = G @ A B ? D DXlhhhhh^hhhhhhhhhhhhhhhhhhhhhh^^h                                 G C D y ? D  G E F y ? D  G G H y ? D  G I J y ? D  G K L y ? D  G M N y  D  G O P Q m D  G R W 2  D  G S T y g D  G U V y W  D  G X Y y Z !D  G [ \ y g "D  G ] ^ _ ` #D  G a b _ ` #D  G c d  ` $D  G e f g ` %D  G h i y ` &D  G j k y ` 'D  G l m y ` 'D  G n o y ` 'D  G p q y ` 'D  G r s y ` 'D  G t u y g (D  G v w  g (D  G x y y z )D  G { | y } *D  G ~  : } +D  G   y g ,D  G   y  -D  G   y g .D  G   l m /D  G   y  0D Dfl^^^^^^^Hh^^h^^^^^^^^^^h^^^^hhh^                                 G     1D  G     2D  G     3D  G     3D  G     3D  G     3D  G     3D  G     3D  G     3D  G   y  4D  G   y g 5D  G   :  6D  G     7D  G   l  8D  G   y  9D  G     :D  G   y g ;D  G   y  D  G    % ?D  G   }  @D  G    % ?D  G   }  @D  G   }  @D  G    % ?D  G     @D  G     AD  G     @D  G   }  @D  G     AD  G     BD Dl^^^^^^^^^^h^^^^^hhhhhhhhhhhhhhh                                      G   }  CD  G   y g DD  G   y g DD  G   y g DD  G   y g ED  G   y g FD  G     GD  G     GD  G     GD  G      GD  G      GD  G      GD  G   y g  HD  G   y g  HD  G   y p ID  G   y p ID  G   y p ID  G   y  JD  G   y  KD  G   y  LD  G   y g MD  G   l m ND  G     OD  G    % PD  G   }  OD  G    y   QD  G    y g RD  G   y  SD  G   y  TD  G   y  UD  G   y  VD  G   y g WD Dlhhhhhh^^^^^^^^^^^^^^h^hhh^h^^^^  ! " # $ % & ' ( ) * + , - . / 0 1 2 3 4 5 6 7 8 9 : ; < = > ?  G   l m  XD  !G  ! !l !m! !YD ! "G  " " " " "ZD " #G ! #"# # # #[D # $G # $$ $ $%$ $\D$ $ %G % %& % %%% %]D% % &G ' &( & &%& &^D& & 'G ) '*' '' '_D' ' (G + (, ( (%( (\D( ( )G - ). )y )g) )`D) ) *G / *0 *l *m* *aD * +G 1 +2 +3 +4+ +bD + ,G 5 ,6 ,3 ,4, ,bD , -G 7 -8 -3 -4- -bD - .G 9 .: .3 .4. .bD . /G ; /< /y /4/ /cD / 0G = 0> 0y 040 0dD 0 1G ? 1@ 1y 141 1dD 1 2G A 2B 2y 2g2 2eD2 2 3G C 3D 3y 3g3 3fD3 3E 4G F 4G 4l 4m4 4gD 4 5G H 5I 5y 5J5 5hD 5 6G K 6L 6M 6J6 6iD 6 7G N 7O 7y 7J7 7hD 7 8G P 8Q 8y 8J8 8hD 8 9G R 9S 9M 9J9 9iD 9 :G T :U :} :J: :jD : ;G V ;W ;y ;J; ;hD ; <G X <Y < <J< <jD < =G Z =[ =y =J= =kD = >G \ >] >y >J> >lD > ?G ^ ?_ ?y ?J? ?kD ?Dl^^^Zhhhdhh^^^^^^^^hh^^^^^^^^^^^@ A B C D E F G H I J K L M N O P Q R S T U V W X Y Z [ \ ] ^ _  @G ` @a @y @J@ @lD @ AG b Ac A: AJA AmD A BG d Be B: BJB BnD B CG f Cg C: CJC CmD C DG h Di D: DJD DmD D EG j Ek E: EJE EnD E FG l Fm F: FJF FnD F GG n Go G: GJG GmD G HG p Hq H: HJH HmD H IG r Is I: IJI ImD I JG t Ju J: JJJ JmD J KG v Kw Ky KgK KoDK K LG x Ly Ll LmL LpD L MT MT MT MT M MSM NT NT NT NT N NSN OT OT OT OT O OS PT PT P62 PT P PS QT QT Qy Qp Q QT RT RT Ry Rp R RT ST ST S2 Sp S ST TT TT T2 Tp T TT UT UT U2 Up U UTU VT VT V2 Vp V VT WT WT W2 Wp W WT XT XT Xl XT X XT YT YT YT YT Y YT ZT ZT ZT ZT Z ZT [T [T [T [T [ [T \T \T \y \p \ \T ]T ]T ]y ]p ] ]T ^T ^T ^y ^p ^ ^T _T _T _y _p _ _TD l^^^^^^^^^^^h^^^TTTTTT^TTTTTTTTT` a b c d e f g h i j k l m n o p q r s t u vwx y z { | } ~   `T `T `2 `p ` `T aT aT ay aT a aT bT bT by bT b bT cT cT cy cT c cT dT dT dy dT d dT eT eT ey eT e eT fT fT fy fT f fT gT gT gy gT g gT hT hT h} h h hT iT iT iT iT i iTi jT jT jS jS j jT kT kT kS kT k kT lT lT l?2 l l lT mT mT mT m m m~Tm n}T n|T n{T n n nzTn oyT oxT owT orT o ovTo puT ptT psT prT p pqTp qpT qoT qnT qmT q qlTq rkT rjT r riT r rcTr shT sgTs tfT teT t tdT t tcTt ubT uaT uy u\T u u[Tu v`T v_T vy v\T v v[T w^T w]T wy w\T w w[T xZT xYT xXT x% x xWT yVT yUT y yTT y yST zRT zQT zPT zz z zOT {NT {MT {y {CT { {LT |KT |JT |y |CT | |IT }HT }GT }y }CT } }FT ~ET ~DT ~y ~CT ~ ~BT AT @T y ?T  >TD8 lTTTTTTTTT^TTT^^^^^^2^^TTTTTTTTT                                =T @?@ V !V "V #V $V %V &V 'V (V )V *V +V ,V -V .V /V 0V 1V 2V 3V 4V 5V 6V 7V 8V 9V :V ;V <V =V >V ?V Dl@@A@B@C@D@E@F@G@H@I@J@K@L@M@N@O@P@Q@R@S@T@U@V@W@X@Y@Z@[@\@]@^@_@@V AV BV CV DV EV FV GV HV IV JV KV LV MV NV OV PV QV RV SV TV UV VV WV XV YV ZV [V \V ]V ^V _V Dl`@a@b@c@d@e@f@g@h@i@j@k@l@m@n@o@p@q@r@s@t@u@v@w@x@y@z@{@|@}@~@@`V aV bV cV dV eV fV gV hV iV jV kV lV mV nV oV pV qV rV sV tV uV vV wV xV yV zV {V |V }V ~V V Dl@@@V V V  (>@A ggD g2ɀ L_FFiFߩFQFFaFFFmFaFGG'Gy%G,G  dMbP?_*+%&?'?('}'}?)'}'}?"d,, ` `? ` `?&`U} a} c} c} 2c} v} $e} -w} w} I w  ` ` y "@ @ @ "@ @ @ @ @ "@ "@ (@ @ @"@(@"@"@(@@"@@@@@@@"@(@@ b2 c b2 i i i ix k2 iii n7 o2 o2 o2 q2 n7 o2 o2 o2 q2 n 7 o2 o2 o2 q2 n!7 o!2 o"2 o q#2 n"7 o%2 o&2 o'2 q(2 n#7 os ot o*2 q+2 n$7 o-2 ot o*2 q+2 n%7 n1 oo q n&7 o02 o12 o22 q32 n'7 o52 o62 o22 q32 n(7 o82 o92 o22 q32 n)7 o;2 o o22 q<2 n*7 o>2 o?2 o22 q@2 n+7 oB2 oC2 o22 qD2 n,7 oF2 oG2 o22 qH2 n-7 o o oJ2 qK2 n.7 oM2 oN2 oO2 qP2 n/7 oR2 oN2 oS2 qT2 n07 oV2 ow oS2 qW2 n17 oY2 oZ2 o q[2 n27 o]2 o^2 o_2 q[2 n37 oa2 ob2 oc2 qd2 n47 of2 ob2 og2 qh2 n57 oj2 ob2 ok2 ql2 n67 on2 ob2o qo2 n77 oq2 ob2 or2 qs2 n87 ou2 ov2 ow2 qx2 n97 oz2 ov2 o{2 q|2 n:7 o~2 o2 o q2D l`FFFFFFF4FFFFFFFFFFFFFFFFBFFF @!"@""@#@$@%@&@'@(@)@*/@+/@,(@-@."@/"@0@1@2"@3@4@5(@6@7@8"@9@:@;"@<(@="@>@?@ n;7 o2 o2 o q2 !n<7 !o2 !o2 !o !q2 "n=7 "o2 "o{ "o2 "q2 #n>7 #o2 #o #o% #q2 $n?7 $o2 $o$o $q2 %n@7 %o2 %o2 %o2 %q2 &nA7 &o2 &o2 &o2 &q2 'nB7 'o2 'o2 'o2 'q2 (nC7 (o2 (o2 (o2 (q2 )nD7 )o2 )o2 )o2 )q2 *nE7 *o2 *ov2 *o2 *q2 +nF7 +o2 +ov2 +o2 +q2 ,nG7 ,o2 ,ov2 ,o2 ,q2 -nH7 -o2 -o2 -o2 -q2 .nI7 .o2 .o2 .o2 .q2 /nJ7 /o2 /o2 /o2 /q2 0nK7 0o2 0o 0o 0q2 1nL7 1o2 1o 1o 1q2 2nM7 2o2 2o2 2o2 2q2 3nN7 3o2 3o 3o2 3q2 4nO7 4o 4o 4o2 4q2 5nP7 5o2 5o2 5oQ75q 6nR7 6o2 6o2 6oS2 6q2 7nS7 7o2 7o2 7oS2 7q2 8nT7 8o2 8o2 8oS2 8q2 9nU7 9o2 9o 9oS2 9q2 :nV7 :o2 :o2 :oS2 :q2 ;nW7 ;o2 ;o ;oS2 ;q2 <nX7 <o2 <o <oS2 <q2 =nY7 =o2 =o =oS2 =q2 >nZ7 >o2 >o >oS2 >q2 ?n[7 ?o2 ?o2 ?o2 ?q2D8 lFFFFBFFFFFFFFFFFFFFFFBFFFFFFFFF@@A@B@C@D@E@F@G@H@I@J@K@L@M@N@O@P@Q@R@S@T@U@V@W@X@Y@Z@[@\@]@^@_@ @n\7 @o @o @o2 @q2 An]7 Ao2 Ao Ao2 Aq2 Bn^7 Bo2 Bo Bo2 Bq2 Cn_7 Co2 Co Co2 Cq2 Dn`7 Do2 Do Do2 Dq2 Ena7 Eo2 Eo Eo2 Eq2 Fnb7 Fo3 Fo Fo2 Fq3 Gnc7 Go3 Go Go2 Gq3 Hnd7 Ho3 Ho Ho2 Hq3 Ine7 Io 3 Io Io2 Iq 3 Jnf7 Jo 3 Jo Jo2 Jq 3 Kng7 Ko3 Ko Ko2 Kq3 Lnh7 Lo3 Lo Lo2 Lq3 Mni7 Mo3 Mo Mo2 Mq3 Nnj7 No3 No No2 Nq3 Onk7 On1 OooOq Pnl7 Po3 Po Po2 Pq3 Qnm7 Qo3 Qo Qo2 Qq 3 Rnn7 Ro"3 Ro Ro2 Rq#3 Sno7 So%3 So SoS2 Sq&3 Tnp7 To(3 To To2 Tq)3 Unq7 Uo+3 Uo Uo2 Uq,3 Vnr7 Vo.3 Vo Vo2 Vq/3 Wns7 Wo13 Wo Wo2 Wq23 Xnt7 Xo43 Xo Xo2 Xq53 Ynu7 Yo73 Yo Yo2 Yq83 Znv7 Zo:3 Zo Zo2 Zq;3 [nw7 [o=3 [o [o2 [q>3 \nx7 \o@3 \o \o2 \qA3 ]ny7 ]oC3 ]o ]o2 ]qD3 ^nz7 ^oF3 ^o ^o2 ^qG3 _n{7 _oI3 _o _o2 _qJ3D. lFFFFFFFFFFFFFFF4FFFFFFFFFFFFFFF`@a@b@c@d"@e@f@g@h@i@j@k@l(@m/@n@o"@p"@q@r@s@t@u"@v(@w@x@y@z@{@|@}"@~"@@ `n|7 `oL3 `o `o2 `qM3 an}7 an1 aooaq bn~7 boP3 bo bo2 bqQ3 cn7 coS3 co co2 cqT3 dn7 doV3 dot do  dqW3 en7 eoY3 eo eoS2 eqZ3 fn7 fo\3 fo fo7 fq]3 gn7 go_3 go goS2 gq`3 hn7 hob3 ho ho2 hqc3 in7 ioe3 io io2 iqc3 jn7 jog3 jo jo2 jqc3 kn7 koi3 ko ko2 kqc3 ln7 lok3 lol3lo lqm3 mn7 mo7 mol3 moS2 mqm3 nn7 noq3 nor3 no7 nqt3 on7 oov3 oo oo oqw3 pn7 po po pop pqy3 qn7 qo{3 qo qo7 qq|3 rn7 ro~3 rot ro3 rq3 sn7 so3 so so3 sq3 tn7 to3 to3 to3 tq3 un7 uo3 uo} uo uq3 vn7 vo3 vo} vo vq3 wn7 wo3 wo3 wo3 wq3 xn7 xo3 xo3 xo3 xq3 yn7 yo3 yo3 yo3 yq3 zn7 zo3 zo3 zo3 zq3 {n7 {o3 {o3 {o3 {q3 |n7 |o3 |o |or2 |q3 }n7 }o3 }o3 }o3 }q3 ~n7 ~o3 ~o3 ~o3 ~q3 n7 o3 o og2 q3D* lF4FFFFFFFFFFBFFFFFFFFFFFFFFFFFF@"@@@"@@@@@@@@@@@@@@@@@@@@@"@@@@(@(@@ n7 o3 o o3 q3 n7 o3 o3 o3 q3 n7 o3 oS2 o3 q3 n7 o3 o o3 q3 n7 o3 o3 o3 q3 n7 o3 o op q3 n7 o3 o o% q3 n7 o3 o o% q3 n7 o3 o o% q3 n7 o3 o o% q3 n7 o3 o o% q3 n7 o o o% q3 n7 o3 o o% q3 n7 o3 o o% q3 n7 o3 o o% q3 n7 o3 o o% q3 n7 o3 o o% q3 n7 o3 o o% q3 n7 o3 o o% q3 n7 o3 o o% q3 n7 o3 o o% q3 n7 o3 o o% q3 n7 o3 o o% q3 n7 o3 o o% q4 n7 o4 o o% q4 n7 o4 o o% q4 n7 o4 o o% q 4 n7 o 4 o o% q 4 n7 o4 o o% q4 n7 o4 o o% q4 n7 o4 o o% q4 n7 o4 o o% q4D@ lFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ n7 o4 o o% q4 n7 o4 o o% q4 n7 o 4 o2 o2 q!4 n7 o#4 o o% q$4 n7 o&4 o o% q'4 n7 o)4 o o% q*4 n7 o,4 o o% q-4 n7 o/4 o o% q04 n7 o24 o2 o2 q34 n7 o54 o o% q64 n7 o84 o o% q94 n7 o;4 o o% q<4 n7 o>4 o o% q?4 n7 oA4 o o% qB4 n7 oD4 o2 o2 qE4 n7 oG4 o o% qH4 n7 oJ4 o o% qK4 n7 oM4 o o% qN4 n7 oP4 o o% qQ4 n7 oS4 o o% qT4 n7 oV4 o o% qW4 n7 oY4 o o% qZ4 n7 o\4 o o% q]4 n7 o_4 o o% q`4 n7 ob4 o o% qc4 n7 oe4 o o% qf4 n7 oh4 o o% qi4 n7 ok4 o o% ql4 n7 on4 o o% qo4 n7 oq4 o o% qr4 n7 ot4 o2 o2 qu4 n7 ow4 o o% qx4D@ lFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ n7 oz4 o o% q{4 n7 o}4 o o% q~4 n7 o4 o o% q4 n7 o4 o o% q4 n7 o4 o o% q4 n7 o4 o o% q4 n7 o4 o o% q4 n7 o4 o o% q4 n7 o4 o o% q4 n7 o4 o o% q4 n7 o4 o o% q4 n7 o4 o o% q4 n7 o4 o2 o2 q4 n7 o4 o o% q4 n7 o4 o o% q4 n7 o4 o o% q4 n7 o4 o o% q4 n7 o4 o o% q4 n7 o4 o o% q4 n7 o4 o o% q4 n7 o4 o o% q4 n7 o4 o o% q4 n7 o4 o o% q4 n7 o4 o o% q4 n7 o4 o o% q4 n7 o4 o o% q4 n7 o4 o o% q4 n7 o4 o o% q4 n7 o4 o o% q4 n7 o4 o o% q4 n7 o4 o o% q4 n7 o4 o o% q4D@ lFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ n8 o4 o o% q4 n8 o4 o o% q4 n8 o4 o o% q4 n8 o4 o o% q4 n8 o4 o4 o q4 n8 o4 o4 o_2 q4 n8 o4 o4 o q4 n8 o4 o4 o_2 q4 n8 o4 o4 o q4 n 8 o4 o4 o_2 q4 n 8 o4 o4 o q4 n 8 o4 o4 o_2 q4 n 8 o4 o4 o q4 n 8 o4 o4 o_2 q4 n8 o4 o4 o q5 n8 o5 o4 o_2 q5 n8 o5 o4 o q5 n8 o5 o4 o_2 q5 n8 o5 o4 o q 5 n8 o 5 o4 o_2 q 5 n8 o 5 o4 o q5 n8 o5 o4 o_2 q5 n8 o5 o4 o q5 n8 o5 o4 o_2 q5 n8 o5 o4 o q5 n8 o5 o4 o_2 q5 n8 n1 ooq n8 n1 ooq n8 n1 ooq n8 n1 ooq n8 n1 ooq n8 n1 ooqD lFFFFFFFFFFFFFFFFFFFFFFFFFF44444@@@@@@@@"@ "@ @ @ @ @@@@@@@@@@@@@@@@@@@ n 8 n1 ooq n!8 n1 ooq n"8 o"5 o4 o q#5 n#8 o%5 o4 o_2 q#5 n$8 o'5 o4 o q(5 n%8 o*5 o4 o_2 q(5 n&8 o,5 o4 o q-5 n'8 o(8 o4 o_2 q-5 n)8 o15 o4 o q25 n*8 o+8 o4 o_2 q25 n,8 n1 oo q n-8 n1 oo q n.8 n1 oo q n/8 n1 oo q n08 n1 ooq n18 n1 ooq n28 o<5 o4 o q=5 n38 o?5 o4 o_2 q=5 n48 n1 ooq n58 n1 ooq n68 oC5 o4 o qD5 n78 oF5 o4 o_2 qD5 n88 n1 ooq n98 n1 ooq n:8 oJ5 o4 o qK5 n;8 oM5 o4 o_2 qK5 n<8 oO5 o4 o qP5 n=8 oR5 o4 o_2 qP5 n>8 n1 ooq n?8 n1 ooq n@8 n1 ooq nA8 n1 ooqD l44FFFFFFFF444444FF44FF44FFFF444 "@!"@"@#@$@%@&@'@(@)@*@+@,@-@.@/@0@1@2@3(@4/@5=@6/@7@8/@9@:@;@<@=@>@?(@ nB8 oX5 o4 o_2 qY5 !nC8 !o[5 !o4 !o !qD8 "nE8 "n1 "oo"q #nF8 #n1 #oo#q $nG8 $n1 $oo$q %nH8 %o`5 %o4 %o %qa5 &nI8 &oc5 &o4 &o_2 &qa5 'nJ8 'oe5 'o4 'o 'qf5 (nK8 (oh5 (o4 (o_2 (qf5 )nL8 )oj5 )o4 )o )qk5 *nM8 *om5 *o4 *o_2 *qk5 +nN8 +oo5 +o4 +o +qp5 ,nO8 ,or5 ,o4 ,o_2 ,qp5 -nP8 -ou5 -o4 -o -qv5 .nQ8 .ox5 .o4 .o_2 .qv5 /nR8 /oz5 /o4 /o /q{5 0nS8 0o}5 0o4 0o_2 0q{5 1nT8 1o5 1o4 1o 1q5 2nU8 2o5 2o4 2o_2 2q5 3nV8 3o5 3o5 3o5 3q5 4nW8 4o5 4o5 4o5 4q5 5nX8 5o5 5o5 5o5 5q5 6nY8 6o5 6o5 6o5 6q5 7nZ8 7n1 7oo7q 8n[8 8o5 8o5 8oS2 8q5 9n\8 9o5 9o 9o5 9q5 :n]8 :o5 :o :o5 :q5 ;n^8 ;n1 ;oo;q <n_8 <n1 <oo<q =n`8 =n1 =oo=q >na8 >n1 >oo>q ?ab8 ?o5 ?o4 ?oc8?qD lFF444FFFFFFFFFFFFFFFFFF4FFF4444@(@A@B"@C(@D@E@F@G@H@I@J@K@L@M@N@O@P@Q@R@S@T@U@V@W@X@Y@Z@[@\@]@^@_@ @ad8 @o5 @o4 @oc8@q Aae8 Ao5 Ao AoS2 Aq5 Baf8 Bo5 Bo4 Boc8Bq Cag8 Co5 Co4 Coc8Cq Dnh8 Do5 Do Do% Dq5 Eni8 Eo5 Eo Eo% Eq5 Fnj8 Fo5 Fo Fo% Fq5 Gnk8 Go5 Go Go% Gq5 Hnl8 Ho5 Ho Ho% Hq5 Inm8 Io5 Io Io% Iq5 Jnn8 Jo5 Jo Jo% Jq5 Kno8 Ko5 Ko Ko% Kq5 Lnp8 Loq8 Lo4 Lo Lq5 Mar8 Mo5 Mo4 Mo Mq5 Nas8 No5 No4 No Nq5 Oat8 Oo5 Oo4 Oo Oq5 Pnu8 Po5 Po4 Po Pq5 Qnv8 Qo5 Qo4 Qo Qq5 Rnw8 Ro5 Ro4 Ro Rq5 Snx8 So5 So4 So Sq5 Tny8 To5 To4 To Tq5 Unz8 Un{8 UooUq Vr|8 Vo5 Vo4 Vo Vq5 Wr}8 Wo5 Wo4 Wo Wq5 Xr~8 Xo5 Xo4 Xo Xq5 Yn8 Yo5 Yo4 Yo_2 Yq5 Zn8 Zo5 Zo4 Zo_2 Zq5 [n8 [o5 [o4 [o_2 [q5 \n8 \o5 \o4 \o_2 \q5 ]n8 ]o5 ]o4 ]o_2 ]q5 ^n8 ^o5 ^o4 ^o_2 ^q5 _n8 _n8 _oo_qD lBFBBFFFFFFFFFFFFFFFFF4FFFFFFFFF`@a@b@c@d@e"@f@g@h(@i@j"@k(@l(@m(@n@o@p@q@r@s@t@u@v@w@x@y"@z@{@|@}"@~@@ `n8 `o5 `o4 `o `q5 ar8 ao5 ao4 ao aq5 br8 bo5 bo4 bo bq5 cn8 cn1 coocq dn8 dn1 doodq en8 eo5 eo eo eq5 fn8 fo5 fov2 fo5 fq5 gn8 go5 gov2 go5 gq5 hn8 ho5 ho3 ho hq5 in8 io6 io3 io iq5 jn8 jo6 jo6 jo6 jq6 kn8 ko6 ko2 ko2 kq 6 ln8 lo 6 lo2 lo2 lq 6 mn8 mo 6 mo2 mo2 mq 6 nn8 no6 no2 no2 nq 6 on8 oo6 oo6 oo8 oq6 pn8 po6 po6 po8 pq6 qn8 qo6 qo6 qo8 qq6 rn8 ro6 ro6 ro8 rq6 sn8 so6 so6 so8 sq6 tn8 to 6 to4 to!6 tq"6 un8 uo$6 uo uo8 uq%6 vn8 vo'6 vo(6 vo)6 vq*6 wn8 wo,6 woM wo)6 wq-6 xn8 xo8 xo06 xo16 xq26 yn8 yo8 yo yo16 yq26 zn8 zo66 zo76 zo2 zq86 {n8 {o:6 {o{ {o2 {q86 |n8 |o<6 |o |o2 |q86 }n8 }o>6 }o }o2 }q86 ~n8 ~o@6 ~o76 ~oA6 ~qB6 n8 oD6 oE6 oF6 qG6D lFFF44FFFFFFFFFFFFFFFFFFFFFFFFFF@@@@@@@@@"@@(@@@@@@@@@@@@@@@@@@@@@ n8 oI6 oJ6 oK6 qL6 n8 n1 ooq n8 oO6 oJ6 oP6 qQ6 n8 oS6 oT6 oU6 qV6 n8 n1 ooq n8 n1 ooq n8 n1 ooq n8 o\6 oJ6 oa6 q^6 n8 o`6 oJ6 oa6 qb6 n8 od6 oJ6 oa6 qe6 n8 og6 oJ6 oa6 qh6 n8 oj6 oJ6 oa6 qk6 n8 om6 oJ6 oa6 qn6 n8 op6 oq6 or6 qs6 n8 ou6 o o qv6 n8 ox6 o o qv6 n8 oz6 o o qv6 n8 o|6 o o qv6 n8 o~6 o o qv6 n8 o6 o o qv6 n8 o6 o o qv6 n8 o6 o o qv6 n8 o8 o2 o8 q8 n8 o`6 oJ6 o q6 n8 o6 oJ6 o q6 n8 o6 o4 o q6 n8 o6 o4 o q6 n8 o6 o4 o q6 n8 n1 ooq n8 o6 o o q6 n8 n1 ooq n8 n1 ooqD lF4FF444FFFFFFFFFFFFFFFFFFFFF4F4@@@@"@"@"@(@"@@@@@"@@"@"@@@@"@@@@"@@@"@"@"@@@ n8 n1 ooq n8 o8 o o q8 n8 o6 o6 o8 q6 n8 o6 o6 o6 q6 n8 o6 o o6 q6 n8 o6 o o6 q6 n8 o2 o o6 q6 n8 o2 o o6 q6 n8 o6 o o6 q6 n8 o6 o6 o8 q6 n8 o6 o6 o8 q6 n8 o6 o6 o6 q6 n8 o6 o o6 q6 n8 o6 o o6 q6 n8 o6 o o6 q6 n8 o6 o o6 q6 n8 o6 o o6 q6 n8 o6 o o6 q6 n8 o6 o o6 q6 n8 o6 o o6 q6 n8 o6 o o6 q6 n8 o6 o o6 q6 n8 o6 o o6 q6 n8 o6 o o6 q6 n8 o6 o6 o5 q6 n8 n1 ooq n8 n1 ooq n8 o6 o o6 q6 n8 o6 o o6 q6 s8 o8 oJ6 oa6 qn6 n8 o6 oJ6 oa6 qn6 n8 o6 oJ6 oa6 qn6D l4FFFFFFFFFFFFFFFFFFFFFFFF44FFFF@@@@@@@@@@@@@@@@@@@"@ n8 o6 oJ6 oa6 qn6 n8 o6 oJ6 oa6 qn6 n8 o6 oJ6 oa6 qn6 n8 o6 oJ6 oa6 qn6 n8 o6 oJ6 oa6 qn6 n8 o6 oJ6 oa6 qn6 n8 o7 oJ6 oa6 qn6 n8 o7 oJ6 oa6 qn6 n8 o7 oJ6 oa6 q7 n8 o7 oJ6 oa6 q 7 n8 o 7 oJ6 oa6 q 7 n8 o 7 oJ6 oa6 q 7 n8 o7 oJ6 oa6 q 7 n9 o7 oJ6 oa6 q 7 n9 o7 oJ6 oa6 q 7 n9 o7 oJ6 oa6 q 7 n9 o7 ov2 o5 q5 n9 o5 ov2 o5 q5 n9 o7 o&2 o9 q(2 n9 o7 ov2 oS2 q2,|FFFFFFFFFFFFFFFFFFF>@A   I ggD g2ɀ L.Gn=G"LGZG.iGwGGGʣGүGG~GGGBGG  dMbP?_*+%&?'?('}'}?)'}'}?"d,, ` `? ` `?&`U} t} u} u} 2u} d} $e} -f} g} I h  ` ` m "@ @ @ "@ @ @ @ @ "@ "@ (@ @ @ "@ (@ "@ "@ (@ @ "@ @ @ @ @ @ @ "@ (@ @a b2 cca b2 cc i i i ij k2 lll M 2 N 2 N 2 N 2O P 2 Q R R  M 2 N 2 N 2 N 2O P 2 Q R R  M 2 N 2 N 2 N 2O P 2 Q R R  M 2 N !2 N "2 N O P #2 Q R R  M $2 N %2 N &2 N '2O P (2 Q R R  M )2 N s N t N *2O P +2 Q R R  M ,2 N -2 N t N *2 O P +2 Q R R   .2 M 1 N N O P Q R R  M /2 N 02 N 12 N 22 O P 32 Q R R  M 42 N 52 N 62 N 22 O P 32 Q R R  M 72 N 82 N 92 N 22 O P 32 Q R R  M :2 N ;2 N  N 22O P <2 Q R R  M =2 N >2 N ?2 N 22O P @2 Q R R  M A2 N B2 N C2 N 22O P D2 Q R R  M E2 N F2 N G2 N 22O P H2 Q R R  M I2 N  N N J2O P K2 Q R R  M L2 N M2 N N2 N O2O P P2 Q R R  M Q2 N R2 N N2 N S2O P T2 Q R R  M U2 N V2 N w N S2O P W2 Q R R  M X2 N Y2 N Z2 N O P [2 Q R R  M \2 N ]2 N ^2 N _2O P [2 Q R R  M `2 N a2 N b2 N c2O P d2 Q R R  M e2 N f2 N b2 N g2O P h2 Q R R  M i2 N j2 N b2 N k2O P l2 Q R R  M m2 N n2 N b2 N O  P o2 Q R R  M p2 N q2 N b2 N r2O P s2 Q R R  M t2 N u2 N v2 N w2O P x2 Q R R  M y2 N z2 N v2 N {2O P |2 Q R R  M }2 N ~2 N 2 N O P 2 Q R R D l&&````````4````````````````V``` @! "@" "@# @$ @% @& @' @( @) @* /@+ /@, (@- @. "@/ "@0 @1 @2 "@3 @4 @5 (@6 @7 @8 "@9 @: @; "@< (@= "@> @? @ M 2 N 2 N 2 N  O P 2 Q R R  !M 2 !N 2 !N 2 !N !O !P 2 !Q R R  "M 2 "N 2 "N { "N 2"O "P 2 "Q R R  #M 2 #N 2 #N #N %#O #P 2 #Q R R  $M 2 $N 2 $N $N $O $P 2 $Q R R  %M 2 %N 2 %N 2 %N 2%O %P 2 %Q R R  &M 2 &N 2 &N 2 &N 2&O &P 2 &Q R R  'M 2 'N 2 'N 2 'N 2'O 'P 2 'Q R R  (M 2 (N 2 (N 2 (N 2(O (P 2 (Q R R  )M 2 )N 2 )N 2 )N 2)O )P 2 )Q R R  *M 2 *N 2 *N 2 *N 2*O *P 2 *Q R R  +M 2 +N 2 +N 2 +N 2+O +P 2 +Q R R  ,M 2 ,N 2 ,N 2 ,N 2,O ,P 2 ,Q R R  -M 2 -N 2 -N 2 -N 2-O -P 2 -Q R R  .M 2 .N 2 .N 2 .N 2.O .P 2 .Q R R  /M 2 /N 2 /N 2 /N 2/O /P 2 /Q R R  0M 2 0N 2 0N  0N 0O 0P 2 0Q R R  1M 2 1N 2 1N  1N 1O 1P 2 1Q R R  2M 2 2N 2 2N 2 2N 22O 2P 2 2Q R R  3M 2 3N 2 3N  3N 23O 3P 2 3Q R R  4M 2 4N  4N 4N 24O 4P 2 4Q R R  5M 2 5N 2 5N 2 5N 25O P Q R R  6M 2 6N 2 6N 2 6N S26O 6P 2 6Q R R  7M 2 7N 2 7N 2 7N S27O 7P 2 7Q R R  8M 2 8N 2 8N 2 8N S28O 8P 2 8Q R R  9M 2 9N 2 9N 9N S29O 9P 2 9Q R R  :M 2 :N 2 :N 2 :N S2:O :P 2 :Q R R  ;M 2 ;N 2 ;N ;N S2;O ;P 2 ;Q R R  <M 2 <N 2 <N <N S2<O <P 2 <Q R R  =M 2 =N 2 =N =N S2=O =P 2 =Q R R  >M 2 >N 2 >N >N S2>O >P 2 >Q R R  ?M 2 ?N 2 ?N 2 ?N 2?O ?P 2 ?Q R R Dll`````````````````````L`````````@ @A @B @C @D @E @F @G @H @I @J @K @L @M @N @O @P @Q @R @S @T @U @V @W @X @Y @Z @[ @\ @] @^ @_ @ @M 2 @N  @N @N 2@O @P 2 @Q R R  AM 2 AN 2 AN AN 2AO AP 2 AQ R R  BM 2 BN 2 BN BN 2BO BP 2 BQ R R  CM 2 CN 2 CN CN 2CO CP 2 CQ R R  DM 2 DN 2 DN DN 2DO DP 2 DQ R R  EM 2 EN 2 EN EN 2EO EP 2 EQ R R  FM 2 FN 3 FN FN 2FO FP 3 FQ R R  GM 3 GN 3 GN GN 2GO GP 3 GQ R R  HM 3 HN 3 HN HN 2HO HP 3 HQ R R  IM 3 IN 3 IN IN 2IO IP 3 IQ R R  JM 3 JN 3 JN JN 2JO JP 3 JQ R R  KM 3 KN 3 KN KN 2KO KP 3 KQ R R  LM 3 LN 3 LN LN 2LO LP 3 LQ R R  MM 3 MN 3 MN MN 2MO MP 3 MQ R R  NM 3 NN 3 NN NN 2NO NP 3 NQ R R  OM 3 OM 1ON N O P Q R R  PM 3 PN 3 PN PN 2PO PP 3 PQ R R  QM 3 QN 3 QN QN 2QO QP 3 QQ R R  RM !3 RN "3 RN RN 2RO RP #3 RQ R R  SM $3 SN %3 SN SN S2SO SP &3 SQ R R  TM '3 TN (3 TN TN 2TO TP )3 TQ R R  UM *3 UN +3 UN UN 2UO UP ,3 UQ R R  VM -3 VN .3 VN VN 2VO VP /3 VQ R R  WM 03 WN 13 WN WN 2WO WP 23 WQ R R  XM 33 XN 43 XN XN 2XO XP 53 XQ R R  YM 63 YN 73 YN YN 2YO YP 83 YQ R R  ZM 93 ZN :3 ZN ZN 2ZO ZP ;3 ZQ R R  [M <3 [N =3 [N [N 2[O [P >3 [Q R R  \M ?3 \N @3 \N \N 2\O \P A3 \Q R R  ]M B3 ]N C3 ]N ]N 2]O ]P D3 ]Q R R  ^M E3 ^N F3 ^N ^N 2^O ^P G3 ^Q R R  _M H3 _N I3 _N _N 2_O _P J3 _Q R R DTl```````````````4```````````````` @a @b @c @d "@e @f @g @h @i @j @k @l (@m /@n @o "@p "@q @r @s @t @u "@v (@w @x @y @z @{ @| @} @~ @ @ `M K3 `N L3 `N `N 2`O `P M3 `Q R R  aM N3 aM 1aN N O P Q R R  bM O3 bN P3 bN bN 2bO bP Q3 bQ R R  cM R3 cN S3 cN cN 2cO cP T3 cQ R R  dM U3 dN V3 dN t dN 2dO dP W3 dQ R R  eM X3 eN Y3 eN eN S2eO eP Z3 eQ R R  fM [3 fN \3 fN fN 2fO fP ]3 fQ R R  gM ^3 gN _3 gN gN S2gO gP `3 gQ R R  hM a3 hN b3 hN hN 2hO hP c3 hQ R R  iM d3 iN e3 iN iN 2iO iP c3 iQ R R  jM f3 jN g3 jN jN 2jO jP c3 jQ R R  kM h3 kN i3 kN kN 2kO kP c3 kQ R R  lM j3 lN k3 lN l3 lN S2lO lP m3 lQ R R  mM n3 mN o3 mN l3 mN S2mO mP m3 mQ R R  nM p3 nN q3 nN r3 nN s3nO nP t3 nQ R R  oM u3 oN v3 oN oN oO oP w3 oQ R R  pM x3 pN  pN pN ppO pP y3 pQ R R  qM z3 qN {3 qN qN 2qO qP |3 qQ R R  rM }3 rN ~3 rN t rN 3rO rP 3 rQ R R  sM 3 sN 3 sN sN 3sO sP 3 sQ R R  tM 3 tN 3 tN 3 tN 3tO tP 3 tQ R R  uM 3 uN 3 uN } uN uO uP 3 uQ R R  vM 3 vN 3 vN } vN vO vP 3 vQ R R  wM 3 wN 3 wN 3 wN 3wO wP 3 wQ R R  xM 3 xN 3 xN 3 xN 3xO xP 3 xQ R R  yM 3 yN 3 yN 3 yN 3yO yP 3 yQ R R  zM 3 zN 3 zN 3 zN 3zO zP 3 zQ R R  {M 3 {N 3{N N O P Q R R  |S 3 |N 3 |N |N 2|O |P 3 |Q R R  }S 3 }N 3 }N }N 2}O }P 3 }Q R R  ~M 3 ~N 3 ~N 3 ~N 3~O ~P 3 ~Q R R  M 3 N 3 N N r2O P 3 Q R R D(l`4`````````````````````````4``` "@ "@ @ @ "@ @ @ "@ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ "@ @ @ @ M 3 N 3 N 3 N 3O P 3 Q R R  M 3 N 3 N 3 N 3O P 3 Q R R  M 3 N 3 N N g2O P 3 Q R R  M 3 N 3 N N 3O P 3 Q R R  M 3 N 3 N 3 N 3O P 3 Q R R  M 3 N 3 N S2 N 3O P 3 Q R R  M 3 N 3 N  N 3O P 3 Q R R  M 3 N 3 N 3 N 3O P 3 Q R R  M 3 N 3 N N pO P 3 Q R R  M 3 N 3 N N %O P 3 Q R R  M 3 N 3 N N %O P 3 Q R R  M 3 N 3 N N %O P 3 Q R R  M 3 N 3 N N %O P 3 Q R R  M 3 N 3 N N %O P 3 Q R R  M 3 N N N %O P 3 Q R R  M 3 N 3 N N %O P 3 Q R R  M 3 N 3 N N %O P 3 Q R R  M 3 N 3 N N %O P 3 Q R R  M 3 N 3 N N %O P 3 Q R R  M 3 N 3 N N %O P 3 Q R R  M 3 N 3 N N %O P 3 Q R R  M 3 N 3 N N %O P 3 Q R R  M 3 N 3 N N %O P 3 Q R R  M 3 N 3 N N %O P 3 Q R R  M 3 N 3 N N %O P 3 Q R R  M 3 N 3 N N %O P 3 Q R R  M 3 N 3 N N %O P 4 Q R R  M 4 N 4 N N %O P 4 Q R R  M 4 N 4 N N %O P 4 Q R R  M 4 N 4 N N %O P 4 Q R R  M 4 N 4 N N %O P 4 Q R R  M 4 N 4 N N %O P 4 Q R R Dl``````````````````````````````` (@ (@ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ M 4 N 4 N N %O P 4 Q R R  M 4 N 4 N N %O P 4 Q R R  M 4 N 4 N N %O P 4 Q R R  M 4 N 4 N N %O P 4 Q R R  M 4 N 4 N N %O P 4 Q R R  M 4 N 4 N 2 N 2O P !4 Q R R  M "4 N #4 N N %O P $4 Q R R  M %4 N &4 N N %O P '4 Q R R  M (4 N )4 N N %O P *4 Q R R  M +4 N ,4 N N %O P -4 Q R R  M .4 N /4 N N %O P 04 Q R R  M 14 N 24 N 2 N 2O P 34 Q R R  M 44 N 54 N N %O P 64 Q R R  M 74 N 84 N N %O P 94 Q R R  M :4 N ;4 N N %O P <4 Q R R  M =4 N >4 N N %O P ?4 Q R R  M @4 N A4 N N %O P B4 Q R R  M C4 N D4 N 2 N 2O P E4 Q R R  M F4 N G4 N N %O P H4 Q R R  M I4 N J4 N N %O P K4 Q R R  M L4 N M4 N N %O P N4 Q R R  M O4 N P4 N N %O P Q4 Q R R  M R4 N S4 N N %O P T4 Q R R  M U4 N V4 N N %O P W4 Q R R  M X4 N Y4 N N %O P Z4 Q R R  M [4 N \4 N N %O P ]4 Q R R  M ^4 N _4 N N %O P `4 Q R R  M a4 N b4 N N %O P c4 Q R R  M d4 N e4 N N %O P f4 Q R R  M g4 N h4 N N %O P i4 Q R R  M j4 N k4 N N %O P l4 Q R R  M m4 N n4 N N %O P o4 Q R R Dl``````````````````````````````` @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ M p4 N q4 N N %O P r4 Q R R  M s4 N t4 N 2 N 2O P u4 Q R R  M v4 N w4 N N %O P x4 Q R R  M y4 N z4 N N %O P {4 Q R R  M |4 N }4 N N %O P ~4 Q R R  M 4 N 4 N N %O P 4 Q R R  M 4 N 4 N N %O P 4 Q R R  M 4 N 4 N N %O P 4 Q R R  M 4 N 4 N N %O P 4 Q R R  M 4 N 4 N N %O P 4 Q R R  M 4 N 4 N N %O P 4 Q R R  M 4 N 4 N N %O P 4 Q R R  M 4 N 4 N N %O P 4 Q R R  M 4 N 4 N N %O P 4 Q R R  M 4 N 4 N N %O P 4 Q R R  M 4 N 4 N 2 N 2O P 4 Q R R  M 4 N 4 N N %O P 4 Q R R  M 4 N 4 N N %O P 4 Q R R  M 4 N 4 N N %O P 4 Q R R  M 4 N 4 N N %O P 4 Q R R  M 4 N 4 N N %O P 4 Q R R  M 4 N 4 N N %O P 4 Q R R  M 4 N 4 N N %O P 4 Q R R  M 4 N 4 N N %O P 4 Q R R  M 4 N 4 N N %O P 4 Q R R  M 4 N 4 N N %O P 4 Q R R  M 4 N 4 N N %O P 4 Q R R  M 4 N 4 N N %O P 4 Q R R  M 4 N 4 N N %O P 4 Q R R  M 4 N 4 N N %O P 4 Q R R  M 4 N 4 N N %O P 4 Q R R  M 4 N 4 N N %O P 4 Q R R Dl``````````````````````````````` @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ M 4 N 4 N N %O P 4 Q R R  M 4 N 4 N N %O P 4 Q R R  M 4 N 4 N N %O P 4 Q R R  M 4 N 4 N N %O P 4 Q R R  M 4 N 4 N N %O P 4 Q R R  M 4 N 4 N N %O P 4 Q R R  M 4 N 4 N N %O P 4 Q R R  M 4 N 4 N 4 N O P 4 Q R R  M 4 N 4 N 4 N _2O P 4 Q R R  M 4 N 4 N 4 N O P 4 Q R R  M 4 N 4 N 4 N _2O P 4 Q R R  M 4 N 4 N 4 N O P 4 Q R R  M 4 N 4 N 4 N _2O P 4 Q R R  M 4 N 4 N 4 N O P 4 Q R R  M 4 N 4 N 4 N _2O P 4 Q R R  M 4 N 4 N 4 N O P 4 Q R R  M 4 N 4 N 4 N _2O P 4 Q R R  M 4 N 4 N 4 N O P 5 Q R R  M 5 N 5 N 4 N _2O P 5 Q R R  M 5 N 5 N 4 N O P 5 Q R R  M 5 N 5 N 4 N _2O P 5 Q R R  M 5 N 5 N 4 N O P 5 Q R R  M 5 N 5 N 4 N _2O P 5 Q R R  M 5 N 5 N 4 N O P 5 Q R R  M 5 N 5 N 4 N _2O P 5 Q R R  M 5 N 5 N 4 N O P 5 Q R R  M 5 N 5 N 4 N _2O P 5 Q R R  M 5 N 5 N 4 N O P 5 Q R R  M 5 N 5 N 4 N _2O P 5 Q R R  M 5 M 1N N O P Q R R  M 5 M 1N N O P Q R R  M 5 M 1N N O P Q R R D l`````````````````````````````44 @ @ @ @ @ @ @ @ @  @  @  "@  "@  @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ M 5 M 1N N O P Q R R  M 5 M 1N N O P Q R R  M 5 M 1N N O P Q R R  M 5 M 1N N O P Q R R  M 5 M 1N N O P Q R R  M !5 N "5 N 4 N O P #5 Q R R  M $5 N %5 N 4 N _2O P #5 Q R R  M &5 N '5 N 4 N O P (5 Q R R  M )5 N *5 N 4 N _2O P (5 Q R R  M +5 N ,5 N 4 N  O P -5 Q R R  M .5 N /5 N 4 N _2 O P -5 Q R R  M 05 N 15 N 4 N  O P 25 Q R R  T 35 N 45 N 4 N _2 O P 25 Q R R  M 55 M 1 N N O P Q R R  M 65 M 1N N O P Q R R  M 75 M 1N N O P Q R R  M 85 M 1N N O P Q R R  M 95 M 1N N O P Q R R  M :5 M 1N N O P Q R R  M ;5 N <5 N 4 N O P =5 Q R R  M >5 N ?5 N 4 N _2O P =5 Q R R  M @5 M 1N N O P Q R R  M A5 M 1N N O P Q R R  M B5 N C5 N 4 N O P D5 Q R R  M E5 N F5 N 4 N _2O P D5 Q R R  M G5 M 1N N O P Q R R  M H5 M 1N N O P Q R R  M I5 N J5 N 4 N O P K5 Q R R  M L5 N M5 N 4 N _2O P K5 Q R R  M N5 N O5 N 4 N O P P5 Q R R  M Q5 N R5 N 4 N _2O P P5 Q R R  M S5 M 1N N O P Q R R D l44444````````444444``44``44````  @! @" @# "@$ "@% @& @' @( @) @* @+ @, @- @. @/ @0 @1 @2 @3 @4 @5 @6 (@7 /@8 =@9 /@: @; /@< @= @> @? @ M T5 M 1 N N O P Q R R  !M U5 !M 1!N N O P Q R R  "M V5 "M 1"N N O P Q R R  #M W5 #N X5 #N 4 #N #O #P Y5 #Q R R  $M Z5 $N [5 $N 4 $N _2$O $P Y5 $Q R R  %M \5 %M 1%N N O P Q R R  &M ]5 &M 1&N N O P Q R R  'M ^5 'M 1'N N O P Q R R  (M _5 (N `5 (N 4 (N (O (P a5 (Q R R  )M b5 )N c5 )N 4 )N _2)O )P a5 )Q R R  *M d5 *N e5 *N 4 *N *O *P f5 *Q R R  +M g5 +N h5 +N 4 +N _2+O +P f5 +Q R R  ,M i5 ,N j5 ,N 4 ,N ,O ,P k5 ,Q R R  -M l5 -N m5 -N 4 -N _2-O -P k5 -Q R R  .M n5 .N o5 .N 4 .N .O .P p5 .Q R R  /M q5 /N r5 /N 4 /N s5/O /P p5 /Q R R  0M t5 0N u5 0N 4 0N 0O 0P v5 0Q R R  1M w5 1N x5 1N 4 1N _21O 1P v5 1Q R R  2M y5 2N z5 2N 4 2N 2O 2P {5 2Q R R  3M |5 3N }5 3N 4 3N _23O 3P {5 3Q R R  4M ~5 4N 5 4N 4 4N 4O 4P 5 4Q R R  5M 5 5N 5 5N 4 5N _25O 5P 5 5Q R R  6M 5 6N 5 6N 5 6N 56O 6P 5 6Q R R  7M 5 7N 5 7N 5 7N 57O 7P 5 7Q R R  8M 5 8N 5 8N 5 8N 58O 8P 5 8Q R R  9M 5 9N 5 9N 5 9N 59O 9P 5 9Q R R  :M 5 :M 1:N N O P Q R R  ;M 5 ;N 5 ;N 5 ;N S2;O ;P 5 ;Q R R  <M 5 <N 5 <N  <N 5<O <P 5 <Q R R  =M 5 =N 5 =N  =N 5=O =P 5 =Q R R  >M 5 >M 5>N N O P Q R R  ?M 5 ?M 5?N N O P Q R R D l444``444``````````````````4```4@ @A @B (@C (@D @E @F @G "@H (@I @J @K @L @M @N @O @P @Q R @S @T @U @V @W @X @Y @Z @[ @\ @] @^ @_ @ @M 5 @M 5@N N O P Q R R  AM 5 AM 5AN N O P Q R R  BS 5 BN 5 BN 4 BN 2BO P Q R R  CS 5 CN 5 CN 4 CN 2CO P Q R R  DM 5 DN 5 DN DN S2DO DP 5 DQ R R  EM 5 EM 5EN N O P Q R R  FM 5 FM 5FN N O P Q R R  GS 5 GN 5 GN 4 GN 2GO P Q R R  HS 5 HN 5 HN 4 HN 2HO P Q R R  IM 5 IN 5 IN IN %IO IP 5 IQ R R  JM 5 JN 5 JN JN %JO JP 5 JQ R R  KM 5 KN 5 KN KN %KO KP 5 KQ R R  LM 5 LN 5 LN LN %LO LP 5 LQ R R  MM 5 MN 5 MN MN %MO MP 5 MQ R R  NM 5 NN 5 NN NN %NO NP 5 NQ R R  OM 5 ON 5 ON ON %OO OP 5 OQ R R  PM 5 PN 5 PN PN %PO PP 5 PQ R R  QM 5 QM 5QN N O P Q R R  RT 5 RN 5 RN 4 RN RO RP 5 RQ R R  ST 5 SN 5 SN 4 SN SO SP 5 SQ R R  TT 5 TN 5 TN 4 TN TO TP 5 TQ R R  UM 5 UN 5 UN 4 UN UO UP 5 UQ R R  VM 5 VN 5 VN 4 VN VO VP 5 VQ R R  WM 5 WN 5 WN 4 WN WO WP 5 WQ R R  XM 5 XN 5 XN 4 XN XO XP 5 XQ R R  YM 5 YN 5 YN 4 YN YO YP 5 YQ R R  ZM 5 ZM 1ZN N O P Q R R  [M 5 [N 5 [N 4 [N _2[O [P 5 [Q R R  \M 5 \N 5 \N 4 \N _2\O \P 5 \Q R R  ]M 5 ]N 5 ]N 4 ]N _2]O ]P 5 ]Q R R  ^M 5 ^N 5 ^N 4 ^N _2^O ^P 5 ^Q R R  _M 5 _N 5 _N 4 _N _2_O _P 5 _Q R R D( l44LL`44LL````````4````````4````` @a "@b @c @d @e @f @g "@h @i @j (@k @l "@m (@n (@o (@p @q @r @s @t @u @v @w @x @y @z "@{ @| @} @~ @ "@ `M 5 `N 5 `N 4 `N _2`O `P 5 `Q R R  aM 5 aM 5aN N O P Q R R  bU 5 bN 5 bN 4 bN bO bP 5 bQ R R  cU 5 cN 5 cN 4 cN cO cP 5 cQ R R  dU 5 dN 5 dN 4 dN dO dP 5 dQ R R  eM 5 eM 1eN N O P Q R R  fM 5 fM 1fN N O P Q R R  gM 5 gN 5 gN gN gO gP 5 gQ R R  hM 5 hN 5 hN v2 hN 5hO hP 5 hQ R R  iM 5 iN 5 iN v2 iN 5iO iP 5 iQ R R  jM 5 jN 5 jN 3 jN jO jP 5 jQ R R  kM 6 kN 6 kN 3 kN kO kP 5 kQ R R  lM 6 lN 6 lN 6 lN 6lO lP 6 lQ R R  mM 6 mN 6 mN 2 mN 2mO mP 6 mQ R R  nM 6 nN 6 nN 2 nN 2nO nP 6 nQ R R  oM 6 oN 6 oN 2 oN 2oO oP 6 oQ R R  pM 6 pN 6 pN 2 pN 2pO pP 6 pQ R R  qM 6 qN 6 qN 6 qN 6qO qP 6 qQ R R  rM 6 rN 6 rN 6 rN 6rO rP 6 rQ R R  sM 6 sN 6 sN 6 sN 6sO sP 6 sQ R R  tM 6 tN 6 tN 6 tN 6tO tP 6 tQ R R  uM 6 uN 6 uN 6 uN 6uO uP 6 uQ R R  vM 6 vN 6 vN 4 vN !6vO vP "6 vQ R R  wM #6 wN $6 wN wN 6wO wP %6 wQ R R  xM &6 xN '6 xN (6 xN )6xO xP *6 xQ R R  yM +6 yN ,6 yN M yN )6yO yP -6 yQ R R  zM .6 zN /6 zN 06 zN 16zO zP 26 zQ R R  {M 36 {N 46 {N {N 16{O {P 26 {Q R R  |M 56 |N 66 |N 76 |N 2|O |P 86 |Q R R  }M 96 }N :6 }N { }N 2}O }P 86 }Q R R  ~M ;6 ~N <6 ~N  ~N 2~O ~P 86 ~Q R R  M =6 N >6 N  N 2O P 86 Q R R D l`4```44```````````````````````` @ @ @ @ "@ @ @ @ @ @ @ "@ @ (@ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ M ?6 N @6 N 76 N A6O P B6 Q R R  M C6 N D6 N E6 N F6O P G6 Q R R  M H6 N I6 N J6 N K6O P L6 Q R R  M M6 M 1N N O P Q R R  M N6 N O6 N J6 N P6O P Q6 Q R R  M R6 N S6 N T6 N U6O P V6 Q R R  M W6 M 1N N O P Q R R  M X6 M Y6N N O P Q R R  M Z6 M Y6N N O P Q R R  M [6 N \6 N J6 N ]6O P ^6 Q R R  M _6 N `6 N J6 N a6O P b6 Q R R  M c6 N d6 N J6 N a6O P e6 Q R R  M f6 N g6 N J6 N a6O P h6 Q R R  M i6 N j6 N J6 N a6O P k6 Q R R  M l6 N m6 N J6 N ]6O P n6 Q R R  M o6 N p6 N q6 N r6O P s6 Q R R  M t6 N u6 N N O P v6 Q R R  M w6 N x6 N N O P v6 Q R R  M y6 N z6 N N O P v6 Q R R  M {6 N |6 N N O P v6 Q R R  M }6 N ~6 N N O P v6 Q R R  M 6 N 6 N N O P v6 Q R R  M 6 N 6 N N O P v6 Q R R  M 6 N 6 N N O P v6 Q R R  M 6 M Y6N N O P Q R R  M 6 N `6 N J6 N O P 6 Q R R  M 6 N 6 N J6 N O P 6 Q R R  M 6 N 6 N 4 N O P 6 Q R R  M 6 N 6 N 4 N O P 6 Q R R  M 6 N 6 N 4 N O P 6 Q R R  M 6 M 1N N O P Q R R  M 6 N 6 N N O P 6 Q R R Dx l```4``444```````````````4`````4 @ @ @ @ @ @ "@ "@ "@ (@ "@ @ @ @ @ "@ @ "@ "@ @ @ @ "@ @ @ @ "@ @ @ "@ "@ "@ M 6 M 1N N O P Q R R  M 6 M 1N N O P Q R R  M 6 M 1N N O P Q R R  M 6 M 1N N O P Q R R  M 6 N 6 N 6 N 6O P 6 Q R R  M 6 N 6 N 6 N 6O P 6 Q R R  M 6 N 6 N N 6O P 6 Q R R  M 6 N 6 N N 6O P 6 Q R R  M 6 N 2 N N 6O P 6 Q R R  M 6 N 2 N N 6O P 6 Q R R  M 6 N 6 N N 6O P 6 Q R R  M 6 N 6 N 6 N 6O P 6 Q R R  M 6 N 6 N 6 N 6O P 6 Q R R  M 6 N 6 N 6 N 6O P 6 Q R R  M 6 N 6 N N 6O P 6 Q R R  M 6 N 6 N N 6O P 6 Q R R  M 6 N 6 N N 6O P 6 Q R R  M 6 N 6 N N 6O P 6 Q R R  M 6 N 6 N N 6O P 6 Q R R  M 6 N 6 N N 6O P 6 Q R R  M 6 N 6 N N 6O P 6 Q R R  M 6 N 6 N N 6O P 6 Q R R  M 6 N 6 N N 6O P 6 Q R R  M 6 N 6 N N 6O P 6 Q R R  M 6 N 6 N N 6O P 6 Q R R  M 6 N 6 N N 6O P 6 Q R R  M 6 N 6 N 6 N 5O P 6 Q R R  M 6 M 1N N O P Q R R  M 6 M 1N N O P Q R R  M 6 N 6 N N 6O P 6 Q R R  M 6 N 6 N N 6O P 6 Q R R  T 6 N 6 N J6 N a6O P n6 Q R R Dx l4444```````````````````````44`` @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ "@ M 6 N 6 N J6 N a6O P n6 Q R R  M 6 N 6 N J6 N a6O P n6 Q R R  M 6 N 6 N J6 N a6O P n6 Q R R  M 6 N 6 N J6 N a6O P n6 Q R R  M 6 N 6 N J6 N a6O P n6 Q R R  M 6 N 6 N J6 N a6O P n6 Q R R  M 6 N 6 N J6 N a6O P n6 Q R R  M 6 N 6 N J6 N a6O P n6 Q R R  M 7 N 7 N J6 N a6O P n6 Q R R  M 7 N 7 N J6 N a6O P n6 Q R R  M 7 N 7 N J6 N a6O P 7 Q R R  M 7 N 7 N J6 N a6O P 7 Q R R  M 7 N 7 N J6 N a6O P 7 Q R R  M 7 N 7 N J6 N a6O P 7 Q R R  M 7 N 7 N J6 N a6O P 7 Q R R  M 7 N 7 N J6 N a6O P 7 Q R R  M 7 N 7 N J6 N a6O P 7 Q R R  M 7 N 7 N J6 N a6O P 7 Q R R  M 7 N 7 N v2 N 5O P 5 Q R R  M 7 N 5 N v2 N 5O P 5 Q R R  M 7 N 7 N &2 N 7O P (2 Q R R  M 7 N 7 N v2 N S2O P 2 Q R R 0 `````````````````````>@d A I ggD g2ɀ d{H-H;HIHWHfHctHHHmH5HHŠHHUHHHHuH=HHUH  dMbP?_*+%&?'?(?)?M\\mbps3\1S313A-HPS odXXLetterPRIV0'''' \KhC^>7SMTJHP Universal Printing PS (v4.7)HPDocUISUITrueESPRITSupportedTrueHPOrientationHPOrientationPortraitHPOrientRotate180FalsePostScriptCustomPageSizeFalseDuplexNoneHPReverseOrderForFold_StitchTrueHPBestGlossDefaultInputSlot*UseFormTrayTableHPDuplicateJobNameOverrideSWFWPageSizeLETTERPageRegionLeadingEdgeMediaTypeAUTOHPMediaTypeTreeviewPopupTrueCollateFalseJCLHPPrintOnBothSidesManuallyFalseJCLEconomodeFalseOutputBinAutoStapleLocationNoneTextAsBlackFalseAlternateLetterHeadFalseJCLResolution600dpiJCLFastResNoneHPConsumerCustomPaperTruePrintQualityGroupPQGroup_1JRHDInstalledJRHDOffHPNUseDiffFirstPageChoiceTrueHPPageExceptionsFileHPCPE083HPPageExceptionsInterfaceShowPageExceptionsHPPageExceptionsLowEndHPPageExceptionsLowEndVerHPPageExceptionsCoverInsertionHPEnableRAWSpoolingTrueHPDocPropResourceDataHPCabFileNameRGBColorNoCmdCMYKInksNoCmdJRConstraintsJRCHDFullHPColorSmartAutomaticHPColorSmart_ColorOptions_EdgeControlNormalHPColorSmart_ColorOptions_HalftoneDetailHPColorModeCOLOR_MODEHPColorSmart_Text_NeutralGraysBlackOnlyHPColorSmart_Text_HalftoneDetailHPColorSmart_Graphics_NeutralGraysBlackOnlyHPColorSmart_Graphics_HalftoneDetailHPColorSmart_Photo_NeutralGrays4-ColorHPColorSmart_Photo_HalftoneDetailHPPJLEncodingUTF8HPJobAccountingHPJOBACCT_JOBACNT_GROUPNAMEHPBornOnDateHPBODHPJobAccWoPinTrueHPXMLFileUsedhpcu083s.xmlPSAlignmentFileHPCLS083HPSmartHubInet_SID_263_BID_514_HID_265HPColorAsGrayFalseIUPHxJAtQN]Q(I^t!~XC:$H!T8MOD45!v[*gֻG'ȉ>BDDsre\*2Ѐ), 42[&"9~"r!+F[&h{fЌUZ~_FW]mVPiF 'gHofD [%" p:>;V3!Um_"{cO۟qijQTi헩hA|&a"dXX??&U} J } K } } 2} } m%L }  } r``F                                   C qD D  C {D D      E xD  G  >  >  > H @ =A G  > >  >  @ =A G > >  >  @ = A G >  >  >  @ = A G  >  >  >  @ =A G  >  >  >  @ =A G  >  >  >   @ = A G  >  >  >   @ = A G  >  >  >   @ = A  G  >  >  >   @ = A G  >  >  >   @ = A G  > >  >  @ =A G ! > " >  >  @ =A G # > $ >  >  @ =A G % > & >  >  @ =A G ' > ( >  >  @ =A G ) > * >  >  @ =A G + > , >  >  @ =A G - > . >  >  @ =A G / > 0 >  >  @ =A G 1 2  = B =  3 G 4 5  = B =  3 G 6 > 7 >  >  @ =A G 8 > 9 >  >  @ =A G : > ; >  >  @ =A G < > = >  >  @ =A G > > ? >  >  @ =A G @ > A >  >  @ =A G B > C >  >  @ =A Dt l((^ZZ^^ZZZZ^ZZZZZZZZZZZ^^ZZZZZZ  ! " # $ % & ' ( ) * + , - . / 0 1 2 3 4 5 6 7 8 9 : ; < = > ?  G D > E >  >   @ = A !G F !> G !>  !> ! !@ =!A "G H "> I ">  "> " "@ ="A #G J #> K #>  #> # #@ =#A $G L $> M $>  $> $ $@ =$A %G N %> O %>  %> % %@ =%A &G P &> Q &>  &> & &@ =&A 'G R '> S '>  '> ' '@ ='A (G T (> U (>  (> V( (@ =(A )G W )> X )>  )> ) )@ = )A Y *G Z *> [ *>  *> * *@ = *A \ +G ] +> ^ +>  +> + +@ =+A ,G _ ,> ` ,>  ,> , ,@ =,A -G a -> b ->  -> - -@ =-A .G c .> d .>  .> . .@ =.A /G e /> f />  /> g/ /@ = /A h 0G i 0> j 0>  0> k0 0@ =0A 1G l 1> m 1>  1> 1 1@ =1A 2G n 2> o 2>  2> 2 2@ =2A 3G p 3> q 3>  3> 3 3@ =3A 4G r 4> s 4> t 4> u4 4@ = 4A v 5G w 5> x 5> y 5> z5 5@ =5A 6G { 6> | 6> } 6> ~6 6@ = 6A  7G 7> 7> 7> ~7 7@ = 7A 8G 8> 8> 8> ~8 8@ = 8A 9G 9> 9> 9> 9 9@ =9A :G :> :> :> : :@ = :A ;G ;> ;> ;> ; ;@ = ;A <G <> <> <> < <@ =<A =G => => => = =@ ==A >G >> >> >> > >@ =>A ?G ?> ?> ?> ? ?@ =?A D lZZZZZZZZZ^^ZZZZ^ZZZZ^Z^^^Z^^ZZZ@ A B C D E F G H I J K L M N O P Q R S T U V W X Y Z [ \ ] ^ _  @G @> @> @> @ @@ =@A AG A> A> A> A A@ =AA BG B> B> B> B B@ =BA CG C> C> C> C C@ =CA DG D> D> D> D D@ =DA EG E> E> E> E E@ =EA FG F> F> F> F F@ =FA GG G> G> G> G G@ =GA HG H> H> H> H H@ =HA IG I> I> I> I I@ =IA JG J> J> J> J J@ =JA KG K> K> K> K K@ =KA LG L> L> L> L L@ =LA MG M> M> M> M M@ =MA NG N> N> N> N N@ =NA OG O> O> O> O O@ =OA PG P> P> P> P P@ =PA QG Q> Q> y Q> zQ Q@ = QA RG R> R> y R> R R@ = RA SG S> S> } S> S S@ =SA TG T> T> T> T T@ =TA UG U> U> U> U U@ =UA VG V> V> y V> V V@ =VA WG W> W> y W> W W@ = WA XG X> X> } X> X X@ =XA YG Y> Y> Y> Y Y@ =YA ZG Z> Z> Z> Z Z@ =ZA [G [> [> y [> [ [@ = [A \G \> \> \> \ \@ = \A ]G ]> ]> y ]> ] ]@ = ]A ^G ^> ^> } ^> ^ ^@ =^A _G _> _> _> _ _@ =_A D lZZZZZZZZZZZZZZZZZ^^ZZZZ^ZZZ^^^Z` a b c d e f g h i j k l m n o p q r s tu v w x y z { | } ~   `G `> `> `> ` `@ =`A aG a> a> y a> a a@ =aA bG b> b> } b> b b@ =bA cG c> c> c> c c@ =cA dG d> d> d> d d@ =dA eG e> e> y e> e e@ =eA fG f> f> f> f f@ =fA gG g>  g> g> g g@ =gA hG  h>  h> h> h h@ =hA iG  i>  i> i> i i@ =iA jG  j>  j> j> j j@ =jA kG  k>  k> k> k k@ =kA lG  l>  l> l> l l@ =lA mG  m>  m> m> m m@ =mA nG  n>  n> } n> n n@ =nA oG  o>  o> o> o o@ =oA pG  p>  p> p> p p@ =pA qG  q>  q> t q> q q@ =qA rG  r>  r> t r> r r@ = rA  sG  s>  s>  s> s s@ =sA tG  t> ! t>  t> "t t@ =tA uG # u> $ u> y u> %u u@ = uA & vG ' v> ( v> v>  v@ =vA wG ) w> * w> w>  w@ =wA xG + x> , x> x>  x@ =xA yG - y> .y> y> /y y@ =yA zG 0 z> 1 z> >  z@ =zA {G 2 {> 3 {> {> 4{ {@ = {A 5 |G 6 |> 7 |> t |> 8| |@ = |A 9 }G : }> ; }> t }> <} }@ = }A = ~G > ~> ? ~> @ ~> <~ ~@ =~A G A > B > > < @ >A D lZZZZZZZZZZZZZZZZZZ^ZZ^PPPVD^^^Z                                 G C > D > > < @ >A G E > F > @ > < @ >A G G > H > @ > < @ >A G I > J > @ > < @ >A G K > L > @ > < @ >A G M > N > @ > < @ >A G O > P > Q > < @ =A G R > S > > T @ > A U G V > W > > X @ > A Y G Z > [ > > X @ > A \ G ] > ^ > > X @ > A \ G _ > ` > > X @ > A \ G a > b > > X @ > A \ G c > d > > X @ > A \ G e > f > > X @ > A \ G g > h > > X @ > A \ G i > j > > X @ > A \ G k > l > > X @ > A \ G m > n > > X @ > A \ G o > p > > X @ > A \ G q > r > > X @ > A \ G s > t > > X @ > A \ G u > v > w >  @ > A x G y > z > { > | @ > A } G ~ >  > { >  @ >A G  >  >  >  @ >A G  >  > >  @ > A  G  >  > >  @ > A  G  >  > } >  @ > A  G  >  > >  @ > A  G  >  > >  @ > A  G  >  > >  @ > A DlZZZZZZZ^^^^^^^^^^^^^^^^^ZZ^^^^^                                 G  >  > } >  @ > A  G  >  > >  @ > A  G  >  > >  @ = A  G  >  >  >  @ > A  G  >  >  >  @ >A G    > B > G     B > G  >  >  >  @ > A  G  >  >  >  @ > A  G  >  >  >  @ >A G  >  >  >  @ > A  G  >  >  >  @ >A G  >  >  >  @ > A  G  >  >  >  @ >A G  >  >  >  @ > A  G  >  >  >  @ >A G  >  >  >  @ >A G  >  >  >  @ >A G  >  >  >  @ >A G  >  >  >  @ >A G  >  >  >  @ > A  G  >  >  >  @ >A G  >  >  >  @ > A  G  >  >  >  @ >A G  >  >  >  @ > A  G  >  >  >  @ >A G  >  >  >  @ > A  G  >  >  >  @ > A  G  >  >  >  @ >A G  >  >  >  @ > A  G  >  >  >  @ >A G  >  >  >  @ > A Dl^^^^ZZZ^^Z^Z^Z^ZZZZZ^Z^Z^Z^^Z^Z                                 G  >  >  >  @ >A G  >  >  >  @ >A G  >  > >  @ > A  G  >  > >  @ > A  G  >  > >  @ >A G  >  > >  @ >A G  >  >  >  @ >A G  >  >  @ > A  G  >  > >  @ >A G  >  > >  @ >A G  >  > >  @ >A G  >  > >  @ >A G  >  > >  @ >A G  >  > >  @ >A G  >  >  >  @ >A G  >  >  >  @ >A G  >  >  >  @ !>A G  >  >  >  @ ">A G  > ! > " > # @ #>A G $ > % > > & @ $>A G ' > ( >  > ) @ %> A * G + > , > - > . @ &> A / G 0 > 1 > > 2 @ '> A 3 G 4 > 5 > > 6 @ (>A G 7 > 8 > > 9 @ )>A G : > ; > < > = @ *>A G > > ? > @ > A @ +> A B G C > D > @ > E @ ,> A F G G > H > y > I @ -> A J G K > L > M > N @ .>A G O > P > M > Q @ />A G R > S > M > T @ 0>A D lZZ^^ZZZ^ZZZZZZZZZZZZ^^^ZZZ^^^ZZ     @@@@@@@@@@@@@@@@@@@@@@@@@@@ G U > V > M > W @ 1>A G X > Y > M > Z @ 2>A G [ > \ > M > ] @ 3>A G ^ > _ > M > ` @ 4>A G a > b > t > c @ 5> A d > > > I   > > > I   > > > I   > > > I   > > > I   > > > I   > > > I   > > > I   > > > I   > > > I   > > > I   > > > I   > > > I   > > > I   > > > I   > > > I   > > > I   > > > I   > > > I   > > > I   > > > I   > > > I   > > > I   > > > I   > > > I   > > > I   > > > I  DlZZZZ^@@@@@@@@@ @ @ @ @ @@@@@@@@@@@@@@@@@@@ > > > I   > > > I   > > > I   > > > I   > > > I   > > > I   > > > I   > > > I   > > > I    > > > I    > > > I    > > > I    > > > I    > > > I   > > > I   > > > I   > > > I   > > > I   > > > I   > > > I   > > > I   > > > I   > > > I   > > > I   > > > I   > > > I   > > > I   > > > I   > > > I   > > > I   > > > I   > > > I  Dl @!@"@#@$@%@&@'@(@)@*@+@,@-@.@/@0@1@2@3@4@5@6@7@8@9@:@;@<@=@>@?@  > > > I  ! > > > I  " > > > I  # > > > I  $ > > > I  % > > > I  & > > > I  ' > > > I  ( > > > I  ) > > > I  * > > > I  + > > > I  , > > > I  - > > > I  . > > > I  / > > > I  0 > > > I  1 > > > I  2 > > > I  3 > > > I  4 > > > I  5 > > > I  6 > > > I  7 > > > I  8 > > > I  9 > > > I  : > > > I  ; > > > I  < > > > I  = > > > I  > > > > I  ? > > > I  Dl@@A@B@C@D@E@F@G@H@I@J@K@L@M@N@O@P@Q@R@S@T@U@V@W@X@Y@Z@[@\@]@^@_@@ > > > I  A > > > I  B > > > I  C > > > I  D > > > I  E > > > I  F > > > I  G > > > I  H > > > I  I > > > I  J > > > I  K > > > I  L > > > I  M > > > I  N > > > I  O > > > A I  P > > > A I  Q > > > A I  R > > > A I  S > > > A I  T > > > A I  U > > > A I  V > > > A I  W > > > A I  X > > > A I  Y > > > A I  Z > > > A I  [ > > > A I  \ > > > A I  ] > > > A I  ^ > > > A I  _ > > > A I  Dl`@a@b@c@d@e@f@g@h@i@j@k@l@m@n@o@p@q@r@s@t@u@v@w@x@y@z@{@|@}@~@@` > > > A I  a > > > A I  b > > > A I  c > > > A I  d > > > A I  e > > > A I  f > > > A I  g > > > A I  h > > > A I  i > > > A I  j > > > A I  k > > > A I  l > > > A I  m > > > A I  n > > > A I  o > > > A I  p > > > A I  q > > > A I  r > > > A I  s > > > A I  t > > > A I  u > > > A I  v > > > A I  w > > > A I  x > > > A I  y > > > A I  z > > > A I  { > > > A I  | > > > A I  } > > > A I  ~ > > > A I   > > > A I  Dl@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ > > > A I   > > > A I   > > > A I   > > > A I   > > > A I   > > > A I   > > > A I   > > > A I   > > > A I   > > > A I   > > > A I   > > > A I   > > > A I   > > > A I   > > > A I   > > > A I   > > > A I   > > > A I   > > > A I   > > > A I   > > > A I   > > > A I   > > > A I   > > > A I   > > > A I   > > > A I   > > > A I   > > > A I   > > > A I   > > > A I   > > > A I   > > > A I  Dl@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ > > > A I   > > > A I   > > > A I   > > > A I   > > > A I   > > > A I   > > > A I   > > > A I   > > > A I   > > > A I   > > > A I   > > > A I   > > > A I   > > > A I   > > > A I   > > > A I   > > > A I   > > > A I   > > > A I   > > > A I   > > > A I   > > > A I   > > > A I   > > > A I   > > > A I   > > > A I   > > > A I   > > > A I   > > > A I   > > > A I   > > > A I   > > > A I  Dl@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ > > > A I   > > > A I   > > > A I   > > > A I   > > > A I   > > > A I   > > > A I   > > > A I   > > > A I   > > > A I   > > > A I   > > > A I   > > > A I   > > > A I   > > > A I   > > > A I   > > > A I   > > > A I   > > > A I   > > > A I   > > > A I   > > > A I   > > > A I   > > > A I   > > > A I   > > > A I   > > > A I   > > > A I   > > > A I   > > > A I   > > > A I   > > > A I  Dl@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ > > > A I   > > > A I   > > > A I   > > > A I   > > > A I   > > > A I   > > > A I   > > > A I   > > > A I   > > > A I   > > > A I   > > > A I   > > > A I   > > > A I   > > > A I   > > > A I   > > > A I   > > > A I   > > > A I   > > > A I   > > > A I   > > > A I   > > > A I   > > > A I   > > > A I   > > > A I   > > > A I   > > > A I   > > > A I   > > > A I   > > > A I   > > > A I  Dl@@@@@@@@@ @ @ @ @ @@@@@@@@@@@@@@@@@@@ > > > A I   > > > A I   > > > A I   > > > A I   > > > A I   > > > A I   > > > A I   > > > A I   > > > A I    > > > A I    > > > A I    > > > A I    > > > A I    > > > A I   > > > A I   > > > A I   > > > A I   > > > A I   > > > A I   > > > A I   > > > A I   > > > A I   > > > A I   > > > A I   > > > A I   > > > A I   > > > A I   > > > A I   > > > A I   > > > A I   > > > A I   > > > A I  Dl @!@"@#@$@%@&@'@(@)@*@+@,@-@.@/@0@1@2@3@4@5@6@7@8@9@:@;@<@=@>@?@  > > > A I  ! > > > A I  " > > > A I  # > > > A I  $ > > > A I  % > > > A I  & > > > A I  ' > > > A I  ( > > > A I  ) > > > A I  * > > > A I  + > > > A I  , > > > A I  - > > > A I  . > > > A I  / > > > A I  0 > > > A I  1 > > > A I  2 > > > A I  3 > > > A I  4 > > > A I  5 > > > A I  6 > > > A I  7 > > > A I  8 > > > A I  9 > > > A I  : > > > A I  ; > > > A I  < > > > A I  = > > > A I  > > > > A I  ? > > > A I  Dl@@A@B@C@D@E@F@G@H@I@J@K@L@M@N@O@P@Q@R@S@T@U@V@W@X@Y@Z@[@\@]@^@_@@ > > > A I  A > > > A I  B > > > A I  C > > > A I  D > > > A I  E > > > A I  F > > > A I  G > > > A I  H > > > A I  I > > > A I  J > > > A I  K > > > A I  L > > > A I  M > > > A I  N > > > A I  O > > > A I  P > > > A I  Q > > > A I  R > > > A I  S > > > A I  T > > > A I  U > > > A I  V > > > A I  W > > > A I  X > > > A I  Y > > > A I  Z > > > A I  [ > > > A I  \ > > > A I  ] > > > A I  ^ > > > A I  _ > > > A I  Dl`@a@b@c@d@e@f@g@h@i@j@k@l@m@n@o@p@q@r@s@t@u@v@w@x@y@z@{@|@}@~@@` > > > A I  a > > > A I  b > > > A I  c > > > A I  d > > > A I  e > > > A I  f > > > A I  g > > > A I  h > > > A I  i > > > A I  j > > > A I  k > > > A I  l > > > A I  m > > > A I  n > > > A I  o > > > A I  p > > > A I  q > > > A I  r > > > A I  s > > > A I  t > > > A I  u > > > A I  v > > > A I  w > > > A I  x > > > A I  y > > > A I  z > > > A I  { > > > A I  | > > > A I  } > > > A I  ~ > > > A I   > > > A I  Dl@@@@@@ > > > A I   > > > A I   > > > A I   > > > A I   > > > A I   > > > A I  d>@> : A ggD g2ɀ VH II^$I  dMbP?_*+%&?'?(?)?M \\MBPS1\1S153A-LX(S odXXLetterPRIV0''''d"\KhC>i$SMTJLexmark Universal PS3Resolution600dpiOutputBinPrinterSettingStapleLocationFalseHolePunchFalseJogFalseFoldLocationFalseCollateTrueBookletNoCoverFalseBookletFFrontCoverFalseBookletBFrontCoverFalseBookletFBackCoverFalseBookletBBackCoverFalseBookletMaintainFalseBasicLayoutTrueFinisherBookletNoFoldJCLTonerDarknessNoneMediaTypeNoneBookletMediaTypeNoneAllColorsToBlackFalseDuplexNoneJCLPortRotationNoneHasKeepPreviousPHJobsTrueHasPrintandHoldTrueAdvancedBoookletAlgorithmTrueStatusWindowFalseShowStatusWindowAfterPrintingFalseHasPrintQualityTrueBitmapIDNoneSmallFontEnhancerFalsePixelBoostTrueNewDuplexTrueIsCustomPageTruePageSizeLetterPageRegionInputSlot*UseFormTrayTableBookletInputSlotAutoSelect"KMXLArialHdArialHd< UseSameSize"d,,??&U} } $4} } 2} } %| } % } % } V  @@         @ @ @             { q  { q  z z  z  z  k S2  1  0  / u . g - g , g +f  *   u )  (  9>  'f  &   u %  $ g g #f     u "  ! g g f     u    g g f     u    g g f     u    g g  f      u    g g  f      u    g * g  f     * u   g g  f     u   g { g  f      u    g  g f    ! u   g  g f    ! u  g  g f    ! u  g 9> g f    u  g 9> g :>f    ] u  g 9> g :>f   ؘ  ] u  g ژ g :>f  ٘  ؘ  ] u  g ژ g :>f  ٘  ؘ  ] u  g ژ g :>f  ٘  ؘ  ] u  g ژ g :>f  ٘  ؘ  ] u  g ژ g :>f  ٘  ؘ  ] u  g ژ g :>f  ٘  ؘ  ] u  g ژ g :>f  ٘  ؘ  ] u  ߘ g ژ g :>f  ٘  ؘ  ] u ޘ  ݘ g ژ g :>f  ٘  ؘ  ] u ܘ  ۘ g ژ g :>f  ٘  ؘ  ] u ט  ֘ g g ՘f  Ԙ   u Ә  Ҙ g g јf  Ș  ǘ  ИD.l phhhhhhhhhhhlllhllllllllllll^ !"#$% & ' ( ) * + , - . / 01234 5 6 7 8 9 : ; < = > ?  u Ϙ  Θ g c g ͘ f  Ș  ǘ  !u ̘ ! ˘ !g ʘ !g ɘ!f ! Ș ! ǘ! "u Ƙ " "g 9> "g "f " Ę "  #u Ř # #g 9> #g #f # Ę #  $u Ø $ ˜ $g $g $f $ $ $ %u % %g %g %f % % % * &u & &g { &g &f & & & / 'u ' 'g { ' 'f ' ' ' / (u ( (g { (g (f ( ( ( / )u ) )g { )g )f ) ) ) / *u * *g { *g *f * * * / +u + +g { +g +f + + + / ,u , ,g ,g ,f , , , ! -u - -g -g -f   - .u .g .g .g .f   . /u / /g /g /f   / 0u 0 0g 0g 0f   0 80 1u 1 1g 1g 9 1f   1 81 2u 2 2g 2g 2f   2 82 3u 3 3g 3g 9 3f   3 83 4u 4 4g 4g 4f   4 5u 5 5g 5g 5f   5 p 6u 6 6g 6g  6f   6 p 7u ~ 7 } 7g s 7g |7f 7 q7 7 p 8u { 8 z 8g s 8g y8f 8 q8 8 p 9u x 9 w 9g s 9g v9f 9 q9 9 p :u u : t :g s :g r:f : q: : p ;u o ; n ;g ڔ ;g ;f   ; ] <u m < l <g <g <f   < ] =u k = j =g GS =g =f   = ] >u i > h >g ڔ >g >f   > ] ?u g ? f ?g ?g ?f   ? ]Dlhh^^hhhhhhhhlVVV^^^^VVVhhhhVVVV@ A B C D E F G HIJKLMNOP Q R S T U @u e @ d @g GS @g @f   @ ] Au c A b Ag ڔ Ag Af   A ] Bu a B ` Bg Bg Bf   B ] Cu _ C ^ Cg GS Cg Cf   C ] Du \ D [ Dg Dg X Df   D Q Eu Z E Y Eg S Eg X Ef   E Q Fu W F V Fg Fg R Ff   F Q Gu U G T Gg S Gg R Gf   G Q Hu P H O Hg N Hg M Hf   H 8H Iu L I K Ig J Ig 9 If   I 8I Ju I J H Jg G Jg F Jf   J 8J Ku E K D Kg Kg C Kf   K 8K Lu B L A Lg @ Lg 9 Lf   L 8L Mu ? M > Mg Mg = Mf   M 8M Nu < N ; Ng : Ng 9 Nf   N 8N Ou 7 O 6 Og 5 Og 4 Of   O 3O Pu 2 P 1 Pg Pg 0 Pf   P / Qu . Q - Qg Qg Qf   Q * Ru , R + Rg Rg Rf   R * Su ) S ( Sg ' Sg & Sf   S ! Tu % T $ Tg # Tg " Tf   T ! Uu U  U  Ug  Uf   U U 0d VVVVVVVV^^^^^^^^VVVVV>@A yK Ohttp://tomcat.apache.org/tomcat-4.1-doc/config/valve.html#Access%20Log%20ValveyK http://tomcat.apache.org/tomcat-4.1-doc/config/valve.htmlyX;H,]ą'cAccess%20Log%20ValveggD g2ɀ L'Ii7IDI]FI  dMbP?_*+%&?'?(?)?"d,,??&U} } I9 } $ } 2 }  } % }  } m }  }  } L  ;` `   @                                      f S2  /  0   v g j g f   g g g u g j g f   g g g u g j g f   g g g u g m j g f   8 g g g u j j g f   8 g g g u g j g f   8 g g g u j j g f   8  g g g u g g g  f    g g g u g g g  f  p  g g g u g g g  f  p  g g g u g } g s j  f  p  g g g u g z g s j f  p g g g u g w g s j f  p g g g u g t g s j f  p g g g u g g ڔ g f  ] g g g u g g g f  ] g g g u g g GS g f  ] g g g u g g ڔ g f  ] g g g u g g g f  ] g g g u g g GS g f  ] g g g u g b g ڔ g f  ] g g g u g ` g g f  ] g g g u g ^ g GS g f  ] g g g u g [ g g Xf  Q g g g u g Y g S g Xf  Q g g g u g V g g Rf  Q g g g u g T g S g Rf  Q g g g u g g ` g f   o g g g u g  g ~ j } f   o g g g Dl~fffhhhhffffffffffffffffffffh ! " # $ % & ' ( ) * + , - . / 0 1 2 3 4 5 6 7 8 9 : ; < = > ?  u | g { g z j y f   o  g g g !u x !j w !j !j v !f  ! o! g g g "u u "j t "j "j s "f  " o" g g g #u r #g q #j #j p #f  # o# g g g $u n $g m $j $g l $f  $ 8$ g g g %u k %g j %j %g i %f  % 8% g g g &u h &g g &j &g f &f  & 8& g g g 'u e 'g d 'j 'g c 'f  ' 8' g g g (u b (g a (j ` (j _ (f  ( R( g g g )u ^ )j ] )j \ )j [ )f  ) R) g g g *u Z *j Y *j X *j W *f  * R* g g g +u V +j U +j T +j S +f  + R+ g g g ,u Q ,j P ,j ,j O ,f  , 8, g g g -u N -g M -g -g L-f - /- g g g .u K .g J .g .g I.f . /. g g g /u H /g G /g /g F/f / // g g g 0u E 0g D 0g 0g C0f 0 /0 g g g 1u B 1g 1 1g 1g A1f 1 /1 g g g 2u @ 2g - 2g 2g 2f 2 *2 g g g 3u ? 3g + 3g 3g 3f 3 *3 g g g 4u > 4H= 4H: 4H9 4f  4 84 g g g 5u < 5H; 5H: 5H9 5f  5 85 g g g 6u 7 6g - 6g 6g 6f 6 *6 g g g 7u 6 7g + 7g 7g 7f 7 *7 g g g 8u 5 8g 4 8g 8g 38f  8 2 8 g g g 9    9    : ; < = > ? D lhhhhhhhhhhhhhfffffffhhffh* @ABCDEFGHIJK@ A B C D E F G H I J K h >@  A  Identify Technical MechanismsEach technical meachanism should be identifed by a number. Therefore text in this cell should always begin with '(1) ', and additional technical mechanisms should be called out by '(#)'.aL@Bs(1) @  45ggD g2ɀ JQI`ITlImI  dMbP?_*+%&?'?(?)?MKhp photosmart 7350 series (red!@m߀dvertBe@RLdBeںں\\OFFICE\hp photosmart 7350 series,LocalOnly,DrvConvert"d,,??&U} } * } $ } 2 }  } % }  }  } m }  } J  ` `   @                                      f S2      0  v  g j g f     u  g j g f     u  j j g f      u  j m j g f   ޙ u  j j g f   ޙ u  g j g f    u  j j g f     u  g g j  f   u g g g  f     u g w g s g  f     u g t g s g  f     u  g g ڔ g f     u  g g g f     u  g g GS g f     u  g g ڔ g f    u  g g g f    u g g GS g f    u g b g ڔ g f    u g ` g g f    u g ^ g GS g f    u g [ g g X f     u j Y g S g X f     u j V g g R f     u g T g S g R f     u g g ` g f     u g  g ~ j f     u g { g z j y f     u g j j f     u g j j f    Dl~``b````X````````````bbbbbbbb ! " # $ % & ' ( ) * + , - . / 0 1 2 3 4 5 6 7 8 9 : ; < = > ?  u g q j j f     !u !g m !j !g !f  ! ޙ! "u "g j "j "g "f  " ޙ" #u #g g #j #g f #f  # ޙ# $u ߙ $g d $j $g c $f  $ ޙ$ %u ݙ %g a %j ` %g ܙ%f % ۙ %  &u ڙ &j ] &j \ &j [&f & ٙ &  'u ؙ 'j Y 'j X 'j W'f ' ֙ '  (u י (j U (j T (j S(f ( ֙ (  )u ՙ )j  )j  )j  )f  ) ) ) ԙ *u ә *g M *g *g L*f * Ι *  +u ҙ +g J +g +g I+f + Ι +  ,u љ ,g G ,g ,g F,f , Ι ,  -u Й -g D -g -g C-f - Ι -  .u ϙ .g 1 .g .g A.f . Ι .  /u ͙ /g - /g /g /f  / ˙/ / 2 0u ̙ 0g + 0g 0g 0f  0 ˙0 0 2 1u ʙ 1 ə 1 ș 1 Ǚ 1f  1 ƙ 1  2u ř 2Hę 2H: 2H9 2f  2 2 2 3u Ù 3H™ 3H: 3H9 3f  3 3 3 4u 4g 4g 4g 4f  4 4  5u 5 4 5 5 5f  5 26    6 7 8 9 : ; < = > ? Dx lb````````l`````llbllbX$ @ABCDEFGHI@ A B C D E F G H I , >@  A //yK 3http://tomcat.apache.org/tomcat-6.0-doc/setup.htmlyK ~http://tomcat.apache.org/tomcat-6.0-doc/setup.htmlyX;H,]ą'c00yK 3http://tomcat.apache.org/tomcat-6.0-doc/setup.htmlyK ~http://tomcat.apache.org/tomcat-6.0-doc/setup.htmlyX;H,]ą'c Identify Technical MechanismsEach technical meachanism should be identifed by a number. Therefore text in this cell should always begin with '(1) ', and additional technical mechanisms should be called out by '(#)'./L@Bs(1) @  23ggD g2ɀ  s@IIIII  dMbP?_*+%&ffffff?'ffffff?(?)?M\\mbps3\1S323A-HP<C odXXLetterDINU"T  'DSMTJHP Universal Printing PCL 6 (v5.2)InputBinFORMSOURCERESDLLUniresDLLHPDocUISUITrueESPRITSupportedTrueFastRes1bppResolution600dpiPrintQualityGroupPQGroup_2HPColorSmartAutomaticHPColorSmart_ColorOptions_EdgeControlNoCmdHPColorSmart_ColorOptions_HalftoneNoCmdHPColorSmart_Text_NeutralGraysNoCmdHPColorSmart_Text_HalftoneNoCmdHPColorSmart_Text_RGBColorNoCmdHPColorSmart_Graphics_NeutralGraysNoCmdHPColorSmart_Graphics_HalftoneNoCmdHPColorSmart_Graphics_RGBColorNoCmdHPColorSmart_Photo_NeutralGraysNoCmdHPColorSmart_Photo_HalftoneNoCmdHPColorSmart_Photo_RGBColorNoCmdOrientationPORTRAITHPOrientRotate180FalseDuplexVERTICALHPPrintOnBothSidesManuallyFalsePaperSizeLETTERHPConsumerCustomPaperTrueMediaTypeAUTOCollateOFFHPNUseDiffFirstPageChoiceTRUEHPPageExceptionsFileHPCPE112HPPageExceptionsInterfaceShowPageExceptionsHPPageExceptionsLowEndHPPageExceptionsLowEndVerHPPageExceptionsCoverInsertionHPOutputBinOrientationFACEDOWNPunchingNoneStaplingNoneHPStaplingOpposedFalseEconomodeFalseTextAsBlackFalseAlternateLetterHeadFalseHPSmartHubInet_SID_263_BID_514_HID_265OutputBinAutoHPDocPropResourceDatahpchl112.cabHPLpiSelectionNoneJPEGEnableAutoHPEasyColorOnHPMHDLLNameHPFIE112HP_DIBStitch_TintTestDisabledHPMediaTypeTreeviewPopupTrueHPColorModeCOLOR_MODEColorMode24bppTTAsBitmapsSettingTTModeOutlineHPPDLTypePDL_PCL6HPPJLEncodingUTF8HPJobAccountingHPJOBACCT_JOBACNT_GROUPNAMEHPBornOnDateHPBODHPColorPlaneHPCPHPJobByJobOverrideJBJOHPJobAccWoPinTrueHPXMLFileUsedhpcu1126.xmlHPSmartDuplexSinglePageJobTrueHPDuplicateJobNameOverrideSWFWHPEnableRAWSpoolingTrueRGBColorNoCmdJRConstraintsJRCHDFullJRHDInstalledJRHDOffJRHDNotInstalledJRHDOffHPBestGlossDefaultPSAlignmentFileHPCLS112IUPHxSRA4MeZfh'DLCX%e=8I6#=4MBB k+_Sy\5cv޽wpa($8M)ʸaFk^(Ck\2j8h`O ^8lu5~=CJY =77S˴@+ ®lWbFXR[q6Ru/{LrU#P) RxАz;,`?C {k)tX,=G}UoB=.hK^ ͉%6&/{9{6F4eu 48"{^AV-gy Xς18ifpZq+is~8{f,(Zg]FgaZц8vGN$N]p=83,<.}K+k1AM0#cw0qE"0&A0⸏ihAIb) ?  S S  tS 6  sS  !S !S ! !tS !6  !sS ! "S "S " "tS "6  "sS " #~S #}S # #tS #6  #sS # $|S ${S $ $tS $6  $sS $ %zS %yS % %tS %6  %sS % &xS &wS & &tS &6  &sS & 'vS 'uS ' 'tS '6  'sS ' (rS (eS (0S (qS (6  (pS ( )oS )nS ) )mS )6  )NS ) *lS *kS * *jS *6  *NS * +iS +hS +0S +gS +6  +NS + ,fS ,eS ,0S ,dS ,6  ,NS , -cS -bS -0S -aS -6  -NS - .`S ._S .0S .^S .6  .NS . /]S /\S /0S /[S /6  /NS / 0ZS 0YS 00S 0XS 06  0NS 0 1WS 1VS 10S 1US 16  1NS 1 2TS 2SS 20S 2RS 26  2NS 2 3QS 3PS 30S 3OS 36  3NS 3 4MS 4LS 4 4KS 46  4JS 4 5IS 5HS 5GS 5R 56  5FS 5 6ES 6DS 6CS 6BS 66  67 ~6 7AS 7@S 7 7?S 76  77 >S7 8=S 8'S >&S >%S >$S >6  >#S > ?"S ?!S ? ? S ?6  ?S?Dlbbbbbbbbbbbbbbbbbbbbbb```bbb`bb@ A B C D E F G H I J K L M N O P Q R S T U V W X Y Z [ \ ] ^ _  @S @S @S @S @6  @7 ~@ AS AS AS AS A6  A7 ~A B8 S B~ BS B~ B6  BSB CS CS CS CS C6  C~C DS DS D DSD6 DS D E S E S E E S E6  E7 ~ E7  F S F S FR FSF6 FS F GS GS G GS G6  G7 ~G HS HS H HS H6  H7 ~H IS IR I IR I6  I~I J8 R J~ J J~ J6  J~ J K8 R K~ KS K~ K6  K ~K LR LR L LR L6  L7 !~L MR MR M MR M6  M7 !~M NR NR NR NRN6 NR N O8 R OR O"~ OR O6  ORO P8 R PR PR PR P6  P#~P Q8 R QR Q$~ QR Q6  Q%~Q R8 R RR RR RR R6  RR R S8 R S&~ S'~ S(~ S6  S)~S T8 R TR T TR T6  T*~T U8 R UR UR UR U6  U+~U VR VR V VR V6  V,~V WR WR WR WR W6  W-~W XR XR XR XR X6  X.~X Y8 R Y7 R Y7 R Y7 R Y6 7 7  Y7 /~Y Z8 R Z7 R Z7 R Z7 R Z6 7 7  Z7 0~Z [R [R [R [R [6  [1~ [ \8 R \R \R \R \6  \2~\ ]8 R ]3~ ]R ]R ]6  ]4~] ^R ^R ^R ^R ^6  ^5~ ^ _R _R _R _R _6  _6~_Dl`````b````b```````b````````b``b` a b c d e f g h i j k l m n o p q r  `8 R `R `R `R `6  `7~` a8 R aR a a8~ a6  a9~a b8 R bR b b:~ b6  b;~b c8 R cR cR c<~ c6  c=~c d8 R dR dR d>~d6 d?~ d eR eR eR eR e6  e@~e fA~ fB~ f1 fC~ f9 S2 f fD~f: gE~ gF~ g1 gG~ g9 S2 g gH~g: hI~ hJ~ hK~ hL~ h9 S2 h hM~h: iN~ iO~ iP~ iQ~ i9 S2 i iR~i: jS~ jT~ jU~ jV~ j9 S2 j jW~j: kX~ kY~ kZ~ k[~ k9 S2 k k\~k: l]~ l^~ lR l_~ l9 S2 l?~ l:  m`~ ma~ mb~ mc~ m9 S2 m?~ m:  nd~ ne~ nf~ ng~ n9 S2 n nh~n; oi~ oj~ o ok~ o9 S2 o ol~o< pm~ p~ pn~ po~ p9 S2 p pp~p< q= q~ qr~ q qs~ q6  qSq r= t~ ru~ r rv~ r6  rSr* h``````llllllddlll`>@rrA ggD g2ɀ dI#I JJw.J?JSQJbJsJgJJJٲJJ]J%JJJ}KKEKK  dMbP?_*+%&?'?('}'}?)'}'}?Mb\\mbps1\1S147A-HPS odXXLetterPRIV0'''' \KhCN 7SMTJHP LaserJet 9050 PSESPRITSupportedTrueHPOrientationHPOrientationPortraitHPOrientRotate180FalsePostScriptCustomPageSizeFalseHPConsumerCustomPaperPSCustomHPSmartDuplexSinglePageJobTrueHPSmartDuplexOddPageJobTrueDuplexDuplexNoTumbleHPDuplicateJobNameOverrideSWFWPageSizeLETTERPageRegionLeadingEdgeInputSlot*UseFormTrayTableMediaTypeAutoHPNUseDiffFirstPageChoiceTrueHPPageExceptionsFileHPCPE5r1HPPageExceptionsInterfaceShowPageExceptionsHPPageExceptionsLowEndHPPageExceptionsLowEndVerHPPageExceptionsCoverInsertionHPMediaTypeDuplexConstraintsEXTRA_HEAVYHPDocUISUITruePSAlignmentFileHPCLS5r1PSServices_DeviceandSuppliesStatusTRUEHPSmartHub_OnlinediagnostictoolsTRUEHPSmartHub_SupportandtroubleshootingTRUEHPSmartHub_ProductmanualsTRUEHPSmartHub_CheckfordriverupdatesTRUEPSServicesOptionPrnStat_SID_242_BID_270_HID_15521HPSmartHubInet_SID_263_BID_276_HID_265JCLOptimizeForPLAINCollateFalseOutputBinAutoStapleLocationNoneAlternateLetterHeadFalseHPPaperSizeALMConstraintsENV_10TextAsBlackFalseHPEnableRAWSpoolingTrueHPDocPropResourceDataHPCabFileNameJCLEconomodeFalseJCLResolution600dpiJCLFastResTrueJCLHPPrintOnBothSidesManuallyFalseHPEdgeToEdgeTrueHPPJLEncodingUTF8HPJobAccountingHPJOBACCT_JOBACNTPrintQualityGroupPQGroup_1HPBornOnDateHPBODHPJobByJobOverrideJBJOHPColorModeMONOCHROME_MODEHPXMLFileUsedhpc9050s.xmlHPSendPJLUsageCmdCURIJRConstraintsJRCHDPartialJRHDInstalledJRHDOffJRHDNotInstalledJRHDOffHPJobAccWoPinTrueIUPHxoAǿ 1&M i .SJ\)U@ Bpă1 'xxmx&˖5!Җ!;XfGk@Z`Aq-PkY~S @p|sB4"I$mtx1qˍMK BH2~>p&qiDPu9;޴ =΀Eu6ꐖ~(?cMHQ]MX?W _ ukbGⷫHr_ hu aGA/z9Mec멯;G_hӍ;_V]w{VEwLׂ    ["d,, ` `? ` `?&`U} C} E} E} 2E} F}  Q} I3W} $)X} #Y} $ H  D D M                         N  N N N M?   {D   I J J JK J 2 Z Z [ _ !  ! 6> ! 7> #  ] ]/ _ !  ! 8> ! 7> #  ] ]/ _ !  ! 8> ! 7> #  ] ]/ _ !  ! 9> ! :> #  ] ]/ _ !  ! 9> ! :> #  ] ]/ _ !  ! 9> ! :> #  ] ]/ _ !  ! 9> ! :>  #  ] ] / _ !  ! 9> ! :>  #  ] ] / _ !  ! 9> ! :>  #  ] ] / _ !  ! 9> ! :>  #  ] ] / _ !  ! 9> ! :>  #  ] ] / _ !  ! 9> ! :> #  ] ]/ _ !  ! 9> ! :> #  ] ]/ _ !  ! 9> ! :> #  ^ ]/ _ !  ! 9> ! :> #  ] ]/ _ !  ! 9> ! :> #  ]  ] / _  ! ! ! 9> ! :> #  ]  ] / _ ! % ! 9> ! :> # $ ] ]/ _ ! ) ! 9> ! :> # ( ] ]/ _ ! - ! 9> ! :> # , ] ]/ _ ! 1 ! 9> ! :> # 0 ] ]/ _ !  ! 9> ! :> #  ] ]/ _ !  ! 9> ! :> #  ] ]!/ _" ! 5 ! 9> ! :> # 4 ]# 4 /  _$ ! 9 ! 9> ! :> # 8 ]% ]&/ _' ! = ! 9> ! :> # <5 0 (/ _) ! A ! 9> ! :> # @ ]% ]&/ _* ! A ! 9> ! :> # + ], ]B/ _- ! / ! 9> ! :> # . ] ]0/ Dl88zvvvvvvvvvvvvvvvvvvvvvvvlvrvv ! " # $ % & ' ( ) * + , - . / 0 1 2 3 4 5 6 7 8 9 : ; < = > ?  _1 ! E ! 9> ! :>  # D ]2 ]3 / !_4 !! I !! 9> !! :>! !# H !]5 !]6!/ "_7 "! M "! 9> "! :>" "# L "]8 "]9"/ #_: #! a #! 9> #! :># ## ` #]; #]<#/ $_= $! ? $! 9> $! :>$ $# > $] $]@$/ %_A %! C %! 9> %! :>% %# B %]D %]/  &_E &! k &! 9> &! :>& &# j &]F &]G&/ '_H '! s '! 9> '! :>' '# r ']I ']J'/ (_K (! w (! 9> (! :>( (# v (]L (]M(/ )_N )! P )! 9> )! :>) )# O )] )]Q)/ *_R *! T *! 9> *! :>* *# S *] *]U*/ +_V +! { +! 9> +! :>+ +# z +] +]+/ ,_W ,!  ,! 9> ,! :>, ,# ~ ,]X ,]Y,/ -_Z -!  -! 9> -! :>- -#  -][ -]\-/ ._] .!  .! 9> .! :>. .#  .]^ .]_./ /_` /!  /! 9> /! :>/ /#  /]a /]b// 0_c 0!  0! 9> 0! :>0 0#  0] 0]d0/ 1_e 1!  1! 9> 1! :>1 1#  1] 1]f1/ 2_g 2!  2! 9> 2! :>2 2#  2]h 2]i2/ 3_j 3! l 3! 9> 3! :>3 3# k 3]m 34 /  4_n 4!  4! 9> 4! :>4 4#  4]o 4]p4/ 5_q 5!  5! 9> 5! :>5 5#  5]r 5]s5/ 6_t 6! S 6! 9> 6! :>6 6# R 6]u 6]v6/ 7_w 7! [ 7! 9> 7! :>7 7# Z 7]x 7]y7/ 8_z 8! k 8! 9> 8! :>8 8# j 8]{ 8]|8/ 9_} 9!  9! 9> 9! :>9 9# ~ 9]~ 9]9/ :_ :!  :! 9> :! :>: :#  :] :1 /  ;_ ;!  ;! 9> ;! :>; ;#  ;] ;];/ <_ <!  <! 9> <! :>< <#  <] <]</ =_ =!  =! 9> =! :>= =#  =] =]=/ >_ >!  >! 9> >! :>> >#  >] >]>/ ?_ ?!  ?! 9> ?! :>? ?#  ?] ?]?/ D"lvvvvvlvvvvvvvvvvvvvlvvvvvvlvvvv@ A B C D E F G H I J K L M N O P Q R S T U \V \W \X \Y \Z \[ \\ \] \^ \_  @_ @!  @! 9> @! :>@ @#  @] @]@/ A_ A!  A! 9> A! :>A A#  A] A]A/ B_ B!  B! 9> B! :>B B#  B] B]B/ C_ C!  C! 9> C! :>C C#  C] C]C/ D_ D!  D! 9> D! :>D D#  D] D]D/ E_ E!  E! 9> E! :>E E#  E] E]E/ F_ F!  F! 9> F! :>F F# F]~ F]p@F/ G_ G!  G! 9> G! :>G G# G] G]G/ H_ H!  H! 9> H! :>H H#  H] H]H/ I_ I!  I! 9> I! :>I I#  I] I]I/ J_ J!  J! 9> J! :>J J#  J] J]J/ K_ K!  K! 9> K! :>K K#  K] K]K/ L_ L! ) L! 9> L! :>L L# ( L] L]L/ M_ M!  M! 9> M! :>M M#  M] M]M/ N_ N! 1 N! 9> N! :>N N# 0 N^ N]N/ O_ O! 5 O! 9> O! :>O O# 4 O] O]O/ P_ P! > P! 9> P! :>P P# = P] P]P/ Q_ Q! B Q! 9> Q! :>Q Q# A Q] Q]Q/ R_ R! G R! 9> R! :>R R# F R] R]R/ S_ S! U S! 9> S! :>S S# T S] S]S/ T_ T! Z T! 9> T! :>T T# Y T] T4 /  U_ U!  U! 9> U! :>U U#  U] U]U/ V_ V!  V! 9> V! :>V V#  V] V]V/ W_ W!  W! 9> W! :>W W#  W] W]W/ X_ X!  X! 9> X! :>X X#  X] X]X/ Y_ Y!  Y! 9> Y! :>Y Y#  Y] Y]Y/ Z_ Z!  Z! 9> Z! :>Z Z#  Z] Z]Z/ [_ [!  [! 9> [! :>[ [#  [] [][/ \_ \!  \! 9> \! :>\ \#  \] \]\/ ]_ ]!  ]! 9> ]! :>] ]#  ]] ]]]/ ^_ ^!  ^! 9> ^! :>^ ^#  ^] ^] ^/ __ _! f _! 9> _! :>_ _# e _] _] _/ D.lvvvvvvrrvvvvvvvvvvvvlvvvvvvvvvv` a b c d e f g h i j k l m n o p q r s t u v w x y z { | } ~   `_ `! k `! 9> `! :>` `# j `] `] `/ a_ a! o a! 9> a! :>a a# n a] a4 /  b_ b! t b! 9> b! :>b b# s b] b] b/ c_ c!  c! 9> c! :>c c#  c] c] c/ d_ d!  d! 9> d! :>d d#  d] d] d/ e_ e!  e! 9> e! :>e e#  e] e] e/ f_ f!  f! 9> f! :>f f#  f] f] f/ g_ g!  g! 9> g! :>g g#  g] g]/  h_ h!  h! 9> h! :>h h# h] h]h/ i_! i!  i! e" i! ;>i i#  i]" i]# i/ j_$ j!  j! e" j! <>j j#  j]% j]& j/ k_' k!  k! e" k! =>k k#  k]( k]) k/ l_* l!  l! e" l! >>l l#  l]+ l], l/ m_- m!  m! e" m! ?>m m#  m]. m]/ m/ n_0 n!  n! e" n! @>n n#  n]1 n]2 n/ o_3 o! ' o! e" o! A>o o# & o]4 o]5 o/ p_6 p! 2 p! e" p! B>p p# 1 p]7 p]8 p/ q_9 q! = q! e" q! C>q q# < q]: q]; q/ r_< r! H r! e" r! D>r r# G r]= r]> r/ s_? s! S s! e" s! E>s s# R s]@ s]A s/ t_B t! ^ t! e" t! F>t t# ] t]C t]D t/ u_E u! i u! e" u! G>u u# h u]F u]G u/ v_H v! t v! e" v! H>v v# s v]I v]J v/ w_K w!  w! e" w! I>w w# ~ w]L w]M w/ x_N x!  x! e" x! J>x x#  x]O x]P x/ y_Q y!  y! e" y! K>y y#  y]R y]S y/ z_T z!  z! e" z! L>z z#  z]U z]V z/ {_W {!  {! e" {! M>{ {#  {]X {]Y {/ |_Z |!  |! e" |! N>| |#  |][ |]\ |/ }_] }!  }! e" }! O>} }#  }]^ }]_ }/ ~_` ~!  ~! e" ~! P>~ ~#  ~]a ~]b ~/ _c !  ! e" ! Q> #  ]d ]e / D,lvlvvvvvlvvvvvvvvvvvvvvvvvvvvvvv                     O O           _f !  ! e" ! R> #  ]g ]h / _i !  ! e" ! S> #  ]j ]k / _l !  ! e" ! T> #  ]m ]n / _o !  ! e" ! U> #  ]p ]q / _r !  ! e" ! V> #  ]s ]t / _u !  ! e" ! W> #  ]v ]w / _x ! # ! e" ! X> # " ]y ]z / _{ ! . ! e" ! Y> # - ]| ]} / _~ ! 7 ! e" ! Z> # 6 ] ] / _ ! t !  ! [> # s ] ] / _ !  !  ! [> # ~ ] ] / _ !  ! \> ! [> #  ] ] / _ !  !  ! [> #  ] ] / _ !  !  ! [> #  ] ] / _ !  !  ! [> #  ] ] / _ !  !  ! [> #  ] ] / _ !  !  ! ]> #  ] ] / _ !  !  ! ]> #  ] ] / _ !  !  ! [> #  ] ] / _ !  !  ! [> #  ] ] / _ !  !  ! [> #  ] ] / _ !  !  ! [> #  ] ] / _ !  !  ! [> #  ] ] / _ !  !  ! [> #  ] ] / _ !  !  ! [> #  ] ]/ _ !  !  ! [> #  ] ]/ _ !  !  ! [> #  ] ] / _ !  !  ! [> #  ] ] / _ !  !  ! [> # ] ]/ _ ! !  ! [> # ] 1 / _ !  !  ! ^> #  ] ] / _ !  ! _> ! `> #  ] ] / D@lvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv P P   P P   P P                       _ !  ! a> ! b> #  ] ] / _ ! ) ! * !  # (] ] / _ ! 2 !  ! c> # 1 ] ] / _ ! = ! _> ! d> # < ] ] / _ ! H ! e> ! b> # G ] ] / _ ! Q ! * !  # P] ] / _ ! Y !  ! f> # X ] ] / _ ! d ! _> ! g> # c ] ] / _ ! o ! e> ! b> # n ] ] / _ ! x ! * !  # w] ] / _ !  ! * ! [> #  ] ]/ _ !  ! * ! [> #  ] ] / _ !  ! * ! [> #  ] ] / _ ! ! h> ! i> # ] ] / _ !  !  ! [> #  ] ] / _ !  ! j> ! [> #  ] ] / _ !  !  ! [> #  ] ] / _ !  ! k> ! l> #  ] ]/ _ !  ! k> ! m> #  ] ]/ _ !  ! k> ! n> #  ] ] / _ !  ! k> ! o> #  ] ]/ _ !  ! k> ! p> #  ] ]/ _ !  ! k> ! q> #  ] ]/ _ !  ! k> ! r> #  ] ]/ _ !  ! k> ! s> #  ] ] / _ ! 9 ! k> ! t> # 8 ] 4 /  _ ! ? ! k> ! u> # > ] ]/ _ ! D ! k> ! v> # C ] ] / _ ! M ! k> ! w> # L ] ] / _ ! Q ! k> ! x> # P ] ] / _! ! U ! k> ! y> # T ]! ]/ _! ! \ ! k> ! z> # [ ]! ]/ D lvhvvvhvvvhvvvvvvvvvvvvvvvlvvvvv          N                       _! ! d ! k> ! {> # c ]! ]/ _! ! } ! k> ! |> # | ]! ]!/ _ ! !  ! k> ! }> #  ] ! ]/ _ ! !  ! k> ! ~> # ! ] ! ]/  _! !  ! k> ! > # ! ]! ]/  _! ! ( ! k> ! > # !] ]!/ _! !  ! > ! > # ] ]!/ _! !  ! > ! > #  ] ]!/ _! ! ! !  ! [> # ! ]! ]/  _! !  !  ! > #  ] ]!/ _! !  ! > ! > #  ] ]!/ _ ! ! "! !  ! > # !!] ]#!/ _$! !  !  ! > #  ] ]%!/ _&! ! * ! > ! > # ) ]'! ](!/ _)! ! 3 ! > ! > # 2 ]*! ]/ _+! ! ,! !  ! > # ; ]-! ]/ _.! ! A !  ! > # @ ]/! ]0!/ _1! ! F !  ! > # E ]2! ]3!/ _4! ! P !  ! > # O ]5! ]6!/ _7! ! V !  ! > # U ]8! ]9!/ _:! ! ^ !  ! > # ] ];! ]/ _ # a ]=! ]>!/ _?! ! g !  ! > # f ]@! ]/ _A! ! k ! > ! > # j ]B! ]C!/ _D! ! o ! > ! > # n ]E! ]F!/ _G! ! w !  ! > # v ]H! ]I!/ _J! !  !  ! > # ~ ]K! ]L!/ _M! !  !  ! > #  ]N! ]O!/ _P! !  !  ! > #  ]Q! ]R!/ _S! !  !  ! > #  ]T! ]/ _U! ! W! !  ! > # V! ]X! ]/  _Y! ! [! !  ! > # Z! ]\! ]/ Dlvvvllrrvlvvrvvvvvvvvvvvvvvvvvvl                                 _]! ! _! ! > ! > # ^! ]`! ]/  _a! !  ! > ! > #  ]b! ]c!/ _d! !  !  ! > #  ]e! ]f!/ _g! !  ! > ! > #  ]h! ]i!/ _j! !  ! > ! > #  ]k! ]l!/ _m! !  ! > ! > #  ]n! ]o!/ _p! !  !  ! > #  ]q! ]r!/ _s! !  !  ! > #  ]t! ]/ _u! !  !  ! > #  ]v! ]w!/ _x! ! z! ! > ! > # y!] ]{!/ _|! !  ! > ! > # ] ]}!/ _~! !  !  ! > # ] ]!/ _! ! # !  ! > # !] ]!/ _! ! - !  ! > # !] ]!/ _! !  !  ! [> #  ]! ]/ _! !  ! > ! [> #  ]! ]!/ _! !  ! > ! [> #  ]! ]!/ _! ! & !  ! > # % ]! ]!/ _! ! 1 !  ! > # 0 ]! ]/ _! ! : !  ! > # 9 ]! ]/ _! ! D !  ! > # C ]! ]!/ _! ! M ! > ! > # L ]! ]!/ _! ! !! ! > # !] ]!/ _! ! X !  ! > # W ]! ]!/ _! ! b !  ! > # a ]! ]!/ _! ! l !  ! > # k ]! ]!/ _! ! v !  ! > # u ]! ]/ _! ! ~ !  ! > # } ]! ]!/ _! !  !  ! > #  ]! ]!/ _! !  !  ! > #  ]! ]/ _! !  !  ! > #  ]! ]!/ _! !  ! > ! > #  ]! ]!/ Dllvvvvvvvvrrrrrvvvvvvvvnvvvvvvvv     `                                 _! ! ! ! > ! [> # ! ]! ]!/ _! !  ! > ! > #  ]! ]!/ _! !  !  ! > #  ]! ]!/ _! !  !  ! > #  ]! ]!/ _! ! ! !  ! [> # ! ]! ]!/ _! !  !  ! > #  ]! ]!/ _! !  !  ! > #  ]! ]/ _! !  !  ! > #  ]! ]!/ _! !  !  ! > #  ]! ]/ _! !  !  ! >  #  ]! ]! / _! !  ! > ! >  #  ]! ]! / _! !  ! > ! >  #  ]! ]! / _! !  !  ! >  #  ]! ] / _! ! # !  ! >  # " ]! ] / _! ! - !  ! > # , ]! ]/ _! ! 7 ! > ! > # 6 ]! ]!/ _! ! B !  ! > # A ]! ]!/ _! !  ! > ! > #  ]! ]!/ _! ! ! !  ! > # ! ] ]!/ _! : !  ! > # ! ] ]!/ _! # ! > ! > # " ] ]!/ _! !  !  ! > #  ] ]!/ _! ! ! !  ! > # ! ] ]!/ _! ! H !  ! > # G] ]!/ _! ! L !  ! > # K] ]!/ _" ! R !  ! > # Q] ]"/ _" ! " !  ! > # "] ]"/ _" ! X !  ! > # W] ]"/ _" ! \ !  ! > # [] ] "/ _ " ! ` !  ! > # _] ] "/ _ " ! d !  ! > # c] ] "/ _" ! " !  ! > # " ] ]"/ D lvvvvvvvvvvvvvvvvvvvvvvvrrrrrrrr  ! " # $ % & ' ( ) * + , - . / 0 1 2 3 4 5 6 7 8 9 : ; < = > ?  _" ! " !  ! >  # " ] ]" / !_" !! | !!  !! >! !# {!] !]"!/ "( " ") ")  ") >" "* "] "]""/ #( " #) #)  #) ># #* #] #]"#/ $( " $)  $)  $) >$ $*  $] $]"$/ %( " %A* %)  %) >% %* ) %] %]!"%/ &( "" &A8 &)  &) >& &* 7 &] &]#"&/ '( $" 'A? ') > ') >' '* > '] ']%"'/ (( &" (A[ ()  () >( (* Z (] (]'"(/ )( (" )& *" )! !  )# )" )]]/  *( +" *!  *!  *! $* *# *] *],"*/ +( -" +!  +!  +! $+ +# +] +],"+/ ,2 ." ,!  ,! k> ,! >, ,# ,] ,]/",/ -2 0" -! 2" -! k> -! >- -# 1"-] -]3"-/ .2 4" ." K ." e" ." >. .# J.] .]5"./ /2 6" /! V /! k> /! >/ /# U/] /]7"// 02 8" 0! :" 0! k> 0! >0 0# 9"0] 0];"0/ 12 <" 1! >" 1!  1! ?"1 1# ="1] 1]@"1/ 22 A" 2! C" 2! k> 2! >2 2# B"2] 2]D"2/ 32 E" 3!  3! k> 3! >3 3# 3] 3]F"3/ 42 G" 4"  4!  4H"4 43 4] 4]I"4/ 52 J" 5L" 5! k> 5! >5 5# K"5] 5]M"5/ 62 N" 6" , 6" k> 6" >6 6# +6] 6]O"6/ 72 P" 7"  7"  7" >7 7# 7] 7]Q"7/ 82 R" 8! f 8! k> 8! >8 8# e8] 8]S"8/ 92 T" 9"  9" e" 9!  9# 9] 9]U"9/ :2 V" :"  :" 9> :" :>: :# :] :]W":/ ;2 X" ;!  ;! k> ;! >; ;# ;] ;]Y";/ <2 Z" <"  <!  <!  <# <] <]["</ =2 \" =!  =!  =!  =# =] =]]"=/ >2 ^" >!  >!  >!  ># >] >]_">/ ?2 `" ?"  ?! * ?!  ?# ?] ?]a"?/ DflrrrrrrrrrJrrrrrrrrrrrrrrrhrrhhh@ A B C D E F G H I J K L M N O P Q R S T U V W X Y Z [ \ ] ^ _  @2 b" @!  @!  @!  @# @] @]c"@/ A2 d" A!  A! e" A!  A# A] A]f"A/ B2 g" B" t B" k> B" >B B# sB] B]h"B/ C2 i" C!  C! k> C! >C C# C] C]j"C/ D2 k" D"  D! !  D# D] D]l"D/ E2 m" E! n" E! k> E! > E# ] E]o"E/ F2 p" F" U F" e" F" >F F# TF] F]q"F/ G2 r" G! ) G! k> G! >G G# (G] G]s"G/ H2 t" H"  H" k> H" >H H# H] H]u"H/ I2 v" I! b I! k> I! >I I# aI] I]w"I/ J2 x" J"  J" k> J" >J J# J] J]y"J/ K2 z" K"  K! !  K# K] K]{"K/ L2 |" L!  L! k> L! >L L# L] L]}"L/ M2 ~" M!  M! k> M! >M M# M] M]"M/ N2 " N! "N! ! # ] N]"N/ O2 " O!  O! k> O! >O O# O] O]"O/ P2 " P! F P! @ P!  P# EP] P]"P/ Q2 " Q!  Q!  Q! >Q' ]] Q/ " R2 " R! " R!  R! "R' ]] R/ " S2 " S! " S!  S! "S' ]] S/ " T2 " T! " T!  T! "T' ]] T/ " U2 " U!  U! > U! "U' ]] U/ " V2 " V!  V! 1 V! V' ]] V/ " W2 " W! " W! > W! "W' ]] W/ " X2 " X!  X!  X! "X' ]] X/ " Y2 " Y!  Y!  Y! "Y' ]] Y/ " Z2 " Z! " Z! " Z! >Z' ]] Z/ " [2 " [! " [! " [! >[' ]] [/ " \2 " \! " \!  \! "\' ]] \/ " ]2 " ]!  ]! > ]! "]' ]] ]/ " ^2 " ^! " ^! " ^! "^' ]] ^/ " _2 " _! " _! " _! "_' ]] _/ "Dlhhrr\`rrrrr\rrHrhXXXXXXXXXXXXXX` a b c d e f g h i j k l m n o p q r s t u v w x y z { | } ~   `2 " `! " `!  `! "`' ]] `/ " a2 " a!  a! > a! "a' ]] a/ " b2 " b! " b! " b! "b' ]] b/ " c2 " c! " c! " c! "c' ]] c/ " d2 " d! " d!  d! >d' ]] d/ " e2 " e! 9 e!  e! "e' ]] e/ " f2 " f!  f! > f! >f' ]] f/ " g2 " g! " g! " g! "g' ]] g/ " h2 " h! " h! > h! "h' ]] h/ " i2 " i! " i! 6, i! "i' ]] i/ " j2 " j! " j! 6, j! "j' ]] j/ " k2 " k! " k! ? k! ?k' ]] k/ " l2 " l! " l! ? l! ?l' ]] l/ " m2 " m! " m! ? m! ?m' ]] m/ " n2 " n! " n! ? n! ?n' ]] n/ " o2 " o! " o! k> o! ?o' ]] o/ " p2 " p! " p! ? p! ?p' ]] p/ " q2 " q! " q! ? q! ?q' ]] q/ " r2 " r! " r! ? r! ?r' ]] r/ " s2 " s! " s! ? s! ?s' ]] s/ " t2 " t! " t! ? t! ?t' ]] t/ " u2 " u! " u! ? u! ?u' ]] u/ " v2 " v! " v! ? v! ?v' ]] v/ " w2 " w! " w! k> w! ?w' ]] w/ " x2 " x! " x! k> x! ?x' ]] x/ " y2 " y! " y! k> y! ?y' ]] y/ " z2 " z! " z! k> z! ?z' ]] z/ " {2 " {! " {! ? {! ?{' ]] {/ " |2 " |! " |! k> |! ?|' ]] |/ " }2 " }! " }! ? }! ?}' ]] }/ " ~2 " ~! " ~! k> ~! ?~' ]] ~/ " 2 " ! " ! ? ! ?' ]] / "D lXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX                                 2 " ! " ! ? ! ?' ]] / " 2 " ! " ! k> ! ?' ]] / " 2 " ! " ! ? ! ?' ]] / " 2 " ! " ! ? ! ?' ]] / " 2 " ! " ! ? ! ?' ]] / " 2 " ! " ! ? ! ?' ]] / " 2 # ! # ! ? ! ?' ]] / " 2 # ! # ! ? ! ?' ]] / " 2 # ! # ! ? ! ?' ]] / " 2 # ! # ! ? ! ?' ]] / " 2 # ! # ! ? ! ?' ]] / " 2 # ! # ! ? ! ?' ]] / " 2 # ! # ! ? ! ?' ]] / " 2 # ! # ! ? ! !?' ]] / " 2 # ! # ! ? ! "?' ]] / " 2 # ! # ! ? ! #?' ]] / " 2 # ! # ! ? ! $?' ]] / " 2 # ! # ! ? ! %?' ]] / " 2 # ! # ! ? ! &?' ]] / " 2 # ! # ! ? ! '?' ]] / " 2 # ! # ! ? ! (?' ]] / " 2 # ! # ! ? ! )?' ]] / " 2 # ! j ! ? ! *?' ]] / " 2 !# ! "# ! ? ! +?' ]] / " 2 ## ! $# ! ? ! ,?' ]] / " 2 %# ! &# ! ? ! -?' ]] / " 2 '# ! (# ! ? ! ?' ]] / " 2 )# ! *# ! ? ! .?' ]] / " 2 +# ! ,# ! k> ! /?' ]] / " 2 -# !  ! ? ! 0?' ]] / " 2 .# ! /# ! ? ! 1?' ]] / " 2 0# ! 1# ! ? ! 2?' ]] / "D lXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX                                 2 2# ! 3# ! ? ! 3?' ]] / " 2 4# ! 5# ! ? ! 4?' ]] / " 2 6# ! 7# ! ? ! 5?' ]] / " 2 8# ! 9# ! ? ! 6?' ]] / " 2 :# ! ;# ! ? ! 7?' ]] / " 2 <# ! =# ! ? ! 8?' ]] / " 2 ># ! ?# ! ? ! 9?' ]] / " 2 @# ! A# ! ? ! :?' ]] / " 2 B# ! C# ! ? ! ;?' ]] / " 2 D# ! E# ! ? ! ?' ]] / J# 2 K# ! L# ! ? ! ??' ]] / J# 2 M# ! N# ! ? ! @?' ]] / J# 2 O# ! P# ! ? ! A?' ]] / J# 2 Q# ! R# ! ? ! B?' ]] / J# 2 S# ! T# ! ? ! C?' ]] / U# 2 V# ! W# ! ? ! D?' ]] / X# 2 Y# ! Z# !  ! E?' ]] / [# 2 \# ! ]# !  ! F?' ]] / [# 2 ^# ! _# !  ! G?' ]] / [# 2 `# ! a# ! H? ! I?' ]]/  2 b# ! c# !  ! J?' ]] / [# 2 d# ! e# !  ! K?' ]] / [# 2 f# ! g# !  ! L?' ]] / [# 2 h# ! i# ! 9> ! ' ]] / j# 2 k# ! l# ! 9> ! ' ]] / j# 2 m# ! n# ! 9> ! ' ]] / o# 2 p# ! q# ! 9> ! ' ]] / r# 2 s# ! t# ! 9> ! ' ]] / r# 2 u# ! v# ! 9> ! ' ]] / r# 2 w# ! x# ! 9> ! ' ]] / r#Dt lXXXXXXXXXXXXXXXXXXXXXLXXXXXXXXX                                 2 y# ! z# ! 9> ! ' ]] / r# 2 {# ! |# ! 9> ! ' ]] / r# 2 }# ! ~# ! 9> ! ' ]] / r# 2 # ! # ! 9> ! ' ]] / r# 2 # ! # ! 9> ! ' ]] / r# 2 # ! # ! 9> ! ' ]] / r# 2 # ! # ! 9> ! ' ]] / r# 2 # ! # ! 9> ! ' ]] / r# 2 # ! # ! 9> ! ' ]] / r# 2 # ! # ! 9> ! ' ]] / r# 2 # ! # ! 9> ! ' ]] / r# 2 # ! # ! 9> ! ' ]] / r# 2 # ! # ! 9> ! ' ]] / r# 2 # ! # ! 9> ! ' ]] / r# 2 # ! # ! 9> ! ' ]] / r# 2 # ! # ! 9> ! ' ]] / r# 2 # ! # ! 9> ! ' ]] / r# 2 # ! # ! 9> ! ' ]] / r# 2 # ! # ! 9> ! ' ]] / r# 2 # ! # ! 9> ! ' ]] / # 2 # ! # ! 9> ! ' ]] / # 2 # ! # ! 9> ! ' ]] / r# 2 # ! # ! 9> ! ' ]] / # 2 # ! # ! 9> ! ' ]] / # 2 # ! # ! 9> ! ' ]] / r# 2 # ! # ! 9> ! ' ]] / r# 2 # ! # ! 9> ! ' ]] / r# 2 # ! # ! 9> ! ' ]] / # 2 # ! # ! 9> ! ' ]] / # 2 # ! # ! 9> ! ' ]] / r# 2 # ! # ! 9> ! ' ]] / r# 2 # ! # ! 9> ! ' ]] / r#D lXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX                                 2 # ! # ! 9> ! ' ]] / r# 2 # ! # ! 9> ! ' ]] / # 2 # ! # ! 9> ! ' ]] / r# 2 # ! # ! 9> ! ' ]] / # 2 # ! # ! 9> ! ' ]] / r# 2 # ! # ! 9> ! ' ]] / r# 2 # ! # ! 9> ! ' ]] / r# 2 # ! # ! 9> ! ' ]] / r# 2 # ! # ! 9> ! ' ]] / r# 2 # ! # ! 9> ! ' ]] / r# 2 # ! # ! 9> ! ' ]] / r# 2 # ! # ! 9> ! ' ]] / r# 2 # ! # ! 9> ! ' ]] / # 2 # ! # ! 9> ! ' ]] / r# 2 # ! # ! 9> ! ' ]] / r# 2 # ! # ! 9> ! ' ]] / r# 2 # ! # ! 9> ! ' ]] / r# 2 # ! # ! 9> ! ' ]] / # 2 # ! # ! 9> ! ' ]] / r# 2 # ! # ! 9> ! ' ]] / # 2 # ! # ! 9> ! ' ]] / # 2 # ! # ! 9> ! ' ]] / # 2 # ! # ! 9> ! ' ]] / # 2 # ! # ! 9> ! ' ]] / # 2 # ! # ! 9> ! ' ]] / # 2 # ! # ! 9> ! ' ]] / # 2 # ! # ! 9> ! ' ]] / # 2 # ! # ! 9> ! ' ]] / # 2 # ! # ! 9> ! ' ]] / # 2 # ! # ! 9> ! ' ]] / # 2 # ! # ! 9> ! ' ]] / # 2 # ! # ! 9> ! ' ]] / #D lXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX                                      2 # ! # ! 9> ! ' ]] / # 2 # ! # ! 9> ! ' ]] / # 2 # ! $ ! 9> ! ' ]] / # 2 $ ! $ ! 9> ! ' ]] / # 2 $ ! $ ! 9> ! ' ]] / # 2 $ ! $ ! 9> ! ' ]] / # 2 $ ! $ ! 9> ! ' ]] / # 2 $ ! $ ! 9> ! ' ]] / # 2 $ ! $ ! 9> ! ' ]] / # 2 $ ! $ ! 9> !  ' ]] / # 2 $ ! $ ! 9> !  ' ]] / # 2 $ ! $ ! 9> !  ' ]] / # 2 $ ! $ ! 9> !  ' ]] / # 2 $ ! $ ! 9> !  ' ]] / # 2 $ ! $ ! 9> ! ' ]] / # 2 $ ! $ ! 9> ! ' ]] / # 2 $ ! $ ! 9> ! ' ]] / # 2 $ ! $ ! 9> ! ' ]] / # 2 $ ! $ ! 9> ! ' ]] / # 2 !$ ! "$ ! 9> ! ' ]] / # 2 #$ ! $$ ! 9> ! ' ]] / # 2 %$ ! &$ ! 9> ! ' ]] / # 2 '$ ! ($ ! 9> ! ' ]] / # 2 )$ ! *$ ! 9> ! ' ]] / # 2 +$ ! ,$ ! 9> ! ' ]] / # 2 -$ ! .$ ! 9> ! ' ]] / # 2 /$ ! 0$ ! 9> ! ' ]] / # 2 1$ ! 2$ ! 9> ! ' ]] / # 2 3$ ! 4$ ! 9> ! ' ]] / # 2 5$ ! 6$ ! 9> ! ' ]] / # 2 7$ ! 8$ ! 9> ! ' ]] / # 2 9$ ! :$ ! 9> ! ' ]] / #D lXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX  ! " # $ % & ' ( ) * + , - . / 0 1 2 3 4 5 6 7 8 9 : ; < = > ?  2 ;$ ! <$ ! 9> !  ' ]] / # !2 =$ !! >$ !! 9> !! !' ]] !/ # "2 ?$ "! @$ "! 9> "! "' ]] "/ # #2 A$ #! B$ #! 9> #! #' ]] #/ # $2 C$ $! D$ $! 9> $! $' ]] $/ # %2 E$ %! F$ %! 9> %! %' ]] %/ # &2 G$ &! H$ &! 9> &! &' ]] &/ # '2 I$ '! J$ '! 9> '! '' ]] '/ # (2 K$ (! L$ (! 9> (! (' ]] (/ # )2 M$ )! N$ )! 9> )! )' ]] )/ # *2 O$ *! P$ *! 9> *! *' ]] */ # +2 Q$ +! R$ +! 9> +! +' ]] +/ # ,2 S$ ,! T$ ,! 9> ,! ,' ]] ,/ # -2 U$ -! V$ -! 9> -! -' ]] -/ # .2 W$ .! X$ .! 9> .! .' ]] ./ # /2 Y$ /! Z$ /! 9> /! /' ]] // # 02 [$ 0! \$ 0! 9> 0! 0' ]] 0/ # 12 ]$ 1! ^$ 1! 9> 1! 1' ]] 1/ # 22 _$ 2! `$ 2! 9> 2! 2' ]] 2/ # 32 a$ 3! b$ 3! 9> 3! 3' ]] 3/ # 42 c$ 4! d$ 4! 9> 4! 4' ]] 4/ # 52 e$ 5! f$ 5! 9> 5! 5' ]] 5/ # 62 g$ 6! h$ 6! 9> 6! 6' ]] 6/ # 72 i$ 7! j$ 7! 9> 7! 7' ]] 7/ # 82 k$ 8! l$ 8! 9> 8! 8' ]] 8/ # 92 m$ 9! n$ 9! 9> 9! 9' ]] 9/ # :2 o$ :! p$ :! 9> :! :' ]] :/ # ;2 q$ ;! r$ ;! 9> ;! ;' ]] ;/ # <2 s$ <! t$ <! 9> <! <' ]] </ # =2 u$ =! v$ =! 9> =! =' ]] =/ # >2 w$ >! x$ >! 9> >! >' ]] >/ # ?2 y$ ?! z$ ?! 9> ?! ?' ]] ?/ #D lXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX@ A B C D E F G H I J K L M N O P Q R S T U V W X Y Z [ \ ] ^ _  @2 {$ @! |$ @! 9> @! @' ]] @/ # A2 }$ A! ~$ A! 9> A! A' ]] A/ # B2 $ B! $ B! 9> B! B' ]] B/ # C2 $ C! $ C! 9> C! C' ]] C/ # D2 $ D! $ D! 9> D! D' ]] D/ # E2 $ E! $ E! 9> E! E' ]] E/ # F2 $ F! $ F! 9> F! F' ]] F/ # G2 $ G! $ G! 9> G! G' ]] G/ # H2 $ H! $ H! 9> H! H' ]] H/ # I2 $ I! $ I! 9> I! I' ]] I/ # J2 $ J! $ J! 9> J! J' ]] J/ # K2 $ K! $ K! 9> K! K' ]] K/ # L2 $ L! $ L! 9> L! L' ]] L/ # M2 $ M! $ M! 9> M! M' ]] M/ # N_$ N! $ N! 9> N! N' ]] N/ j# O_$ O! $ O! 9> O! O' ]] O/ # P_$ P! $ P! 9> P! P' ]] P/ # Q_$ Q! $ Q! 9> Q! Q' ]] Q/ #R_! ! ! ' ]]/ S_! ! ! ' ]]/ T_! ! ! ' ]]/ U_! ! ! ' ]]/ V_! ! ! ' ]]/ W_! ! ! ' ]]/ X_! ! ! ' ]]/ Y_! ! ! ' ]]/ Z_! ! ! ' ]]/ [_! ! ! ' ]]/ \_! ! ! ' ]]/ ]_! ! ! ' ]]/ ^_! ! ! ' ]]/ __! ! ! ' ]]/ D8 lXXXXXXXXXXXXXXXXXX` a b c d e f g h i j k l m n o p q r s t u v w x y z { | } ~  `_! ! ! ' ]]/ a_! ! ! ' ]]/ b_! ! ! ' ]]/ c_! ! ! ' ]]/ d_! ! ! ' ]]/ e_! ! ! ' ]]/ f_! ! ! ' ]]/ g_! ! ! ' ]]/ h_! ! ! ' ]]/ i_! ! ! ' ]]/ j_! ! ! ' ]]/ k_! ! ! ' ]]/ l_! ! ! ' ]]/ m_! ! ! ' ]]/ n_! ! ! ' ]]/ o_! ! ! ' ]]/ p_! ! ! ' ]]/ q_! ! ! ' ]]/ r_! ! ! ' ]]/ s_! ! ! ' ]]/ t_! ! ! ' ]]/ u_! ! ! ' ]]/ v_! ! ! ' ]]/ w_! ! ! ' ]]/ x_! ! ! ' ]]/ y_! ! ! ' ]]/ z_! ! ! ' ]]/ {_! ! ! ' ]]/ |_! ! ! ' ]]/ }_! ! ! ' ]]/ ~_! ! ! ' ]]/ _! ! ! ' ]]/ Dl   _! ! ! ' ]]/ _! ! ! ' ]]/ _! ! ! ' ]]/  (>@K! " A ggD g2ɀ \Z*)K>KRK"iK}KʐK6K8K.L6LniLLNLF M7MdMВM MMN  dMbP?_*+%&?'?('}'}?)'}'}?M\\MBPS1\1S412-OC9284-5337-46DF  od XX0CourierArial 0X o   COPIES@PJL JOB NAME="!JOBNAME" @PJL SET GUISTARTJOB=1 @PJL EOJ  E222XXXXXXXXXXXXXXXC,EXXxxxxb 222XXXX,TOSHIBA eS282/283Series PSL3Mckinley1M24402XXXE0?ʡE??ʡE? 2222                                                   X1118050,E211111111111111111111111C,1003,E211,2124,E1,111302({111111C E222XXXXXXXXXXXXXXXXXXXXXC,D222,X,E2XXXXX2,D1,E011111111111121111111111C EXXX222222222222222222222C,E22X,X,EX2XXXXX,X0,SP:Drawer1Pap"d,, ` `? ` `?&`U} } } } 2} }  } } } } } I} m} m} m} }  } $ Z ``@@@@@ @ @ @  @@@@@@@@@@@@@@@@@        2 rD sD tD  uD  vD  wD         w~ x~   6> 7>+           8> 7>+           8> 7>+           9> :>+             9>  :>+             9> :>+           9> :> +            9> :> +            9> :> +            9> :> +               9> :> +               N? :>+           9> :>+           9> :>+           9> :>+           9> :>+           9> :>+                 9> :>+           9> :>+           9> :>+           9> :>+           9> :>+          ! 9> :>+   "      # % 9> :>+  $ &      ' ) 9> :>+  ( *      + - 9> :>+  , .      / 1 9> :>+  0 2      3 5 9> :>+  4 6      7 9 9> :>+  8 :      Dl|||r||||rr|||||||||||||||| @! "@#@$@%@&@'@(@)@*@+@,@-@.@/@0@1@2@3@4@5@6@7@8@9@:@;@<@=@>@?@ ; = 9> :> +  < >      !? !A !9> !:>!+ ! @! !B!       "C "E "9> ":>"+ " D" "F"      #G #I #9> #:>#+ # H# #J#      $K $M $9> $:>$+ $ L$ $N$      %O %Q %9> %:>%+ % P% %R%      &S &U &9> &:>&+ & T& &V&      'W 'Y '9> ':>'+ ' X' 'Z'      ([ (] (9> (:>(+ ( \( (^(      )_ )a )9> ):>)+ ) ` )b )c )d )   )  e )  f )  g )f )h *i *k *9> *:>*+ * j* *l*      +m +o +9> +:>++ + n+ +p+      ,q ,s ,9> ,:>,+ , r, ,t,      -u -w -9> -:>-+ - v- -x-      .y .{ .9> .:>.+ . z. .|.      /} / /9> /:>/+ / ~/ //      0 0 09> 0:>0+ 0  0 0 0   0   0   0   0 0 1 1 19> 1:>1+ 1  1 1 1 1   1   1   1   1 1 2 2 29> 2:>2+ 2  2 2 2   2   2   2   2 2 3 3 39> 3:>3+ 3  3 3 3   3   3   3   3 3 4 4 49> 4:>4+ 4 4 44      5 5 59> 5:>5+ 5 5 55      6 6 69> 6:>6+ 6 6 66      7 7 79> 7:>7+ 7 7 77      8 8 89> 8:>8+ 8  88      9 9 99> 9:>9+ 9  9 99      : : :9> ::>:+ : : : :   :   :   :   : : ; ; ;9> ;:>;+ ; ; ;;      < < <9> <:><+ < < <<      = = =9> =:>=+ = = ==      > > >9> >:>>+ > > >>      ? ? ?9> ?:>?+ ? ? ??      Dlr|||||||||||||||||r||||@@A@B@C@D@E@FF@G@H@I@J@K@LF@MF@NF@OF@PF@QF@RF@S@T@U@V@WF@XF@Y@Z@[@\@]@^@_@ @ @ @9> @:>@+ @  @ @@      A A A9> A:>A+ A  A A A   A   A   A   A A B B B9> B:>B+ B  B B B   B   B   B   B B C C C9> C:>C+ C C C C   C   C   C   C C D D D9> D:>D+ D D DD      E E E9> E:>E+ E  E  EE      F F F9> F:>F+ F F F F   F ,  F -  F   G  G  G9> G:>G+ G G G G      H H H9> H:>H+ H H HH      I I I9> I:>I+ I I II      J J J9> J:>J+ J J JJ      K K K9> K:>K+ K K KK      L L  L9> L:>L+ L  L! L   L , " L  # L  $ M% M' M9> M:>M+ M & M( M) M   M , * M  + M  , M+ M- N. N0 N9> N:>N+ N / N1 N2 N   N , 3 N  4 N  5 N4 N6 O7 O9 O9> O:>O+ O 8 O: O; O< O   O , = O  > O  ? O> O@ PA PC P9> P:>P+ P B PD PE P   P , F P  G P  H QI QK Q9> Q:>Q+ Q J QL QM Q   Q , N Q  O Q  P RQ RS R9> R:>R+ R R RT RU R   R , V R  W R  X SY S[ S9> S:>S+ S ZS S\S      T] T_ T9> T:>T+ T ^T T`T      Ua Uc U9> U:>U+ U bU UdU      Ve Vg V9> V:>V+ V fV VhV      Wi Wk W9> W:>W+ W j Wl Wm Wn W   W , o W  p W  q Wp Wr Xs Xu X9> X:>X+ X t Xv Xw Xx X   X , y X  z X  { Xz X| Y} Y Y9> Y:>Y+ Y ~ Y Y Y Y   Y   Y   Y   Y Y Z Z Z9> Z:>Z+ Z  Z Z Z   Z   Z   Z   Z Z [ [ [9> [:>[+ [  [ [ [   [   [   [   [ [ \ \ \9> \:>\+ \  \ \ \ \   \   \   \   \ \ ] ] ]9> ]:>]+ ]  ] ] ]   ]   ]   ]   ] ] ^ ^ ^9> ^:>^+ ^  ^ ^ ^ ^   ^   ^   ^   ^ ^ _ _ _9> _:>_+ _ _ __      Dl||||||||||`@a@b@c@d@e@f@g@h@i@j@k@l@m@n@o@p@q@r@s@t@u@v@w@x@y@z@{@|@}@~@@ ` ` `9> `:>`+ ` ` ``      a a a9> a:>a+ a  a a a   a   a   a   a a b b b9> b:>b+ b  b b b   b   b   b   b b c c c9> c:>c+ c c cc      d d d9> d:>d+ d d dd      e e e9> e:>e+ e e ee      f f f9> f:>f+ f f ff      g g g9> g:>g+ g  g g g   g   g   g   g g h h h9> h:>h+ h  h h h   h   h   h   h h i i i9> i:>i+ i  i i i   i   i   i   j j j9> j:>j+ j  j j j j   j   j   j   j j k k k9> k:>k+ k  k k k   k   k   k   k  k  l  l l9> l:>l+ l l ll      m m m9> m:>m+ m m mm      n n n9> n:>n+ n n n nn      o o o9> o:>o+ o o oo      p p  p9> p:>p+ p p p! p"p      q# q% q9> q:>q+ q $q q&q      r' r) r9> r:>r+ r (r r*r      s+ s- s9> s:>s+ s ,s s.s      t/ t1 t9> t:>t+ t 0t t2t      u3 u5 u9> u:>u+ u 4u u6u      v7 v9 v9> v:>v+ v 8v v: v;v      w< w> w9> w:>w+ w =w w?w      x@ xB x9> x:>x+ x Ax xC xDx      yE yG y9> y:>y+ y Fy yH yIy      zJ zL z9> z:>z+ z Kz zM zNz      {O {Q {9> {:>{+ { P{ {R{      |S |U |9> |:>|+ | T| |V |W|      }X }Z }9> }:>}+ } Y} }[}      ~\ ~^ ~9> ~:>~+ ~ ]~ ~_~      ` b 9> :>+  a c      D0l|||||||||||||||||@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ d f 9> :>+  e g h      i k 9> :>+  j l      m o 9> :>+  n p q      r t 9> :>+  s u      v x 9> :>+  w y      z | 9> :>+  { }      ~  9> :>+           9> :>+           9> :>+           9> :>+           9> :>+           9> :>+           9> :>+           9> :>+           9> :>+           9> :>+           9> :>+           9> :>+           9> :>+           9> :>+             9> :>+             9> :>+           9> :>+           9> :>+           9> :>+           9> :>+           9> :>+           9> :>+           9> :>+           9> :>+            e"  ;>+                  e"  <>+               Dl|||||||||||||||||||||||||@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@    e"  =>+                  e"  >>+                    e"  ?>+                  e"  @>+           !  " # $ % ' e"  A>+  & ( ) *    +  ,  - . / 0 2 e"  B>+  1 3 4 5    6  7  8 9 : ; = e"  C>+  < > ? @    A  B  C D E F H e"  D>+  G I J K    L  M  N O P Q S e"  E>+  R T U V    W  X  Y Z [ \ ^ e"  F>+  ] _ ` a    b  c  d e f g i e"  G>+  h j k l    m  n  o p q r t e"  H>+  s u v w    x  y  z { | }  e"  I>+  ~                e"  J>+                  e"  K>+                  e"  L>+                  e"  M>+                  e"  N>+                 e"  O>+                  e"  P>+                  e"  Q>+                  e"  R>+                  e"  S>+                   e"  T>+                  e"  U>+                      e"  V>+                  e"  W>+                 ! # e"  X>+  " $ % &    '  (  ) * + , . e"  Y>+  - / 0 1    2  3  4 5 7 e"  Z>+  6 8 9 :    ;  <  = > @ e"  O?+  ? A B C    D  E  F G H  I K e"  P?+  J L M    N  O  P Q R D$l   @@@@@@@@@@@@@@@@@@@@@@@ S U e"  >+  T V W    X  Y  Y Z [  \ ^ e"  Q?+  ] _ ` a    b  c  d e f  g i e"  R?+  h j k l    m  n  o p q  r t  [>+  s u v w    x  y  z { | }   [>+  ~                \> [>+                   [>+                   [>+                   [>+                   [>+                   [>+                  [>+                  ]>+                   ]>+                   [>+                   [>+                   [>+                     [>+                     [>+                   [>+                   [>+                  [>+                  [>+                   [>+                     ^>+                     _>  S?+                   e>  b>+   ! " #   $   % &   ' ) * +   ( + ,    -  .  /   0 2   c>+  1  3 4 5    6  7  8 9 : ; = _>  T?+  < > ? @    A  B  C D E F H e>  b>+  G I J K   L   M N   O Q * +   P R S    T  U  V  D!l@@@@@@@@@` @@@@@@@@@@@@@@@@@@@@@ W Y   f>+  X  Z [ \    ]  ^  _ ` a b d _>  U?+  c e f g    h  i  j k l m o e>  b>  n p q r  s  t u   v x *   w y z  { | }   ~  * [>+                  * [>+                  * [>+                   [>+                 j> [>+                    [>+                  k>  l>+                k>  V?+         Y  Y   k>  >+         Y  Y     k>  m>+                k>  n>+                 k>  W?+               k>  o>+               k>  p>+                k>  q>+               k>  >+                  k>  r>+                   k>  >+            k>  X?+             k>  s>+         !  "  # $ % & ( k>  >+  ' )       * , k>  >+  + -    .    / 1 k>  Y?+  0 2 3    4  5  6 7 9 k>  t>+  8    :   ; < = ? k>  u>+  > @    A    B D k>  v>+  C E F    G  H  I H J K M k>  w>+  L N       O Q k>  x>+  P R       D5l\|\r|\@@@@@@@@@ @ @ @ @ @@@@@@@@@@@@@@@@@@@ S U k>  y>+  T V     W   X   Y Z \ k>  z>+  [ ] ^      _   `   a b d k>  {>+  c e f      g   h   i j l k>  >+  k m      n   o   p o q r t k>  >+  s u v      w   x   y x z { } k>  |>+  | ~                  k>  Z?+                     k>  [?+                    k>  }>+                     \?  > +              \?  > +              \?  > +              \?  > +              \?  > +              \?  >+            \?  >+            \?  >+            \?  >+            \?  >+            \?  >+            \?  >+            \?  >+            \?  >+                \?  >+            \?  >+            \?  >+            \?  >+            \?  >+            \?  >+            \?  >+            \?  >+            \?  >+          D<1lffffff\ffffffrffffffff @!@" # $@%@&@'@(@)@*@+@,@-@.@/@0@1@2@3@4@5@6@7@8@9@:@;@<@=@>@?@   \?  > +               ! ! !\? ! >!+ ! ! !!      ! " " " " >"+ "  " " " "   "   "   "   " ""  # # # # ]?#+ # # # # #   #   #   #   # ##  $ $ $ $ ^?$+ $ $ $ $ $   $   $   $ $ $ %  %  %_? % `?%+ %  % %      % & & &_? & a?&+ &  &&      & ' ' '_? ' >'+ '  ''      ' ( ( ( (>(+ (  ( ( ( (   (   (   (   ( (( )  )" ) )>)+ ) !) )# )$ )   )  % )  & )  ') *( ** *> * >*+ * )* *+ *, *   * - *  . *  / *. *0* +1 +3 +> + >++ + 2+ +4 +5 +   +  6 +  7 +  8 +7 +9+ ,: ,< ,b? , >,+ , ;, ,= ,   ,  > ,   , -? -A - - >-+ - @ -B -C-      - .D .F . . >.+ . E .G .H .I .   .  J .  K .  L .K .M. /N /P / / >/+ / O /Q /R /   /  S /   / 0T 0V 0 0 >0+ 0 U 0W 0X 0   0  Y 0  Z0  0Z 0[0 1\ 1^ 1 1 >1+ 1 ]1 1_1      1 2` 2b 2 2 >2+ 2 a 2c 2d2      2 3e 3g 3 3 >3+ 3 f3 3h3      3 4i 4k 4> 4 >4+ 4 j4 4l4      4 5m 5o 5> 5 >5+ 5 n5 5p 5   5  q 5  r 5  s 5r 5t5 6u 6w 6 6 >6+ 6 v6 6x 6   6  y 6  z 6  { 6z 6|6 7} 7 7 7 >7+ 7 ~7 7 7   7   7   7   7 77 8 8 8 8 >8+ 8  8 8 8   8   8   8   8 88 9 9 9 9 >9+ 9  9 9 9   9  9 : : : : >:+ : : : : :   :   :   :   : :: ; ; ;> ; >;+ ;  ; ; ;   ;   ;   ;   ; ;; < < < < ><+ < < < <   <   <   <   < << = = => = >=+ = = = =   =   =   =   = == > > >> > >>+ > > >>      > ? ? ?> ? >?+ ? ? ??      ? Dt2l|f\\\|jfjffrf@@A@B@C@D@E@F@G@H@I@J@K@L@M@N@O@P@Q@R@S@T@U@V@W@X@Y@Z@[@\@]@^@_@ @ @ @ @ >@+ @ @ @ @   @   @   @   @ @@ A A A A >A+ A A AA      A AA B B B B >B+ B B B B   B   B   B   B BB C C C> C >C+ C C C  C   C   C   C CC D D D D >D+ D  D D  D   D   D E E E E c?E+ E  E E E E   E   E   E   E EE F F F F d?F+ F  FF      F G G G G e?G+ G  GG      G H H H f? H g?H+ H  HH      H HH I I I I h?I+ I  II      I J J J J i?J+ J  JJ      J K K K K j?K+ K  KK      K KK L L L L k?L+ L  L L      L M  M  M M[>M+ M M M  M M   M   M   M MM N N N> N[>N+ N  N N N N   N   N   N NN O O O> O[>O+ O  O O O  O   O  ! O   O" O#O P$ P& P P >P+ P % P' P( P) P   P  * P  + P  , P- P.P Q/ Q1 Q Q >Q+ Q 0Q Q2 Q3 Q   Q  4 Q  5 Q  6 Q5 Q7Q R8 R: R R >R+ R 9R R; R< R   R  = R  > R  ? R@ RAR SB SD S S >S+ S CS SE SF S   S  G S  H S  I SH SJS TK TM T> T >T+ T L TN TO TP T   T  Q T  R T  S TT TUT UV UX U U >U+ U W UY UZ U[ U   U  \ U  ] U  ^ U] U_U V` Vb V V >V+ V a Vc Vd Ve V   V  f V  g V  h Vg ViV Wj Wl W W >W+ W k Wm Wn Wo W   W  p W  q W  r Wq WsW Xt Xv X X >X+ X uX Xw Xx X   X  y X  q X  r Xz X{X Y| Y~ Y Y >Y+ Y } Y Y Y Y   Y   Y   Y   Y YY Z Z Z Z >Z+ Z  Z Z Z Z   Z   Z   Z   Z ZZ [ [ [ [ >[+ [  [ [ [ [   [   [   [   [ [[ \ \ \ \ >\+ \  \ \ \ \   \   \   \   \ \\ ] ] ]> ]>]+ ]  ] ] ] ]   ]   ]   ]   ] ]] ^ ^ ^> ^ >^+ ^  ^ ^ ^ ^   ^   ^   ^   ^ ^^ _ _ _ _ >_+ _  _ _ _ _   _   _   _ __ D,6lt\\x\\x\`@a@b@c@d@e@f@g@h@i@j@k@l@m@n@o@p@q@r@s@t@u@v@w@x@y@z@{@|@}@~@@ ` ` ` ` >`+ `  ` ` ` `   `   `   `   ` `` a a a a >a+ a  a a a a   a   a   a   a aa b b b b >b+ b b b b b   b   b   b   b bb c c c c >c+ c  c c c c   c   c   c   c cc d d d d >d+ d d d d d   d   d   d   d dd e e e e >e+ e e e e e   e   e   e   e ee f f f > f >f+ f  f f f f   f   f   f   f  f f g  g g> g >g+ g  g g g g   g   g   g  g h h h h >h+ h  h h h h   h   h   h   h h h i! i# i i >i+ i " i$ i% i& i   i  ' i  ( i  ) i( i*i j+ j- j j >j+ j , j. j/ j0 j   j  1 j  2 j  3 j2 j4j k5 k7 k> k >k+ k 6 k8 k9 k: k   k  ; k  < k  = k> k?k l@ lB l l >l+ l A lC lD lE l   l  F l  G l  H lG lIl mJ mL m m l?m+ m K mM mN mO m   m  P m  Q m  R mQ mSm nT nV n n m?n+ n U nW nX nY n   n  Z n  [ n  \ n[ n]n o^ o` o o n?o+ o _ oa ob oc o   o  d o  e o  f oe ogo ph pj p p o?p+ p i pk pl pm p   p  n p  o p  p pq prp qs qu q q p?q+ q tq qv qw q   q  x q  y q  z q{ q|q r} r r rq?r+ r ~r r r r   r   r   r rr s s s s r?s+ s  s s s s   s   s   s   s ss t t t t>t+ t t t t t   t   t   t tt u u u u s?u+ u  u u u u   u   u   u   u uu v v v v t?v+ v  v v v v   v   v   v   v vv w w w w >w+ w  w w w w   w   w   w   w ww x x x x u?x+ x  x x x x   x   x   x   x xx y y y y v?y+ y  y y y y   y   y   y   y yy z z z> z w?z+ z z z z z   z   z   z   z zz { { {x? { y?{+ { { { { {   {   {   {   { {{ | | |z? | {?|+ | | | | |   |   |   |   | || } } } } |?}+ }  } } } }   }   }   }   } }} ~ ~ ~ ~ }?~+ ~  ~ ~ ~ ~   ~   ~   ~   ~ ~~    [>+                    D$9ln @n @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@     ~?+                          ?+                      > >+              !  # > ?  " $    % & ' (  * ? ?+  ) +       ,  . >  ?+  - /       0 2   ?+  1 3       4 6   ?+  5 7       8  : ? ?+  9 ;       <  >  +   =       ?  A  +   @       B D  ?+  C E        F H   >+  G I       J L   >+  K M     N O  P R   >+  Q S     T U  V X   >+  W Y       Z \   >+  [ ]       ^ `   >+  _ a       b d   >+  c e       f h   ?+  g i      j k  l n   ?+  m o       p r   ?+  q s       t v   ?+  u w      x y  z |  >  { }     ~    ?+              ?  ?+                ?+                ?+               ?+                ?+              ?  ?+                 ?+           D/lxv\\\\\@@\^zz^^^^x\\xLjjjjjj@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@      ?+              ?  ?+               ?  ?+                 ?+                ?+                ?+               ?+                ?+               ?+             +             +             +             *+             +             e"           e"                                                       !      " # %  $    & '  )  (    * ,  +    - . 0 1 ?  /    2  3  4 3 5 6 8 1 "  7    9  :  ; : < = ? @  >    A  B  C D F @  E    G  H  I J L @  K    M  N  O P R k> >  Q    S T V k> >  U    W X Z k> >  Y    [ Db.ljjj\xxxtttttZZLL0h00"0ZZZLL@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ \ ^ k> >  ]    _ ` b k> >  a    c d f k> >  e    g h j k> >  i    k l n k> >  m    o p q r t k> >  s    u v x k> >  w    y z | k> >  {    } ~  k> >         k> >         k> >         k> >         k> >         k> >         k> >         k> >               k> >               k> >         k> 0?         k> >         k> >         k> >         k> >         k> >               k> >         k> >         k> >         k> >         k> >         k> >         k> >         k> >       D,lLLLLhLLLLLLLLLLLLLLLLLLLLLLL@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @   k> >         k> >         k> >         k> >         k> >         k> >         k> >         k> >           k> >             k> >         k> >         k> >         k> >        ! k> >      " # % k> >  $    & ' ) k> >  (    * + , - / k> >  .    0 1 2 3 5 k>  4    6 7 9  ?  8    :  ;  < ; = > @  ?  ?  A  B C D F  ?  E  G  H I J L  ?  K  M  N O P R  ?  Q  S  T V  ?  U  W  X Y Z \ ? ?  [  ^  _ ` a c  ?  b  d  e f g i   h  j  k l m o ? ?  n  p  q r s u  ?  t  v  w x y {  ?  z  |  } ~    ?           ?        D-lLLLLLLLLhLLLLLLhh>dddHdddVdddd@@@@@@@@@ @ @ @ @ @@@@@@@@@@    ?           ?           ?           ?           ?           ?           ?           ?           ?            ?             ?             ?             ?             ?             ?         ?         ?         ?          ?           ?         ?           ?                     N?          ?         ?          ?  ! "   # %  ? $ & '   (  *  ! ) + ,   -  /    ? . 0 1   2  4  " 3 5 6   7  9    ? 8 : ;  D.lddddddddhddhddHHHVdHdL:xxxxxtxt !"#$%&'()*+,-./0123456789:;@< @= @>@?@ <  >    ?  =  ? @    !A ! C! ! #! !B! !D !E!   "F " H "  " ?" "G" "I "J"   #K # M# # $# #L# #N #O#   $P $ R $  $ ?$ $Q$ $S $T$   %U % W% % %% %V% %X %Y%   &Z & \ &  & ?& &[& &] &^&   '_ ' a '  ' ?' '`' 'b 'c'   (d ( f( ( &( (e( (g (h(   )i ) k )  ) ?) )j) )l )m)   *n * p *  * ?* *o* *q *r*   +s + u +  + ?+ +t+ +v +w+   ,x , z, , ', ,y, ,{ ,|,   -} - - - ?- -~- - --   . .  .  . ?. .. . ..   / /  /  / ?/ // / //   0 0  0  0 ?0 00 0 00   1 1 1 1 ?1 11 1 11   2 2  2  2 ?2 22 2 22   3 3  3  3 ?3 33 3 33   4 4 4 4?4 44 4 44   5 5 5 5?5 55 5 55   6 6 6 6?6 6 66 6 66   7 7 7 7 ?7 77 7 77   8 8 8 8 ?8 88 8 88   9 9 9 9 ?9 99 9 99   : : : : ?: :: : ::   ; ;.  ;1 ; ; ;  ;  ; ; < < < <?< <  < < = = = =?= =  = = >1 > 1 > ? > ? > q* >  > ?1 ? 1 ? ? ? ? ? , ?  ? Dj0lxtxtxtxxtxxxttxxxtxxxxttttVHH>@@A@B@C@D@E@F@G@H@I@J@K@L@MNOPQRSTU VWXY @1 @ I- @ ? @ ? @ H- @  @ A1 A 1 A ? A ? A , A  A B1 B 1 B ? B ? B - B  B C1 C # C ? C ? C ! C  C D1 D 1 D ? D ? D t* D  D E1 E 1 E ? E ? E M- E  E F2 F 1 F ? F ? F 1 F  F G2 G 1 G ? G ? G 1 G  G H2 H 1 H ? H ? H w* H  H I2 I 2 I ? I ? I , I  I J2 J 2 J ? J ?J J  J K2 K 2 K ? K ? K , K  K L 2 L 2 L ? L ? L , L  L M y~ M ( M ]= M z~M M  M } M {~M N |~ N N ]= N }~N N  N } N ~~N O ~ O O ]= O ~O O  O } O ~O P ~ P P ]= P ~P P  P ~ P ~P Q ) Q * Q + Q , Q - Q .Q R / R 0 R 1 R 2 R - R .R S 3 S 4 S 5 S 6 S - S .S T 7 T 8 T 9 T : T - T .T U ; U < U = U > U - U .U V ? V @ V A V B V - V .V W C W D W E W F W - W .W X G X H X I X J X - X .X Y K Y L Y Y M Y N Y OY 8">>>>>>>>>>:>>VVVV>>>>>>>>>@d  A FF yK yK Lftp://ftp.exepermissions/yX;H,]ą'cggD g2ɀ 8,Q(N ?  _( ! # ! e" ! F  # "  ( ' $ F % !_( !! . !! e" !! F! !# - ! ( ! (! ! $ F ! % F "_ ( "! 7 "! e" "! F" "# 6 " ( " (" " $ F " % F #_( #! @ #! e" #! F# ## ? #( #( #( # $ F # % F $_( $! K $! e" $! F$ $# J $( $($ $ $ F $ % F %_( %! U %! e" %! F% %# T% %(% % $ F% % &_( &! ^ &! e" &! F& &# ] &( &( &( & $ F & % F '_( '! i '! e" '! F' '# h '( '( '( ' $ F' % (_( (! t (!  (! F( (# s ( ( (!( ("( ( $ F( % )_#( )!  )!  )! F) )# ~ )$( )%( )&( ) $ F) % *_'( *!  *! \> *! F* *#  *(( *)( **( * $ F* % +_+( +!  +!  +! F+ +#  +,( +-(+ + $ F + % F ,_.( ,!  ,!  ,! F, ,#  ,,( ,-(, , $ F , % F -_/( -!  -!  -! F- -#  -0( -1(- - $ F - % F ._2( .!  .!  .! F. .#  .0( .1(. . $ F . % F /_3( /!  /!  /! F/ /#  /4( /5( /6( / $ F / % F 0_7( 0!  0!  0! [>0 0#  04( 05( 06( 0 $ % 1_8( 1!  1!  1! F1 1#  19( 1:( 1;( 1 $ F 1 % F 2_<( 2!  2!  2! F2 2#  29( 2:( 2;( 2 $ F 2 % F 3_=( 3!  3!  3! F3 3#  3>( 3?(3 3 $ F 3 % F 4_@( 4!  4!  4! F4 4#  4>( 4?(4 4 $ F 4 % F 5_A( 5!  5!  5! F5 5#  5B( 5C( 5D( 5 $ F 5 % F 6_E( 6!  6!  6! [>6 6#  6B( 6C( 6D( 6 $ % 7_F( 7!  7!  7! F7 7#  7G( 7H( 7I( 7 $ F 7 % F 8_J( 8!  8!  8! F8 8#  8G( 8H( 8I( 8 $ F 8 % F 9_K( 9!  9!  9! F9 9#  9 9L( 9 $ F 9 % F :_M( :!  :!  :! F: :#  : :L( : $ F : % F ;_N( ;!  ;!  ;! F; ;#  ;O( ;P( ;Q( ; $ F ; % F <_R( <!  <!  <! F< <#  <O( <P( <Q( < $ F < % F =_S( =!  =!  =! [>= =# =T(=$ % >_U( >!  >!  >! F> ># > >V(> > $ G > % G ?_W( ?!  ?! _> ?! G? ?#  ?X( ?Y( ?Z( ? $ G ? % GDlp@ PA B C PD PE F G PH PI J K L M N O P Q R S T U V W X Y Z [ \ ] ^ _  @_[( @! ) @! * @!  @# ( @\( @]( @^( @ $ G @ % G A__( A! 2 A!  A! GA A# 1A A`( Aa( A $ G A % G B_b( B! = B! _> B! GB B# < Bc(B Bd( B $ GB % C_e( C! H C! e> C! GC C# G C Cf( C $ % D_g( D! Q D! * D!  D# P Dh( Di(D D $ G D % G E_j( E! Y E!  E! GE E# XE Ek( El( E $ GE % F_m( F! d F! _> F! GF F# c Fn( Fo( Fp( F $ % G_q( G! o G! e> G! GG G# n G Gf( G $ % H_r( H! x H! * H!  H# w Hs( H H $ G H % G I_t( I!  I! * I! [>I I#  Iu( Iv( Iw( I $ GI % J_x( J!  J! * J! [>J J#  Jy( Jz( J{( J $ GJ % K_|( K!  K! * K! [>K K#  K}( K~( K( K $ GK % L_( L!  L!  L! [>L L#  L( L( L( L $ GL % M_( M!  M! j> M! [>M M#  M( M( M( M $ GM % N_( N!  N!  N! [>N N#  N( N( N( N $ GN % O_( O!  O! k> O! GO O#  O( O( O$ % P_( P!  P! k> P! GP P#  P 2P P( P $ % Q_( Q!  Q! k> Q! GQ Q#  Q(Q Q( Q $ % R_( R!  R! k> R! GR R#  R( R( R$ % S_( S!  S! k> S! GS S#  S( S( S$ % T_( T!  T! k> T! GT T#  T( T( T( T $ % U_( U!  U! k> U! GU U#  U( U( U$ % V_( V!  V! k> V! GV V#  V( V( V$ % W_( W!  W! k> W! !GW W#  W( W( W( W $ % X_( X!  X! k> X! "GX X#  X(X X( X $ % Y_( Y!  Y! k> Y! #GY Y#  Y( Y( Y( Y $ % Z_( Z! ( Z! k> Z! "GZ Z# ' Z Z( Z $ % [_( [! , [! k> [! "G[ [# + [( [( [( [ $ % \_( \! 1 \! k> \! $G\ \# 0 \( \( \( \ $ % ]_( ]! 9 ]! k> ]! %G] ]# 8 ] ]( ] $ % ^_( ^! ? ^! k> ^! &G^ ^# > ^( ^( ^( ^ $ % __( _! D _! k> _! 'G_ _# C _(_ _( _ $ % DHlzz~|||||zz` a b c d e f g h i j k l m n o p q r s t u v w x y z { | } ~   `_( `! M `! k> `! (G` `# L ` `( ` $ % a_( a! Q a! k> a! )Ga a# P a(a a( a $ % b_( b! U b! k> b! *Gb b# T b( b( b$ % c_( c! \ c! k> c! +Gc c# [ c( c( c( c $ % d_( d! d d! k> d! ,Gd d# c d( d( d$ % e_( e! l e! k> e! "Ge e# k e e( e $ % f_( f! t f! k> f! -Gf f# s f(f f( f $ % g_( g! } g! k> g! .Gg g# | g( g( g$ % h_( h!  h! k> h! /Gh h#  h( h( h( h $ % i_( i!  i! k> i! 0Gi i#  i(i$ % j_( j!  j! k> j! 1Gj j#  j( j( j$ % k_( k& 2k! ! # $ % l_( l!  l! k> l! Gl l# ! l(l l( l $ % m_( m! ( m! k> m! "Gm m# ! m m( m $ % n_( n!  n! 2G n! 3Gn n#  n( n( n$ % o_( o!  o! 2G o! 3Go o#  o(o$ % p_( p!  p! 2G p! 3Gp p# p p( p$ % q_( q!  q! 2G q! 3Gq q# q q( q$ % r_( r!  r! 2G r! 3Gr r# r r( r$ % s_( s!  s! 2G s! 3Gs s# s s( s$ % t_( t!  t! 2G t! 3Gt t# t t( t$ % u_( u!  u! 2G u! 3Gu u# u u( u$ % v_( v!  v! 2G v! 3Gv v# v v( v$ % w_( w!  w! 2G w! 3Gw w# w w( w$ % x_( x! , x! k> x! "Gx x# (x x( x( x $ % y_( y!  y! 2G y! 3Gy y# y y( y$ % z_( z!  z! 2G z! 3Gz z# z z( z$ % {_( {!  {! 2G {! 3G{ {# { {( {$ % |_( |!  |! 2G |! 3G| |# | |( |$ % }_( }!  }! 2G }! 3G} }# } }( }$ % ~_( ~!  ~! 2G ~! 3G~ ~# ~ ~( ~$ % _( !  ! 2G ! 3G #  ( $ % Dlz||z|p|8z|pxxxxxxxxxxxxxx  ` `                              _( !  ! 2G ! 3G #  ( $ % _( !  !  ! 4G #  ( ( ) $ 5G % 6G _) !  !  ! 7G #  )  $ 8G % 9G _) !  !  ! :G #  ) ) ) $ ;G %  #   a( $ % _) !  !  ! >G #    ) $ ?G % _ ) ! * ! > ! @G # )  )  )  ) $ AG % BG _) ! 3 ! > ! CG # 2 ) ) ) $ DG % EG _) ! F !  ! > # E  ) $ FG % GG _) ! V !  ! > # U  ) $ HG % IG _) ! o ! > ! > # n  ) $ JG % KG _) ! w !  ! > # v ) ) $ % _) !  !  ! > # ~ ) $ LG % MG _) !  !  ! NG #  ) ) $ OG % PG _ ) !  !  ! > #  !) ") #) $ QG % RG _$) !  ! > ! > #  %) &) ') $ SG % TG _() !  !  ! > #  )) *) +) $ UG % VG _,) !  !  ! > #  -) .) $ % _/) !  !  ! > #  0) 1) $ WG % XG _2) !  !  ! > #   3) $ YG % ZG _4) ! # !  ! [G # ! 5) 6) 7) $ % _8) ! - !  ! \G # ! 9) :) ;) $ % _<) !  !  ! c? #  =) >) ?) $ ]G % ^G _@) !  !  ! d? #   A) $ % _B) !  !  ! h? #   C) $ % _D) !  !  ! j? #   E) $ % _F) !  !  ! k? #   G) $ % _H) !  !  ! _G #  I) J) K) $ `G % aG _L) !  ! > ! [> #   M) $ bG % _N) !  ! > ! [> #   O) $ bG % _P) ! & !  ! cG # % Q)  R) $ dG % eG _S) ! 1 !  ! fG # 0 T) U) V) $ gG % hGDlxz|zzzz                                 _W) ! : !  ! iG # 9 X) Y) $ jG % kG _Z) ! D !  ! lG # C [) \) $ mG % nG _]) ! M ! > ! oG # L ^) _) `) $ pG % qG _a) ! X !  ! rG # W b) c) d) $ sG % tG _e) ! b !  ! uG # a f) g) h) $ vG % wG _i) ! l !  ! xG # k j) k) l) $ yG % zG _m) ! v !  ! {G # u n) $ |G % }G _o) ! ~ !  ! ~G # } p) q) r) $ G % G _s) !  !  ! G #  t) u) v) $ G % G _w) ! G !  ! G #  x) y) z) $ G % G _{) !  !  ! G #  |) }) ~) $ G % G _) !  ! > ! G #  ) ) $ G % G _) !  ! > ! G #  ) ) ) $ G % G _) !  !  ! G #  ) ) ) $ G % G _) !  !  ! G #  T( ) $ G % G _) !  !  ! G #  ) ) ) $ G % G _) !  !  ! G #  ) ) $ G % G _) !  !  ! G #  ) ) $ G % G _) !  !  ! G #  ) ) $ G % G _) !  ! > ! G #  ) ) ) $ G % G _) !  ! > ! G #  ) ) ) $ G % G _) !  !  ! G #  ) ) ) $ G % G _) ! # !  ! G # " ) 6) 7) $ G % G _) ! - !  ! G # , ) :) ) $ G % G _) ! 7 ! > ! G # 6 ) ) ) $ G % G _) ! L !  ! G # K ) ) ) $ G % G _) ! V !  ! G # U ) ) ) $ G % G _) ! ` !  ! G # _ ) ) ) $ G % G _) ! j !  ! G # i ) ) ) $ G % _) ! u !  ! G # t ) ) ) $ G % G _) !  !  ! G # ~ ) ) ) $ G % G _) !  !  ! G #  ) ) ) $ G % GDl                                 _) !  !  ! G #  ) ) ) $ G % G _) !  !  ! G #  ) ) ) $ G % G _) !  !  ! G #  ) ) ) $ G % _) !  !  ! G #  ) ) ) $ G % _) !  !  ! G #  ) ) ) $ G % G _) !  !  ! G #  ) ) ) $ G % G _) !  ! > ! G #  ) ) ) $ G % G _) !  ! x? ! G #  ) ) ) $ G % G _) !  ! z? ! G #  ) ) ) $ G % G _) !  !  ! G #  ) ) ) $ G % G _) !  !  ! G #  ) ) ) $ G % G _) !  !  ! G #  ) ) ) $ G % G _) !  !  ! G #  ) ) ) $ G % G _) !  !  ! G #  ) ) * $ G % G _* * !  ! > # !  * $ % _* ! * ! > ! > # "  * $ % _* _* ! !  # $ % _ * ! * !  ! > # !   * $ % _ * ! * ! > ! ? # -  * $ % _* ! * !  ! ? # 1  * $ % _* ! * !  ! ? # 5   * $ % _* _* ! !  # 9$ % _* _* ! !  # =$ % _* _* ! !  # @$ % _* _* ! !  # C$ % _* !  !  ! j@ # *  * $ % _* _* ! !  # *$ % _ * ! H !  ! > # G  !* $ % _"* ! R !  ! > # Q  #* $ % _$* ! " !  ! > # "  %* $ % _&* ! X !  ! > # W  '* $ % _(* ! \ !  ! > # [  )* $ % D8lzzNzzzzNNNNzNzzzz                                 _** ! ` !  ! > # _  +* $ % _,* ! d !  ! > # c  -* $ % _.* ! h !  ! ? # g  /* $ % _0* ! n !  ! ? # m  1* $ % _2* ! " !  ! G # "  3* $ % _4* ! r !  ! ? # q 5* ( 6* $ % _7* ! v !  ! ? # u  8* $ % _9* ! " !  ! > # "  :* $ % _;* ! | !  ! > # {  <* $ % _=* !  !  ! ? #   >* $ % _?* !  ! ? ! ? #   @* $ % _A* !  !  ! ? #   B* $ % _C* !  !  ! ? #   D* $ % _E* !  !  ! ? #   F* $ % _G* !  !  ! ? #   H* $ % _I* !  ! ? ! G #  J* K* $ G % _L* !  !  ! ? #   M* $ % _N* !  !  ! ? #   O* $ % _P* !  ! ? ! ? #   Q* $ % _R* !  ! ? ! ? #   S* $ % _T* !  !  ! ? #   U* $ % _V* !  !  ! ? #   W* $ % _X* !  !  ! ? #   Y* $ % _Z* !  !  ! ? #   [* $ % _\* !  !  ! ? #   ]* $ % _^* !  !  ! G #  _* `* $ G % _a* !  !  !  #   b* $ % _c* !  !  !  #   d* $ % _e* !  !  !  #   f* $ % _g* !  !  !  #   h* $ % _i* " ;# " ? " G # j* G$ % _k* ! G !  ! G # l* m*$ % Dlzzzzzzzzzzzzzzzzzzzzzzzppppp                                      _n* ! G !  ! G # o* m*$ % _p* ! G !  ! G # q* m*$ % _s* ! G !  ! G # t* m*$ % _v* ! 1 !  ! G # w* m*$ % _y* ! H !  ! H # z*  {*  $ % _|* ! " ! > ! ~* ' }* * $ % ( * ) )  ) " *  *  $ % ( * ) )  ) " *  *  $ % ( * )  )  )   *   *  $ % ( * A* )  ) H  * )  *  $ % ( * A8 )  ) >  * 7  *  $ % ( * A? ) > ) H  * >  *  $ % ( * A[ )  ) >  * Z  *  $ % ( * ! ,! !  ! H '  *   $ H  % H ( 1  ! 1   '  * *  $ H  % H ( 1 A" A? Ak@ !   $ H % ( 1 A A1 Al@    $ H % ( 1 A  A1 Am@  $ % ( 1 A A1 An@ $ % ( 1 AB A? Ao@ A   $ H  % H ( 1 A A1 Ap@    $ H % ( 1 A A? AH    $ H  % H ( 1 A Aq@ Ar@ $ % ( 1 A A? AH    $ H  % G ( 1 A1 A? As@ O   $ H  % H ( 1 A A? At@ $ % ( 1 A A? Au@    $ H  % H ( 1 A9 A? Av@ 8   $ H  % H ( 1 A1 Aw@ Ax@ /   $ H  % H ( 1 A1 Aw@ Ay@ 7   $ H  % H ( 1 A1 Az@ A{@    $ H  % VG ( 1 A. Ax? A|@ .   $ H % DZlppppzxzzzzzzz~xxdd|x|d||d|||||  ! " # $ % & ' ( ) * +  ( 1 A1 A? A}@      $ H  % H !( 1 !A1 !A? !A~@! !)!$ % "( 1 "A1 "A1 "A@" "E"$ % #( 1 #A1 #A? #A@# #?#$ % $( 1 $A1 $A? $A@$ $$ $ $ $ !H $ % "H %( 1 %A1 %A? %A@% %+ % % $ #H% % &_$H &! %H &)  &! &H &'  &'H & & $ (H & % )H '_*H '"  '! +H '! ,H''  ' $ -H ' % .H (_/H (! 0H (! 1H (! 2H('  ( $ 3H( % )_4H )! 5H )!  )! 6H)'  ) $ 7H ) % 8H *_9H *! :H *!  *! ;H*'  * $ 7H * % 8H +_H +! ?H+'  + $ @H+ %  |ddd|x~hdhh>@dA ggD g2ɀ PNOOj%O4ODOUOfOvOO|OOOOOOO  dMbP?_*+%&ffffff?'ffffff?(?)?M\\MBPS1\1S412-OC9284-5337-46DF  od XX0CourierArial 0X o   COPIES@PJL JOB NAME="!JOBNAME" @PJL SET GUISTARTJOB=1 @PJL EOJ  E222XXXXXXXXXXXXXXXC,EXXxxxxb 222XXXX,TOSHIBA eS282/283Series PSL3Mckinley1M24402XXXE0?ʡE??ʡE? 2222                                                   X1118050,E211111111111111111111111C,1003,E211,2124,E1,111302({111111C E222XXXXXXXXXXXXXXXXXXXXXC,D222,X,E2XXXXX2,D1,E011111111111121111111111C EXXX222222222222222222222C,E22X,X,EX2XXXXX,X0,SP:Drawer1Pap"dXX333333?333333?&<3U} } } } 2}  }  } " }  " }  } $   @                              2 * * *  *  *  *  ~  ~ * t  [> s  *  *  *  * *   [> ~  *  *    * *  \> [>   *  *    * *   [>   *  *  *  * *   [>   *  *  *  * *   [>   *  *  *  * *   [>   *  *  * * *   [>   *  *  * * *   [>   *  *  * * *   ]>   *  *  * * *   ]>   *  *  * * *   [>   *  *  *  * *   [>   *  *  *  * *   [>   *  *  *  * *   [>   *  *  *  * *   [>   *  *  *  * *   [>   *  *  *  * *   [>   *  *  *  * *   [>   *  *  *  * *   [>   *  *  *  * *   [>   *  *  *  * *    ^>    *  * *  _> @   *  *    * *   a>  @   *  * * 2  c> 1  *  * * = _> @ <  *  *  D  * * H a>  @ G  *  * * Y  f> X  *  * * t' _> @ c  *  *  k  *D2l~~~~~~~~~~~~~~~~~~~~~b~bb~bb ! " # $ % & ' ( ) * + , - . / 0 1 2 3 4 5 6 7 8 9 : ; < = > ?  * o e>  @ n  *  * !* ! !* ![> ! ! * ! * ! * ! * "* " "* "[> " " * " + " + " + #+ # #* #[> # # + # + # + # + $+ $ $ $[> $ $ + $ + $  $ + % + % %j> %[> % % + % + % + % + &+ & & &[> & & + & + & + & + '+ '  '^I 'r> '  '  ' + ' + ' + (+ ( (^I (s> ( ( + ( + ( + ( + )+ ) ) )> ) ) + ) + ) + ) !+ *"+ * * *]? * * #+ * $+ * #+ * %+ +&+ + + +^? + + '+ +  + (+ ,)+ , , ,> , , *+ , ++ , *+ , ,+ --+ -" - -> -! - .+ - /+ .0+ .* .> .> .) . 1+ . 2+ . 1+ . 3+ /4+ /3 /> /> /2 / 5+ / 6+ / 5+ / 7+ 08+ 0F 0 0> 0E 0 9+ 0 :+ 0 9+ 0 ;+ 1<+ 1V 1 1> 1U 1 =+ 1 >+ 1 ?+ 1 @+ 2A+ 2o 2> 2> 2n 2 B+ 2 C+ 2 B+ 2 D+ 3E+ 3w 3' 3> 3v 3 F+ 3 G+ 3 F+ 3 H+ 4I+ 4 4 4> 4~ 4 J+ 4 K+ 4 J+ 4 L+ 5M+ 5 5 5> 5 5 N+ 5 O+ 5 N+ 5 P+ 6Q+ 6 6> 6> 6 6 R+ 6 S+ 6 R+ 6 T+ 7U+ 7 7 7> 7 7 V+ 7 W+ 7 V+ 7 X+ 8Y+ 8 8> 8> 8 8 Z+ 8 [+ 8 Z+ 8 \+ 9]+ 9 9 9> 9 9 ^+ 9 _+ 9 ^+ 9 `+ :a+ : : :> : : b+ : c+ : b+ : d+ ;e+ ; ;> ;> ; ; f+ ; g+ ; f+ ; h+ <i+ < < <c? < < j+ < k+ < j+ < l+ =m+ = => =[> = = n+ = o+ = n+ = p+ >q+ > >> >[> > > r+ > s+ > r+ > t+ ?u+ ?& ? ?> ?% ? v+ ? w+ ? v+ ? x+Dlb~~~~~~~~~~p~b~~~~~~~~~~~~~~~~~@ A B C D E F G H I J K L M N O P Q R S T U V W X Y Z [ \ ] ^ _  @y+ @1 @ @> @0 @ z+ @ {+ @ z+ @ |+ A}+ A: A A@ A9 A ~+ A + A ~+ A + B+ BD B B> BC B + B + B + B + C+ CX C C> CW C + C + C + C + D+ Dv D D> Du D + D + D + D + E+ E~ E E> E} E + E + E + E + F+ F F F> F F + F + F + F + G+ G G G@ G G + G + G + G + H+ H H> H@ H H + H + H + H + I+ I I I> I I + I + I + I + J+ J J J@ J J + J + J + J + K+ K K K@ K K + K + K + K + L+ L L L> L L + L + L + L + M+ M M M> M M + M + M + M + N+ N N> N> N N + N + N + N + O+ O O> O> O O + O + O + O + P+ P P P> P P + P + P + P + Q+ Q# Q Q> Q" Q + Q + Q + Q + R+ R- R R> R, R + R + R + R + S+ S7 S> S> S6 S + S + S + S + T+ TB T T> TA T + T + T + T + U+ Uj U Uo? Ui U + U + U + U + V+ Vu V Vp? Vt V + V + V + V + W+ W W Ws? W W + W + W + W + X+ X X Xt? X X + X + X + X + Y+ Y Y Y> Y Y + Y + Y + Y + Z+ Z Z Zu? Z Z + Z + Z + Z + [+ [ [ [v? [ [ + [ + [ + [ + \+ \ \> \w? \ \ + \ + \ + \ + ]+ ] ]x? ]y? ] ] + ] + ] + ] + ^+ ^ ^z? ^{? ^ ^ + ^ + ^ + _+ _ _ _|? _ _ + _ + _ + _ +D2l~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~p` a b c d e f g h i j k l m n o p q r s t u v w x y z { | } ~   `+ ` ` `}? ` ` + ` + ` + ` + a+ a a a[> a a , a , a , a , b, b# b> b@ b" b , b , c, c c c? c c , c , c , c , d , d d d? d d , d , d  d , e, e e e? e e , e , e  e , f, fr* fq* f , f , g, g, g, g , g , h, h, h, h , h , i, iu* it* i , i !, j", jx* jw* j #, j $, k%, k  k  k  k  k &, l', l l l  l  l (, m), m m n*, n n n n n +, n ,, o-, o! o  o ., o /, o ., o 0, p1, p0 p1 p? p/ p 2, p 3, p 2, p 4, q5, q8 q6, q" q7 q 7, q 8, q 7, q 9, r:, r9 r r? r8 r ;, r <, r ;, r =, s>, s@ s s? s? s ?, s @, s B s A, tB, tF t t? tE t H t C, t D, t E, uF, uL u u? uK u G, u H, u I, u J, vK, vR v v? vQ v L, v M, wN, wV w w? wU w O, w P, xQ, x\ x] x? x[ x R, x S, yT, yc y y? yb y U, y V, zW, zo z] z? zn z X, z Y, {Z, {u { {? {t { [, { \, |], |{ | |? |z | ^, | _, }`, } } } ? } } a, } b, ~c, ~ ~ ~ ? ~ ~ d, ~ e, f,    ?   g,  h,Dl~~b~~~FFFFFTT*bb~~~~~~bbbbbbbbb                                 i,    ?  j, k, l,   ?   m,  n, o, p, q,   ?   r,  s, t,   ?   u,  v, w,   ?   x,  y, z,   ?   {,  |, },   ?   ~,  , ,   ?   ,  , ,   ?   ,  , ,   ?   ,  , ,   ?   ,  , ,   ?   ,  , ,   ?   ,  , ,   ?   ,  , ,   ?   ,  , , ,  @ ,  ,  , , , , , @ ,  ,  , , , , ,  @ ,  ,  , , , , ,  @ )  ,  , , , @ ,  ,  , , , , , @ ,  ,  , , , , , @ ,  ,  , , , , , @  @ ,  ,  , , , , ,   @ ,  ,  , , , , ,  @ ,  ,  , , , , ,  @ ,  ,  , , , , , @ ,  ,  , , , , , @ ,  ,  , , , , ,  @ ,  ,  , , , , , @  @ ,  ,  , , , , -   @ ,  -  - - - - -  @ -  -  - - -Dlb~bbbbbbbbbbbbbpppTppp~~ppppp~~                                  - -  @  -  -  - - - - - @ -  -  - -  ? ~    -  - - - *  @ )  -  - - C ? B  D  -  D !- "- f ? e  g  #-  g $- %- W ? V  X  &-  X '- (- M ? L  N  )-  N *- +- 4 ? 3  5  ,-  -- .- /- z ? y  {  0-  { 1- 2- 4- @ 3-  5-  6-  7- 8- 9- ;- @ :-  <-  =- >- @- @ ?-  A-  B- C-  ?   D-  E-  D- F- G- I- @ H-  J-  K- L- N- @ M-  O- P- Q- ?   R-  S-   T- U- V- ?   W-  X-   Y- Z- [- ?   \-  ]-   ^- _- `- ?   a-  b-   c- d- f- @ e-  g- h- j- @ i-  k-  l-  k- m- n- p-  AH o-  q-  r- s- u-  BH t-  v-  w- x-   ?   y-  z-   {- |- ~-  CH }-  -  -  - - - -  DH -  -  -  - - - -  @ -  -  -  - - - -  EH -  -  -  - - - -  FH -  -  - - /  ? .  0  -  - - - 9  ? 8  :  -  - -DlpTpTpppppppTTpTFppppFpbb~~~~~b~                                 - -  GH -  -  -  - - - -  HH -  -  - - -  IH -  -  - - >  ? =  ?  -  - - - H  ? G  I  -  I - - R  ? Q  S  -  S - - \  ? [  ]  -  ] - - a  ? `  b  -  b - - k  ? j  l  -  l - - p  ? o  q  -  q - - u  ? t  -  -  - - -   ?     -   - - -  JH -  -  -  - - - -  @ -  -  -  - - - -  @ -  -  -  - - - -  @ -  -  - - -  @ -  -  - - -  @ -  -  - - -  @ -  -  -  - - -   @     -   - - .  @ -  .  . . .  @ .  .  .  . .  .   @     .  . . . .  @ .  .  .  . . . .  @ .  .  .  . . . .  @ .  .  . . !.  @  .  ".  #. $. &.  @ %.  '.  (. ). +.  @ *.  ,.  -.  .. /. 0.   @   1.  2.   3. 4.   @   5.  6.   7. 8. :.  @ 9.  ;.  <.  =. >.DDl~bb~~~~~~~~~~~~bbb~~b~~~~bbb~~~                                 ?. A.  @ @.  B.  C.  D. E. F. H.  @ G.  I.  J.  K. L. M. O.  @ N.  P.  Q.  R. S. T. V.  @ U.  W.  X.  Y. Z. [. ].  @ \.  ^.  _. `. b.  @ a.  c.  d.  e. f. g. i.  @ h.  j.  k.  l. m. n. p.  @ o.  q.  r.  s. t. u. w.  @ v.  x.  y.  z. y. {. }.  @ |.  ~.  .  ~. . . .  @ .  .  . . . . .  @ .  .  . . . .     . . .      . .      . .  *    . .      . .   >   . . .   >   . . . . x? @ .  . . . M > > L  . . .   r?   . . .   ~?   . . .   ?   . . . b  > a  . . . l  > k  . . .   >   . . .   @   . . . L  l? K  . . . `  n? _  . . .   >   . . . P'  @ .  . .Dl~~~~b~~~~~~~TTTTTbbbbbbbbbbbbbb                                      . . @ @ .  .  . . . @ @ .  .  . . \'  @ .  .  . . _'  @ .  .  . . b'  @ .  .  . . e'  @ .  .  . . h'  @ .  .  . . k'  @ .  .  . .  e" <>   .  . .  e" =>   .  . . i e" G> h  .  . .  e" M>   .  . . @ e" O? ?  .  . .  e" >>   .  . .  e" ?>   .  . .  e" @>   .  . . / @ @ /  /  / / ' e" A> &  /  / / 2 e" B> 1  /  /  /  e"   /  /  / = e" C> <  /  / / H e" D> G  /  / /  e" ;>   /  / / K e" P? J  /  / / U e" > T  Z  / / # e" X> "  /  / / ^ e" Q? ]  /  / !/ S e" E> R  "/  #/ $/ ^ e" F> ]  %/  &/ '/  e"   (/  )/ */ ,/ @ @ +/  -/  ./ // t e" H> s  0/  1/DlbbbbbbbbbbbbbbbbbbbTbbbbbbbbbTb  ! " # $ % & ' ( ) * + , - . / 0 1 2 3 4 5 6 7 8 9 : ; < = > ?  2/  e" I> ~  3/  4/ !5/ ! !e" !J> ! ! 6/ ! 7/ "8/ " "e" "K> " " 9/ " :/ #;/ # #e" #L> # # / $ $e" $N> $ $ ?/ $ @/ %A/ %C/ %@ %@ %B/ % D/ % E/ &F/ & &e" &O> & & G/ & H/ 'I/ 'i 'e" 'R? 'h ' J/ ' K/ (L/ ( (e" (P> ( ( M/ ( N/ )O/ ) )e" )Q> ) ) P/ ) Q/ *R/ * *e" *R> * * S/ * T/ +U/ + +e" +S> + + V/ + W/ ,X/ , ,e" ,T> , , Y/ , Z/ -[/ - -e" -U> - - \/ - ]/ .^/ . .e" .W> . . _/ . `/ /a/ /  /e" /V> /  / b/ / c/ 0d/ 0f/ 0@ 0@ 0e/ 0 g/ 0 h/ 1i/ 1 1 1 @ 1 1 j/ 1 k/ 2l/ 2n/ 2 2@ 2m/ 2 o/ 2 p/ 3q/ 3 3 3j? 3 3  3 r/ 4s/ 4 4 4? 4 4  4 t/ 5u/ 59 5^I 5t> 58 5 ; 5 v/ 6w/ 6y/ 6 6@ 6x/ 6 z/ 6 {/ 7|/ 7% 7 7? 7$ 7 & 7 }/ 8~/ 8 8 8? 8 8  8 / 9/ 9 9f? 9g? 9 9  9 / :/ :/ : :@ :/ : / : / ;/ ;/ ; ;/ ;/ ; / ; / </ <I- <@ <H- < J- < / =/ = =? =? = = / = / >/ > >? >@ > > / > / ?/ ? ?? ?? ? ? / ? /DlbbbbbbbbbbbbbbbbbbbbbbbbbbbbTbb@ A B C D E F G H I J K L M N O P Q R S T U V W X Y Z [ \ ] ^ _  @/ @/ @@ @@ @/ @ / @ / A/ A/ A A@ A/ A / A / B/ B/ B B@ B/ B / B / C/ C  C C? C C ! C / D/ D/ D D@ D/ D / D / E/ EL E E> EK E / E / F/ FR F F> FQ F / F / G/ G G G? G G  G / H/ Hh H H? Hg H j H / I/ I I I? I I  I / J/ Jv J J? Ju J x J / K/ K K K@ K K  K / L/ L/ L L@ L/ L / L / M/ M/ M M$ M/ M / M / N/ N/ N N$ N/ N / N / O/ O/ O O$ O/ O / O / P/ P/ P P$ P/ P / P / Q/ Q/ Q Q$ Q/ Q / Q / R/ R/ R R$ R/ R / R / S/ S/ S S$ S/ S / S / T/ T/ T T$ T/ T / T / U/ U/ U U$ U/ U / U / V/ V/ V V$ V/ V / V / W/ W/ W W$ W/ W / W / X/ X/ X X$ X/ X / X / Y/ Y/ Y Y$ Y/ Y / Y / Z/ Z/ Z Z$ Z/ Z / Z / [/ [/ [ [$ [/ [ / [ / \0 \0 \ \$ \0 \ / \ / ]0 ]0 ] ]$ ]0 ] 0 ] 0 ^0 ^ 0 ^ ^$ ^ 0 ^ 0 ^ 0 _ 0 _ 0 _ _$ _ 0 _ 0 _ 0Dlbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb` a b c d e f g h i j k l m n o p q r s t u v w x y z { | } ~   `0 `0 ` `$ `0 ` 0 ` 0 a0 a0 a a$ a0 a 0 a 0 b0 b0 b b$ b0 b 0 b 0 c0 c0 c c$ c0 c 0 c 0 d 0 d"0 d d$ d!0 d 0 d 0 e#0 e%0 e e$ e$0 e &0 e '0 f(0 f*0 f f$ f)0 f &0 f '0 g+0 g-0 g g$ g,0 g .0 g /0 h00 h20 h h$ h10 h .0 h /0 i30 i50 i i$ i40 i 60 i 70 j80 j:0 j j$ j90 j 60 j 70 k;0 k=0 k k$ k<0 k >0 k ?0 l@0 lB0 l l$ lA0 l >0 l ?0 mC0 mE0 m m$ mD0 m F0 m G0 nH0 nJ0 n n$ nI0 n F0 n G0 oK0 oM0 o o$ oL0 o N0 o O0 pP0 pR0 p p$ pQ0 p N0 p O0 qS0 qU0 q q$ qT0 q V0 q W0 rX0 rZ0 r r$ rY0 r V0 r W0 s[0 s]0 s s$ s\0 s ^0 s _0 t`0 tb0 t t$ ta0 t ^0 t _0 uc0 ue0 u u$ ud0 u f0 u g0 vh0 vj0 v v$ vi0 v f0 v g0 wk0 wm0 w w$ wl0 w n0 w o0 xp0 xr0 x x$ xq0 x n0 x o0 ys0 yu0 y y$ yt0 y v0 y w0 zx0 zz0 z z$ zy0 z v0 z w0 {{0 {}0 { {$ {|0 { ~0 { 0 |0 |0 | |$ |0 | ~0 | 0 }0 }0 } }$ }0 } 0 } 0 ~0 ~0 ~ ~$ ~0 ~ 0 ~ 0 0 0  $ 0  0  0Dlbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb                                 0 0  $ 0  0  0 0 0  $ 0  0  0 0 0  $ 0  0  0 0 0  $ 0  0  0 0 0  $ 0  0  0 0 0  $ 0  0  0 0 0  $ 0  0  0 0 0  $ 0  0  0 0 0  $ 0  0  0 0 0  $ 0  0  0 0 0  $ 0  0  0 0 0  $ 0  0  0 0 0  $ 0  0  0 0 0  $ 0  0  0 0 0  $ 0  0  0 0 0  $ 0  0  0 0 0  $ 0  0  0 0 0  $ 0  0  0 0 0  $ 0  0  0 0 0  $ 0  0  0 0 0  $ 0  0  0 0 0  $ 0  0  0 0 0  $ 0  0  0 0 0  $ 0  0  0 0 0  $ 0  0  0 0 0  $ 0  0  0 0 0  $ 0  0  0 0 0  $ 0  0  0 1 1  $ 1  0  0 1 1  $ 1  1  1 1  1  $  1  1  1  1  1  $  1  1  1Dlbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb                                 1 1  $ 1  1  1 1 1  $ 1  1  1 1 1  $ 1  1  1 1 1  $ 1  1  1  1 "1  $ !1  1  1 #1 %1  $ $1  &1  '1 (1 *1  $ )1  &1  '1 +1 -1  $ ,1  .1  /1 01 21  $ 11  .1  /1 31 51  $ 41  61  71 81 :1  $ 91  61  71 ;1 =1 @ @ <1  >1  ?1 @1 B1   @ A1  C1  D1 E1 G1 @  @ F1  H1  I1 J1 L1   @ K1  M1  N1 O1 Q1   @ P1  R1  S1 T1 V1   @ U1  W1  X1 Y1 [1 @  @ Z1  \1  ]1 ^1 `1   @ _1  a1  b1 c1 e1   @ d1  f1  g1 h1 j1  k1 i1  l1  m1 n1 p1  k1 o1  l1  m1 q1 s1  k1 r1  l1  m1 t1 v1  @ u1  w1  x1 y1 {1  @ z1  |1  }1 ~1 1 @ @ 1  1  1 1 D  ? 1 : ? ? 1 1 '  @ 1 ' '  @ 1 1   @ 1  1   1  1D lbbbbbbbbbbbbbbbbbbbbbbbbbb88888 1 1 1 @ 1 1 7 1 @ 6 1 1 @ @ 1  1 @  1 r  @ q 1 #  A ! 1 1  A 1 . e" A - 1 1   A O 1 ,!   A ; 1   A  1 1  A 1 1 1  A 1 1 1  A $ 1 1   A + 1 1   A h 1 1   A 1 1 ?  A 1 1   A   ~  ~  ~  ~    ~   ~  ~    }   }   ~  ~    }   }   ~  ~    }   }   ~  ~    }   }   ~  ~    ~   ~   ~  ~    ~   ~   ~  ~    ~   ~   ~  S  P  Q  T  R  U  V  W   X  Y  Z  [  \   ]  ^  _  `  *  +  ,  -  a  b  0  1  c  -  aD lFF8FFF8FFFFFFFFF88FnTTTTTTTTTTT   d  4  5  e  -  a  f  8  9  g  -  a  h  <  =  i  -  a  j  @  A  k  -  a  l  D  E  m  -  a  n  H  I  o  -  a  p  q  r  s  t  u  v  w  r  x  y  z  {  |  r  }  ~      r            L    N  u             TTTTTTTTTTTTT>@  A ggD g2ɀ 86;PPP(Pw3P?=P;HPSSP/^PiPoP  dMbP?_*+%&?'?(?)?Mb\\mbps1\1S153A-HPS odXXLetterPRIV0'''' \KhCN 7SMTJHP LaserJet 9050 PSESPRITSupportedTrueHPOrientationHPOrientationPortraitHPOrientRotate180FalsePostScriptCustomPageSizeFalseHPConsumerCustomPaperPSCustomHPSmartDuplexSinglePageJobTrueHPSmartDuplexOddPageJobTrueDuplexDuplexNoTumbleHPDuplicateJobNameOverrideSWFWPageSizeLETTERPageRegionLeadingEdgeInputSlot*UseFormTrayTableMediaTypeAutoHPNUseDiffFirstPageChoiceTrueHPPageExceptionsFileHPCPE5r1HPPageExceptionsInterfaceShowPageExceptionsHPPageExceptionsLowEndHPPageExceptionsLowEndVerHPPageExceptionsCoverInsertionHPMediaTypeDuplexConstraintsEXTRA_HEAVYHPDocUISUITruePSAlignmentFileHPCLS5r1PSServices_DeviceandSuppliesStatusTRUEHPSmartHub_OnlinediagnostictoolsTRUEHPSmartHub_SupportandtroubleshootingTRUEHPSmartHub_ProductmanualsTRUEHPSmartHub_CheckfordriverupdatesTRUEPSServicesOptionPrnStat_SID_242_BID_270_HID_15521HPSmartHubInet_SID_263_BID_276_HID_265JCLOptimizeForPLAINCollateFalseOutputBinAutoStapleLocationNoneAlternateLetterHeadFalseHPPaperSizeALMConstraintsENV_10TextAsBlackFalseHPEnableRAWSpoolingTrueHPDocPropResourceDataHPCabFileNameJCLEconomodeFalseJCLResolution600dpiJCLFastResTrueJCLHPPrintOnBothSidesManuallyFalseHPEdgeToEdgeTrueHPPJLEncodingUTF8HPJobAccountingHPJOBACCT_JOBACNTPrintQualityGroupPQGroup_1HPBornOnDateHPBODHPJobByJobOverrideJBJOHPColorModeMONOCHROME_MODEHPXMLFileUsedhpc9050s.xmlHPSendPJLUsageCmdCURIJRConstraintsJRCHDPartialJRHDInstalledJRHDOffJRHDNotInstalledJRHDOffHPJobAccWoPinTrueIUPHxMkA -ԛ\b%uE&45/1RI%H"~?~/9OM3م6/i<3LiMp*_E|!a嘴XKpOv1~u| %/ji#\De{9QR)MlFҒZ1T eb_JAT&PƦz;&7JUM얪*O?->H [f_`~> Cͬ]ΆzOq̘͝k̥xdKq6ڦFjrYlp M/#u`0":div \>Əl<Ӎ_]wgQEwkAAAA|B:"dXX??&U} } } } 2} } -} 4$ } 5$ 6 ``      K      zD $ $  $ $ $ $  $ $ $ $  $ $ $ $  $ $ $ $  $ $ $ $  $ $ $ $  $  $ $ $  $  $ $ $  $  $ $ $  $  $ $ $  $  $ $ $  $ $ $ $  $ $ $ $  $ $ $ $  $ $ $ $  $ $ $ $  $ $ $ $  $ $ $ $  $ $ $ $  $ $ $ $  $ $ $ $  $ $ $ $  $ $ $ $  $ $ $ $  $ $ $ $  $ $ $ $  $ $ $ $  $ $ $ $  $ $D lPPPPPPPPPPPPPPPPPPPPPPPPPPPPP !"#$%&'()*+,-./0123456789:;<=>? $ $  $  $ !$ !$ ! !$! !$ "$ "$ " "$" "$ #% #% # #$# #% $% $% $ $$$ $% %% %% % %$% %% & % & % & &$& & % ' % ' % ' '$' '% (% (% ( ($( (% )% )% ) )$) )% *% *% * *$* *% +% +% + +$+ +% ,% ,% , ,$, ,% -% -% - -$- - % .!% ."% . .$. .#% /$% /%% / /$/ /&% 0'% 0(% 0 0$0 0)% 1*% 1+% 1 1$1 1,% 2-% 2.% 2 2$2 2/% 30% 31% 3 3$3 32% 43% 44% 4 4$4 45% 56% 57% 5 5$5 58% 69% 6:% 6 6$6 6;% 7<% 7=% 7 7$7 7$ 8>% 8?% 8 8$8 8$ 9@% 9A% 9 9$9 9$ :B% :C% : :$: :$ ;D% ;E% ; ;$; ;$ <F% <G% < <$< <$ =H% =I% = =$= =$ >J% >K% > >$> >$ ?L% ?M% ? ?$? ?$D lPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPP@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_ @ A @N% @ @$@ @$ AO% AP% A A$A A$ BQ% BR% B B$B B$ CS% CT% C C$C C$ DU% DV% D D$D D$ EW% EX% E E$E E$ FY% FZ% F F$F F$ G[% G\% G G$G G$ H]% H^% H H$H H$ I_% I`% I I$I I$ Ja% Jb% J J$J J$ Kc% Kd% K K$K K$ LA Le% L L$L L$ Mf% Mg% M M$M M$ Nh% Ni% N N$N N$ Oj% Ok% O O$O O$ Pl% Pm% P P$P P$ Qn% Qo% Q Q$Q Q$ Rp% Rq% R R$R R$ Sr% Ss% S S$S S$ Tt% Tu% T T$T T$ Uv% Uw% U U$ U$ Vx% Vy% V V$V V$ Wz% W{% W W$W W% X|% X}% X X$ X% Y~% Y% Y Y$ Y% Z% Z% Z Z$ Z % [% [% [ [$ [% \% \% \ \$ \% ]% ]% ] ]$ ]% ^% ^% ^ ^$ ^% _% _% _ _$ _%D& lPPPPPPPPPPPPPPPPPPPPPFPPFFFFFFF`abcdefghijklmnopqrstuvwxyz{|}~ `% `% ` `$ `% a% a% a a$ a % b% b% b b$ b#% c% c% c c$ c&% d% d% d d$ d)% e% e% e e$ e,% f% f% f f$ f/% g% g% g g$ g2% h% h% h h$ h5% i% i% i i$ i8% j% j% j j$ j;% k% k% k kA k% l% l% l lA l% m% m% m mA m% n% n% n nA n% o% o% o oA o% p% p% p pA p% q% q% q qA q% r% r% r r% r% s% s% s sA s% t% t% t tA t% u% u% u uA u% v% v% v vA v% w% w% w wA w% x% x% x xA x% y% y% y yA y% z% z% z zA z% {% {% { {A {% |% |% | |A |% }% }% }A }% ~% ~% ~A ~% % % A %D lFFFFFFFFFFFFFFFFFFFFFFFFFFFFF88 % % A % % % A % % % A % % % A % % % A % % %  A % % % !A % % % "A % % % #A % % % $A % % % %A % % % &A % % % 'A % & & (A & & & )A & & & *A &  &  & +A  &  &  & ,A & & & -A & & & .A & & & /A & & & 0A & & & 1A & & & 2A  & !& "& 3A #& $& %& 4A && '& (& 5A )& *& +& 6A ,& -& .& 7A /& 0& 1& 8A 2& 3& 4& 9A 5& 6& 7& :A 8&D l8888888888888888888888888888888 9& :& ;A ;& <& =& & ?& @& =A A& B& C& >A D& E& F& ?A G& H& I& @A J& K& L& AA M& N& O&  BA P& Q& R& CA S& T& U&  DA V& W& X&  EA Y& Z& [&  FA \& ]& ^&  GA _& `& a&  HA b& c& d&  IA e& f& g&  JA h& i& j&  KA k& l& m&  LA n& o& p&  MA q& r& s&  NA t& u& v&  OA w& x& y&  PA z& {& |&  QA }& ~& &  RA & & &  SA & & &  TA & & & UA & & &  VA & & &  WA & & &  XA & & &  YA & & & ZA &D l8888888F8FFFFFFFFFFFFFFFFF8FFFF & & [A & & &  \A & & &  ]A & & &  ^A & & & _A & & & `A & & & aA & & &  bA & & &  cA & & &  dA & & & eA & & &  fA & & &  gA & & &  hA & & & iA & & &  jA & & &  kA & & &  lA & & &  mA & & &  nA & & &  oA & & &  pA & & &  qA & & & rA & & &  sA & & &  tA & & &  uA & & 9  vA & & &  wA & & &  xA & & & 1 yA & & & zA &D l8FFF888FFF8FFF8FFFFFFFF8FFFFFFF & &  {A & & & |A & & & }A ' ' '  ~A ' ' '  A ' ' '  A  '  '  '  A  '  ' '  A ' ' ' A ' ' ' A ' ' ' A ' ' '  A ' ' ' A ' '  ' A !' "' #'  A $' %' &'  A '' (' )' A *' +' ,' A -' .' /'  A 0' 1' 2'  A 3' 4' 5'  A 6' 7' 8'  A 9' :' ;'  A <' =' >'  A ?' @' %  A A' B' C'  A D' E' F'  A G' H' I'  A J' K' 1 L' M'  A N' O' P' A Q' R' S'  A T'D lF88FFFFF888F88FF88FFFFFFFFFF&F8       U' V' A W' X' Y' A Z' [' \'  A ]' ^' _'  A `' a' b'  A c' d' e'  A f' g' h'  A i' j' k'  A l' m' n' _> O o' p' q' _> N r' s' t' _> M u' v' w'  A x' y' z'  A {' |' }'  A ~' ' E'  A ' ' E'  A ' ' E'  A ' ' ' A ' ' ' A ' ' ' A ' ' '  ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' '  ' ' ' '  ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' @ ' ' ' ' @ ' 1  ? AD l88FFFFFFFFFFFFFFF888F888FF888FF !"#$%&'()*+,-./012345 1 1 ? ? !1 !1 !A !@ "1 " "1 "@ #1 #1 #? #A $1 $ $L $A %1 %r %? %@ &1 & &? &A '1 '1 '? 'A (1 (1 (A (A )1 )1 )A )A *1 *1 *q@ *r@ +1 +1 +A +A ,1 ,1 ,? ,A -1 - -? -A .1 .1 .? .? /1 / /? /A 01 01 0? 0A 11 11 1? 1? 21 21 21 2A 31 31 3? 3A 41 4 4A 4A 51 51 5? 5A0888888888888888888888>@dA ggD g2ɀ `gPP"PbP2PPPQ2#Q5QHQYQrjQT{QDQQ$QQQQZQ  dMbP?_*+%&?'?(?)?M\\MBPS3\3M232A-HPS odXXLetterPRIV0''''X, \KhC%MSCXSMTJHHP Universal Printing PS (v5.2)HPDocUISUITrueESPRITSupportedTrueHPOrientationHPOrientationPortraitHPSmartDuplexSinglePageJobTrueHPSmartDuplexOddPageJobTrueHPOrientRotate180FalsePostScriptCustomPageSizeFalseDuplexNoneHPReverseOrderForFold_StitchTrueHPBestGlossDefaultInputSlot*UseFormTrayTableHPDuplicateJobNameOverrideSWFWPageSizeLETTERPageRegionLeadingEdgeMediaTypeAUTOHPMediaTypeTreeviewPopupTrueCollateFalseJCLHPPrintOnBothSidesManuallyFalseJCLEconomodeFalseOutputBinAutoStapleLocationNonePunchingNoneTextAsBlackFalseAlternateLetterHeadFalseJCLResolution600dpiJCLPrintQualityNoneJCLFastRes1bppHPConsumerCustomPaperTruePrintQualityGroupPQGroup_2JRHDInstalledJRHDOffHPNUseDiffFirstPageChoiceTrueHPPageExceptionsFileHPCPE112HPPageExceptionsInterfaceShowPageExceptionsHPPageExceptionsLowEndHPPageExceptionsLowEndVerHPPageExceptionsCoverInsertionHPEnableRAWSpoolingTrueHPDocPropResourceDataHPCabFileNameRGBColorNoCmdCMYKInksNoCmdJRConstraintsJRCHDFullHPColorSmartAutomaticHPColorSmart_ColorOptions_EdgeControlNoCmdHPColorSmart_ColorOptions_HalftoneNoCmdHPColorModeCOLOR_MODEHPColorSmart_Text_NeutralGraysNoCmdHPColorSmart_Text_HalftoneNoCmdHPColorSmart_Text_RGBColorNoCmdHPColorSmart_Graphics_NeutralGraysNoCmdHPColorSmart_Graphics_HalftoneNoCmdHPColorSmart_Graphics_RGBColorNoCmdHPColorSmart_Photo_NeutralGraysNoCmdHPColorSmart_Photo_HalftoneNoCmdHPColorSmart_Photo_RGBColorNoCmdHPPJLEncodingUTF8HPJobAccountingHPJOBACCT_JOBACNT_GROUPNAMEHPBornOnDateHPBODHPJobByJobOverrideJBJOHPJobAccWoPinTruePSAlignmentFileHPCLS112HPSmartHubInet_SID_263_BID_514_HID_265HPColorAsGrayFalseCNOutputNoneCNStapleNoneCNOffsetFalseCNPunchingNoneCNFoldingNoneIUPHxMkA e/.dk i6[,&4Io WTGxP0E}fKg7Q0,iYҙ? (+Z]a*&5eUX6l`P;^;DڏN: Dт?eZ i7+|fXjBUz^䚔GV'ܔ0sEFjx$ԖVv`v_TBzX"}?\kqAƉ;pF;u{^B^~,jN؁"oU6n"2}+ېO82ƿfF8RBVP2ʌšErr*M?d"{5X7l+j֜qsA+d,eJ[(ATXƒ+ғMeQ]iI϶Sxs%, /톐Ta0t)BT\_,ҙws܎SwgoTXKoO>WhB!B!$F')%oVx"dXX??& U} } * } . } 2 } 9 }  } # } ( }  } " } }  } m3 } $ g  )                  2    |D      !        ;   *       O      }D   h  0  |  {   ~D   h  0      D   h  0      D   h  0     D  D  ~  C  }  | { z  y   x  L  w  v u t s  r   q  p  o n  m  D  l    k  j i h  g   f  S2  e  d  c  D   h  0      b  D   h  0     a  D   D       `  D   h  !1     _  ^  D  ]    \  [  Z  Y  X  W  D  V  :-  U  T  S  R  D  Q  y  P  O  N  D   h  0  ߄  ބ  M  L   K    J  I  H  G  F  D   D    ۆ  چ  E  D  D  C  1  B  A  @  ?   >   =  <  ;  :   9  V  8  7  6  5  4  D   D    .  -  3  2  1  0  *  /  .  -  ,  +  D  *  ~  )  (  '  &   %   $  #  "  !               Dllllllz^zllllllllllllzl !"#$%&'()*+,-./0123456789:;<=>?   D   D       !  ! D ! ! D !  ! ݈ ! ܈! "  "  " D "  " ? "  "  "  " " #  #  # #  # S2 #  # # # # $ $ $ D $  $ w* $  $  $  $ $ %  %  % D %  % 1 % % % & & & & & S2 & & & ' ' ' ' ' S2 ' ' ' \' ( ( ( ( ( S2 ( ( ( \( ) ) ) ) ) S2 ) ) ) \) * * * * * S2 * * * \* + + + + + S2 + + + \+ , , ߊ , , ފ , S2 , ݊ , ܊ , \, - ۊ - ڊ - - ي - S2 - ؊ - ׊ - \- . ֊ . Պ . . Ԋ . S2 . ӊ . Ҋ . \. / ъ / Њ / / ϊ / S2 / Ί / ͊ / \/ 0 ̊ 0 D 0 0 D 0  0 k 0 j0 1 ˊ 1 D 1 D 1 D 1  1 ʊ 1 Ɋ 1 Ȋ 1 NJ1 2 Ɗ 2 Ŋ 2 2 Ċ 2 S2 2 Ê 2 Š 2 \2 3 3 3 3 3 S2 3 3 3 \3 4 4D 4D 4 D 4 / 4 4 4 4 4 5 5 D 5 D 5 D 5  5 5 5 5 5 6 6 D 6 D 6 D 6 1 6 6 6 6 6 7 7 D 7 D 7 D 7  7 7 7 7 7 8 8 D 8 D 8 D 8 h 8 8 8 8 8 9 9 9 9 9 S2 9 9 9 \9 : : : D : D :  : : : : : ; ; D ; D ; D ;  ; ; ; ; ; < < < < < S2 < < < \< = = = = = S2 = = = \= > > D > D > D >  > > > > ? ? D ? ? D ? n ? ? ? ? ? D"lllllzzzzzzzzzlzzzzzz@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_ @ @ @ @  @ S2 @ ~ @ } @ \@ A | A D A D A D A  A { A zA B y B x B B w B S2 B v B u B \B C t C s C C r C S2 C q C p C \C D o D n D D m D S2 D l D k D \D E j E i E E h E S2 E g E f E \E F e F D F F D F S2 F d F cF G b G a G G ` G S2 G _ G ^ G \G H ] H \ H H [ H S2 H Z H Y H \H I X I D I D I D I  I W I V I UI J T J D J D J D J  J S J R J Q J PJ K O K N K K M K S2 K L K K K \K L J L D L D L D L G L I L H L G L FL M E M D M M C M S2 M B M A M \M N @ N ? N N > N S2 N = N < N \N O ; O  O w O D O " O : O 9 O 8 O 7O P 6 P 5 P P 4 P S2 P 3 P 2 P \P Q 1 Q D Q D Q D Q  Q 0 Q / Q . Q -Q R , R + R R * R S2 R ) R ( R \R S ' S & S S % S S2 S $ S # S \S T " T ! T T T S2 T  T  T \T U  U  U U  U S2 U  U  U \U V  V D V V D V  V  V  V  V V W  W D W D W D W W  W  W W X  X  X X X S2 X X X \X Y Y Y Y  Y S2 Y  Y  Y \Y Z  Z  Z ?2 Z  Z S2 Z  Z  Z \Z [ [ [ [ [ S2 [ [ [ \[ \ \ \ \ \ S2 \ \ \ \\ ] ] D ] ] D ]  ] ] ] ] ] ^ ^ ^ ^ ^ S2 ^ ^ ^ \^ _ _ _ _ _ S2 _ _ _ \_ Dlzlzzzzlzzzzzzzzzzzzzzzzzz`abcdefghijklmnopqrstuvwxyz{|}~ ` ` D ` D ` D `  ` ` ` ` ` a a D a t a D a ) a a a ߉ a މa b ݉ b ܉ b b ۉ b S2 b ډ b ى b \b c ؉ c ׉ c c ։ c S2 c Չ c ԉ c \c d Ӊ d ҉ d d щ d S2 d Љ d ω d \d e Ή e ͉ e e ̉ e S2 e ˉ e ʉ e \e f ɉ f D f D f D f 8 f ȉ f ljf g Ɖ g ʼn g g ĉ g S2 g É g ‰ g \g h h D h h D h 9 h h h h h i i i i i S2 i i i \i j j D j j D j S2 j j j j k k D k D k D k L k k k k k l l D l l D l a l l l l l m m D m D m D m . m m m m m n n D n D n D n . n n n n n o o D o D o D o . o o o o o p p D p D p D p  p p p p p q q D q q h q / q q q r r D r D r D r  r r r r r s s D s s h s / s  s ~s t t D t t D t t t t t u u u u u S2 u u u v v D v v h v )0 v  v v w w D w w h w 40 w w w x x x x x S2 x x  x \x y ~ y D y y h y T0 y y y z } z D z z h z A0 z { z zz { | { D { { h { y0 { Ä { „{ | { | D | | D | S2 | 1 | 0| } z } D } D } D }  } y } x} ~ w ~ D ~ D ~ D ~ , ~ v ~ u~  t  D   D  ,  s  r Dlzzzzlzzzllllllzllllll q  p   o  S2  n  m  \ l  k   j  S2  i  h  \ g  D  f    e  d c b a  D  D  D  S2  `  _ ^  D  D  D  -  ]  \ [  D   D    Z  Y X W V  D  D  D    U  T S R Q  D   D  k  P  O N M L  K   J  S2  I  H  \ G  D   h  D0  6  5 F  D  D  D  .  E  D C B A  @   ?  S2  >  =  \ <  D  t  D  2  ;  : 9 8 7  D  D  D    6  5 4 3 2  1  ?2  0  S2  /  .  \ -  ,   +  S2  *  )  \ (  '   &  S2  %  $  \ #  D  D  E  s  "  !         S2      \   E  D  E  ,       E  D  E           E   E  .        E   h  90     E  D  E  W         E  D  E  S2       E  D  E          S2    \  E  D  E  +/        S2    \     S2    \  E   h  /  I  H  E   h  Y0    Dlzzllzlzzzzzlllzzzl     S2   ߈  \ ވ  E   D    ݈  ܈ ۈ  E  E  E  6  ڈ  و ؈ ׈ ֈ  E  D  E  h  Ո  Ԉ ӈ ҈ ш    E    Ј  ψ Έ  E   h      ͈  ̈   ˈ  S2  ʈ  Ɉ  \ Ȉ  Lj   ƈ  S2  ň  Ĉ  \ È  ˆ  ?2   S2    \     S2    \     S2    \  E  D  E  S2     E  D  E  T        S2    \     S2    \  E  D  E  ?     E   !E  +      t   S2    \  "E  #E  $E       %E    &E       'E  D  (E          S2     )E   h  0    ~ }  *E  D  +E  ~  |  { z y x  ,E  -E  .E    w  v u t s  /E   h  0  Є  τ r  q   p  S2  o  n  \ m  l   k  S2  j  i  \ h  g   f  S2  e  d  \ c  b  a  `  S2  _  ^  \ ]  \   [  S2  Z  Y  \ X  W   V  S2  U  T  \ Dlzlllzzzzzzzzlzlllzzzzz S  0E   h   m  l R  1E  D  2E  B/  Q  P O N M  3E   4E  0  L  K J I H  5E   h  0    G  6E  D  7E    F  E D C B  8E   h  1     A  @   ?  S2  >  =  \ <  9E   :E      ;  ;E   h  1    :  9   8  S2  7  6  \ 5  4   3  S2  2  1  \ 0  E  D  ?E  &  &  % $ # "  @E  D  AE  .  !      BE   h  0       CE  D  DE           EE    FE           GE   h  91          3      HE  IE  JE                S2    \  KE   LE  !        S2    \     S2    \  ME  D  NE  J     OE   h  a0  U  T  PE   QE    ɇ  ȇ  RE  D  SE  1     TE   h  0  Ƅ  ń  UE  VE  WE     ߇ Dllllzllzzllzllzzzzlll އ  ݇   ܇  S2  ۇ  ڇ  \ ه  ؇   ׇ  S2  և  Շ  \ ԇ  XE   YE    Ӈ  ҇ ч Ї χ  ZE  D  [E    ·  ͇ ̇ ˇ ʇ  \E   QE    ɇ  ȇ LJ  ]E  D  ^E  ]  Ƈ  Ň ć Ç ‡  _E   h  0      D  `E       aE   h  0        S2    \  bE  D  cE  "        S2    \  dE  D  eE       fE  gE  hE          S2    \  iE  D  jE       kE  D  lE  !     mE  D  nE       oE  D  pE  <        S2    \  qE   h          S2    ~  \ }  rE   sE    |  { z y x  tE   uE    w  v u t s  vE  D  wE  K  r  q p o n  xE   h  S2  m  l k  yE  D  zE  ]  j  i h g f  e   d  S2  c  b  \ a  `   _  S2  ^  ]  \ [  {E  D  |E    Z  Y X W V  }E   ~E  A  U  T S R Q  E   E   P  O N D>lzzlllzzlzzzlzlzz       M  E   E  u  L  K  J  I  H  E  E  E    G  F  E  D  C  E  {  E  ~  B  A  @  ?  >  E  D  E    =  <  ;  :  9  E   E  S2  n  m  8  E   E  C  7  6  5  4  3  E  D  E  _  2  1  0  /  .  E  D  E    -  ,  +  *  )  E   E       (  E  D  E    '  &  %  $   #  E  D  E    "  !        E    E  )         E    E               E  D  E  R             E   D          E   E  S2      E   E  E          E  D  E              E  D  E          E   D        E   E          E  ?2  E          E  D  E             )  ߆  ކ         ߆  ކ      )  ߆  ކ  ݆  E   h  0  1  0  ܆  E   D    ۆ  چ  ن  E  D  E    ؆  ׆  ֆ  Ն  Ԇ  E  D  E  !  ӆ  ҆  ц  І  φ  E   h  0     Ά  E  D  E  1  ͆  ̆ D"lllllll^llll !"#$%&'()*+,-./0123456789:;<=>?  ˆ  E   E  $  ʆ  Ɇ  ! Ȇ ! E ! #E ! E ! . ! dž ! Ɔ ! ņ ! Ć! " Æ " E " D " E "  " † " " " " # # E # D # E #  # # # # # $ $ E $ D $ E $  $ $ $ $ $ % % E % D % E % . % % % % % & & & & & E & & & & & ' ' E ' { ' E ' s ' ' ' ' ' ( ( ( ( ( q* ( ( ( ( ( ( ) ) ) ) ) q* ) ) ) ) * * * * * q* * * * * + + E + + h + 0 + + + , , E , { , E , % , , , , , - - E - D - E -  - - - - - . . E . . E .  . . . / / E / / h / / /  / / 0 0 E 0 D 0 E 0  0 0 0  0 ~0 1 } 1 E 1 D 1 E 1 i 1 | 1 { 1 z 1 y1 2 x 2 E 2 D 2 E 2  2 w 2 v 2 u 2 t2 3 s 3 E 3 E 3 E 3  3 r 3 q 3 p 3 o3 4 n 4 E 4 D 4 E 4 i- 4 m 4 l 4 k 4 j4 5 i 5 E 5 E 5 E 5  5 h 5 g 5 f 5 e 5 d5 6 c 6 E 6 6 E 6 } 6 b 6 a 6 ` 6 _6 7 ^ 7 E 7 7 h 7 ] 7 Ʉ 7 Ȅ7 8 \ 8 E 8 D 8 E 8  8 [ 8 Z 8 Y 8 X8 9 W 9 E 9 9 h 9 0 9 ΅ 9 ͅ9 : V : E : E : E : 7 : U : T : S : R: ; Q ; E ; E ; E ; ~ ; P ; O ; N ; M; < L < E < < h < |0 < 4 < 3< = K = E = D = E =  = J = I = H = G= > F > E > > E >  > E > D> ? C ? B ? ? A ? , ? @ ? ? ? > ? =? Dllzzlllllll@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_ @ < @ E @ @ E @ @ ; @ :@ A 9 A E A E A E A A 8 A 7 A 6A B 5 B E B B h B 0 B 4 B 3B C 2 C E C C h C 0 C 1 C 0C D / D E D E D E D S2 D . D -D E , E E E D E E E v E + E * E ) E (E F ' F E F F h F / F F F G & G % G G $ G # G "G H ! H E H E H E H  H H  H  H H I  I E I I h I S2 I  I I J  J E J E J E J  J  J  J  J J K  K  K K  K  K  K  K  K K L  L  L L  L  L L M M M M  M  M M N N N  N  N  N N O  O  O  O  O  O O P  P E P D P F P , P P P Q Q Q D Q Q H- Q Q Q R R F R R h R 41 R R R S S F S S h S q0 S S S T T, T T F T , T T T U U F U F U F U S2 U U U V V F V V h V 0 V V V W W W W W U W W W W W X X F X X F X  X X X X X Y Y F Y Y F Y S2 Y Y ߅ Y ޅY Z ݅ Z F Z Z F Z  Z ׅ Z օ Z ܅ Z ۅZ [ څ [ F [ [ F [  [ ׅ [ օ[ \ م \ F \ \ F \  \ ׅ \ օ\ ] ؅ ] F ] ] F ]  ] ׅ ] օ] ^ Յ ^ F ^ ^ F ^  ^ ԅ ^ Ӆ ^ ҅ ^ х^ _ Ѕ _ F _ _ h _ / _ ل _ ؄_ Dllzllll^l^^^^lllllllzlll`abcdefghijklmnopqrstuvwxyz{|}~ ` υ ` F ` ` h ` 0 ` ΅ ` ͅ` a ̅ a F a F a F a S2 a ˅ a ʅa b Ʌ b ȅ b b Dž b e b ƅ b Ņ b ą b Åb c … c F c c h c / c ̈́ c ̄c d d F d d h d 0 d * d )d e e F e F e F e ( e e e f f F f f h f 1 f f f g g F g D g F g , g g g h h F h h h h / h h h i i !F i i "F i , i i i j j #F j j h j 0 j j j k k k k k k k k k k l l $F l l %F l S2 l l l m m &F m m h m / m m m n n 'F n D n (F n . n n n n n o o )F o D o *F o , o o o p p +F p p h p d0 p p p q q ,F q q h q 0 q q q r r -F r r :E r  r r r s s .F s s h s i0 s s s t t /F t t h t L0 t k t jt u u 0F u u h u 0 u u u v v 1F v v h v ,0 v  v v w w w w w ` w w w w w x x 2F x x h x / x  x ~x y } y 3F y y h y / y u y ty z | z 4F z z h z <0 z { z zz { y { 5F {  { 6F { , { x { w{ | v | 7F | | h | / | u | t| } s } r } } q } S2 } p } o } n } m} ~ l ~ 8F ~ ~ h ~ Q0 ~ k ~ j~  i  h   g  t*  f  e  d  c Dlllllllllllllllllllllllllll  b  a   `  B  _  ^  ]  \  [  Z  D  Y  M-  X  W  V  9F   h  \0  U  T  S  R  D  Q    P  O  N  M  :F    ;F  ,  L  K  J  F  ,  F  E  D  ?F   @F    C  B  A  @  ?  AF   BF    >  =  <  ;  :  CF    DF  ,  9  8  7  EF   h  I0  6  5  4  FF   h  3  -  ,  2  GF   D  S2  1  0  /  HF   h  .  -  ,  +  IF   h  0  *  )  (  '  D  &    %  $  #  "  !    ,        JF   h  $0        KF   h  /        LF   MF              NF   MF          OF   MF          PF   MF          QF   h  0       RF   SF  ,      TF   h  S2        UF   VF  ,        WF   h  10       XF   h  l0                        YF   h  0  ܄  ۄ Dlllzlllllllllzllllllllllllzl   ZF  [F  \F          ]F   ^F  S2      -   _F  ,      `F   aF  <1      bF    cF  -      dF   h  0  ߄  ބ  ݄  eF   h  !0  ܄  ۄ  ڄ  fF   h  /  ل  ؄  ׄ  gF  D  hF  .  ք  Մ  Ԅ  ӄ  ҄  iF   h  1     ф  jF   h  0  Є  τ  ΄  kF   h  0  ̈́  ̄  ˄  lF   h  ʄ  Ʉ  Ȅ  DŽ  mF   h  0  Ƅ  ń  Ą  nF   h  t0  Ä  „   oF    pF  -      qF   h  0         S2        rF   h  0      sF   h  $1      tF   h  0      uF   h  ,1  g  f   vF   h  1      wF   E        xF   h  0      yF   h  0         S2        zF   h  1         3-           9             ~           ~ Dlzllllllllllllllllllllllll        ~  }  {F   h  0  |  {  z  y  D  x  -  w  v  u  t   s    r  q  p  o  |F   E  S2  n  m  l  }F   D    k  j  i  ~F   h  11  g  f  e  d   c  .  b  a   `  .  _    ^  ]    \      [    Z  Y    X    W  V    U    T  B1    S  A1  R  G1  Q  P  F1  O  N    M  K1  L  K    J  P1  I  V1    H  U1  G  [1  @  F  Z1  E  D    C  _1  B  A    @  d1  ?  >  @  =  <  ;  :  9    8  7  6    5  4  3    2  1  0    /  .  -  ,  +    *  )  (    '  &  %    $  #      "  !                      D l^llzlllPPPPPPPPPPPPPP^BBB^BBB^^                                                                 y/                                      ~-       ߃  ރ   ݃  ܃  ۃ  ڃ  -    ك  ؃  ׃  փ  -   Ճ  ԃ  Ӄ  ҃  -   у  Ѓ  σ  ΃  ̓   ̃  ˃  ʃ  Ƀ  ȃ  ǃ  ƃ  Ń  ă  à  ƒ      /                  -        >        H        R        \                            D6 l^^^^^^^BBBBBB^^^^^^^BB^B^^^^^P^         -                                 ~  }  |  {  z  y  x  w  v  u  t  s  r  q  p  o  n  m  l  k  j  i   h  g  f  e   d  c   b  a  `   _  1   ^  ]  \   [  Z   Y  X  W   V  i.   U  T  S  R  b.   Q  P  O  N  p.   M  L  K  J  /    I  H  G  F  }.   E  D  C  B  A   @  ?  >  =    <  ;  :  9  8    7  6  5  4  3  2   1  0  /  .  -   ,  +  *  )     (  '  &  %  $   #  "  .   !       .                                          /      D| l^^^^^BBBBBB^^^^^^^^^^^^^^B^^^^^ !"#$%&'()*+,-./01234 56789:;<=>?             !  !  ! ! ! ! ! " " +. " " " " " # #  # # # # # $ $ L $ $ $ $ $ % % R % % % % % & &  & & & & & ' ' :. ' ' ' ' ' ( ( O. ( ( ( ( ( ) )  ) ) ߂ ) ނ ) ݂) * ܂ * h *  * ۂ * ڂ * ق* + ؂ + ׂ + ^I + ւ + Ղ + Ԃ+ , ӂ ,  , ^I , o> , ҂ , т, - Ђ - ς - ^I - ΂ - ͂ - ̂- . ˂ . ʂ . ^I . ɂ . Ȃ . ǂ. / Ƃ / ł / ^I / Ă /  / ‚/ 0 0 0 ^I 0 0 0 0 1 1 1 ^I 1 1 2 2 2 ^I 2 2 3 3 3 ^I 3 3 4 474 4 _I49 5 5 5 6 66 7 7 7 ^I 7 7 8 88 9 9 9 ^I 9 9 : :: ; ;; < < < ^I < < = == > >> ? ?? D l^^^^^^^^^^^^^^^^^BBBR&&B&B&&B&&@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_ @ @@ A AA B B B ^I B B C CD C ^I C C D Dl D ^I D D E Et E ^I E E F FF G GG H H  H ^I H H I II J J/ J ^I J J K K K ^I K K L L L M M % M M N N - N N O ~ O / O }O P | P w. P {P Q z Q Q ^I Q yQ R x R w R vR S u S H. S tS T s T  T rT U q U pU V o V / V nV W m W {1 W lW X k X jX Y i Y hY Z g Z fZ [ e [ } [ [ }[ [  } [  d[ \ c \ } \ \ } \  } \  b\ ] a ] } ] ] } ]  } ]  `] ^ _ ^ } ^ ^ } ^  } ^  ^^ _ ] _ ~ _ _ ~ _  ~ _  \_ D l&&BBBB&&B&BB&4444B444&44&&&h^^^`abcdef ` [ ` ~ ` ` ~ `  ~ `  Z` a Y a ~ a a ~ a  ~ a  Xa b W b P b Q b V b R b U b  R b  Ub c T c S c Q c R c Q c P c  Q c  Pc d  d  d d  d " e  e  e  e  e " f  f  f  f f "x^^zzFF>@d  A ggD g2ɀ pQMQQQRmR5R)R6RCRUPR]RiRvRuR=RRͩRR]R%RRR}RES S+S'S;3S>SJSUSaSlS%xSSS  dMbP?_*+%,&ffffff?'ffffff?(?)?",333333?333333? &<3U} } } } 2} } #}  } $ p  ,             G R R R  R `I R R  R `I R R  R `I R R  R `I R R  R `I R R  R `I R R  R  `I R R  R  `I R R  R  `I R R  R  `I R R  R  `I R R  R `I R R  R `I R R  R `I R R  R `I R R  ~R `I }R |R  {R `I zR yR  xR `I wR vR  uR `I tR sR  rR `I qR pR  oR `I nR mR  lR `I kR jR  iR `I hR gR  fR `I eR dR  cR `I bR J  aR `I `R I  _R `I ^R ]R  \R `I [R ZR  YR `ID lTPPPPPPPPPPPPPPPPPPPPPPPPPPPP !"#$%&'()*+,-./0123456789:;<=>? XR WR  VR  `I !UR !H ! !TR! !`I "SR "G " "RR" "`I #QR #PR # #OR# #`I $NR $MR $ $LR$ $`I %KR %JR % %IR% %`I &HR &GR & &FR& &`I 'ER 'DR ' 'CR' '`I (BR (AR ( (@R( (`I )?R )>R ) )=R) )`I *R >Q > >Q> >`I ?Q ?Q ? ?Q? ?`ID lPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPP@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_ @Q @Q @ @Q@ @`I AQ AQ A AQA A`I BQ BQ B BQB B`I CQ CQ C CQC C`I DQ DQ D DQD D`I EQ EQ E EQE E`I FQ FQ F FQF F`I GQ GQ G GQG G`I HQ HQ H HQH H`I IQ IQ I IQI I`I JQ JQ J JQJ J`I KQ KF K KQK K`I LQ LE L LQL L`I MQ MQ M MQM M`I NQ NQ N NQN N`I OQ OQ O OQO O`I PQ PQ P PQP P`I QQ QQ Q QQQ Q`I RQ RQ R RQR R`I SQ SQ S SQS S`I TQ TQ T TQT T`I UQ UQ U UQU U`I VQ VQ V VQV V`I WQ WQ W WQW W`I XQ XQ X XQX X`I YQ YQ Y YQY Y`I ZQ ZQ Z ZQZ Z`I [Q [Q [ [Q[ [`I \Q \Q \ \Q\ \`I ]Q ]Q ] ]Q] ]`I ^Q ^Q ^ ^Q^ ^`I _Q _D _ _Q_ _`ID lPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPP`abcdefghijklmnopqrstuvwxyz{|}~ `Q `C ` `Q` ``I aQ aB a aQa a`I bQ bA b bQb b`I cQ cQ c cQc c`I dQ d@ d dQd d`I eQ e? e eQe e`I fQ f> f fQf f`I gQ gQ g gQg g`I hQ hQ h hQh h`I iQ iQ i iQi i`I jQ jQ j jQj j`I kQ kQ k kQk k`I lQ l~Q l l}Ql l`I m|Q m{Q m mzQm m`I nyQ nxQ n nwQn n`I ovQ ouQ o otQo o`I psQ prQ p pqQp p`I qpQ qoQ q qnQq q`I rmQ rlQ r rkQr r`I sjQ siQ s shQs s`I tgQ tfQ t teQt t`I udQ ucQ u ubQu u`I vaQ v`Q v v_Qv v`I w^Q w]Q w w\Qw w`I x[Q xZQ x xYQx x`I yXQ yWQ y yVQy y`I zUQ zTQ z zSQz z`I {RQ {QQ { {PQ{ {`I |OQ |NQ | |MQ| |`I }LQ }KQ } }JQ} }`I ~IQ ~HQ ~ ~GQ~ ~`I FQ EQ  DQ `ID lPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPP CQ BQ  AQ `I @Q ?Q  >Q `I =Q P `I =P ? rO qO  pO  `I !oO !nO ! !mO! !`I "lO "kO " "jO" "`I #iO #hO # #gO# #`I $fO $eO $ $dO$ $`I %cO %bO % %aO% %`I &`O &_O & &^O& &`I ']O '\O ' '[O' '`I (ZO (YO ( (XO( (`I )WO )VO ) )UO) )`I *TO *SO * *RO* *`I +QO +PO + +OO+ +`I ,NO ,MO , ,LO, ,`I -KO -JO - -IO- -`I .HO .GO . .FO. .`I /EO /DO / /CO/ /`I 0BO 0AO 0 0@O0 0`I 1?O 1>O 1 1=O1 1`I 2O >O > >O> >`I ?O ?O ? ?O? ?`ID lPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPP@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_ @O @O @ @O@ @`I AO AO A A OA A`I B O B O B B OB B`I C O CO C COC C`I DO DO D DOD D`I EO EO E EOE E`I FO FN F FNF F`I GN GN G GNG G`I HN HN H HNH H`I IN IN I INI I`I JN JN J JNJ J`I KN KN K KNK K`I LN LN L LNL L`I MN MN M MNM M`I NN NN N NNN N`I ON ON O ONO O`I PN PN P PNP P`I QN QN Q QNQ Q`I RN RN R RNR R`I SN SN S SNS S`I TN TN T TNT T`I UN UN U UNU U`I VN VN V VNV V`I WN WN W WNW W`I XN XN X XNX X`I YN YN Y YNY Y`I ZN ZN Z ZNZ Z`I [N [N [ [N[ [`I \N \N \ \N\ \`I ]N ]N ] ]N] ]`I ^N ^N ^ ^N^ ^`I _N _N _ _N_ _`ID lPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPP`abcdefghijklmnopqrstuvwxyz{|}~ `N `N ` `N` ``I aN aN a aNa a`I bN bN b bNb b`I cN cN c cNc c`I dN dN d dNd d`I eN eN e eNe e`I fN fN f fNf f`I gN g6 g gNg g`I hN h5 h hNh h`I iN i4 i iNi i`I jN jN j jNj j`I kN kN k kNk k`I lN lN l lNl l`I mN mN m mNm m`I nN nN n nNn n`I oN oN o oNo o`I pN pN p pNp p`I qN qN q qNq q`I rN r~N r r}Nr r`I s|N s{N s szNs s`I tyN txN t twNt t`I uvN uuN u utNu u`I vsN vrN v vqNv v`I wpN woN w wnNw w`I xmN xlN x xkNx x`I yjN yiN y yhNy y`I zgN zfN z zeNz z`I {dN {cN { {bN{ {`I |aN |`N | |_N| |`I }^N }]N } }\N} }`I ~[N ~ZN ~ ~YN~ ~`I XN WN  VN `ID lPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPP UN TN  SN `I RN QN  PN `I ON NN  MN `I LN KN  JN `I IN HN  GN `I FN EN  DN `I CN BN  AN `I @N ?N  >N `I =N M =M  ? L L  L  `I !L !L ! !L! !`I "L "L " "L" "`I #~L #}L # #|L# #`I ${L $zL $ $yL$ $`I %xL %wL % %vL% %`I &uL &! & &tL& &`I 'sL ' ' 'rL' '`I (qL ( ( (pL( (`I )oL ) ) )nL) )`I *mL *lL * *kL* *`I +jL +iL + +hL+ +`I ,gL ,fL , ,eL, ,`I -dL -cL - -bL- -`I .aL .`L . ._L. .`I /^L /]L / /\L/ /`I 0[L 0ZL 0 0YL0 0`I 1XL 1WL 1 1VL1 1`I 2UL 2TL 2 2SL2 2`I 3RL 3QL 3 3PL3 3`I 4OL 4NL 4 4ML4 4`I 5LL 5KL 5 5JL5 5`I 6IL 6HL 6 6GL6 6`I 7FL 7EL 7 7DL7 7`I 8CL 8BL 8 8AL8 8`I 9@L 9?L 9 9>L9 9`I :=L :1L >0L > >/L> >`I ?.L ?-L ? ?,L? ?`ID lPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPP@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_ @+L @*L @ @)L@ @`I A(L A'L A A&LA A`I B%L B$L B B#LB B`I C"L C!L C C LC C`I DL DL D DLD D`I EL EL E ELE E`I FL FL F FLF F`I GL GL G GLG G`I HL HL H HLH H`I IL IL I ILI I`I J L J L J J LJ J`I K L K L K KLK K`I LL LL L LLL L`I ML ML M MLM M`I NL NL N NKN N`I OK OK O OKO O`I PK PK P PKP P`I QK QK Q QKQ Q`I RK RK R RKR R`I SK SK S SKS S`I TK TK T TKT T`I UK UK U UKU U`I VK VK V VKV V`I WK WK W WKW W`I XK XK X XKX X`I YK YK Y YKY Y`I ZK ZK Z ZKZ Z`I [K [K [ [K[ [`I \K \K \ \K\ \`I ]K ]K ] ]K] ]`I ^K ^K ^ ^K^ ^`I _K _K _ _K_ _`ID lPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPP`abcdefghijklmnopqrstuvwxyz{|}~ `K `K ` `K` ``I aK aK a aKa a`I bK bK b bKb b`I cK cK c cKc c`I dK dK d dKd d`I eK eK e eKe e`I fK fK f fKf f`I gK gK g gKg g`I hK hK h hKh h`I iK iK i iKi i`I jK jK j jKj j`I kK kK k kKk k`I lK lK l lKl l`I mK mK m mKm m`I nK nK n nKn n`I oK oK o oKo o`I pK pK p pKp p`I qK qK q qKq q`I rK rK r rKr r`I sK sK s sKs s`I tK tK t tKt t`I uK uK u uKu u`I vK vK v vKv v`I wK wK w wKw w`I xK xK x xKx x`I yK yK y y~Ky y`I z}K z|K z z{Kz z`I {zK {yK { {xK{ {`I |wK |vK | |uK| |`I }tK }sK } }rK} }`I ~qK ~pK ~ ~oK~ ~`I nK mK  lK `ID lPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPP  kK jK  iK `I hK gK  fK `I eK dK  cK `I bK aK  `K `I _K ^K  ]K `I \K [K  ZK `I YK XK  WK `I VK UK  TK `I SK RK  QK `I PK OK  NK `I MK LK  KK `I JK IK  HK `I GK FK  EK `I DK CK  BK `I AK @K  ?K `I >K =K  J  =J `I ? I I  I  `I !I !I ! !I! !`I "I "I " "I" "`I #I #I # #I# #`I $I $I $ $I$ $`I %~I %}I % %|I% %`I &{I &zI & &yI& &`I 'xI 'wI ' 'vI' '`I (uI (tI ( (sI( (`I )rI )qI ) )pI) )`I *oI *nI * *mI* *`I +lI +kI + +jI+ +`I ,iI ,hI , ,gI, ,`I -fI -eI - -dI- -`I .cI .bI . .aI. .`I / ~ /E / /E /`I 0 ~ 0wF 0 0E 0`I 1 ~ 1D 1 1D 1`I 2 ~ 2E 2 2D 2`I 3 ~ 3PE 3 3QE 3`I 4 ~ 4\E 4 4QE 4`I 5 ~ 5D 5 5D 5`I 6 ~ 6E 6 6D 6`I 7 ~ 79E 7 7:E 7`I 8 ~ 8-F 8 8:E 8`I 9 ~ 9D 9 9D 9`I : ~ :=E : :D :`I ; ~ ;D ; ;D ;`I < ~ <E < <D <`I = ~ =D = =D =`I > ~ >E > >D >`I ? ~ ?D ? ?D ?`ID lPPPPPPPPPPPPPPPFFFFFFFFFFFFFFFF@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_ @ ~ @}F @ @D @`I A ~ AE AD AE A`I B ~ BmE BD BnE B`I C ~ CE CD CE C`I D ~ D7 DD D_I D`I E ~ EE ED EE E`I F ~ FE FD FE F`I G ~ GE GD GE G`I H ~ HE HD HE H`I I ~ ID ID ID I`I J ~ JD JD JD J`I K ~ KD KD KD K`I L ~ L>E LD L?E L`I M ~ MRE MD MSE M`I N ~ ND ND ND N`I O ~ OoE OD OpE O`I P ~ PD PD PD P`I Q ~ QD QD QD Q`I R ~ RdE RD ReE R`I S ~ SME SD SNE S`I T ~ TE TD TE T`I U ~ UbE UD UcE U`I V ~ VyE VD VzE V`I W ~ WD WD WD W`I X ~ XE XD XE X`I Y ~ Y]E YD Y^E Y`I Z ~ ZD ZD ZD Z`I [ ~ [E [D [E [`I \ ~ \D \D \E \`I ] ~ ]*E ]D ]+E ]`I ^ ~ ^{E ^D ^|E ^`I _ ~ _E _D _E _`ID@ lFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF`abcdefghijklmnopqrstuvwxyz{|}~ ` ~ `E `D `E ``I a ~ aZE aD a[E a`I b ~ b1E bD b2E b`I c ~ cE cD cE c`I d ~ dD dD dD d`I e ~ eE eD eE e`I f ~ fE fD fE f`I g ~ gE gD gE g`I h ~ hD hD hD h`I i ~ i'E iD i(E i`I j ~ jE jD jE j`I k ~ kO& k kBA k`I l ~ lE lD lE l`I m ~ mKE m mLE m`I n ~ nD n nD n`I o ~ oE oD oE o`I p ~ p pD pD p`I q ~ q qD q`E q`I r ~ r3E r r4E r`I s ~ sD s sD s`I t ~ tE tD tE t`I u ~ uE u uE u`I v ~ vfE vgE vhE v`I w ~ wD wD wD w`I x ~ xD x xD x`I y ~ yD yD yD y`I z ~ zE zD z E z`I { ~ {E { {E {`I | ~ |E | |E |`I } ~ }& } }TA }`I ~ ~ ~& ~~ ~UA ~`I  ~ & ~ VA `ID@ lFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF   ~ D D D `I  ~ kE D lE `I  ~ E D E `I  ~ }E  ~E `I  ~ %E  &E `I  ~ E D E `I  ~ D  D `I  ~ E D E `I   E  E `I   D t D `I   D t D `I   D D D `I   E E E `I   D D D `I   E  E `I   E E E `I   E D E `I   E D E `I   tE  uE `I   E { E `I    E D  E `I   D D D `I   E D E `I   D D D `I   E  E `I   E D E `I   D D D `I   D  D `I   D D D `I   E E E `I   E E E `I   D D D `ID@ lFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF       D D D `I   E E E `I   E  E `I    `I    w D `I     `I   E E E `I  ! E E E `I  " E E E `I  # F   F `I  $ iE D jE `I  % 6E D 7E `I  & D  D `I  ' D  D `I  ( UE VE WE `I  ) "E #E $E `I  * E #E E `I  + F  F `I  , HE IE JE `I  - E E E `I  . D  D `I  / E D E `I  0 ]F  ^F `I  1  F   F `I  2 D D D `I  3 ?F  @F `I  4 D D D `I  5 ZF [F \F `I  6 7  F `I  8  F   F `I  9 F   F `I  : F   F `ID lFFF*F8FFFFFFFFFFFFFFFFFFFFFF8FF         ; F   F `I  < = MF `I  > LF  MF `I  ? NF  MF `I  @ OF  MF `I  A PF  MF `I  B  E D  E `I  C D D D `I  D E  E `I  E $F  %F `I  F E E E `I  G F F F `I  H F F F `I  I D  D `I  J D  D `I  K AF  BF `I  L XE  YE `I  M E  E `I  N vE D wE `I  O E D E `I  P CE D DE `I  Q F F F `I  R  E  !E `I  S D D D `I  T E  E `I  U D D D `I  V D D D `I  W 'F D (F `I  X E  E `I  Y gF D hF `I  Z @E D AE `I  [ E D E `ID2 lF8FFFFFFFFFFFFFFFFFFFFFFFFFFFFF         \ D D D `I  ] E  E `I  ^ )F D *F `I  _ E D F `I  ` `F  aF `I  a   E `I  b :F  ;F `I  c E  E `I  d RF  SF `I  e =F D >F `I  f D D D `I  g D  D `I  h ,  F `I  i 5F  6F `I  j CF  DF `I  k !F  "F `I  l E D E `I  m F D F `I  n UF  VF `I  o -  _F `I  p bF  cF `I  q oF  pF `I  r FF  s `I  t HF  s `I  u qE  v `I  w E  v `I  x 0E  y `I  z xE  y `I  { E  | `I  } lF  | `I  ~ D   `I    F   `ID@ lFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF        E   `I   &F   `I   D   `I   2F   `I   3F   `I   7F   `I   E   `I   ?   8F   `I !  !/F ! ! !`I "  "D " " "`I #  #E # # #`I $  $OE $ $ $`I %  %9F % % %`I &  &E & & &`I '  'TF ' ' '`I (  (+F ( ( (`I )  ).F ) ) )`I *  *F * * *`I +  +XF + + +`I ,  ,D , , ,`I -  -nF - - -`I .  .E . . .`I /  /E / / /`I 0  0D 0 0D 0`I 1  1GF 1 1D 1`I 2  2E 2 2 2`I 3  3E 3 3 3`I 4  4TE 4 4 4`I 5  5mF 5 5 5`I 6  6F 6 6 6`I 7  7IF 7 7 7`I 8  8 8 8 8`I 9  9)E 9 9 9`I :  :D : : :`I ;  ;dF ; ; ;`I <  </E < < <`I =  =jF = = =`I >  >E > > >`I ?  ?F ? ? ?`ID@ lFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_ @  @D @ @ @`I A  AQF A A A`I B  BrF B B B`I C  CtF C C C`I D  D~D D D D`I E  EaE E E E`I F  F}D F F F`I G  G{F G G G`I H  HD H H H`I I  I0F I I I`I J  JD J J J`I K  KxF K K K`I L  L5E L L L`I M  MyF M M M`I N  ND N N N`I O  O#F O O O`I P  P8E P P P`I Q  QBE Q Q Q`I R  RE R RE R`I S  S|F S SE S`I T  T;E T T T`I U  UvF U U U`I V ViF V V V`I W  WzF W W W`I X  XD X X X`I Y  YF Y Y Y`I Z  Z@A ggD Oh+'0@Hdx Matthew N. Wojcik Sain, JoeMicrosoft Excel@dqO@y՜.+,D՜.+,t PXx  PThe MITRE Corporation  aix5.3apache-httpd1.3apache-httpd2.0apache-httpd2.2 exchange2007 exchange2010 hpux11.23ie7ie8iis5iis6 ms-sql2000 ms-sql2005 office2k7 office2010polycom-hdx-3.xrhel4rhel5 solaris8 solaris9 solaris10tomcat4tomcat5tomcat6weblogicserver11gwin2kwinxpwin2k3vistawin2k8win7 win2k8r2  Worksheets  8@ _PID_HLINKSA$IQ ~http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/ed3c22ba-39fc-4332-bdb7-a0d9c76e4355.mspx?mfr=true ~http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/f9b564d2-d245-4241-ba0d-266a896ca663.mspx?mfr=true:http://tomcat.apache.org/tomcat-4.1-doc/config/valve.htmlAccess%20Log%20Valvea33http://tomcat.apache.org/tomcat-6.0-doc/setup.htmla33http://tomcat.apache.org/tomcat-6.0-doc/setup.htmlSGftp://ftp.exepermissions/  !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~                           ! " # $ % & ' ( ) * + , - . / 0 1 2 3 4 5 6 7 8 9 : ; < = > ? @ A B C D E F G H I J K L M N O P Q R S T U V W X Y Z [ \ ] ^ _ ` a b c d e f g h i j k l m n o p q r s t u v w x y z { | } ~                            ! " # $ % & ' ( ) * + , - . / 0 1 2 3 4 5 6 7 8 9 : ; < = > ? @ A B C D E F G H I J K L M N O P Q R S T U V W X Y Z [ \ ] ^ _ ` a b c d e f g h i j k l m n o p q r s t u v w x y z { | } ~                            ! " # $ % & ' ( ) * + , - . / 0 1 2 3 4 5 6 7 8 9 : ; < = > ? @ A B C D E F G H I J K L M N O P Q R S T U V W X Y Z [ \ ] ^ _ ` a b c d e f g h i j k l m n o p q r s t u v w x y z { | } ~                            ! " # $ % & ' ( ) * + , - . / 0 1 2 3 4 5 6 7 8 9 : ; < = > ? @ A B C D E F G H I J K L M N O P Q R S T U V W X Y Z [ \ ] ^ _ ` a b c d e f g h i j k l m n o p q r s t u v w x y z { | } ~                            ! " # $ % & ' ( ) * + , - . / 0 1 2 3 4 5 6 7 8 9 : ; < = > ? @ A B C D E F G H I J K L M N O P Q R S T U V W X Y Z [ \ ] ^ _ ` a b c d e f g h i j k l m n o p q r s t u v w x y z { | } ~        !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~                           ! " # $ % & ' ( ) * + , - . / 0 1 2 3 4 5 6 7 8 9 : ; < = > ? @ A B C D E F G H I J K L M N O P Q R S T U V W X Y Z [ \ ] ^ _ ` a b c d e f g h i j k l m n o p q r s t u v w x y z { | } ~  !!!!!!!!! ! ! ! ! !!!!!!!!!!!!!!!!!!! !!!"!#!$!%!&!'!(!)!*!+!,!-!.!/!0!1!2!3!4!5!6!7!8!9!:!;!!?!@!A!B!C!D!E!F!G!H!I!J!K!L!M!N!O!P!Q!R!S!T!U!V!W!X!Y!Z![!\!]!^!_!`!a!b!c!d!e!f!g!h!i!j!k!l!m!n!o!p!q!r!s!t!u!v!w!x!y!z!{!|!}!~!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!""""""""" " " " " """"""""""""""""""" "!"""#"$"%"&"'"(")"*"+","-"."/"0"1"2"3"4"5"6"7"8"9":";"<"=">"?"@"A"B"C"D"E"F"G"H"I"J"K"L"M"N"O"P"Q"R"S"T"U"V"W"X"Y"Z"["\"]"^"_"`"a"b"c"d"e"f"g"h"i"j"k"l"m"n"o"p"q"r"s"t"u"v"w"x"y"z"{"|"}"~""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""######### # # # # ################### #!#"###$#%#&#'#(#)#*#+#,#-#.#/#0#1#2#3#4#5#6#7#8#9#:#;#<#=#>#?#@#A#B#C#D#E#F#G#H#I#J#K#L#M#N#O#P#Q#R#S#T#U#V#W#X#Y#Z#[#\#]#^#_#`#a#b#c#d#e#f#g#h#i#j#k#l#m#n#o#p#q#r#s#t#u#v#w#x#y#z#{#|#}#~##################################################################################################################################$$$$$$$$$ $ $ $ $ $$$$$$$$$$$$$$$$$$$ $!$"$#$$$%$&$'$($)$*$+$,$-$.$/$0$1$2$3$4$5$6$7$8$9$:$;$<$=$>$?$@$A$B$C$D$E$F$G$H$I$J$K$L$M$N$O$P$Q$R$S$T$U$V$W$X$Y$Z$[$\$]$^$_$`$a$b$c$d$e$f$g$h$i$j$k$l$m$n$o$p$q$r$s$t$u$v$w$x$y$z${$|$}$~$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$%%%%%%%%% % % % % %%%%%%%%%%%%%%%%%%% %!%"%#%$%%%&%'%(%)%*%+%,%-%.%/%0%1%2%3%4%5%6%7%8%9%:%;%<%=%>%?%@%A%B%C%D%E%F%G%H%I%J%K%L%M%N%O%P%Q%R%S%T%U%V%W%X%Y%Z%[%\%]%^%_%`%a%b%c%d%e%f%g%h%i%j%k%l%m%n%o%p%q%r%s%t%u%v%w%x%y%z%{%|%}%~%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%&&&&&&&&& & & & & &&&&&&&&&&&&&&&&&&& &!&"&#&$&%&&&'&(&)&*&+&,&-&.&/&0&1&2&3&4&5&6&7&8&9&:&;&<&=&>&?&@&A&B&C&D&E&F&G&H&I&J&K&L&M&N&O&P&Q&R&S&T&U&V&W&X&Y&Z&[&\&]&^&_&`&a&b&c&d&e&f&g&h&i&j&k&l&m&n&o&p&q&r&s&t&u&v&w&x&y&z&{&|&}&~&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&''''''''' ' ' ' ' ''''''''''''''''''' '!'"'#'$'%'&'''(')'*'+','-'.'/'0'1'2'3'4'5'6'7'8'9':';'<'='>'?'@'A'B'C'D'E'F'G'H'I'J'K'L'M'N'O'P'Q'R'S'T'U'V'W'X'Y'Z'['\']'^'_'`'a'b'c'd'e'f'g'h'i'j'k'l'm'n'o'p'q'r's't'u'v'w'x'y'z'{'|'}'~''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''((((((((( ( ( ( ( ((((((((((((((((((( (!("(#($(%(&('((()(*(+(,(-(.(/(0(1(2(3(4(5(6(7(8(9(:(;(<(=(>(?(@(A(B(C(D(E(F(G(H(I(J(K(L(M(N(O(P(Q(R(S(T(U(V(W(X(Y(Z([(\(](^(_(`(a(b(c(d(e(f(g(h(i(j(k(l(m(n(o(p(q(r(s(t(u(v(w(x(y(z({(|(}(~(((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((())))))))) ) ) ) ) ))))))))))))))))))) )!)")#)$)%)&)')()))*)+),)-).)/)0)1)2)3)4)5)6)7)8)9):);)<)=)>)?)@)A)B)C)D)E)F)G)H)I)J)K)L)M)N)O)P)Q)R)S)T)U)V)W)X)Y)Z)[)\)])^)_)`)a)b)c)d)e)f)g)h)i)j)k)l)m)n)o)p)q)r)s)t)u)v)w)x)y)z){)|)})~)))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))Root Entry FpCH WorkbookSSummaryInformation()DocumentSummaryInformation8)