Top Banner

of 75

Win Server 2012

Jun 01, 2018

Download

Documents

Florino Isleta
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript

  • 8/9/2019 Win Server 2012

    1/75

    BASE

    1 1 1 Account Policies

    1 1 1 1 Set 'Account lockout threshold' to '5 invalid log

    1 1 1 2 Set 'Account lockout duration' to '15 or more mi

    1 1 1 3 Set 'Reset account lockout counter after' to '15

    1 1 1 4 Set 'inimum pass!ord length' to '14 or more

    1 1 1 5 Set '"nforce pass!ord histor#' to '24 or more p

    1 1 1 $ Set '%ass!ord must meet comple&it# reuireme

    1 1 1 Set 'Store pass!ords using reversile encr#ptio

    1 1 1 + Set 'inimum pass!ord age' to '1 or more da#(

    1 1 1 , Set 'a&imum pass!ord age' to '$- or fe!er da

    1 1 2 A!"nce Auit Polic# Con$%u&"tion

    1 1 2 1 Set 'Audit %olic#. Account /ogon. 0redential ali

    1 1 2 2 Set 'Audit %olic#. Account /ogon. ereros Auth

    1 1 2 3 Set 'Audit %olic#. Account /ogon. ereros Servi

    1 1 2 4 Set 'Audit %olic#. Account /ogon. 6ther Account

    1 1 2 5 Set 'Audit %olic#. Account anagement. Applica

    1 1 2 $ 0on8gure 'Audit %olic#. Account anagement.

  • 8/9/2019 Win Server 2012

    2/75

    1 1 2 Set 'Audit %olic#. Account anagement. *istri

    1 1 2 + Set 'Audit %olic#. Account anagement. 6ther

    1 1 2 , Set 'Audit %olic#. Account anagement. Securit

    1 1 2 1- Set 'Audit %olic#. Account anagement. 9ser

    1 1 2 11 Set 'Audit %olic#. *etailed racking. *%A%: Acti

    1 1 2 12 Set 'Audit %olic#. *etailed racking. %rocess 0r

    1 1 2 13 Set 'Audit %olic#. *etailed racking. %rocess e

    1 1 2 14 Set 'Audit %olic#. *etailed racking. R%0 "vent

    1 1 2 15 Set 'Audit %olic#. *S Access. *etailed *irector

    1 1 2 1$ Set 'Audit %olic#. *S Access. *irector# Service

    1 1 2 1 Set 'Audit %olic#. *S Access. *irector# Service

    1 1 2 1+ Set 'Audit %olic#. *S Access. *irector# Service

    1 1 2 1, Set 'Audit %olic#. /ogon;/ogo

  • 8/9/2019 Win Server 2012

    3/75

    1 1 2 21 Set 'Audit %olic#. /ogon;/ogo

  • 8/9/2019 Win Server 2012

    4/75

    1 1 2 3$ Set 'Audit %olic#. 6?ect Access. @andle anip

    1 1 2 3 Set 'Audit %olic#. 6?ect Access. ernel 6?ect'

    1 1 2 3+ Set 'Audit %olic#. 6?ect Access. 6ther 6?ect

    1 1 2 3, Set 'Audit %olic#. 6?ect Access. Registr#' to '

    1 1 2 4- Set 'Audit %olic#. 6?ect Access. Removale St

    1 1 2 41 Set 'Audit %olic#. 6?ect Access. SA' to 'o A

    1 1 2 42 Set 'Audit %olic#. %olic# 0hange. Audit %olic# 0

    1 1 2 43 Set 'Audit %olic#. %olic# 0hange. Authenticatio

    1 1 2 44 Set 'Audit %olic#. %olic# 0hange. Authoriation

    1 1 2 45 Set 'Audit %olic#. %olic# 0hange. iltering %latf

    1 1 2 4$ Set 'Audit %olic#. %olic# 0hange. %SS0 Rule

    1 1 2 4 Set 'Audit %olic#. %olic# 0hange. 6ther %olic#

    1 1 2 4+ Set 'Audit %olic#. %rivilege 9se. on Sensitive

    1 1 2 4, Set 'Audit %olic#. %rivilege 9se. 6ther %rivilege

    1 1 2 5- Set 'Audit %olic#. %rivilege 9se. Sensitive %rivil

  • 8/9/2019 Win Server 2012

    5/75

    1 1 2 51 Set 'Audit %olic#. S#stem. :%sec *river' to 'Suc

    1 1 2 52 Set 'Audit %olic#. S#stem. 6ther S#stem "vent

    1 1 2 53 Set 'Audit %olic#. S#stem. Securit# State 0han

    1 1 2 54 Set 'Audit %olic#. S#stem. Securit# S#stem "&t

    1 1 2 55 Set 'Audit %olic#. S#stem. S#stem :ntegrit#' to

    1 1 ' Secu&it# O(tions

    1 1 3 1 Accounts

    1 1 3 1 1 0on8gure 'Accounts. Rename administrator

    1 1 3 1 2 0on8gure 'Accounts. Rename guest account

    1 1 3 1 3 Set 'Accounts. /imit local account use of la

    1 1 ' 2 Auit

    1 1 3 2 3 Set 'Audit. orce audit polic# sucategor# s

    1 1 3 2 4 Set 'Audit. Shut do!n s#stem immediatel# i

    1 1 ' ' DCO) 1'0

    1 1 ' * De!ices

    1 1 3 4 4 Set '*evices. Allo!ed to format and e?ect re

  • 8/9/2019 Win Server 2012

    6/75

    1 1 3 4 5 Set '*evices. %revent users from installing p

    1 1 ' + Do,"in cont&olle&

    1 1 3 5 1 Set '*omain controller. Allo! server operato

    1 1 3 5 2 Set '*omain controller. /*A% server signing

    1 1 3 5 3 Set '*omain controller. Refuse machine acc

    1 1 ' - Do,"in ,e,.e&

    1 1 3 $ 1 Set '*omain memer. *igitall# encr#pt or si

    1 1 3 $ 2 Set '*omain memer. *igitall# encr#pt secu

    1 1 3 $ 3 Set '*omain memer. *igitall# sign secure

    1 1 3 $ 4 Set '*omain memer. *isale machine acc

    1 1 3 $ 5 Set '*omain memer. a&imum machine a

    1 1 3 $ $ Set '*omain memer. Reuire strong (Bind

    1 1 ' / Inte&"cti!e lo%on

    1 1 3 2 0on8gure ':nteractive logon. essage te&t f

    1 1 3 5 Set ':nteractive logon. *o not displa# last us

    1 1 3 $ Set ':nteractive logon. *o not reuire 0R/C

  • 8/9/2019 Win Server 2012

    7/75

    1 1 3 Set ':nteractive logon. achine inactivit# li

    1 1 3 + Set ':nteractive logon. umer of previous l

    1 1 3 , Set ':nteractive logon. %rompt user to chang

    1 1 3 1- Set ':nteractive logon. Reuire *omain 0o

    1 1 3 11 Set ':nteractive logon. Smart card removal

    1 1 3 12 Set ':nteractive logon. achine account lo

    1 1 ' )ic&osot neto&3 client

    1 1 3 + 1 Set 'icrosoft net!ork client. *igitall# sign

    1 1 3 + 2 Set 'icrosoft net!ork client. *igitall# sign

    1 1 3 + 3 Set 'icrosoft net!ork client. Send unencr#

    1 1 ' 4 )ic&osot neto&3 se&!e&

    1 1 3 , 2 Set 'icrosoft net!ork server. Amount of idl

    1 1 3 , 3 Set 'icrosoft net!ork server. *igitall# sign

    1 1 3 , 4 Set 'icrosoft net!ork server. *igitall# sign

    1 1 3 , 5 Set 'icrosoft net!ork server. *isconnect cli

    1 1 ' 10 )SS

    1 1 3 1- 11 Set 'SS. (AutoAdmin/ogon) "nale Auto

    1 1 3 1- 12 Set 'SS. (*isale:%SourceRouting :%v$) :%

  • 8/9/2019 Win Server 2012

    8/75

    1 1 3 1- 13 Set 'SS. (*isale:%SourceRouting) :% sour

    1 1 3 1- 14 Set 'SS. (Safe*llSearchode) "nale Saf

    1 1 3 1- 15 Set 'SS. (ScreenSaver7race%eriod) he ti

    1 1 3 1- 1$ Set 'SS. (Barning/evel) %ercentage thres

    1 1 ' 11 Neto&3 "ccess

    1 1 3 11 4 Set 'et!ork access. Allo! anon#mous S:*>

    1 1 3 11 5 Set 'et!ork access. *o not allo! anon#mo

    1 1 3 11 $ Set 'et!ork access. *o not allo! anon#mo

    1 1 3 11 Set 'et!ork access. /et "ver#one permissi

    1 1 3 11 + Set 'et!ork access. Remotel# accessile re

    1 1 3 11 , Set 'et!ork access. Remotel# accessile re

    1 1 3 11 1- Set 'et!ork access. Restrict anon#mous a

    1 1 3 11 11 Set 'et!ork access. Sharing and securit#

    1 1 ' 12 Neto&3 secu&it#

    1 1 3 12 11 Set 'et!ork securit#. Allo! /ocal S#stem

    1 1 3 12 12 Set 'et!ork securit#. Allo! /ocalS#stem

  • 8/9/2019 Win Server 2012

    9/75

    1 1 3 12 13 Set 'et!ork securit#. *o not store /A a

    1 1 3 12 14 Set 'et!ork securit#. /A anager authe

    1 1 3 12 15 Set 'et!ork securit#. /*A% client signing

    1 1 3 12 1$ Set 'et!ork securit#. inimum session se

    1 1 3 12 1 Set 'et!ork securit#. inimum session se

    1 1 ' 1' Reco!e console

    1 1 3 13 1 Set 'Recover# console. Allo! automatic adm

    1 1 3 13 2 Set 'Recover# console. Allo! Hopp# cop# an

    1 1 ' 1* S5uton

    1 1 3 14 1 Set 'Shutdo!n. Allo! s#stem to e shut do

    1 1 3 14 2 Set 'Shutdo!n. 0lear virtual memor# page8l

    1 1 ' 1+ S#ste, c(to%&"(5#

    1 1 3 15 2 Set 'S#stem cr#ptograph#. 9se :%S complia

    1 1 ' 1- S#ste, o.6ects

    1 1 3 1$ 1 Set 'S#stem o?ects. Reuire case insensitivi

    1 1 3 1$ 2 Set 'S#stem o?ects. Strengthen default per1 1 ' 1/ S#ste, settin%s

    1 1 3 1 2 Set 'S#stem settings. 9se 0erti8cate Rules

    1 1 ' 1 Use& Account Cont&ol

    1 1 3 1+ 1 Set '9ser Account 0ontrol. Admin Approval

  • 8/9/2019 Win Server 2012

    10/75

    1 1 3 1+ 2 Set '9ser Account 0ontrol. Allo! 9:Access a

    1 1 3 1+ 3 Set '9ser Account 0ontrol. Dehavior of the e

    1 1 3 1+ 4 Set '9ser Account 0ontrol. Dehavior of the e

    1 1 3 1+ 5 Set '9ser Account 0ontrol. *etect applicatio

    1 1 3 1+ $ Set '9ser Account 0ontrol. 6nl# elevate e&e

    1 1 3 1+ Set '9ser Account 0ontrol. 6nl# elevate 9:A

    1 1 3 1+ + Set '9ser Account 0ontrol. Run all administr

    1 1 3 1+ , Set '9ser Account 0ontrol. S!itch to the sec

    1 1 3 1+ 1- Set '9ser Account 0ontrol. irtualie 8le an

    1 1 * Use& Ri%5ts Assi%n,ents

    1 1 4 3 Set 'Access 0redential anager as a trusted cal

    1 1 4 4 0on8gure 'Access this computer from the net!

    1 1 4 5 Set 'Act as part of the operating s#stem' to 'o

    1 1 4 $ Set 'Add !orkstations to domain' to 'Administra

    1 1 4 Set 'Ad?ust memor# uotas for a process' to 'Ad

    1 1 4 + Set 'Allo! log on locall#' to 'Administrators' (Sc

    1 1 4 , Set 'Allo! log on through Remote *esktop Serv

  • 8/9/2019 Win Server 2012

    11/75

    1 1 4 1- Set 'Dack up 8les and directories' to 'Administ

    1 1 4 11 0on8gure 'D#pass traverse checking' (Scored)

    1 1 4 12 Set '0hange the s#stem time' to '/60A/ S"R:

    1 1 4 13 Set '0hange the time one' to '/60A/ S"R:0"

    1 1 4 14 Set '0reate a page8le' to 'Administrators' (Sco

    1 1 4 15 Set '0reate a token o?ect' to 'o 6ne' (Score

    1 1 4 1$ Set '0reate gloal o?ects' to 'AdministratorsE

    1 1 4 1 Set '0reate permanent shared o?ects' to 'o

    1 1 4 1+ Set '0reate s#molic links' to 'Administrators'

    1 1 4 1, Set '*eug programs' to 'Administrators' (Sco

    1 1 4 2- Set '*en# access to this computer from the ne

    1 1 4 21 Set '*en# log on as a atch ?o' to '7uests' (S

    1 1 4 22 Set '*en# log on as a service' to 'o 6ne' (Sco

    1 1 4 23 Set '*en# log on locall#' to '7uests' (Scored)

    1 1 4 24 0on8gure '"nale computer and user account

    1 1 4 25 Set 'orce shutdo!n from a remote s#stem' to

    1 1 4 2$ Set '7enerate securit# audits' to '/ocal Servic

    1 1 4 2 Set ':mpersonate a client after authentication'

    1 1 4 2+ Set ':ncrease a process !orking set' to 'Admini

    1 1 4 2, Set ':ncrease scheduling priorit#' to 'Administr

    1 1 4 3- Set '/oad and unload device drivers' to 'Admi

  • 8/9/2019 Win Server 2012

    12/75

    1 1 4 31 Set '/ock pages in memor#' to 'o 6ne' (Score

    1 1 4 32 Set '/og on as a atch ?o' to 'Administrators'

    1 1 4 33 Set 'anage auditing and securit# log' to 'Ad

    1 1 4 34 Set 'odif# an o?ect lael' to 'o 6ne' (Score

    1 1 4 35 Set 'odif# 8rm!are environment values' to '

    1 1 4 3$ Set '%erform volume maintenance tasks' to 'A

    1 1 4 3 Set '%ro8le single process' to 'Administrators' (

    1 1 4 3+ Set '%ro8le s#stem performance' to 'Administr

    1 1 4 3, Set 'Remove computer from docking station' t

    1 1 4 4- Set 'Replace a process level token' to '/ocal S

    1 1 4 41 Set 'Restore 8les and directories' to 'Administr

    1 1 4 42 Set 'Shut do!n the s#stem' to 'Administrators'

    1 1 4 43 Set 'S#nchronie director# service data' to 'o

    1 1 4 44 Set 'ake o!nership of 8les or other o?ects' t

    1 1 + Winos Fi&e"ll Wit5 A!"nce Secu&it#

    1 1 + 1 Pu.lic P&o$le

    1 1 5 1 1 Set ':nound connections' to '"naled.Dlock

    1 1 5 1 2 Set 'Bindo!s ire!all. %ulic. Allo! unicast

    1 1 5 1 3 Set 'Bindo!s ire!all. %ulic. Appl# local co

  • 8/9/2019 Win Server 2012

    13/75

    1 1 5 1 4 Set 'Bindo!s ire!all. %ulic. Appl# local 8r

    1 1 5 1 5 Set 'Bindo!s ire!all. %ulic. *ispla# a noti

    1 1 5 1 $ Set 'Bindo!s ire!all. %ulic. ire!all state'

    1 1 5 1 Set 'Bindo!s ire!all. %ulic. 6utound con

    1 1 + 2 P&i!"te P&o$le

    1 1 5 2 1 Set ':nound connections' to '"naled.Dlock

    1 1 5 2 2 Set 'Bindo!s ire!all. %rivate. Allo! unicast

    1 1 5 2 3 Set 'Bindo!s ire!all. %rivate. Appl# local c

    1 1 5 2 4 Set 'Bindo!s ire!all. %rivate. Appl# local 8

    1 1 5 2 5 Set 'Bindo!s ire!all. %rivate. *ispla# a not

    1 1 5 2 $ Set 'Bindo!s ire!all. %rivate. ire!all state

    1 1 5 2 Set 'Bindo!s ire!all. %rivate. 6utound co

  • 8/9/2019 Win Server 2012

    14/75

    1 1 + ' Do,"in P&o$le

    1 1 5 3 1 Set ':nound connections' to '"naled.Dlock

    1 1 5 3 2 Set 'Bindo!s ire!all. *omain. Allo! unica

    1 1 5 3 3 Set 'Bindo!s ire!all. *omain. Appl# local

    1 1 5 3 4 Set 'Bindo!s ire!all. *omain. Appl# local

    1 1 5 3 5 Set 'Bindo!s ire!all. *omain. *ispla# a no

    1 1 5 3 $ Set 'Bindo!s ire!all. *omain. ire!all stat

    1 1 5 3 Set 'Bindo!s ire!all. *omain. 6utound c

    1 2 A,inist&"ti!e Te,(l"tes

    1 2 1 Winos Co,(onents

    1 2 1 1 AutoPl"# Policies

    1 2 1 1 1 Set 'urn o< Autopla# on.' to '"naled.All dri

    1 2 1 2 E!ent Lo%

    1 2 1 2 1 Set 'Securit#. a&imum /og Sie (D)' to '"n

    1 2 1 2 2 Set 'S#stem. a&imum /og Sie (D)' to '"n

    1 2 1 2 3 Set 'Application. a&imum /og Sie (D)' to

  • 8/9/2019 Win Server 2012

    15/75

    1 2 1 2 4 Set 'Securit#. 0ontrol "vent /og ehavior !

    1 2 1 2 5 Set 'S#stem. 0ontrol "vent /og ehavior !h

    1 2 1 2 $ Set 'Application. 0ontrol "vent /og ehavior

    1 2 1 ' Te&,in"l Se&!ices

    1 2 1 * Winos Inst"lle&

    1 2 1 4 1 Set 'Al!a#s install !ith elevated privileges'

  • 8/9/2019 Win Server 2012

    16/75

    INE CONFIGURATION FOR WINDOW SERVER 2012

    n attempt(s)' (Scored)

    nute(s)' (Scored)

    minute(s)' (Scored)

    haracter(s)' (Scored)

    ss!ord(s)' (Scored)

    nts' to '"naled' (Scored)

    n' to '*isaled' (Scored)

    )' (Scored)

    #s' (Scored)

    dation' to 'Success and ailure' (Scored)

    ntication Service' to 'o Auditing' (Scored)

    ce icket 6perations' to 'o Auditing' (Scored)

    /ogon "vents' to 'o Auditing' (Scored)

    tion 7roup anagement' to 'o Auditing' (Scored)

    omputer Account anagement' (Scored)

  • 8/9/2019 Win Server 2012

    17/75

    tion 7roup anagement' to 'o Auditing' (Scored)

    ccount anagement "vents' to 'Success and ailure' (Scored)

    7roup anagement' to 'Success and ailure' (Scored)

    ccount anagement' to 'Success and ailure' (Scored)

    it#' to 'o Auditing' (Scored)

    eation' to 'Success' (Scored)

    rmination' to 'o Auditing' (Scored)

    s' to 'o Auditing' (Scored)

    Service Replication' to 'o Auditing' (Scored)

    Access' to 'Success and ailure' (Scored)

    0hanges' to 'Success and ailure' (Scored)

    Replication' to 'o Auditing' (Scored)

    t' to 'o Auditing' (Scored)

    ode' to 'o Auditing' (Scored)

  • 8/9/2019 Win Server 2012

    18/75

    e' to 'o Auditing' (Scored)

    de' to 'o Auditing' (Scored)

    ess' (Scored)

    ess and ailure' (Scored)

    Server' to 'o Auditing' (Scored)

    go< "vents' to 'o Auditing' (Scored)

    to 'Success' (Scored)

    nerated' to 'o Auditing' (Scored)

    s %olic# Staging' to 'o Auditing' (Scored)

    ervices' to 'o Auditing' (Scored)

    hare' to 'o Auditing' (Scored)

    o Auditing' (Scored)

    'o Auditing' (Scored)

    rm 0onnection' to 'o Auditing' (Scored)

    rm %acket *rop' to 'o Auditing' (Scored)

  • 8/9/2019 Win Server 2012

    19/75

    ulation' to 'o Auditing' (Scored)

    to 'o Auditing' (Scored)

    ccess "vents' to 'o Auditing' (Scored)

    o Auditing' (Scored)

    orage' to 'o Auditing' (Scored)

    diting' (Scored)

    hange' to 'Success and ailure' (Scored)

    %olic# 0hange' to 'Success' (Scored)

    %olic# 0hange' to 'o Auditing' (Scored)

    rm %olic# 0hange' to 'o Auditing' (Scored)

    /evel %olic# 0hange' to 'o Auditing' (Scored)

    hange "vents' to 'o Auditing' (Scored)

    rivilege 9se' to 'o Auditing' (Scored)

    9se "vents' to 'o Auditing' (Scored)

    ege 9se' to 'Success and ailure' (Scored)

  • 8/9/2019 Win Server 2012

    20/75

    ess and ailure' (Scored)

    s' to 'o Auditing' (Scored)

    e' to 'Success and ailure' (Scored)

    ension' to 'Success and ailure' (Scored)

    'Success and ailure' (Scored)

    account' (Scored)

    ' (Scored)

    nk pass!ords to console logon onl#' to '"naled' (Scored)

    ttings (Bindo!s ista or later) to override audit polic# categor# settings' to '"naled' (Scored)

    unale to log securit# audits' to '*isaled' (Scored)

    ovale media' to 'Administrators' (Scored)

  • 8/9/2019 Win Server 2012

    21/75

    rinter drivers' to '"naled' (Scored)

    rs to schedule tasks' to '*isaled' (Scored)

    reuirements' to 'Reuire signing' (Scored)

    unt pass!ord changes' to '*isaled' (Scored)

    n secure channel data (al!a#s)' to '"naled' (Scored)

    re channel data (!hen possile)' to '"naled' (Scored)

    hannel data (!hen possile)' to '"naled' (Scored)

    unt pass!ord changes' to '*isaled' (Scored)

    count pass!ord age' to '3- or fe!er da#(s)' (Scored)

    !s 2--- or later) session ke#' to '"naled' (Scored)

    r users attempting to log on' (Scored)

    er name' to '"naled' (Scored)

    A/C*"/' to '*isaled' (Scored)

  • 8/9/2019 Win Server 2012

    22/75

    it' to ',-- or fe!er seconds' (Scored)

    gons to cache (in case domain controller is not availale)' to '4 or fe!er logon(s)' (Scored)

    e pass!ord efore e&piration' to '14 or more da#(s)' (Scored)

    troller authentication to unlock !orkstation' to '*isaled' (Scored)

    ehavior' to '/ock Borkstation' (Scored)

    kout threshold' to 1- or fe!er invalid logon attempts (Scored)

    ommunications (al!a#s)' to '"naled' (Scored)

    ommunications (if server agrees)' to '"naled' (Scored)

    ted pass!ord to third;part# SD servers' to '*isaled' (Scored)

    time reuired efore suspending session' to '15 or fe!er minute(s)' (Scored)

    communications (al!a#s)' to '"naled' (Scored)

    communications (if client agrees)' to '"naled' (Scored)

    ents !hen logon hours e&pire' to '"naled' (Scored)

    atic /ogon (not recommended)' to '*isaled' (Scored)

    source routing protection level (protects against packet spoo8ng)' to '@ighest protectionE sourc

  • 8/9/2019 Win Server 2012

    23/75

    e routing protection level (protects against packet spoo8ng)' to '@ighest protectionE source rou

    *// search mode (recommended)' to '"naled' (Scored)

    e in seconds efore the screen saver grace period e&pires (- recommended)' to '-' (Scored)

    old for the securit# event log at !hich the s#stem !ill generate a !arning' to '-, or less' (Sco

    ame translation' to '*isaled' (Scored)

    s enumeration of SA accounts and shares' to '"naled' (Scored)

    s enumeration of SA accounts' to '"naled' (Scored)

    ns appl# to anon#mous users' to '*isaled' (Scored)

    gistr# paths and su;paths' to 'S#stemF0urrent0ontrolSetF0ontrolF%rintF%rinters S#stemF0urren

    gistr# paths' to 'S#stemF0urrent0ontrolSetF0ontrolF%roduct6ptions S#stemF0urrent0ontrolSetF0

    ccess to amed %ipes and Shares' to '"naled' (Scored)

    model for local accounts' to '0lassic ; local users authenticate as themselves' (Scored)

    o use computer identit# for /' to '"naled' (Scored)

    9// session fallack' to '*isaled' (Scored)

  • 8/9/2019 Win Server 2012

    24/75

    nager hash value on ne&t pass!ord change' to '"naled' (Scored)

    tication level' to 'Send /v2 response onl# Refuse / G /' (Scored)

    euirements' to 'egotiate signing' (Scored)

    curit# for / SS% ased (including secure R%0) clients' to 'Reuire /v2 session securit#ER

    curit# for / SS% ased (including secure R%0) servers' to 'Reuire /v2 session securit#E

    inistrative logon' to '*isaled' (Scored)

    access to all drives and all folders' to '*isaled' (Scored)

    n !ithout having to log on' to '*isaled' (Scored)

    e' to '*isaled' (Scored)

    nt algorithms for encr#ptionE hashingE and signing' to '"naled' (Scored)

    it# for non;Bindo!s sus#stems' to '"naled' (Scored)

    issions of internal s#stem o?ects (eIg S#molic /inks)' to '"naled' (Scored)

    n Bindo!s "&ecutales for Soft!are Restriction %olicies' to '"naled' (Scored)

    ode for the Duilt;in Administrator account' to '"naled' (Scored)

  • 8/9/2019 Win Server 2012

    25/75

    plications to prompt for elevation !ithout using the secure desktop' to '*isaled' (Scored)

    levation prompt for administrators in Admin Approval ode' to '%rompt for consent for non;Bin

    levation prompt for standard users' to '%rompt for credentials' (Scored)

    installations and prompt for elevation' to '"naled' (Scored)

    utales that are signed and validated' to '*isaled' (Scored)

    cess applications that are installed in secure locations' to '"naled' (Scored)

    tors in Admin Approval ode' to '"naled' (Scored)

    ure desktop !hen prompting for elevation' to '"naled' (Scored)

    d registr# !rite failures to per;user locations' to '"naled' (Scored)

    ler' to 'o 6ne' (Scored)

    rk' (Scored)

    6ne' (Scored)

    tors' (Scored)

    ministratorsE /ocal ServiceE et!ork Service' (Scored)

    red)

    ices' to 'Administrators' (Scored)

  • 8/9/2019 Win Server 2012

    26/75

    ators' (Scored)

    0"E Administrators' (Scored)

    E Administrators' (Scored)

    red)

    )

    "R:0"E /60A/ S"R:0"E "B6R S"R:0"' (Scored)

    ne' (Scored)

    Scored)

    ed)

    t!ork' to '7uests' (Scored)

    ored)

    red)

    to e trusted for delegation' (Scored)

    'Administrators' (Scored)

    E et!ork Service' (Scored)

    to 'AdministratorsE S"R:0"E /ocal ServiceE et!ork Service' (Scored)

    stratorsE /ocal Service' (Scored)

    ators' (Scored)

    istrators' (Scored)

  • 8/9/2019 Win Server 2012

    27/75

    d)

    Scored)

    inistrators' (Scored)

    )

    dministrators' (Scored)

    ministrators' (Scored)

    Scored)

    torsE S"R:0"FBdiService@ost' (Scored)

    'Administrators' (Scored)

    rviceE et!ork Service' (Scored)

    ators' (Scored)

    (Scored)

    6ne' (Scored)

    'Administrators' (Scored)

    (default)' (Scored)

    esponse' to 'o' (Scored)

    nection securit# rules' to 'Jes' (Scored)

  • 8/9/2019 Win Server 2012

    28/75

    !all rules' to 'Jes (default)' (Scored)

    cation' to 'Jes' (Scored)

    to '6n (recommended)' (Scored)

    nections' to 'Allo! (default)' (Scored)

    (default)' (Scored)

    response' to 'o' (Scored)

    nnection securit# rules' to 'Jes (default)' (Scored)

    e!all rules' to 'Jes (default)' (Scored)

    i8cation' to 'Jes (default)' (Scored)

    ' to '6n (recommended)' (Scored)

    nections' to 'Allo! (default)' (Scored)

  • 8/9/2019 Win Server 2012

    29/75

    (default)' (Scored)

    t response' to 'o' (Scored)

    onnection securit# rules' to 'Jes (default)' (Scored)

    re!all rules' to 'Jes (default)' (Scored)

    ti8cation' to 'Jes (default)' (Scored)

    ' to '6n (recommended)' (Scored)

    nnections' to 'Allo! (default)' (Scored)

    es' (Scored)

    aled.1,$$-+ or greater' (Scored)

    led.32$+ or greater' (Scored)

    '"naled.32$+ or greater' (Scored)

  • 8/9/2019 Win Server 2012

    30/75

    en the log 8le reaches its ma&imum sie' to '*isaled' (Scored)

    n the log 8le reaches its ma&imum sie' to '*isaled' (Scored)

    !hen the log 8le reaches its ma&imum sie' to '*isaled' (Scored)

    o '*isaled' (Scored)

  • 8/9/2019 Win Server 2012

    31/75

    Con$% Loc"tion

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsFAccount%oliciesFAccount /ockout %olic#FAccount lockout threshold

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsFAccount

    %oliciesFAccount /ockout %olic#FAccount lockout duration0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsFAccount%oliciesFAccount /ockout %olic#FReset account lockout counter after

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsFAccount%oliciesF%ass!ord %olic#Finimum pass!ord length

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsFAccount%oliciesF%ass!ord %olic#F"nforce pass!ord histor#

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsFAccount%oliciesF%ass!ord %olic#F%ass!ord must meet comple&it# reuirements

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsFAccount

    %oliciesF%ass!ord %olic#FStore pass!ords using reversile encr#ption0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsFAccount%oliciesF%ass!ord %olic#Finimum pass!ord age

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsFAccount%oliciesF%ass!ord %olic#Fa&imum pass!ord age

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsFAdvancedAudit %olic# 0on8gurationFAudit %oliciesFAccount /ogonFAudit %olic#.Account /ogon. 0redential alidation

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsFAdvancedAudit %olic# 0on8gurationFAudit %oliciesFAccount /ogonFAudit %olic#.Account /ogon. ereros Authentication Service

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsFAdvancedAudit %olic# 0on8gurationFAudit %oliciesFAccount /ogonFAudit %olic#.Account /ogon. ereros Service icket 6perations

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsFAdvancedAudit %olic# 0on8gurationFAudit %oliciesFAccount /ogonFAudit %olic#.Account /ogon. 6ther Account /ogon "vents

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsFAdvanced

    Audit %olic# 0on8gurationFAudit %oliciesFAccount anagementFAudit%olic#. Account anagement. Application 7roup anagemen

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsFAdvancedAudit %olic# 0on8gurationFAudit %oliciesFAccount anagementFAudit%olic#. Account anagement. 0omputer Account anagement

  • 8/9/2019 Win Server 2012

    32/75

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsFAdvancedAudit %olic# 0on8gurationFAudit %oliciesFAccount anagementFAudit%olic#. Account anagement. *istriution 7roup anagement

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsFAdvanced

    Audit %olic# 0on8gurationFAudit %oliciesFAccount anagementFAudit%olic#. Account anagement. 6ther Account anagement "vents

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsFAdvancedAudit %olic# 0on8gurationFAudit %oliciesFAccount anagementFAudit%olic#. Account anagement. Securit# 7roup anagement

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsFAdvancedAudit %olic# 0on8gurationFAudit %oliciesFAccount anagementFAudit%olic#. Account anagement. 9ser Account anagement

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsFAdvanced

    Audit %olic# 0on8gurationFAudit %oliciesF*etailed rackingFAudit %olic#.*etailed racking. *%A%: Activit#

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsFAdvancedAudit %olic# 0on8gurationFAudit %oliciesF*etailed rackingFAudit %olic#.*etailed racking. %rocess 0reation

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsFAdvancedAudit %olic# 0on8gurationFAudit %oliciesF*etailed rackingFAudit %olic#.*etailed racking. %rocess ermination

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsFAdvancedAudit %olic# 0on8gurationFAudit %oliciesF*etailed rackingFAudit %olic#.*etailed racking. R%0 "vents

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsFAdvancedAudit %olic# 0on8gurationFAudit %oliciesF*S AccessFAudit %olic#. *SAccess. *etailed *irector# Service Replication

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsFAdvancedAudit %olic# 0on8gurationFAudit %oliciesF*S AccessFAudit %olic#. *SAccess. *irector# Service Access

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsFAdvancedAudit %olic# 0on8gurationFAudit %oliciesF*S AccessFAudit %olic#. *SAccess. *irector# Service 0hanges

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsFAdvanced

    Audit %olic# 0on8gurationFAudit %oliciesF*S AccessFAudit %olic#. *SAccess. *irector# Service Replication

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsFAdvancedAudit %olic# 0on8gurationFAudit %oliciesF/ogon>/ogo

  • 8/9/2019 Win Server 2012

    33/75

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsFAdvancedAudit %olic# 0on8gurationFAudit %oliciesF/ogon>/ogo

  • 8/9/2019 Win Server 2012

    34/75

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsFAdvancedAudit %olic# 0on8gurationFAudit %oliciesF6?ect AccessFAudit %olic#. 6?ectAccess. @andle anipulation

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsFAdvancedAudit %olic# 0on8gurationFAudit %oliciesF6?ect AccessFAudit %olic#. 6?ectAccess. ernel 6?ect

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsFAdvancedAudit %olic# 0on8gurationFAudit %oliciesF6?ect AccessFAudit %olic#. 6?ectAccess. 6ther 6?ect Access "vents

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsFAdvancedAudit %olic# 0on8gurationFAudit %oliciesF6?ect AccessFAudit %olic#. 6?ectAccess. Registr#

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsFAdvancedAudit %olic# 0on8gurationFAudit %oliciesF6?ect AccessFAudit %olic#. 6?ectAccess. Removale Storage

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsFAdvancedAudit %olic# 0on8gurationFAudit %oliciesF6?ect AccessFAudit %olic#. 6?ect

    Access. SA0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsFAdvancedAudit %olic# 0on8gurationFAudit %oliciesF%olic# 0hangeFAudit %olic#. %olic#0hange. Audit %olic# 0hange

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsFAdvancedAudit %olic# 0on8gurationFAudit %oliciesF%olic# 0hangeFAudit %olic#. %olic#0hange. Authentication %olic# 0hange

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsFAdvancedAudit %olic# 0on8gurationFAudit %oliciesF%olic# 0hangeFAudit %olic#. %olic#0hange. Authoriation %olic# 0hange

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsFAdvancedAudit %olic# 0on8gurationFAudit %oliciesF%olic# 0hangeFAudit %olic#. %olic#0hange. iltering %latform %olic# 0hange

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsFAdvancedAudit %olic# 0on8gurationFAudit %oliciesF%olic# 0hangeFAudit %olic#. %olic#0hange. %SS0 Rule; /evel %olic# 0hange

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsFAdvancedAudit %olic# 0on8gurationFAudit %oliciesF%olic# 0hangeFAudit %olic#. %olic#0hange. 6ther %olic# 0hange "vents

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsFAdvanced

    Audit %olic# 0on8gurationFAudit %oliciesF%rivilege 9seFAudit %olic#.%rivilege 9se. on Sensitive %rivilege 9se

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsFAdvancedAudit %olic# 0on8gurationFAudit %oliciesF%rivilege 9seFAudit %olic#.%rivilege 9se. 6ther %rivilege 9se "vents

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsFAdvancedAudit %olic# 0on8gurationFAudit %oliciesF%rivilege 9seFAudit %olic#.%rivilege 9se. Sensitive %rivilege 9se

  • 8/9/2019 Win Server 2012

    35/75

    ;

    ;

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsFAdvancedAudit %olic# 0on8gurationFAudit %oliciesFS#stemFAudit %olic#. S#stem.:%sec *river

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsFAdvancedAudit %olic# 0on8gurationFAudit %oliciesFS#stemFAudit %olic#. S#stem.6ther S#stem "vents

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsFAdvancedAudit %olic# 0on8gurationFAudit %oliciesFS#stemFAudit %olic#. S#stem.Securit# State 0hange

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsFAdvancedAudit %olic# 0on8gurationFAudit %oliciesFS#stemFAudit %olic#. S#stem.Securit# S#stem "&tension

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsFAdvancedAudit %olic# 0on8gurationFAudit %oliciesFS#stemFAudit %olic#. S#stem.S#stem :ntegrit#

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsF/ocal%oliciesFSecurit# 6ptionsFAccounts. /imit local account use of lankpass!ords to console logon onl#

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsF/ocal%oliciesFSecurit# 6ptionsFAudit. orce audit polic# sucategor# settings(Bindo!s ista or later) to override audit polic# categor# settings

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsF/ocal

    %oliciesFSecurit# 6ptionsFAudit. Shut do!n s#stem immediatel# if unaleto log securit# audits

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsF/ocal%oliciesFSecurit# 6ptionsF*evices. Allo!ed to format and e?ect removalemedia

  • 8/9/2019 Win Server 2012

    36/75

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsF/ocal%oliciesFSecurit# 6ptionsF*evices. %revent users from installing printerdrivers

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsF/ocal%oliciesFSecurit# 6ptionsF*omain controller. Allo! server operators to

    schedule tasks0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsF/ocal%oliciesFSecurit# 6ptionsF*omain controller. /*A% server signingreuirements

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsF/ocal%oliciesFSecurit# 6ptionsF*omain controller. Refuse machine accountpass!ord changes

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsF/ocal%oliciesFSecurit# 6ptionsF*omain memer. *igitall# encr#pt or sign securechannel data (al!a#s)

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsF/ocal%oliciesFSecurit# 6ptionsF*omain memer. *igitall# encr#pt securechannel data (!hen possile)

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsF/ocal%oliciesFSecurit# 6ptionsF*omain memer. *igitall# sign secure channeldata (!hen possile)

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsF/ocal%oliciesFSecurit# 6ptionsF*omain memer. *isale machine accountpass!ord changes

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsF/ocal%oliciesFSecurit# 6ptionsF*omain memer. a&imum machine accountpass!ord age

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsF/ocal%oliciesFSecurit# 6ptionsF*omain memer. Reuire strong (Bindo!s 2---or later) session ke#

    @"JK/60A/KA0@:"FSoft!areFicrosoftFBindo!sF0urrentersionF%oliciesFS#stemF/egaloticee&t

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsF/ocal%oliciesFSecurit# 6ptionsF:nteractive logon. *o not displa# last user name

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsF/ocal%oliciesFSecurit# 6ptionsF:nteractive logon. *o not reuire 0R/CA/C*"/

  • 8/9/2019 Win Server 2012

    37/75

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsF/ocal%oliciesFSecurit# 6ptionsF:nteractive logon. achine inactivit# limit

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsF/ocal%oliciesFSecurit# 6ptionsF:nteractive logon. umer of previous logons tocache (in case domain controller is not availale)

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsF/ocal

    %oliciesFSecurit# 6ptionsF:nteractive logon. %rompt user to changepass!ord efore e&piration

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsF/ocal%oliciesFSecurit# 6ptionsF:nteractive logon. Reuire *omain 0ontrollerauthentication to unlock !orkstation

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsF/ocal%oliciesFSecurit# 6ptionsF:nteractive logon. Smart card removal ehavior

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsF/ocal%oliciesFSecurit# 6ptionsF:nteractive logon. achine account lockoutthreshold

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsF/ocal%oliciesFSecurit# 6ptionsFicrosoft net!ork client. *igitall# signcommunications (al!a#s)

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsF/ocal%oliciesFSecurit# 6ptionsFicrosoft net!ork client. *igitall# signcommunications (if server agrees)

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsF/ocal%oliciesFSecurit# 6ptionsFicrosoft net!ork client. Send unencr#ptedpass!ord to third;part# SD servers

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsF/ocal%oliciesFSecurit# 6ptionsFicrosoft net!ork server. Amount of idle timereuired efore suspending session

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsF/ocal%oliciesFSecurit# 6ptionsFicrosoft net!ork server. *igitall# signcommunications (al!a#s)

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsF/ocal%oliciesFSecurit# 6ptionsFicrosoft net!ork server. *igitall# signcommunications (if client agrees)

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsF/ocal

    %oliciesFSecurit# 6ptionsFicrosoft net!ork server. *isconnect clients!hen logon hours e&pire

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsF/ocal%oliciesFSecurit# 6ptionsFSS. (AutoAdmin/ogon) "nale Automatic /ogon(not recommended)

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsF/ocal%oliciesFSecurit# 6ptionsFSS. (*isale:%SourceRouting :%v$) :% sourcerouting protection level (protects against packet spoo8ng)

  • 8/9/2019 Win Server 2012

    38/75

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsF/ocal%oliciesFSecurit# 6ptionsFSS. (*isale:%SourceRouting) :% source routingprotection level (protects against packet spoo8ng)

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsF/ocal%oliciesFSecurit# 6ptionsFSS. (Safe*llSearchode) "nale Safe *//search mode (recommended)

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsF/ocal%oliciesFSecurit# 6ptionsFSS. (ScreenSaver7race%eriod) he time inseconds efore the screen saver grace period e&pires (- recommended)

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsF/ocal%oliciesFSecurit# 6ptionsFSS. (Barning/evel) %ercentage threshold forthe securit# event log at !hich the s#stem !ill generate a !arning

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsF/ocal%oliciesFSecurit# 6ptionsFet!ork access. Allo! anon#mous S:*>ametranslation

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsF/ocal%oliciesFSecurit# 6ptionsFet!ork access. *o not allo! anon#mousenumeration of SA accounts and shares

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsF/ocal%oliciesFSecurit# 6ptionsFet!ork access. *o not allo! anon#mousenumeration of SA accounts

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsF/ocal%oliciesFSecurit# 6ptionsFet!ork access. /et "ver#one permissions appl#to anon#mous users

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsF/ocal%oliciesFSecurit# 6ptionsFet!ork access. Remotel# accessile registr#paths and su;paths

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsF/ocal%oliciesFSecurit# 6ptionsFet!ork access. Remotel# accessile registr#paths

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsF/ocal%oliciesFSecurit# 6ptionsFet!ork access. Restrict anon#mous access toamed %ipes and Shares

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsF/ocal%oliciesFSecurit# 6ptionsFet!ork access. Sharing and securit# model forlocal accounts

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsF/ocal%oliciesFSecurit# 6ptionsFet!ork securit#. Allo! /ocal S#stem to usecomputer identit# for /

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsF/ocal%oliciesFSecurit# 6ptionsFet!ork securit#. Allo! /ocalS#stem 9//session fallack

  • 8/9/2019 Win Server 2012

    39/75

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsF/ocal%oliciesFSecurit# 6ptionsFet!ork securit#. *o not store /A anagerhash value on ne&t pass!ord change

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsF/ocal%oliciesFSecurit# 6ptionsFet!ork securit#. /A anager authenticationlevel

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsF/ocal%oliciesFSecurit# 6ptionsFet!ork securit#. /*A% client signingreuirements

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsF/ocal%oliciesFSecurit# 6ptionsFet!ork securit#. inimum session securit# for/ SS% ased (including secure R%0) clients

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsF/ocal%oliciesFSecurit# 6ptionsFet!ork securit#. inimum session securit# for/ SS% ased (including secure R%0) servers

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsF/ocal

    %oliciesFSecurit# 6ptionsFRecover# console. Allo! automaticadministrative logon

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsF/ocal%oliciesFSecurit# 6ptionsFRecover# console. Allo! Hopp# cop# and accessto all drives and all folders

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsF/ocal%oliciesFSecurit# 6ptionsFShutdo!n. Allo! s#stem to e shut do!n !ithouthaving to log on

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsF/ocal%oliciesFSecurit# 6ptionsFShutdo!n. 0lear virtual memor# page8le

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsF/ocal%oliciesFSecurit# 6ptionsFS#stem cr#ptograph#. 9se :%S compliantalgorithms for encr#ptionE hashingE and signing

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsF/ocal%oliciesFSecurit# 6ptionsFS#stem o?ects. Reuire case insensitivit# fornon;Bindo!s sus#stems

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsF/ocal%oliciesFSecurit# 6ptionsFS#stem o?ects. Strengthen default permissions

    of internal s#stem o?ects (eIgI S#molic /inks)

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsF/ocal%oliciesFSecurit# 6ptionsFS#stem settings. 9se 0erti8cate Rules onBindo!s "&ecutales for Soft!are Restriction %olicies

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsF/ocal%oliciesFSecurit# 6ptionsF9ser Account 0ontrol. Admin Approval ode forthe Duilt;in Administrator account

  • 8/9/2019 Win Server 2012

    40/75

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsF/ocal%oliciesFSecurit# 6ptionsF9ser Account 0ontrol. Allo! 9:Accessapplications to prompt for elevation !ithout using the secure desktop

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsF/ocal%oliciesFSecurit# 6ptionsF9ser Account 0ontrol. Dehavior of the elevationprompt for administrators in Admin Approval ode

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsF/ocal%oliciesFSecurit# 6ptionsF9ser Account 0ontrol. Dehavior of the elevationprompt for standard users

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsF/ocal%oliciesFSecurit# 6ptionsF9ser Account 0ontrol. *etect applicationinstallations and prompt for elevation

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsF/ocal%oliciesFSecurit# 6ptionsF9ser Account 0ontrol. 6nl# elevate e&ecutalesthat are signed and validated

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsF/ocal%oliciesFSecurit# 6ptionsF9ser Account 0ontrol. 6nl# elevate 9:Access

    applications that are installed in secure locations0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsF/ocal%oliciesFSecurit# 6ptionsF9ser Account 0ontrol. Run all administrators inAdmin Approval ode

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsF/ocal%oliciesFSecurit# 6ptionsF9ser Account 0ontrol. S!itch to the securedesktop !hen prompting for elevation

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsF/ocal%oliciesFSecurit# 6ptionsF9ser Account 0ontrol. irtualie 8le and registr#!rite failures to per;user locations

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsF/ocal%oliciesF9ser Rights AssignmentFAccess 0redential anager as a trustedcaller

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsF/ocal%oliciesF9ser Rights AssignmentFAccess this computer from the net!ork

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsF/ocal%oliciesF9ser Rights AssignmentFAct as part of the operating s#stem

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsF/ocal%oliciesF9ser Rights AssignmentFAdd !orkstations to domain

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsF/ocal%oliciesF9ser Rights AssignmentFAd?ust memor# uotas for a process

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsF/ocal%oliciesF9ser Rights AssignmentFAllo! log on locall#

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsF/ocal%oliciesF9ser Rights AssignmentFAllo! log on through Remote *esktopServices

  • 8/9/2019 Win Server 2012

    41/75

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsF/ocal%oliciesF9ser Rights AssignmentFAllo! log on through Remote *esktopServices

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsF/ocal%oliciesF9ser Rights AssignmentFD#pass traverse checking

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsF/ocal

    %oliciesF9ser Rights AssignmentF0hange the s#stem time0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsF/ocal%oliciesF9ser Rights AssignmentF0hange the time one

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsF/ocal%oliciesF9ser Rights AssignmentF0reate a page8le

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsF/ocal%oliciesF9ser Rights AssignmentF0reate a token o?ect

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsF/ocal%oliciesF9ser Rights AssignmentF0reate gloal o?ects

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsF/ocal%oliciesF9ser Rights AssignmentF0reate permanent shared o?ects

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsF/ocal%oliciesF9ser Rights AssignmentF0reate s#molic links

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsF/ocal%oliciesF9ser Rights AssignmentF*eug programs

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsF/ocal%oliciesF9ser Rights AssignmentF*en# access to this computer from thenet!ork

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsF/ocal%oliciesF9ser Rights AssignmentF*en# log on as a atch ?o

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsF/ocal%oliciesF9ser Rights AssignmentF*en# log on as a service

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsF/ocal%oliciesF9ser Rights AssignmentF*en# log on locall#

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsF/ocal%oliciesF9ser Rights AssignmentF"nale computer and user accounts to etrusted for delegation

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsF/ocal%oliciesF9ser Rights AssignmentForce shutdo!n from a remote s#stem

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsF/ocal%oliciesF9ser Rights AssignmentF7enerate securit# audits

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsF/ocal%oliciesF9ser Rights AssignmentF:mpersonate a client after authentication

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsF/ocal%oliciesF9ser Rights AssignmentF:ncrease a process !orking set

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsF/ocal%oliciesF9ser Rights AssignmentF:ncrease scheduling priorit#

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsF/ocal%oliciesF9ser Rights AssignmentF/oad and unload device drivers

  • 8/9/2019 Win Server 2012

    42/75

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsF/ocal%oliciesF9ser Rights AssignmentF/ock pages in memor#

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsF/ocal%oliciesF9ser Rights AssignmentF/og on as a atch ?o

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsF/ocal%oliciesF9ser Rights AssignmentFanage auditing and securit# log

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsF/ocal%oliciesF9ser Rights AssignmentFodif# an o?ect lael

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsF/ocal%oliciesF9ser Rights AssignmentFodif# 8rm!are environment values

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsF/ocal%oliciesF9ser Rights AssignmentF%erform volume maintenance tasks

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsF/ocal%oliciesF9ser Rights AssignmentF%ro8le single process

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsF/ocal%oliciesF9ser Rights AssignmentF%ro8le s#stem performance

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsF/ocal%oliciesF9ser Rights AssignmentFRemove computer from docking station

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsF/ocal%oliciesF9ser Rights AssignmentFReplace a process level token

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsF/ocal%oliciesF9ser Rights AssignmentFRestore 8les and directories

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsF/ocal%oliciesF9ser Rights AssignmentFShut do!n the s#stem

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsF/ocal%oliciesF9ser Rights AssignmentFS#nchronie director# service data

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsF/ocal%oliciesF9ser Rights AssignmentFake o!nership of 8les or other o?ects

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsFBindo!sire!all !ith Advanced Securit#FBindo!s ire!all !ith AdvancedSecurit#FBindo!s ire!all %ropertiesF%ulic %ro8leFBindo!s ire!all.%ulic. :nound connectionsFBindo!s ire!all. %ulic. :noundconnections

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsFBindo!s

    ire!all !ith Advanced Securit#FBindo!s ire!all !ith AdvancedSecurit#FBindo!s ire!all %ropertiesF%ulic %ro8leFBindo!s ire!all.%ulic. Allo! unicast response

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsFBindo!sire!all !ith Advanced Securit#FBindo!s ire!all !ith AdvancedSecurit#FBindo!s ire!all %ropertiesF%ulic %ro8leFBindo!s ire!all.%ulic. Appl# local connection securit# rules

  • 8/9/2019 Win Server 2012

    43/75

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsFBindo!sire!all !ith Advanced Securit#FBindo!s ire!all !ith AdvancedSecurit#FBindo!s ire!all %ropertiesF%ulic %ro8leFBindo!s ire!all.%ulic. Appl# local 8re!all rules

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsFBindo!sire!all !ith Advanced Securit#FBindo!s ire!all !ith Advanced

    Securit#FBindo!s ire!all %ropertiesF%ulic %ro8leFBindo!s ire!all.%ulic. *ispla# a noti8cation

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsFBindo!sire!all !ith Advanced Securit#FBindo!s ire!all !ith AdvancedSecurit#FBindo!s ire!all %ropertiesF%ulic %ro8leFBindo!s ire!all.%ulic. ire!all state

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsFBindo!sire!all !ith Advanced Securit#FBindo!s ire!all !ith AdvancedSecurit#FBindo!s ire!all %ropertiesF%ulic %ro8leFBindo!s ire!all.%ulic. 6utound connections

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsFBindo!sire!all !ith Advanced Securit#FBindo!s ire!all !ith AdvancedSecurit#FBindo!s ire!all %ropertiesF%rivate %ro8leFBindo!s ire!all.%rivate. :nound connectionsFBindo!s ire!all. %rivate. :noundconnections

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsFBindo!sire!all !ith Advanced Securit#FBindo!s ire!all !ith AdvancedSecurit#FBindo!s ire!all %ropertiesF%rivate %ro8leFBindo!s ire!all.%rivate. Allo! unicast response

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsFBindo!sire!all !ith Advanced Securit#FBindo!s ire!all !ith AdvancedSecurit#FBindo!s ire!all %ropertiesF%rivate %ro8leFBindo!s ire!all.%rivate. Appl# local connection securit# rules

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsFBindo!sire!all !ith Advanced Securit#FBindo!s ire!all !ith AdvancedSecurit#FBindo!s ire!all %ropertiesF%rivate %ro8leFBindo!s ire!all.%rivate. Appl# local 8re!all rule

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsFBindo!sire!all !ith Advanced Securit#FBindo!s ire!all !ith AdvancedSecurit#FBindo!s ire!all %ropertiesF%rivate %ro8leFBindo!s ire!all.

    %rivate. *ispla# a noti8cation0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsFBindo!sire!all !ith Advanced Securit#FBindo!s ire!all !ith AdvancedSecurit#FBindo!s ire!all %ropertiesF%rivate %ro8leFBindo!s ire!all.%rivate. ire!all state

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsFBindo!sire!all !ith Advanced Securit#FBindo!s ire!all !ith AdvancedSecurit#FBindo!s ire!all %ropertiesF%rivate %ro8leFBindo!s ire!all.%rivate. 6utound connections

  • 8/9/2019 Win Server 2012

    44/75

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsFBindo!sire!all !ith Advanced Securit#FBindo!s ire!all !ith AdvancedSecurit#FBindo!s ire!all %ropertiesF*omain %ro8leFBindo!s ire!all.*omain. :nound connectionsFBindo!s ire!all. *omain. :noundconnections

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsFBindo!sire!all !ith Advanced Securit#FBindo!s ire!all !ith AdvancedSecurit#FBindo!s ire!all %ropertiesF*omain %ro8leFBindo!s ire!all.*omain. Allo! unicast response

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsFBindo!sire!all !ith Advanced Securit#FBindo!s ire!all !ith AdvancedSecurit#FBindo!s ire!all %ropertiesF*omain %ro8leFBindo!s ire!all.*omain. Appl# local connection securit# rules

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsFBindo!sire!all !ith Advanced Securit#FBindo!s ire!all !ith Advanced

    Securit#FBindo!s ire!all %ropertiesF*omain %ro8leFBindo!s ire!all.*omain. Appl# local 8re!all rules

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsFBindo!sire!all !ith Advanced Securit#FBindo!s ire!all !ith AdvancedSecurit#FBindo!s ire!all %ropertiesF*omain %ro8leFBindo!s ire!all.*omain. *ispla# a noti8cation

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsFBindo!sire!all !ith Advanced Securit#FBindo!s ire!all !ith AdvancedSecurit#FBindo!s ire!all %ropertiesF*omain %ro8leFBindo!s ire!all.*omain. ire!all state

    0omputer 0on8gurationFBindo!s SettingsFSecurit# SettingsFBindo!sire!all !ith Advanced Securit#FBindo!s ire!all !ith AdvancedSecurit#FBindo!s ire!all %ropertiesF*omain %ro8leFBindo!s ire!all.*omain. 6utound connections

    0omputer 0on8gurationFAdministrative emplatesFBindo!s0omponentsFAuto%la# %oliciesFurn o< Autopla#Furn o< Autopla#

    0omputer 0on8gurationFAdministrative emplatesFBindo!s

    0omponentsF"vent /og ServiceFSecurit#FSpecif# the ma&imum log 8le sie(D)FSpecif# the ma&imum log 8le sie (D)

    0omputer 0on8gurationFAdministrative emplatesFBindo!s0omponentsF"vent /og ServiceFS#stemFSpecif# the ma&imum log 8le sie(D)FSpecif# the ma&imum log 8le sie (D)

    0omputer 0on8gurationFAdministrative emplatesFBindo!s0omponentsF"vent /og ServiceFApplicationFSpecif# the ma&imum log 8lesie (D)FSpecif# the ma&imum log 8le sie (D)

  • 8/9/2019 Win Server 2012

    45/75

    0omputer 0on8gurationFAdministrative emplatesFBindo!s0omponentsF"vent /og ServiceFSecurit#F0ontrol "vent /og ehavior !henthe log 8le reaches its ma&imum sie

    0omputer 0on8gurationFAdministrative emplatesFBindo!s0omponentsF"vent /og ServiceFS#stemF0ontrol "vent /og ehavior !henthe log 8le reaches its ma&imum sie

    0omputer 0on8gurationFAdministrative emplatesFBindo!s0omponentsF"vent /og ServiceFApplicationF0ontrol "vent /og ehavior!hen the log 8le reaches its ma&imum sie

    0omputer 0on8gurationFAdministrative emplatesFBindo!s0omponentsFBindo!s :nstallerFAl!a#s install !ith elevated privileges

  • 8/9/2019 Win Server 2012

    46/75

    Reco,,ene Do,"in Cont&olle& )e,.e& Se&!e&

    5 invalid logon attempt(s) Jes Jes

    15 or more minute(s)I Jes Jes

    15 minute(s) Jes Jes

    14 or more character Jes Jes

    24 or more pass!ord Jes Jes

    "naled Jes Jes

    *isaled Jes Jes

    1 or more da#(s) Jes Jes

    $- or fe!er da#s Jes Jes

    Success and ailure Jes Jes

    o Auditing Jes Jes

    o Auditing Jes Jes

    o Auditing Jes Jes

    o Auditing Jes Jes

    Jes Jes

    /evel 1 ; *omain 0ontrollerI herecommended state for this setting is.Success and ailureI /evel 1 ; emer

    ServerI he recommended state for thissetting is. SuccessI

  • 8/9/2019 Win Server 2012

    47/75

    o Auditing Jes Jes

    Success and ailure Jes Jes

    Success and ailure Jes Jes

    Success and ailure Jes Jes

    o Auditing Jes Jes

    Success Jes Jes

    o Auditing Jes Jes

    o Auditing Jes Jes

    o Auditing Jes o

    Success and ailure Jes o

    Success and ailure Jes o

    o Auditing Jes o

    o Auditing Jes Jes

    o Auditing Jes Jes

  • 8/9/2019 Win Server 2012

    48/75

    o Auditing Jes Jes

    o Auditing Jes Jes

    Success Jes Jes

    Success and ailure Jes Jes

    o Auditing Jes Jes

    o Auditing Jes Jes

    Success Jes Jes

    o Auditing Jes Jes

    o Auditing Jes Jes

    o Auditing Jes Jes

    o Auditing Jes Jes

    o Auditing Jes Jes

    o Auditing Jes Jes

    o Auditing Jes Jes

    o Auditing Jes Jes

  • 8/9/2019 Win Server 2012

    49/75

    o Auditing Jes Jes

    o Auditing Jes Jes

    o Auditing Jes Jes

    o Auditing Jes Jes

    o Auditing Jes Jes

    o Auditing Jes Jes

    Success and ailure Jes Jes

    Success Jes Jes

    o Auditing Jes Jes

    o Auditing Jes Jes

    o Auditing Jes Jes

    o Auditing Jes Jes

    o Auditing Jes Jes

    o Auditing Jes Jes

    Success and ailure Jes Jes

  • 8/9/2019 Win Server 2012

    50/75

    Success and ailure Jes Jes

    o Auditing Jes Jes

    Success and ailure Jes Jes

    Success and ailure Jes Jes

    Success and ailure Jes Jes

    o Jes

    o Jes

    "naled Jes Jes

    "naled Jes Jes

    *isaled Jes Jes

    Administrators Jes Jes

    0on8gure the follo!ing 7roup %olic# settingin a manner that is consistent !ith thesecurit# and operational reuirements of#our organiation

    Rename Administrator account

    0on8gure the follo!ing 7roup %olic# settingin a manner that is consistent !ith thesecurit# and operational reuirements of#our organiation

    Rename guest account and disale

  • 8/9/2019 Win Server 2012

    51/75

    "naled Jes Jes

    *isaled Jes o

    Reuire signing Jes o

    *isaled Jes o

    "naled Jes Jes

    "naled Jes Jes

    "naled Jes Jes

    *isaled Jes Jes

    3- or fe!er da#(s) Jes Jes

    "naled Jes Jes

    Jes Jes

    "naled Jes Jes

    *isaled Jes Jes

    0on8gure the follo!ing 7roup %olic# settingin a manner that is consistent !ith thesecurit# and operational reuirements of#our organiation

    %rescried Danner essage ; e&ample.Authoried users onl#I

  • 8/9/2019 Win Server 2012

    52/75

    ,-- or fe!er seconds Jes Jes

    4 or fe!er logon(s) Jes Jes

    14 or more da#(s) Jes Jes

    *isaled Jes Jes

    /ock Borkstation Jes Jes

    1- or fe!er invalid logon attempts o Jes

    "naled Jes Jes

    "naled Jes Jes

    *isaled Jes Jes

    15 or fe!er minute(s) Jes Jes

    "naled Jes Jes

    "naled Jes Jes

    "naled Jes Jes

    *isaled Jes Jes

    st protectionE source routing is completel# di Jes Jes

  • 8/9/2019 Win Server 2012

    53/75

    st protectionE source routing is completel# di Jes Jes

    "naled Jes Jes

    - Jes Jes

    -I, or less Jes Jes

    *isaled Jes Jes

    "naled Jes Jes

    "naled Jes Jes

    *isaled Jes Jes

    trolF0ontent:nde& S#stemF0urrent0ontrolSetF Jes Jes

    temF0urrent0ontrolSetF0ontrolFServer Applic Jes Jes

    "naled Jes Jes

    lassic ; local users authenticate as themselve Jes Jes

    "naled Jes o

    *isaled Jes o

  • 8/9/2019 Win Server 2012

    54/75

    "naled Jes Jes

    end /v2 response onl#I Refuse / G / Jes Jes

    egotiate signing Jes Jes

    /v2 session securit#EReuire 12+;it enc Jes Jes

    /v2 session securit#EReuire 12+;it enc Jes Jes

    *isaled Jes Jes

    *isaled Jes Jes

    *isaled Jes Jes

    *isaled Jes Jes

    "naled Jes Jes

    "naled Jes Jes

    "naled Jes Jes

    "naled Jes Jes

    "naled Jes Jes

  • 8/9/2019 Win Server 2012

    55/75

    *isaled Jes Jes

    %rompt for consent for non;Bindo!s inaries Jes Jes

    %rompt for credentials Jes Jes

    "naled Jes Jes

    *isaled Jes Jes

    "naled Jes Jes

    "naled Jes Jes

    "naled Jes Jes

    "naled Jes Jes

    o 6ne Jes Jes

    sersE ""R%R:S" *6A: 06R6//"RSI /e Jes Jes

    o 6ne Jes Jes

    Administrators Jes o

    dministratorsE /ocal ServiceE et!ork Servic Jes Jes

    Administrators Jes Jes

    Administrators Jes Jes

  • 8/9/2019 Win Server 2012

    56/75

    Administrators Jes Jes

    Jes Jes

    /60A/ S"R:0"E Administrators Jes Jes

    /60A/ S"R:0"E Administrators Jes Jes

    Administrators Jes Jes

    o 6ne Jes Jes

    ratorsE S"R:0"E /60A/ S"R:0"E "B6R Jes Jes

    o 6ne Jes Jes

    Administrators Jes Jes

    Administrators Jes Jes

    7uests Jes Jes

    7uests Jes Jes

    o 6ne Jes Jes

    7uests Jes Jes

    Jes Jes

    Administrators Jes Jes

    /ocal ServiceE et!ork Service Jes Jes

    istratorsE S"R:0"E /ocal ServiceE et!ork S Jes Jes

    AdministratorsE /ocal Service Jes Jes

    Administrators Jes Jes

    Administrators Jes Jes

    !ork ServiceI /evel ; emer ServerI he rec

    setting is. AdministratorsI /evel 1 ; emer

  • 8/9/2019 Win Server 2012

    57/75

    o 6ne Jes Jes

    Administrators Jes o

    Administrators Jes Jes

    o 6ne Jes Jes

    Administrators Jes Jes

    Administrators Jes Jes

    Administrators Jes Jes

    AdministratorsE S"R:0"FBdiService@ost Jes Jes

    Administrators Jes Jes

    /ocal ServiceE et!ork Service Jes Jes

    Administrators Jes Jes

    Administrators Jes Jes

    o 6ne Jes o

    Administrators Jes Jes

    "naled Jes Jes

    o Jes Jes

    Jes Jes Jes

  • 8/9/2019 Win Server 2012

    58/75

    Jes (default) Jes Jes

    Jes Jes Jes

    6n (recommended) Jes Jes

    Allo! (default) Jes Jes

    "naled Jes Jes

    o Jes Jes

    Jes (default) Jes Jes

    Jes (default) Jes Jes

    Jes (default) Jes Jes

    6n (recommended) Jes Jes

    Allo! (default) Jes Jes

  • 8/9/2019 Win Server 2012

    59/75

    "naled Jes Jes

    o Jes Jes

    Jes (default) Jes Jes

    Jes (default) Jes Jes

    Jes (default) Jes Jes

    6n (recommended) Jes Jes

    Allo! (default) Jes Jes

    "naled Jes Jes

    "naled Jes Jes

    "naled Jes Jes

    "naled Jes Jes

  • 8/9/2019 Win Server 2012

    60/75

    *isaled Jes Jes

    *isaled Jes Jes

    *isaled Jes Jes

    *isaled Jes Jes

  • 8/9/2019 Win Server 2012

    61/75

    Cu&&ent V"lue7usti$c"tion i Reco,,ene

    Con$% ill not .e "o(te

  • 8/9/2019 Win Server 2012

    62/75

  • 8/9/2019 Win Server 2012

    63/75

  • 8/9/2019 Win Server 2012

    64/75

  • 8/9/2019 Win Server 2012

    65/75

  • 8/9/2019 Win Server 2012

    66/75

  • 8/9/2019 Win Server 2012

    67/75

  • 8/9/2019 Win Server 2012

    68/75

  • 8/9/2019 Win Server 2012

    69/75

  • 8/9/2019 Win Server 2012

    70/75

  • 8/9/2019 Win Server 2012

    71/75

  • 8/9/2019 Win Server 2012

    72/75

  • 8/9/2019 Win Server 2012

    73/75

  • 8/9/2019 Win Server 2012

    74/75

  • 8/9/2019 Win Server 2012

    75/75


Related Documents
Win Server 03

Win Server 03

Category: Documents
Installationsanleitung MS SQL SERVER WIN

Installationsanleitung MS SQL SERVER WIN

Category: Documents
Instalacion de win server 2003

Instalacion de win server 2003

Category: Education
Installation Guide for Teamcenter based products...• Win Server 2008 R2 SP1 x64 (Stand & Ent); Win Server 2012 x64 (Stand & Datacenter) Win Server 2012 R2 with Teamcenter 12.x •

Installation Guide for Teamcenter based products...• Win.....

Category: Documents
Servidor FTP Win Server

Servidor FTP Win Server

Category: Documents
Win server

Win server

Category: Design
Servidor de Archivos Win Server

Servidor de Archivos Win Server

Category: Documents
MTA Win Server

MTA Win Server

Category: Documents
Installation win 2000 server

Installation win 2000 server

Category: Documents
Switching the EPLAN Dictionary to SQL Server...Windows 7 ®, Windows 8.1 , Windows 10®, Windows Server 2008 R2®, Windows Server 2012®, Win- dows Server 2012 R2 ® , Microsoft Windows

Switching the EPLAN Dictionary to SQL Server...Windows 7 ®,...

Category: Documents
How Do I Install Virtual Server in Win 2008 Server

How Do I Install Virtual Server in Win 2008 Server

Category: Documents
SERVIDOR FTP (WIN SERVER 2008 R2)

SERVIDOR FTP (WIN SERVER 2008 R2)

Category: Documents