| Accounts: Administrator account status | Enabled |
| Accounts: Guest account status | Disabled |
| Accounts: Limit local account use of blank passwords to console logon only | Enabled |
| Accounts: Rename administrator account | administrator |
| Accounts: Rename guest account | guest |
| Audit: Audit the access of global system objects | Disabled |
| Audit: Audit the use of Backup and Restore privilege | Disabled |
| Audit: Shut down system immediately if unable to log security audits | Disabled |
| DCOM: Machine Access Restrictions in Security Descriptor Definition Language (SDDL) syntax | Not Defined |
| DCOM: Machine Launch Restrictions in Security Descriptor Definition Language (SDDL) syntax | Not Defined |
| Devices: Allow undock without having to log on | Enabled |
| Devices: Allowed to format and eject removable media | Administrators |
| Devices: Prevent users from installing printer drivers | Enabled |
| Devices: Restrict CD-ROM access to locally logged-on user only | Disabled |
| Devices: Restrict floppy access to locally logged-on user only | Disabled |
| Devices: Unsigned driver installation behavior | warn but allow installation |
| Domain controller: Allow server operators to schedule tasks | Not Defined |
| Domain controller: LDAP server signing requirements | Not Defined |
| Domain controller: Refuse machine account password changes | Not Defined |
| Domain member: Digitally encrypt or sign secure channel data (always) | Enabled |
| Domain member: Digitally encrypt secure channel data (when possible) | Enabled |
| Domain member: Digitally sign secure channel data (when possible) | Enabled |
| Domain member: Disable machine account password changes | Disabled |
| Domain member: Maximum machine account password age | 30 days |
| Domain member: Require strong (windows 2000 or later) session key | Disabled |
| Interactive logon: Display user information when the session is locked | Not Defined |
| Interactive logon: Do not display last user name | Disabled |
| Interactive logon: Do not require CTRL+ALT+DEL | Disabled |
| Interactive logon: Message text for users attempting to log on | Lenovo internal systems can only be used for Lenovo business purposes or purposes approved by Lenovo management! |
| Interactive logon: Message title for users attempting to log on | Important Notice! |
| Interactive logon: Number of previous logons to cache (in case domain controller is not available) | 10 logons |
| Interactive logon: Prompt user to change password before expiration | 14 days |
| Interactive logon: Require Domain Controller authentication to unlock workstation | Disabled |
| Interactive logon: Require smart card | Disabled |
| Interactive logon: Smart card removal behavior | No Action |
| Microsoft network client: Digitally sign communications (always) | Disabled |
| Microsoft network client: Digitally sign communications (if server agrees) | Enabled |
| Microsoft network client: Send unencrypted password to third-party SMB servers | Disabled |
| Microsoft network server: amount of idle time required before suspending session | 15 minutes |
| Microsoft network server: Diaaly sign communications (always) | Disabled |
| Microsoft network server: DgtaIy sign communications (If client agrees) | Disabled |
| Microsoft network server: Disconnect clients when logon hours expire | Enabled |
| Network access: Allow anonymos SID/Name translation | Disabled |
| Network access: Do not allow anonymous enumeration of SAM accosts | Enabled |
| Network access: Do not allow anonymous enumeration of sAM accosts and shares | Disabled |
| Network access: Do not allow storage of credertids or NET Passports for network authertication | Disabled |
| Network access: Let Everyone permissions apply to anonymous users | Disabled |
| Network access: Named Pipes that can be accessed anonymously | COMNAP COMNODE SQL/QUERY SPOOLSS LLSRPC browser netlogon lsarpc samr |
| Network access: Remotely accessible registry paths | System/CurrentControlSet/Control/ProductOptions System/CurrentControlSet/Control/Server Applications Software/Microsoft/Windows NT/CurrentVersion |
| Network access: Remotely accessible registry paths and sub-paths | System/CurrentControlSet/Control/Print/Printers System/CurrentControlSet/Services/Eventlog Software/Microsoft/OLAP Server Software/Microsoft/Windows NT/CurrentVersion/Print Software/Microsoft/Windows NT/CurrentVersion/Windows System/CurrentControlSet/Control/ContentIndex System/CurrentControlSet/Control/Terminal Server System/CurrentControlSet/Control/Terminal Server/UserConfig System/CurrentControlSet/Control/Terminal Server/DefaultUserConfiguration Software/Microsoft/Windows NT/CurrentVersion/Perflib System/CurrentControlSet/Services/Sysmonlog |
| Network access:Restrict anonymous access to Named Pipes and shares | Enable |
| Network access: shares that cmn be accessed anomymously COMCFG,DFs$ | COMCFG DFS$ |
| Network access: Sharing and security model for local accounts | Classic - local users authenticate as themselves |
| Network secuty: Do not store LAN Manager hash vakie on next password change | Disabled |
| Network secuty: Force logoff when logon hours expire | Enabled |
| Network security: LAN Manager authentication level | Send NTLM response only |
| Network security: LDAP chet sgning requiremerts | Negotiate ssging |
| Network security: Minimum session security for NUM ssP based (indu&g secure RPC) dhats | No minimum |
| Network security: Minimum session security For NUM SsP based (inclu&g secure RPC) servers | No minmum |
| Recovery console: Allow automatic administrative logon | Disabled |
| Recovery console: Allow floppy copy and access to al drives and al folders | Disabled |
| shutdown: Mow system to be sht down withot having to log on | Disabled |
| shutdown: Clear virtual memory pagefile | Disabled |
| System cryptography:Force strong key protectionfor user keys stored on the computer | Not Defined |
| System cryptography: Use FIPS compllant algorttvns for encryption, hashing, and signing | Disabled |
| System obyects: DeFault owner for objects created by members of the Adnlnlstrators otp | Administrators group |
| System obmcts: Require case insensitivity for non-wfndows subsystems | Enabled |
| System objects: Strengthen defaut permissions df Eternal system objects (e.g. Symbolic LEts) | Enabled |
| System setting:Optional subsystems | Posix |
| System setting:Use Certificate Rules on Windows Executables for Software Restriction Policies | Disabled |
| Install SCM client | server point to infra05 |
12-20
685
685
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
