Accounts: Administrator account status | Enabled |
Accounts: Guest account status | Disabled |
Accounts: Limit local account use of blank passwords to console logon only | Enabled |
Accounts: Rename administrator account | administrator |
Accounts: Rename guest account | guest |
Audit: Audit the access of global system objects | Disabled |
Audit: Audit the use of Backup and Restore privilege | Disabled |
Audit: Shut down system immediately if unable to log security audits | Disabled |
DCOM: Machine Access Restrictions in Security Descriptor Definition Language (SDDL) syntax | Not Defined |
DCOM: Machine Launch Restrictions in Security Descriptor Definition Language (SDDL) syntax | Not Defined |
Devices: Allow undock without having to log on | Enabled |
Devices: Allowed to format and eject removable media | Administrators |
Devices: Prevent users from installing printer drivers | Enabled |
Devices: Restrict CD-ROM access to locally logged-on user only | Enabled |
Devices: Restrict floppy access to locally logged-on user only | Enabled |
Devices: Unsigned driver installation behavior | Do not allow installation |
Domain controller: Allow server operators to schedule tasks | Disabled |
Domain controller: LDAP server signing requirements | None |
Domain controller: Refuse machine account password changes | Not Defined |
Domain member: Digitally encrypt or sign secure channel data (always) | Disabled |
Domain member: Digitally encrypt secure channel data (when possible) | Enabled |
Domain member: Digitally sign secure channel data (when possible) | Enabled |
Domain member: Disable machine account password changes | Disabled |
Domain member: Maximum machine account password age | 30 days |
Domain member: Require strong (windows 2000 or later) session key | Disabled |
Interactive logon: Display user information when the session is locked | Not Defined |
Interactive logon: Do not display last user name | Disabled |
Interactive logon: Do not require CTRL+ALT+DEL | Disabled |
Interactive logon: Message text for users attempting to log on | Lenovo internal systems can only be used for Lenovo business purposes or purposes approved by Lenovo management! |
Interactive logon: Message title for users attempting to log on | Important Notice! |
Interactive logon: Number of previous logons to cache (in case domain controller is not available) | 10 logons |
Interactive logon: Prompt user to change password before expiration | 14 days |
Interactive logon: Require Domain Controller authentication to unlock workstation | Disabled |
Interactive logon: Require smart card | Disabled |
Interactive logon: Smart card removal behavior | Force Logoff |
Microsoft network client: Digitally sign communications (always) | Disabled |
Microsoft network client: Digitally sign communications (if server agrees) | Enabled |
Microsoft network client: Send unencrypted password to third-party SMB servers | Disabled |
Microsoft network server: amount of idle time required before suspending session | 15 minutes |
Microsoft network server: Diaaly sign communications (always) | Disabled |
Microsoft network server: DgtaIy sign communications (If client aoees) | Enabled |
Microsoft network server: Disconnect clients when logon hours expire | Enabled |
Network access: Allow anonymos SID/Name translation | Enabled |
Network access: Do not allow anonymous enumeration of SAM accosts | Enabled |
Network access: Do not allow anonymous enumeration of sAM accosts and shares | Enabled |
Network access: Do not allow storage of credertids or NET Passports for network authertication | Disabled |
Network access: Let Everyone permissions apply to anonymous users | Disabled |
Network access: Named Pipes that can be accessed anonymously | COMNAP COMNODE SQL/QUERY SPOOLSS NETLOGON LSARPC SAMR BROWSER EPMAPPER LOCATOR TrkWks TrkSvr CERT |
Network access: Remotely accessible registry paths | System/CurrentControlSet/Control/ProductOptions System/CurrentControlSet/Control/Server Applications Software/Microsoft/Windows NT/CurrentVersion |
Network access: Remotely accessible registry paths and sub-paths | System/CurrentControlSet/Control/Print/Printers System/CurrentControlSet/Services/Eventlog Software/Microsoft/OLAP Server Software/Microsoft/Windows NT/CurrentVersion/Print Software/Microsoft/Windows NT/CurrentVersion/Windows System/CurrentControlSet/Control/ContentIndex System/CurrentControlSet/Control/Terminal Server System/CurrentControlSet/Control/Terminal Server/UserConfig System/CurrentControlSet/Control/Terminal Server/DefaultUserConfiguration Software/Microsoft/Windows NT/CurrentVersion/Perflib System/CurrentControlSet/Services/Sysmonlog System/CurrentControlSet/Services/CertSvc |
Network access:Restrict anonymous access to Named Pipes and shares | Enable |
Network access: shares that cmn be accessed anomymously COMCFG,DFs$ | COMCFG DFS$ |
Network access: Sharing and security model for local accounts | Classic - local users authenticate as themselves |
Network secuty: Do not store LAN Manager hash vakie on next password change | Disabled |
Network secuty: Force logoff when logon hocrs expre | Enabled |
Network security: LAN Manager authentication level | Send NTLM response only |
Network security: LDAP chet sgning requiremerts | Negotiate ssging |
Network security: Minimum session security for NUM ssP based (indu&g secure RPC) dhats | No minimum |
Network security: Minimum session security For NUM SsP based (inclu&g secure RPC) servers | No minmum |
Recovery console: Allow automatic administrative logon | Disabled |
Recovery console: Allow floppy copy and access to al drives and al folders | Disabled |
shutdown: Mow system to be sht down withot having to log on | Disabled |
shutdown: Clear virtual meniry pagefile | Disabled |
System cryptography:Force strong key protectionfor user keys stored on the computer | Not Defined |
System cryptography: Use FIPS compllant algorttvns for encryption, hashing, and signing | Disabled |
System obyects: DeFault owner for objects created by members of the administrators group | Administrators group |
System obmcts: Require case nsensltlvlty for non-wfndows subsystems | Enabled |
System objects: Strengthen defaut permissions df Eternal system objects (e.g. Symbolic LEts) | Enabled |
System setting:Optional subsystems | Posix |
System setting:Use Certificate Rules on Windows Executables for Software Restriction Policies | Disabled |
windows2003 securtiy options(DC policy)
最新推荐文章于 2021-12-20 21:17:30 发布