18 | Policy | Local computer Policy>>>security option | ||||
18.1 | Accounts: Administrator account status | Enabled | ||||
Accounts: Guest account status | Disabled | |||||
Accounts: Limit local account use of blank passwords to console logon only | Enabled | |||||
Accounts: Rename administrator account | administrator | |||||
Accounts: Rename guest account | iguest | |||||
Audit: Audit the access of global system objects | Disabled | |||||
Audit: Audit the use of Backup and Restore privilege | Disabled | |||||
Audit: Shut down system immediately if unable to log security audits | Disabled | |||||
DCOM: Machine Access Restrictions in Security Descriptor Definition Language (SDDL) syntax | Not Defined | |||||
DCOM: Machine Launch Restrictions in Security Descriptor Definition Language (SDDL) syntax | Not Defined | |||||
Devices: Allow undock without having to log on | Enabled | |||||
Devices: Allowed to format and eject removable media | Administrators | |||||
Devices: Prevent users from installing printer drivers | Enabled | |||||
Devices: Restrict CD-ROM access to locally logged-on user only | Disabled | |||||
Devices: Restrict floppy access to locally logged-on user only | Disabled | |||||
Devices: Unsigned driver installation behavior | warn but allow installation | |||||
Domain controller: Allow server operators to schedule tasks | Not Defined | |||||
Domain controller: LDAP server signing requirements | Not Defined | |||||
Domain controller: Refuse machine account password changes | Not Defined | |||||
Domain member: Digitally encrypt or sign secure channel data (always) | Enabled | |||||
Domain member: Digitally encrypt secure channel data (when possible) | Enabled | |||||
Domain member: Digitally sign secure channel data (when possible) | Enabled | |||||
Domain member: Disable machine account password changes | Disabled | |||||
Domain member: Maximum machine account password age | 30 days | |||||
Domain member: Require strong (windows 2000 or later) session key | Disabled | |||||
Interactive logon: Display user information when the session is locked | Not Defined | |||||
Interactive logon: Do not display last user name | Disabled | |||||
Interactive logon: Do not require CTRL+ALT+DEL | Disabled | |||||
Interactive logon: Message text for users attempting to log on | Lenovo internal systems can only be used for Lenovo business purposes or purposes approved by Lenovo management! | |||||
Interactive logon: Message title for users attempting to log on | Important Notice! | |||||
Interactive logon: Number of previous logons to cache (in case domain controller is not available) | 10 logons | |||||
Interactive logon: Prompt user to change password before expiration | 14 days | |||||
Interactive logon: Require Domain Controller authentication to unlock workstation | Disabled | |||||
Interactive logon: Require smart card | Disabled | |||||
Interactive logon: Smart card removal behavior | No Action | |||||
Microsoft network client: Digitally sign communications (always) | Disabled | |||||
Microsoft network client: Digitally sign communications (if server agrees) | Enabled | |||||
Microsoft network client: Send unencrypted password to third-party SMB servers | Disabled | |||||
Microsoft network server: amount of idle time required before suspending session | 15 minutes | |||||
Microsoft network server: Diaaly sign communications (always) | Disabled | |||||
Microsoft network server: DgtaIy sign communications (If client agrees) | Disabled | |||||
Microsoft network server: Disconnect clients when logon hours expire | Enabled | |||||
Network access: Allow anonymos SID/Name translation | Disabled | |||||
Network access: Do not allow anonymous enumeration of SAM accosts | Enabled | |||||
Network access: Do not allow anonymous enumeration of sAM accosts and shares | Enabled | |||||
Network access: Do not allow storage of credertids or NET Passports for network authertication | Disabled | |||||
Network access: Let Everyone permissions apply to anonymous users | Disabled | |||||
Network access: Named Pipes that can be accessed anonymously | COMNAP COMNODE SQL/QUERY SPOOLSS EPMAPPER LOCATOR TrkWks TrkSvr NETLOGON LSARPC LLSRPC BROWSER samr | |||||
Network access: Remotely accessible registry paths | System/CurrentControlSet/Control/ProductOptions System/CurrentControlSet/Control/Server Applications Software/Microsoft/Windows NT/CurrentVersion | |||||
Network access: Remotely accessible registry paths and sub-paths | System/CurrentControlSet/Control/Print/Printers System/CurrentControlSet/Services/Eventlog Software/Microsoft/OLAP Server Software/Microsoft/Windows NT/CurrentVersion/Print Software/Microsoft/Windows NT/CurrentVersion/Windows System/CurrentControlSet/Control/ContentIndex System/CurrentControlSet/Control/Terminal Server System/CurrentControlSet/Control/Terminal Server/UserConfig System/CurrentControlSet/Control/Terminal Server/DefaultUserConfiguration Software/Microsoft/Windows NT/CurrentVersion/Perflib System/CurrentControlSet/Services/Sysmonlog | |||||
Network access:Restrict anonymous access to Named Pipes and shares | Enable | |||||
Network access: shares that can be accessed anomymously | COMCFG DFS$ | |||||
Network access: Sharing and security model for local accounts | Classic - local users authenticate as themselves | |||||
Network secuty: Do not store LAN Manager hash vakie on next password change | Disabled | |||||
Network secuty: Force logoff when logon hours expire | Disabled | |||||
Network security: LAN Manager authentication level | Send NTLM response only | |||||
Network security: LDAP chet sgning requiremerts | Negotiate signing | |||||
Network security: Minimum session security for NUM ssP based (indu&g secure RPC) dhats | No minimum | |||||
Network security: Minimum session security For NUM SsP based (inclu&g secure RPC) servers | No minmum | |||||
Recovery console: Allow automatic administrative logon | Disabled | |||||
Recovery console: Allow floppy copy and access to al drives and al folders | Disabled | |||||
shutdown: Mow system to be sht down withot having to log on | Disabled | |||||
shutdown: Clear virtual memory pagefile | Disabled | |||||
System cryptography:Force strong key protectionfor user keys stored on the computer | Not Defined | |||||
System cryptography: Use FIPS compllant algorttvns for encryption, hashing, and signing | Disabled | |||||
System obyects: DeFault owner for objects created by members of the Adnlnlstrators otp | Administrators group | |||||
System obmcts: Require case insensitivity for non-wfndows subsystems | Enabled | |||||
System objects: Strengthen defaut permissions df Eternal system objects (e.g. Symbolic LEts) | Enabled | |||||
System setting:Optional subsystems | Posix | |||||
System setting:Use Certificate Rules on Windows Executables for Software Restriction Policies | Disabled |
member server security option
最新推荐文章于 2021-12-20 21:17:30 发布