| 18 | Policy | Local computer Policy>>>security option | ||||
| 18.1 | Accounts: Administrator account status | Enabled | ||||
| Accounts: Guest account status | Disabled | |||||
| Accounts: Limit local account use of blank passwords to console logon only | Enabled | |||||
| Accounts: Rename administrator account | administrator | |||||
| Accounts: Rename guest account | iguest | |||||
| Audit: Audit the access of global system objects | Disabled | |||||
| Audit: Audit the use of Backup and Restore privilege | Disabled | |||||
| Audit: Shut down system immediately if unable to log security audits | Disabled | |||||
| DCOM: Machine Access Restrictions in Security Descriptor Definition Language (SDDL) syntax | Not Defined | |||||
| DCOM: Machine Launch Restrictions in Security Descriptor Definition Language (SDDL) syntax | Not Defined | |||||
| Devices: Allow undock without having to log on | Enabled | |||||
| Devices: Allowed to format and eject removable media | Administrators | |||||
| Devices: Prevent users from installing printer drivers | Enabled | |||||
| Devices: Restrict CD-ROM access to locally logged-on user only | Disabled | |||||
| Devices: Restrict floppy access to locally logged-on user only | Disabled | |||||
| Devices: Unsigned driver installation behavior | warn but allow installation | |||||
| Domain controller: Allow server operators to schedule tasks | Not Defined | |||||
| Domain controller: LDAP server signing requirements | Not Defined | |||||
| Domain controller: Refuse machine account password changes | Not Defined | |||||
| Domain member: Digitally encrypt or sign secure channel data (always) | Enabled | |||||
| Domain member: Digitally encrypt secure channel data (when possible) | Enabled | |||||
| Domain member: Digitally sign secure channel data (when possible) | Enabled | |||||
| Domain member: Disable machine account password changes | Disabled | |||||
| Domain member: Maximum machine account password age | 30 days | |||||
| Domain member: Require strong (windows 2000 or later) session key | Disabled | |||||
| Interactive logon: Display user information when the session is locked | Not Defined | |||||
| Interactive logon: Do not display last user name | Disabled | |||||
| Interactive logon: Do not require CTRL+ALT+DEL | Disabled | |||||
| Interactive logon: Message text for users attempting to log on | Lenovo internal systems can only be used for Lenovo business purposes or purposes approved by Lenovo management! | |||||
| Interactive logon: Message title for users attempting to log on | Important Notice! | |||||
| Interactive logon: Number of previous logons to cache (in case domain controller is not available) | 10 logons | |||||
| Interactive logon: Prompt user to change password before expiration | 14 days | |||||
| Interactive logon: Require Domain Controller authentication to unlock workstation | Disabled | |||||
| Interactive logon: Require smart card | Disabled | |||||
| Interactive logon: Smart card removal behavior | No Action | |||||
| Microsoft network client: Digitally sign communications (always) | Disabled | |||||
| Microsoft network client: Digitally sign communications (if server agrees) | Enabled | |||||
| Microsoft network client: Send unencrypted password to third-party SMB servers | Disabled | |||||
| Microsoft network server: amount of idle time required before suspending session | 15 minutes | |||||
| Microsoft network server: Diaaly sign communications (always) | Disabled | |||||
| Microsoft network server: DgtaIy sign communications (If client agrees) | Disabled | |||||
| Microsoft network server: Disconnect clients when logon hours expire | Enabled | |||||
| Network access: Allow anonymos SID/Name translation | Disabled | |||||
| Network access: Do not allow anonymous enumeration of SAM accosts | Enabled | |||||
| Network access: Do not allow anonymous enumeration of sAM accosts and shares | Enabled | |||||
| Network access: Do not allow storage of credertids or NET Passports for network authertication | Disabled | |||||
| Network access: Let Everyone permissions apply to anonymous users | Disabled | |||||
| Network access: Named Pipes that can be accessed anonymously | COMNAP COMNODE SQL/QUERY SPOOLSS EPMAPPER LOCATOR TrkWks TrkSvr NETLOGON LSARPC LLSRPC BROWSER samr | |||||
| Network access: Remotely accessible registry paths | System/CurrentControlSet/Control/ProductOptions System/CurrentControlSet/Control/Server Applications Software/Microsoft/Windows NT/CurrentVersion | |||||
| Network access: Remotely accessible registry paths and sub-paths | System/CurrentControlSet/Control/Print/Printers System/CurrentControlSet/Services/Eventlog Software/Microsoft/OLAP Server Software/Microsoft/Windows NT/CurrentVersion/Print Software/Microsoft/Windows NT/CurrentVersion/Windows System/CurrentControlSet/Control/ContentIndex System/CurrentControlSet/Control/Terminal Server System/CurrentControlSet/Control/Terminal Server/UserConfig System/CurrentControlSet/Control/Terminal Server/DefaultUserConfiguration Software/Microsoft/Windows NT/CurrentVersion/Perflib System/CurrentControlSet/Services/Sysmonlog | |||||
| Network access:Restrict anonymous access to Named Pipes and shares | Enable | |||||
| Network access: shares that can be accessed anomymously | COMCFG DFS$ | |||||
| Network access: Sharing and security model for local accounts | Classic - local users authenticate as themselves | |||||
| Network secuty: Do not store LAN Manager hash vakie on next password change | Disabled | |||||
| Network secuty: Force logoff when logon hours expire | Disabled | |||||
| Network security: LAN Manager authentication level | Send NTLM response only | |||||
| Network security: LDAP chet sgning requiremerts | Negotiate signing | |||||
| Network security: Minimum session security for NUM ssP based (indu&g secure RPC) dhats | No minimum | |||||
| Network security: Minimum session security For NUM SsP based (inclu&g secure RPC) servers | No minmum | |||||
| Recovery console: Allow automatic administrative logon | Disabled | |||||
| Recovery console: Allow floppy copy and access to al drives and al folders | Disabled | |||||
| shutdown: Mow system to be sht down withot having to log on | Disabled | |||||
| shutdown: Clear virtual memory pagefile | Disabled | |||||
| System cryptography:Force strong key protectionfor user keys stored on the computer | Not Defined | |||||
| System cryptography: Use FIPS compllant algorttvns for encryption, hashing, and signing | Disabled | |||||
| System obyects: DeFault owner for objects created by members of the Adnlnlstrators otp | Administrators group | |||||
| System obmcts: Require case insensitivity for non-wfndows subsystems | Enabled | |||||
| System objects: Strengthen defaut permissions df Eternal system objects (e.g. Symbolic LEts) | Enabled | |||||
| System setting:Optional subsystems | Posix | |||||
| System setting:Use Certificate Rules on Windows Executables for Software Restriction Policies | Disabled | |||||
扫一扫
12-20
728
728
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
