差别

这里会显示出您选择的修订版和当前版本之间的差别。

--- resources:os:windows_server_2022:baseline [2024/11/19 21:59] – jackiez
+++ resources:os:windows_server_2022:baseline [2024/11/19 22:12] (当前版本) – jackiez
@@ 行 280: / 行 280: @@
 NA
 ##18.4 MS Security Guide
+.4.1 Ensure 'Apply UAC restrictions to local accounts on network logons' is set to 'Enabled' (MS only)
+.4.2 Ensure 'Configure RPC packet level privacy setting for incoming connections' is set to 'Enabled'
+.4.3 Ensure 'Configure SMB v1 client driver' is set to 'Enabled: Disable driver (recommended)'
+.4.4 Ensure 'Configure SMB v1 server' is set to 'Disabled'
+.4.5 Ensure 'Enable Certificate Padding' is set to 'Enabled'
+.4.6 Ensure 'Enable Structured Exception Handling Overwrite Protection (SEHOP)' is set to 'Enabled'
+.4.7 Ensure 'NetBT NodeType configuration' is set to 'Enabled: P-node (recommended)'
+.4.8 Ensure 'WDigest Authentication' is set to 'Disabled'
 ##18.5 MSS(Legacy)
+.5.1 Ensure 'MSS: (AutoAdminLogon) Enable Automatic Logon' is set to 'Disabled'
+.5.2 Ensure 'MSS: (DisableIPSourceRouting IPv6) IP source routing protection level' is set to 'Enabled: Highest protection, source routing is completely disabled'
+.5.3 Ensure 'MSS: (DisableIPSourceRouting) IP source routing protection level' is set to 'Enabled: Highest protection, source routing is completely disabled'
+.5.4 Ensure 'MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes' is set to 'Disabled'
+.5.5	(L2) Ensure 'MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds' is set to 'Enabled: 300,000 or 5 minutes'
+.5.6 Ensure 'MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers' is set to 'Enabled'
+.5.7	(L2) Ensure 'MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses' is set to 'Disabled'
+.5.8 Ensure 'MSS: (SafeDllSearchMode) Enable Safe DLL search mode' is set to 'Enabled'
+.5.9 Ensure 'MSS: (ScreenSaverGracePeriod) The time in seconds before the screen saver grace period expires' is set to 'Enabled: 5 or fewer seconds'
+.5.10	(L2) Ensure 'MSS: (TcpMaxDataRetransmissions IPv6) How many times unacknowledged data is retransmitted' is set to 'Enabled: 3'
+.5.11	(L2) Ensure 'MSS: (TcpMaxDataRetransmissions) How many times unacknowledged data is retransmitted' is set to 'Enabled: 3'
+.5.12 Ensure 'MSS: (WarningLevel) Percentage threshold for the security event log at which the system will generate a warning' is set to 'Enabled: 90% or less'
 ##18.6 Network
 ##18.7 Printers
 ##18.8 Start Menu and Taskbar
@@ 行 296: / 行 317: @@
 NA
 ##19.5 Start Menu and Taskbar
+###19.5.1 Notifications
+.5.1 Ensure 'Turn off toast notifications on the lock screen' is set to 'Enabled'
 ##19.6 System
+.6.1	Ctrl+Alt+Del Options
+.6.2	Display
+.6.3	Driver Installation
+.6.4	Folder Redirection
+.6.5	Group Policy
+.6.6	Internet Communication Management
+.6.6.1 Internet Communication settings
 ##19.7 Windows Components
+###19.7.1 Account Notifications
+NA
+###19.7.2 Add features to Windows 8 / 8.1 / 10 (formerly Windows Anytime Upgrade)
+NA
+###19.7.3 App runtime
+###19.7.4 Application Compatibility
+###19.7.5 Attachment Manager
+.7.5.1 Ensure 'Do not preserve zone information in file attachments' is set to 'Disabled'
+.7.5.2 Ensure 'Notify antivirus programs when opening attachments' is set to 'Enabled'
+###19.7.6 AutoPlay Policies
+NA
+###19.7.7 Calculator
+NA
+###19.7.8 Cloud Content
+.7.8.1 Ensure 'Configure Windows spotlight on lock screen' is set to 'Disabled'
+.7.8.2 Ensure 'Do not suggest third-party content in Windows spotlight' is set to 'Enabled'
+.7.8.3 Ensure 'Do not use diagnostic data for tailored experiences' is set to 'Enabled'
+.7.8.4 Ensure 'Turn off all Windows spotlight features' is set to 'Enabled'
+.7.8.5 Ensure 'Turn off Spotlight collection on Desktop' is set to 'Enabled'
+###19.7.9 Credential User Interface
+NA
+###19.7.10 Data Collection and Preview Builds
+NA
+###19.7.11 Desktop Gadgets
+NA
+###19.7.12 Desktop Window Manager
+NA
+###19.7.13 Digital Locker
+NA
+###19.7.14 Edge UI
+NA
+###19.7.15 File Explorer (formerly Windows Explorer)
+NA
+###19.7.16 File Revocation
+NA
+###19.7.17 IME
+NA
+###19.7.18 Instant Search
+NA
+###19.7.19 Internet Explorer
+NA
+###19.7.20 Location and Sensors
+NA
+###19.7.21 Microsoft Edge
+NA
+###19.7.22 Microsoft Management Console
+NA
+###19.7.23 Microsoft User Experience Virtualization
+NA
+###19.7.24 Multitasking
+NA
+###19.7.25 NetMeeting
+NA
+###19.7.26 Network Sharing
+.7.26.1 Ensure 'Prevent users from sharing files within their profile.' is set to 'Enabled'
+###19.7.27 OOBE
+NA
+###19.7.28Presentation Settings
+NA
+###19.7.29 Remote Desktop Services (formerly Terminal Services)
+NA
+###19.7.30 RSS Feeds
+NA
+###19.7.31 Search
+NA
+###19.7.32 Sound Recorder
+NA
+###19.7.33 Store
+NA
+###19.7.34 Tablet PC
+NA
+###19.7.35 Task Scheduler
+NA
+###19.7.36 Windows Calendar
+NA
+###19.7.37 Windows Color System
+NA
+###19.7.38 Windows Copilot
+NA
+###19.7.39 Windows Defender SmartScreen
+NA
+###19.7.40 Windows Error Reporting
+NA
+###19.7.41 Windows Hello for Business (formerly Microsoft Passport for Work)
+NA
+###19.7.42 Windows Installer
+.7.42.1 Ensure 'Always install with elevated privileges' is set to 'Disabled'
+###19.7.43 Windows Logon Options
+NA
+###19.7.44 Windows Media Player
+.7.44.1 Networking
+.7.44.2 Playback
+.7.44.2.1 Ensure 'Prevent Codec Download' is set to 'Enabled'