;============================= 80 character column ============================; ;==============================================================================; ; manditory.ini for Windows NT/2000/XP (renamed from manditory.inf) ; ; If you have anything to add/correct/etc, please email me so I can update it. ; ; ; ; This file is to be used as input by SecEdit.exe ; ; ; ; Based off of Stefan Norberg's work (see Feb 2000 ;login: magazine), ; ; Securing Windows NT/2000 Servers for the Internet - O'Reilly ISBN 1565927680 ; ; Microsoft, unclassified NSA docuements and other resources on the Internet. ; ; ; ; ; ; Last modified by Scott Birl (sbirl@temple.edu) - Mar 10, 2003 ; ; ; ; ; ; %SystemRoot%\system32\SecEdit.exe -- full path to the Security Editor ; ; ; ; ; ; It is STRONGLY recommended that you export your current security settings: ; ; ; ; SecEdit /export /mergedPolicy /cfg insecure.ini /verbose /log insecure.log ; ; ; ; Exporting the current security settings will not cover all entries found in ; ; this file. Some parts of this security file will be hard to reverse once ; ; executed! (Although dumping your whole registry beforehand may help) ; ; ; ; ; ; Use: SECEDIT /validate manditory.ini to insure correct coding. ; ; ; ; Commands to execute (use cmd.exe, not command.exe): ; ; ; ; C: & cd \ ; ; SECEDIT /configure /cfg manditory.ini /log manditory.log /verbose /db manditory.db ; ; ; ; ; ; If SecEdit reports an error, you must delete manditory.db before re-running. ; ; ; ; Also see %SystemRoot%\security\templates\*.inf ; ;==============================================================================; ;==============================================================================; [Profile Description] Description=Temple University -- Tightened Security Host Script For Windows NT/2000/XP ;*** Do NOT change or remove these next 2 lines, or SecEdit will not run *** [Version] signature="$CHICAGO$" Revision=32 [Privilege Rights] SeAssignPrimaryTokenPrivilege = SeAuditPrivilege = SeBackupPrivilege = Administrators SeChangeNotifyPrivilege = Administrators, Users, Everyone SeCreatePagefilePrivilege = Administrators SeCreatePermanentPrivilege = SeCreateTokenPrivilege = SeDebugPrivilege = Administrators SeEnableDelegationPrivilege = SeIncreaseBasePriorityPrivilege = Administrators SeIncreaseQuotaPrivilege = Administrators SeInteractiveLogonRight = Administrators SeLoadDriverPrivilege = Administrators SeLockMemoryPrivilege = SeMachineAccountPrivilege = SeNetworkLogonRight = Administrators, Authenticated Users SeProfileSingleProcessPrivilege = Administrators SeRemoteShutdownPrivilege = Administrators SeRestorePrivilege = Administrators SeSecurityPrivilege = Administrators SeServiceLogonRight = Administrators SeShutdownPrivilege = Administrators SeSyncAgentPrivilege = Administrators SeSystemEnvironmentPrivilege = Administrators SeSystemProfilePrivilege = Administrators SeSystemTimePrivilege = Administrators SeTakeOwnershipPrivilege = Administrators SeTcbPrivilege = SeUndockPrivilege = [Registry Keys] "CLASSES_ROOT",0,"D:PAR(A;CI;KA;;;BA)(A;CI;KR;;;AU)(A;CIIO;KA;;;CO)(A;CI;CCDCLCSWRPSDRC;;;PU)(A;CI;KA;;;SY)(A;CI;KR;;;BU)" "MACHINE\SOFTWARE\Microsoft\OS/2 Subsystem for NT",0,"D:PAR(A;CI;KA;;;BA)(A;CIIO;KA;;;CO)(A;CI;KA;;;SY)" "MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip",0,"D:AR(A;CI;KR;;;AU)" "MACHINE\SYSTEM\CurrentControlSet\Services\EventLog",0,"D:AR(A;CI;KR;;;AU)" "MACHINE\SYSTEM\CurrentControlSet\Control\Print\Printers",2,"D:PAR(A;CI;KA;;;BA)(A;CI;KR;;;AU)(A;CIIO;KA;;;CO)(A;CI;CCDCLCSWRPSDRC;;;PU)(A;CI;KA;;;SY)(A;CI;KR;;;BU)" "MACHINE\SYSTEM\CurrentControlSet\Control\ProductOptions",0,"D:AR(A;CI;KR;;;AU)" "MACHINE\SYSTEM\CurrentControlSet\Control\ContentIndex",0,"D:AR(A;CI;KR;;;AU)" "MACHINE\SYSTEM\CurrentControlSet\Control\Computername",0,"D:AR(A;CI;KR;;;AU)" "MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts",0,"D:AR(A;CI;KR;;;AU)" "MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layout",0,"D:AR(A;CI;KR;;;AU)" "MACHINE\Software\Microsoft\Windows NT\CurrentVersion",0,"D:AR(A;CI;KR;;;AU)" "MACHINE\SOFTWARE\Classes\.hlp",0,"D:PAR(A;CI;KA;;;BA)(A;CI;KR;;;AU)(A;CIIO;KA;;;CO)(A;CI;CCDCLCSWRPSDRC;;;PU)(A;CI;KA;;;SY)(A;CI;KR;;;BU)" "MACHINE\SOFTWARE\Classes\helpfile",0,"D:PAR(A;CI;KA;;;BA)(A;CI;KR;;;AU)(A;CIIO;KA;;;CO)(A;CI;CCDCLCSWRPSDRC;;;PU)(A;CI;KA;;;SY)(A;CI;KR;;;BU)" "MACHINE\Software\Classes",0,"D:AR(A;CI;KA;;;BA)(A;CI;KR;;;AU)(A;CIIO;KA;;;CO)(A;CI;CCDCLCSWRPSDRC;;;PU)(A;CI;KA;;;SY)(A;CI;KR;;;BU)" "MACHINE\Software",0,"D:PAR(A;CI;KA;;;BA)(A;CIIO;KA;;;CO)(A;CI;CCDCLCSWRPSDRC;;;PU)(A;CI;KA;;;SY)(A;CI;KR;;;BU)" [File Security] "%SystemDrive%",0,"D:P(D;;;;;WD)(A;CIOI;0xa0000000;;;AU)(A;CIOI;0x10000000;;;BA)(A;CIOI;0x10000000;;;SY)" "%SystemDrive%",0,"S:(AU;SAFACIOI;GA;;;BG)(AU;SAFACIOI;GA;;;LG)(AU;SAFACIOI;SDWDWODT;;;AU)(AU;FACIOI;GA;;;WD)" "%SystemRoot%",2,"D:P(D;;;;;WD)(A;CIOI;0x10000000;;;BA)(A;CIOIID;0x10000000;;;SY)(A;CIOI;GRGX;;;AU)" "%SystemRoot%\Repair",2,"D:P(D;;;;;WD)(A;CIOI;0x10000000;;;BA)(A;CIOI;0x10000000;;;SY)" "%SystemRoot%\Security",2,"D:P(D;;;;;WD)(A;CIOI;0x10000000;;;BA)(A;CIOI;0x10000000;;;SY)" "%SystemRoot%\System",2,"D:P(D;;;;;WD)(A;CIOI;0x10000000;;;BA)(A;CIOI;0x10000000;;;SY)(A;CIOI;GR;;;AU)" "%SystemRoot%\System32",2,"D:P(D;;;;;WD)(A;CIOI;0x10000000;;;BA)(A;CIOI;0x10000000;;;SY)(A;CIOI;GR;;;AU)" "%SystemRoot%\system32\CMD.exe",2,"D:P(D;;;;;WD)(A;CIOI;GA;;;BA)(A;CIOI;GA;;;SY)(A;CIOI;GRGX;;;IU)" "%SystemRoot%\system32\CMD.exe",2,"S:(AU;SAFA;GA;;;WD)(AU;FA;GAFA;;;IU)(AU;FA;GAFA;;;AU)" [Service General Setting] Alerter,3,"D:(A;CIOI;0x10000000;;;SY)(A;CIOI;0x10000000;;;BA)" AppMgmt,4,"D:(A;CIOI;CCLCSWLORC;;;WD)(A;CIOI;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;CIOI;CCLCSWLORC;;;PU)(A;CIOI;CCLCSWRPLO;;;IU)(A;CIOI;CCLCSWRPLO;;;BU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)" BITS,4,"D:AR(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;AU)(A;;DCRPWPDTRC;;;PU)(A;;CCLCSWRPWPDTLOCRRC;;;SY)" Browser,3,"D:(A;CIOI;0x10000000;;;SY)(A;CIOI;0x10000000;;;BA)" cisvc,4,"D:(A;;0x0002018d;;;WD)(A;;0x000201fd;;;PU)(A;;0x000f01ff;;;BA)(A;;0x000f01ff;;;SO)(A;;0x000201fd;;;SY)" ClipSrv,4,"D:(A;CIOI;0x0002018d;;;WD)(A;CIOI;0x000f01ff;;;BA)(A;CIOI;0x0002008f;;;PU)(A;CIOI;0x0000009d;;;IU)" DFS,4,"D:(A;CIOI;0x10000000;;;SY)(A;CIOI;0x10000000;;;BA)" DFSdriver,4,"D:(A;CIOI;0x10000000;;;SY)(A;CIOI;0x10000000;;;BA)" DHCP,4,"D:(A;;0x0002018d;;;WD)(A;;0x000201fd;;;PU)(A;;0x000f01ff;;;BA)(A;;0x000f01ff;;;SO)(A;;0x000201fd;;;SY)" DMAdmin,3,"D:(A;CIOI;0x10000000;;;SY)(A;CIOI;0x10000000;;;BA)" DMServer,3,"D:(A;CIOI;0x10000000;;;SY)(A;CIOI;0x10000000;;;BA)" DNScache,2,"D:(A;CIOI;0x10000000;;;SY)(A;CIOI;0x10000000;;;BA)" EventLog,2,"D:(A;CIOI;0x10000000;;;SY)(A;CIOI;0x10000000;;;BA)(A;CIOI;GRGW;;;AU)" EventSystem,4,"D:(A;CIOI;0x10000000;;;SY)(A;CIOI;0x10000000;;;BA)" Fax,4,"D:AR(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;PU)(A;;CCLCSWRPWPDTLOCRRC;;;SY)" IISADMIN,4,"D:AR(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;PU)(A;;CCLCSWRPWPDTLOCRRC;;;SY)" IsmServ,4,"D:(A;CIOI;0x10000000;;;SY)(A;CIOI;0x10000000;;;BA)" KDC,4,"D:(A;CIOI;0x10000000;;;SY)(A;CIOI;0x10000000;;;BA)" LanManServer,4,"D:(A;CIOI;0x10000000;;;SY)(A;CIOI;0x10000000;;;BA)" LanManWorkstation,4,"D:(A;CIOI;0x10000000;;;SY)(A;CIOI;0x10000000;;;BA)" LicenseService,4,"D:(A;;0x0002018d;;;WD)(A;;0x000201fd;;;PU)(A;;0x000f01ff;;;SO)(A;;0x000201fd;;;SY)" LmHosts,4,"D:(A;;0x0002018d;;;WD)(A;;0x000201fd;;;PU)(A;;0x000f01ff;;;SO)(A;;0x000201fd;;;SY)" Messenger,4,"D:(A;CIOI;0x10000000;;;SY)(A;CIOI;0x10000000;;;BA)" mnmsrvc,4,"D:AR(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;PU)(A;;CCLCSWRPWPDTLOCRRC;;;SY)" MSDTC,4,"D:(A;;0x0002018d;;;WD)(A;;0x000201fd;;;PU)(A;;0x000f01ff;;;SO)(A;;0x000201fd;;;SY)" MSFTPSVC,4,"D:AR(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;PU)(A;;CCLCSWRPWPDTLOCRRC;;;SY)" MSIServer,3,"D:AR(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;PU)(A;;CCLCSWRPWPDTLOCRRC;;;SY)" NetDDE,4,"D:(A;CIOI;0x0002008d;;;WD)(A;CIOI;0x0002008f;;;PU)(A;CIOI;0x0000009d;;;IU)" NetDDEdsdm,4,"D:(A;CIOI;0x0002008d;;;WD)(A;CIOI;0x000f01ff;;;BA)(A;CIOI;0x0002008f;;;PU)(A;CIOI;0x0000009d;;;IU)" NetLogon,4,"D:(A;CIOI;0x10000000;;;SY)(A;CIOI;0x10000000;;;BA)" Netman,2,"D:(A;CIOI;0x10000000;;;SY)(A;CIOI;0x10000000;;;BA)" NTFRS,4,"D:(A;CIOI;0x10000000;;;SY)(A;CIOI;0x10000000;;;BA)" NTLMssp,2,"D:(A;CIOI;0x10000000;;;SY)(A;CIOI;0x10000000;;;BA)" NtmsSvc,4,"D:AR(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;PU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SO)(A;;CCLCSWRPWPDTLOCRRC;;;SY)" PlugPlay,2,"D:(A;CIOI;0x10000000;;;SY)(A;CIOI;0x10000000;;;BA)" PolicyAgent,2,"D:(A;CIOI;0x10000000;;;SY)(A;CIOI;0x10000000;;;BA)" ProtectedStorage,2,"D:(A;CIOI;0x10000000;;;SY)(A;CIOI;0x10000000;;;BA)" RasAcd,4,"D:(A;CIOI;0x10000000;;;SY)(A;CIOI;0x10000000;;;BA)" RasAuto,4,"D:AR(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;PU)(A;;CCLCSWRPWPDTLOCRRC;;;SY)" RasMan,4,"D:AR(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;PU)" RemoteAccess,4,"D:AR(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;PU)(A;;CCLCSWRPWPDTLOCRRC;;;SY)" RemoteRegistry,4,"D:(A;CIOI;0x10000000;;;SY)(A;CIOI;0x10000000;;;BA)" RPClocator,4,"D:(A;CIOI;0x00020000;;;WD)(A;CIOI;0x000f01ff;;;BA)(A;CIOI;0x000f01ff;;;SY)(A;CIOI;0x00020000;;;PU)(A;CIOI;0x0000009d;;;IU)(A;CIOI;0x0000009d;;;S-0x1-0x000000000005-0x20-0x221)" RPCss,2,"D:(A;CIOI;0x00020000;;;WD)(A;CIOI;0x000f01ff;;;BA)(A;CIOI;0x000f01ff;;;SY)(A;CIOI;0x00020000;;;PU)(A;CIOI;0x0000009d;;;IU)(A;CIOI;0x0000009d;;;S-0x1-0x000000000005-0x20-0x221)" RSVP,4,"D:AR(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;PU)" SAMss,2,"D:(A;CIOI;0x10000000;;;SY)(A;CIOI;0x10000000;;;BA)" SCardDrv,4,"D:AR(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;PU)(A;;CCLCSWRPWPDTLOCRRC;;;SY)" SCardSvr,4,"D:AR(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;AU)" Schedule,4,"D:(A;;0x0002018d;;;WD)(A;;0x000201fd;;;PU)(A;;0x000f01ff;;;BA)(A;;0x000f01ff;;;SO)(A;;0x000201fd;;;SY)" seclogon,4,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPLOCRRC;;;PU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SO)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)" SENS,3,"D:(A;CIOI;0x10000000;;;SY)(A;CIOI;0x10000000;;;BA)" SharedAccess,4,"D:AR(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;PU)(A;;CCLCSWRPWPDTLOCRRC;;;SY)" SMTPSVC,4,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPLOCRRC;;;PU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SO)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)" SNMP,4,"D:AR(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;PU)(A;;CCLCSWRPWPDTLOCRRC;;;SY)" SNMPTRAP,4,"D:AR(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;PU)(A;;CCLCSWRPWPDTLOCRRC;;;SY)" Spooler,3,"D:(A;;0x0002018d;;;WD)(A;;0x000201fd;;;PU)(A;;0x000f01ff;;;BA)(A;;0x000f01ff;;;SO)(A;;0x000201fd;;;SY)" SysmonLog,4,"D:AR(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;PU)(A;;CCLCSWRPWPDTLOCRRC;;;SY)" TAPIsrv,4,"D:(A;CIOI;0x0002008d;;;WD)(A;CIOI;0x000f01ff;;;BA)(A;CIOI;0x0002008f;;;PU)(A;CIOI;0x0000009d;;;IU)(A;CIOI;0x0000009d;;;S-0x1-0x000000000005-0x20-0x221)" TermService,4,"D:AR(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;PU)(A;;CCLCSWRPWPDTLOCRRC;;;SY)" TlntSvr,4,"D:AR(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;PU)(A;;CCLCSWRPWPDTLOCRRC;;;SY)" TrkSvr,4,"D:AR(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;PU)(A;;RPWPDTRC;;;SY)" TrkWks,4,"D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPLOCRRC;;;PU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SO)(A;;CCLCSWRPWPDTLOCRRC;;;SY)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)" UPS,4,"D:(A;;0x0002018d;;;WD)(A;;0x000201fd;;;PU)(A;;0x000f01ff;;;BA)(A;;0x000f01ff;;;SO)(A;;0x000201fd;;;SY)" UtilMan,4,"D:AR(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;PU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SO)(A;;CCLCSWRPWPDTLOCRRC;;;SY)" W32Time,3,"D:(A;CIOI;0x10000000;;;SY)(A;CIOI;0x10000000;;;BA)" W3SVC,4,"D:AR(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;PU)(A;;CCLCSWRPWPDTLOCRRC;;;SY)" WinMgmt,3,"D:(A;CIOI;0x10000000;;;SY)(A;CIOI;0x10000000;;;BA)" WMDM PMSP Service,4,"D:(A;CIOI;0x10000000;;;SY)(A;CIOI;0x10000000;;;BA)" WmdmPmSN,4,"D:(A;CIOI;0x10000000;;;SY)(A;CIOI;0x10000000;;;BA)" WMI,3,"D:(A;CIOI;0x10000000;;;SY)(A;CIOI;0x10000000;;;BA)" wuauserv,2,"D:AR(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;PU)(A;;CCLCSWRPWPDTLOCRRC;;;SY)" [System Access] MinimumPasswordAge = 1 MaximumPasswordAge = 365 MinimumPasswordLength = 8 PasswordComplexity = 1 PasswordHistorySize = 10 RequireLogonToChangePassword = 1 ClearTextPassword = 0 LockoutBadCount = 3 ResetLockoutCount = 240 LockoutDuration = 240 ForceLogoffWhenHourExpire = 1 [Event Log] [System Log] MaximumLogSize = 204800 AuditLogRetentionPeriod = 0 RetentionDays = 30 RestrictGuestAccess = 1 [Security Log] MaximumLogSize = 4096 AuditLogRetentionPeriod = 1 RetentionDays = 1 RestrictGuestAccess = 1 [Application Log] MaximumLogSize = 204800 AuditLogRetentionPeriod = 0 RetentionDays = 30 RestrictGuestAccess = 1 [Event Audit] AuditSystemEvents = 3 AuditLogonEvents = 3 AuditObjectAccess = 2 AuditPrivilegeUse = 2 AuditPolicyChange = 3 AuditAccountManage = 3 AuditProcessTracking = 2 AuditDSAccess = 2 AuditAccountLogon = 3 CrashOnAuditFull = 1 [Registry Values] MACHINE\SOFTWARE\Microsoft\Driver Signing\Policy=3,1 MACHINE\SOFTWARE\Microsoft\Non-Driver Signing\Policy=3,0 MACHINE\SOFTWARE\Microsoft\OLE\EnableDCOM=1,"N" MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\setup\RecoveryConsole\securitylevel=4,0 MACHINE\SOFTWARE\microsoft\windows nt\currentversion\setup\RecoveryConsole\setcommand=4,0 MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AllocateCDRoms=1,1 MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AllocateDASD=1,0 MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AllocateFloppies=1,1 MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AutoAdminLogin=1,0 MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\CachedLogonsCount=1,0 MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\DefaultDomainName=1,ocis.temple.edu MACHINE\SOFTWARE\microsoft\windows NT\currentversion\Winlogon\DisableCAD=4,0 MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\LegalNoticeCaption=1,"Temple University Legal Notice" MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\LegalNoticeText=1,"WARNING! This computer is to only be used by authorized Temple University administrators. By accessing and using this system you are consenting to system monitoring for law enforcement and other purposes. Unauthorized use of this computer system may subject you to criminal prosecution and penalties." MACHINE\SOFTWARE\microsoft\windows nt\currentversion\winlogon\PasswordExpiryWarning=4,14 MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ScreenSaverGracePeriod=1,0 MACHINE\SOFTWARE\microsoft\windows nt\currentversion\winlogon\SCremoveoption=1,1 MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\ShutdownWithoutLogon=1,0 MACHINE\SOFTWARE\microsoft\windows\currentversion\policies\SYSTEM\DisableCAD=4,0 MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\SYSTEM\LegalNoticeCaption=1,"Temple University Legal Notice" MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\SYSTEM\LegalNoticeText=1,"WARNING! This computer is to only be used by authorized Temple University administrators. By accessing and using this system you are consenting to system monitoring for law enforcement and other purposes. Unauthorized use of this computer system may subject you to criminal prosecution and penalties." MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ShutdownWithoutLogon=1,0 MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\SYSTEM\UndockWithoutLogon=4,0 MACHINE\SYSTEM\CurrentControlSet\Control\FileSYSTEM\NtfsDisable8dot3NameCreation=4,1 MACHINE\SYSTEM\CurrentControlSet\Control\FileSYSTEM\Win31FileSystem=4,0 MACHINE\SYSTEM\CurrentControlSet\Control\FileSYSTEM\Win95TruncatedExtensions=4,0 MACHINE\System\CurrentControlSet\Control\GraphicsDrivers\DCI\Timeout=4,0 MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AuditBaseObjects=4,1 MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\CrashOnAuditFail=4,1 MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\DisableDomainCreds=4,1 MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\EveryoneIncludesAnonymous=4,0 MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\FIPSalgorithmPolicy=4,1 MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ForceGuest=4,0 MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\FullPrivilegeAuditing=3,1 MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\LimitBlankPasswordUse=3,1 MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\LMCompatibilityLevel=4,2 MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\NoDefaultAdminOwner=3,1 MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\NoLMHash\bar=4,0 MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Notification Packages=7,"%systemroot%\system32\passfilt.dll RASSFM KDCSVC scecli" MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\RestrictAnonymous=4,2 MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\RestrictAnonymousSAM=4,1 MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SubmitControl=4,0 MACHINE\SYSTEM\CurrentControlSet\Control\Print\Providers\LanMan Print Services\Servers\AddPrintDrivers=4,1 MACHINE\SYSTEM\CurrentControlSet\Control\Print\Providers\LanMan Print Services\Servers\AddPrinterDrivers=4,1 MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers\Winreg\Description=1,Registry Server MACHINE\System\CurrentControlSet\Control\Session Manager\EnhancedSecurityLevel=4,1 MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\ObCaseInsensitive=4,1 MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\ClearPageFileAtShutdown=4,1 MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\ProtectionMode=4,1 MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SafeDLLSearchMode=4,1 MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\Optional=3,0000 MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\Optional=7,"" MACHINE\SYSTEM\CurrentControlSet\Services\AFD\Parameters\DynamicBacklogGrowthDelta=4,10 MACHINE\SYSTEM\CurrentControlSet\Services\AFD\Parameters\EnableDynamicBacklog=4,1 MACHINE\SYSTEM\CurrentControlSet\Services\AFD\Parameters\MaximumDynamicBacklog=4,5000 MACHINE\SYSTEM\CurrentControlSet\Services\AFD\Parameters\MinimumDynamicBacklog=4,20 MACHINE\System\CurrentControlSet\Services\Alerter\Parameters\AlertNames=7,Administrators MACHINE\SYSTEM\CurrentControlSet\Services\audstub\Start=4,4 MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\APPLICATION\RestrictGuestAccess=4,1 MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\SECURITY\RestrictGuestAccess=4,1 MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\SECURITY\WarningLevel=4,90 MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\SYSTEM\RestrictGuestAccess=4,1 MACHINE\SYSTEM\CurrentControlSet\Services\LanManServer\Parameters\AutoDisconnect=4,15 MACHINE\SYSTEM\CurrentControlSet\Services\LanManServer\Parameters\AutoShareServer=4,0 MACHINE\SYSTEM\CurrentControlSet\Services\LanManServer\Parameters\AutoShareWks=4,0 MACHINE\SYSTEM\CurrentControlSet\Services\LanManServer\Parameters\EnableForcedLogOff=4,1 MACHINE\SYSTEM\CurrentControlSet\Services\LanManServer\Parameters\EnablePlainTextPassword=4,0 MACHINE\SYSTEM\CurrentControlSet\Services\LanManServer\Parameters\EnableSecuritySignature=4,1 MACHINE\SYSTEM\CurrentControlSet\Services\LanManServer\Parameters\EnableSecuritySignature=4,1 MACHINE\SYSTEM\CurrentControlSet\Services\LanManServer\Parameters\RequireSecuritySignature=4,1 MACHINE\SYSTEM\CurrentControlSet\Services\LanManServer\Parameters\RequireSecuritySignature=4,1 MACHINE\SYSTEM\CurrentControlSet\Services\LanManServer\Parameters\RestrictNullSessAccess=4,1 MACHINE\SYSTEM\CurrentControlSet\Services\LanManWorkstation\Parameters\AutoShareServer=4,0 MACHINE\SYSTEM\CurrentControlSet\Services\LanManWorkstation\Parameters\AutoShareWks=4,0 MACHINE\SYSTEM\CurrentControlSet\Services\LanManWorkstation\Parameters\EnablePlainTextPassword=4,0 MACHINE\SYSTEM\CurrentControlSet\Services\LanManWorkstation\Parameters\EnableSecuritySignature=4,1 MACHINE\SYSTEM\CurrentControlSet\Services\LanManWorkstation\Parameters\EnableSecuritySignature=4,1 MACHINE\SYSTEM\CurrentControlSet\Services\LanManWorkstation\Parameters\RequireSecuritySignature=4,1 MACHINE\SYSTEM\CurrentControlSet\Services\LanManWorkstation\Parameters\RequireSecuritySignature=4,1 MACHINE\SYSTEM\CurrentControlSet\Services\mnmdd\Start=4,4 MACHINE\SYSTEM\CurrentControlSet\Services\NdisTapi\Start=4,4 MACHINE\SYSTEM\CurrentControlSet\Services\NdisWan\Start=4,4 MACHINE\SYSTEM\CurrentControlSet\Services\NDProxy\Start=4,4 MACHINE\SYSTEM\CurrentControlSet\Services\Netbt\Parameters\NoNameReleaseOnDemand=4,0 MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\DisablePasswordChange=4,0 MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\RequireSignOrSeal=4,1 MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\Requirestrongkey=4,1 MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\SealSecureChannel=4,1 MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\SignSecureChannel=4,1 MACHINE\SYSTEM\CurrentControlSet\Services\ParVdm\Start=4,4 MACHINE\SYSTEM\CurrentControlSet\Services\PptpMiniport\Start=4,4 MACHINE\SYSTEM\CurrentControlSet\Services\Ptilink\Start=4,4 MACHINE\SYSTEM\CurrentControlSet\Services\RasAcd\Start=4,4 MACHINE\SYSTEM\CurrentControlSet\Services\Rasl2tp\Start=4,4 MACHINE\SYSTEM\CurrentControlSet\Services\Raspti\Start=4,4 MACHINE\SYSTEM\CurrentControlSet\Services\Rdr\Parameters\EnablePlainTextPassword=4,0 MACHINE\SYSTEM\CurrentControlSet\Services\Rdr\Parameters\EnableSecuritySignature=4,1 MACHINE\SYSTEM\CurrentControlSet\Services\Rdr\Parameters\EnableSecuritySignature=4,1 MACHINE\SYSTEM\CurrentControlSet\Services\Rdr\Parameters\RequireSecuritySignature=4,1 MACHINE\SYSTEM\CurrentControlSet\Services\Rdr\Parameters\RequireSecuritySignature=4,1 MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DisableIPSourceRouting=4,2 MACHINE\SYSTEM\CurrentControlSet\Services\TCPIP\Parameters\EnableICMPRedirect=4,0 MACHINE\SYSTEM\CurrentControlSet\Services\TCPIP\Parameters\EnableICMPRedirects=4,0 MACHINE\System\CurrentControlSet\Services\Tcpip\parameters\EnableSecurityFilters=4,1 MACHINE\SYSTEM\CurrentControlSet\Services\TCPIP\Parameters\KeepAliveTime=4,300000 MACHINE\SYSTEM\CurrentControlSet\Services\TCPIP\Parameters\SYNAttackProtect=4,2 MACHINE\SYSTEM\CurrentControlSet\Services\TCPIP\Parameters\TCPMaxConnectResponseRetransmissions=4,3 MACHINE\System\CurrentControlSet\Services\Tcpip\parameters\TcpMaxConnectRetransmissions=4,3 MACHINE\SYSTEM\CurrentControlSet\Services\TCPIP\Parameters\TCPMaxHalfOpen=4,100 MACHINE\SYSTEM\CurrentControlSet\Services\TCPIP\Parameters\TCPMaxHalfOpenedRetried=4,80 MACHINE\SYSTEM\CurrentControlSet\Services\TCPIP\Parameters\TCPMaxPortsExhausted=4,5 MACHINE\SYSTEM\CurrentControlSet\Services\Wanarp\Start=4,4