没有合适的资源?快使用搜索试试~ 我知道了~
CIS-Microsoft-Windows-Server-2012安全基线
5星 · 超过95%的资源 需积分: 36 108 下载量 178 浏览量
2016-07-22
10:23:07
上传
评论 9
收藏 116KB PDF 举报
温馨提示
CIS-Microsoft-Windows-Server-2012安全基线
资源推荐
资源详情
资源评论
Compliance Score : 99.12%
Summary
Rule Name Result
1.1.1 Set 'Enforce password history' to '24 or more password(s)' Pass: Rule passed : '24'.
1.1.2 Set 'Maximum password age' to 60 or fewer days, but not 0 Pass: Rule passed : '60' '60'.
1.1.3 Set 'Minimum password age' to '1 or more day(s)' Pass: Rule passed : '1'.
1.1.4 Set 'Minimum password length' to '14 or more character(s)' Pass: Rule passed : '14'.
1.1.5 Set 'Password must meet complexity requirements' to 'Enabled' Pass: Rule passed : '1'.
1.1.6 Set 'Store passwords using reversible encryption' to 'Disabled' Pass: Rule passed : '0'.
Rule Name Result
1.2.1 Set 'Account lockout duration' to '15 or more minute(s)' Pass: Rule passed : '15'.
1.2.2 Set 'Account lockout threshold' to 10 or fewer invalid logon
attempt(s), but not 0
Pass: Rule passed : '5' '5'.
1.2.3 Set 'Reset account lockout counter after' to '15 or more minute(s)' Pass: Rule passed : '15'.
Rule Name Result
2.2.1 Set 'Access Credential Manager as a trusted caller' to 'No One' Pass: Rule passed : local security policy ().
Account Policies Rules
Account Lockout Policy
User Rights Assignment
Local Policies
Local Policies Rules
This document provides prescriptive guidance for establishing a secure configuration posture for CIS Microsoft Windows Server 2012 R2 (Member Server). To obtain the
latest version of this guide, please contact support@nntws.com or visit http://benchmarks.cisecurity.org. If you have questions, comments, or have identified ways to
improve this guide, please write us at support@nntws.com or feedback@cisecurity.org.
2 of 228 rules failed
226 of 228 rules passed
0 of 228 rules partially passed
Account Policies
Account Policies Rules
Password Policy
Page 1
2.2.2 Set 'Access this computer from the network'
Pass: Rule passed : local security policy (2 items: NT AUTHORITY\AUTHENTICATED USERS,
BUILTIN\ADMINISTRATORS).
2.2.3 Set 'Act as part of the operating system' to 'No One' Pass: Rule passed :.
2.2.5 Set 'Adjust memory quotas for a process' to 'Administrators,
LOCAL SERVICE, NETWORK SERVICE'
Pass: Rule passed : local security policy (3 items: NT AUTHORITY\LOCAL SERVICE, NT
AUTHORITY\NETWORK SERVICE, BUILTIN\ADMINISTRATORS).
2.2.6 Set 'Allow log on locally' to 'Administrators' Pass: Rule passed : local security policy (BUILTIN\ADMINISTRATORS).
2.2.7 Configure 'Allow log on through Remote Desktop Services' Pass: Rule passed : local security policy (BUILTIN\ADMINISTRATORS).
2.2.8 Set 'Back up files and directories' to 'Administrators' Pass: Rule passed : local security policy (BUILTIN\ADMINISTRATORS).
2.2.9 Set 'Change the system time' to 'Administrators, LOCAL SERVICE'
Pass: Rule passed : local security policy (2 items: NT AUTHORITY\LOCAL SERVICE,
BUILTIN\ADMINISTRATORS).
2.2.10 Set 'Change the time zone' to 'Administrators, LOCAL SERVICE'
Pass: Rule passed : local security policy (2 items: NT AUTHORITY\LOCAL SERVICE,
BUILTIN\ADMINISTRATORS).
2.2.11 Set 'Create a pagefile' to 'Administrators' Pass: Rule passed : local security policy (BUILTIN\ADMINISTRATORS).
2.2.12 Set 'Create a token object' to 'No One' Pass: Rule passed : local security policy ().
2.2.13 Set 'Create global objects' to 'Administrators, LOCAL SERVICE,
NETWORK SERVICE, SERVICE'
Pass: Rule passed : local security policy (4 items: NT AUTHORITY\LOCAL SERVICE, NT
AUTHORITY\NETWORK SERVICE, BUILTIN\ADMINISTRATORS, NT
AUTHORITY\SERVICE).
2.2.14 Set 'Create permanent shared objects' to 'No One' Pass: Rule passed : local security policy ().
2.2.15 Set 'Create symbolic links' to 'Administrators' Pass: Rule passed : local security policy (BUILTIN\ADMINISTRATORS).
2.2.16 Set 'Debug programs' to 'Administrators' Pass: Rule passed : local security policy (BUILTIN\ADMINISTRATORS).
2.2.17 Set 'Deny access to this computer from the network' Pass: Rule passed : local security policy (BUILTIN\GUESTS).
2.2.18 Set 'Deny log on as a batch job' to include 'Guests' Pass: Rule passed : local security policy (BUILTIN\GUESTS).
2.2.19 Set 'Deny log on as a service' to include 'Guests' Pass: Rule passed : local security policy (BUILTIN\GUESTS).
2.2.20 Set 'Deny log on locally' to include 'Guests' Pass: Rule passed : local security policy (BUILTIN\GUESTS).
2.2.21 Set 'Deny log on through Remote Desktop Services' to include
'Guests, Local account'
Pass: Rule passed : local security policy (2 items: NT AUTHORITY\LOCAL ACCOUNT,
BUILTIN\GUESTS).
2.2.22 Set 'Enable computer and user accounts to be trusted for
delegation'
Pass: Rule passed : local security policy ().
2.2.23 Set 'Force shutdown from a remote system' to 'Administrators' Pass: Rule passed : local security policy (BUILTIN\ADMINISTRATORS).
2.2.24 Set 'Generate security audits' to 'LOCAL SERVICE, NETWORK
SERVICE'
Pass: Rule passed : local security policy (2 items: NT AUTHORITY\LOCAL SERVICE, NT
AUTHORITY\NETWORK SERVICE).
2.2.25 Set 'Impersonate a client after authentication' to 'Administrators,
LOCAL SERVICE, NETWORK SERVICE, SERVICE'
Pass: Rule passed : local security policy (4 items: NT AUTHORITY\LOCAL SERVICE, NT
AUTHORITY\NETWORK SERVICE, BUILTIN\ADMINISTRATORS, NT
AUTHORITY\SERVICE).
2.2.26 Set 'Increase scheduling priority' to 'Administrators' Pass: Rule passed : local security policy (BUILTIN\ADMINISTRATORS).
2.2.27 Set 'Load and unload device drivers' to 'Administrators' Pass: Rule passed : local security policy (BUILTIN\ADMINISTRATORS).
2.2.28 Set 'Lock pages in memory' to 'No One' Pass: Rule passed : local security policy ().
2.2.29 Set 'Manage auditing and security log' to 'Administrators' Pass: Rule passed : local security policy (BUILTIN\ADMINISTRATORS).
2.2.30 Set 'Modify an object label' to 'No One' Pass: Rule passed : local security policy ().
2.2.31 Set 'Modify firmware environment values' to 'Administrators' Pass: Rule passed : local security policy (BUILTIN\ADMINISTRATORS).
2.2.32 Set 'Perform volume maintenance tasks' to 'Administrators' Pass: Rule passed : local security policy (BUILTIN\ADMINISTRATORS).
2.2.33 Set 'Profile single process' to 'Administrators' Pass: Rule passed : local security policy (BUILTIN\ADMINISTRATORS).
Page 2
2.2.34 Set 'Profile system performance' to 'Administrators, NT
SERVICE\WdiServiceHost'
Pass: Rule passed : local security policy (2 items: BUILTIN\ADMINISTRATORS, NT
SERVICE\WDISERVICEHOST).
2.2.35 Set 'Replace a process level token' to 'LOCAL SERVICE,
NETWORK SERVICE'
Pass: Rule passed : local security policy (2 items: NT AUTHORITY\LOCAL SERVICE, NT
AUTHORITY\NETWORK SERVICE).
2.2.36 Set 'Restore files and directories' to 'Administrators' Pass: Rule passed : local security policy (BUILTIN\ADMINISTRATORS).
2.2.37 Set 'Shut down the system' to 'Administrators' Pass: Rule passed : local security policy (BUILTIN\ADMINISTRATORS).
2.2.39 Set 'Take ownership of files or other objects' to 'Administrators' Pass: Rule passed : local security policy (BUILTIN\ADMINISTRATORS).
Rule Name Result
2.3.1.1 Set 'Accounts: Block Microsoft accounts' to 'Users can't add or
log on with Microsoft accounts'
Pass: Rule passed : '3'.
2.3.1.2 Set 'Accounts: Guest account status' to 'Disabled'
Pass: Rule passed : local security policy
(0)'[{oval:org.cisecurity.benchmarks.microsoft_windows_8.1:obj:1051}]'.
2.3.1.3 Set 'Accounts: Limit local account use of blank passwords to
console logon only' to 'Enabled'
Pass: Rule passed : '1'.
2.3.1.4 Configure 'Accounts: Rename administrator account' Pass: Rule passed : local security policy ("NNTAdministrator").
2.3.1.5 Configure 'Accounts: Rename guest account' Pass: Rule passed : local security policy ("6ue$t").
Rule Name Result
2.3.2.1 Set 'Audit: Force audit policy subcategory settings (Windows
Vista or later) to override audit policy category settings' to 'Enabled'
Pass: Rule passed : '1'.
2.3.2.2 Set 'Audit: Shut down system immediately if unable to log
security audits' to 'Disabled'
Pass: Rule passed : '0'.
Rule Name Result
2.3.4.1 Set 'Devices: Allowed to format and eject removable media' to
'Administrators'
Pass: Rule passed : '0'.
2.3.4.2 Set 'Devices: Prevent users from installing printer drivers' to
'Enabled'
Pass: Rule passed : '1'.
Rule Name Result
2.3.6.1 Set 'Domain member: Digitally encrypt or sign secure channel
data (always)' to 'Enabled'
Pass: Rule passed : '1'.
2.3.6.2 Set 'Domain member: Digitally encrypt secure channel data
(when possible)' to 'Enabled'
Pass: Rule passed : '1'.
Accounts Rules
Security Options
Audit Rules
Devices Rules
Domain member Rules
Page 3
2.3.6.3 Set 'Domain member: Digitally sign secure channel data (when
possible)' to 'Enabled'
Pass: Rule passed : '1'.
2.3.6.4 Set 'Domain member: Disable machine account password
changes' to 'Disabled'
Pass: Rule passed : '0'.
2.3.6.5 Set 'Domain member: Maximum machine account password age'
to 30 or fewer days, but not 0
Pass: Rule passed : '30' '30'.
2.3.6.6 Set 'Domain member: Require strong (Windows 2000 or later)
session key' to 'Enabled'
Pass: Rule passed : '1'.
Rule Name Result
2.3.7.1 Set 'Interactive logon: Do not display last user name' to 'Enabled' Pass: Rule passed : '1'.
2.3.7.2 Set 'Interactive logon: Do not require CTRL+ALT+DEL' to
'Disabled'
Pass: Rule passed : '0'.
2.3.7.3 Set 'Interactive logon: Machine inactivity limit' to 900 or fewer
second(s), but not 0
Pass: Rule passed : '900' '900'.
2.3.7.4 Configure 'Interactive logon: Message text for users attempting to
log on'
Fail: Configure 'Interactive logon: Message text for users attempting to log on' : .'THIS IS A
PRIVATE COMPUTER SYSTEM. It is for authorized use only.Users (authorized or
unauthorized) have no explicit or implicitexpectation of privacy.Any or all uses of this system
and all files on this system maybe intercepted, monitored, recorded, copied, audited,
inspected,and disclosed to authorized site and law enforcement personnel,as well as authorized
officials of other agencies, both domesticand foreign. By using this system, the user consents
to suchinterception, monitoring, recording, copying, auditing, inspection,and disclosure at the
discretion of authorized site personnel.Unauthorized or improper use of this system may result
inadministrative disciplinary action and civil and criminal penalties.By continuing to use this
system you indicate your awareness of andconsent to these terms and conditions of use. LOG
OFF IMMEDIATELYif you do not agree to the conditions stated in this warning.
2.3.7.5 Configure 'Interactive logon: Message title for users attempting to
log on'
Pass: Rule passed : 'NOTICE TO USERS'.
2.3.7.6 Set 'Interactive logon: Number of previous logons to cache (in
case domain controller is not available)' to '4 or fewer logon(s)'
Pass: Rule passed : '4'.
2.3.7.7 Set 'Interactive logon: Prompt user to change password before
expiration' to 'between 5 and 14 days'
Pass: Rule passed : '5' '5'.
2.3.7.8 Set 'Interactive logon: Smart card removal behavior' to 'Lock
Workstation'
Pass: Rule passed : '1'.
Interactive logon Rules
Page 4
剩余15页未读,继续阅读
lse19871231
- 粉丝: 2
- 资源: 5
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
最新资源
- lsb-release,安装磐维数据库,安装oracle数据库等常用的依赖包
- glibc-devel,安装磐维数据库,安装oracle数据库等常用的依赖包
- redhat-lsb-submit-security,安装磐维数据库,安装oracle数据库等常用的依赖包
- 可以在mac下开发的微雪esp32触摸屏开发板的支持包
- redhat-lsb-core,安装磐维数据库,安装oracle数据库等常用的依赖包
- redhat-lsb-core,安装磐维数据库,安装oracle数据库等常用的依赖包
- 非常好的在线聊天系统源代码100%好用.zip
- libpng,安装磐维数据库,安装oracle数据库等常用的依赖包
- 飞机检测12-YOLO(v5至v9)、COCO、CreateML、Darknet、Paligemma、TFRecord数据集合集.rar
- redhad-lsb,安装磐维数据库,安装oracle数据库等常用的依赖包
资源上传下载、课程学习等过程中有任何疑问或建议,欢迎提出宝贵意见哦~我们会及时处理!
点击此处反馈
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功
- 1
- 2
前往页