Hi Guys,
Here is the security options policy settings for Windows server continuation.. ( Part 3 )
MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing) - Highest protection, source routing is completely disabled
MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes – Disabled
MSS: (ScreenSaverGracePeriod) The time in seconds before the screen saver grace period expires (0 recommended) – 0
System Objects: Require case insensitivity for non-Windows subsystems – Enabled
System Cryptography: Force strong key protection for user keys stored on the computer - User must enter a password each time they use a key
System Cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing - Enable
System objects: Default owner for objects created by members of the Administrators group - Object Creator
System objects: Require case insensitivity for non-Windows subsystems - Enable
System objects: Strengthen default permissions of internal system objects (e.g., Symbolic Links) - Enable
System settings: Optional subsystems – Null value
Recovery Console: Allow automatic administrative logon – Disabled
Recovery Console: Allow floppy copy and access to all drives and all folders - Disabled
Domain Controllers Policy- if present in scope - Domain controller: Allow server operators to schedule tasks – Disabled
System settings: Use Certificate Rules on Windows Executables for Software Restriction Policies - Enable
User Account Control: Admin Approval Mode for the Built-in Administrator account – Enable
User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop - Disable
User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode - Prompt for consent
User Account Control: Behavior of the elevation prompt for standard users - Prompt for credentials
User Account Control: Detect application installations and prompt for elevation – Enable
User Account Control: Only elevate executables that are signed and validated – Enable
User Account Control: Only elevate UIAccess applications that are installed in secure locations – Enable
Enable the User Account Control: Only elevate UIAccess applications that are installed in secure locations policy setting – Enable
User Account Control: Run all administrators in Admin Approval Mode – Enable
User Account Control: Switch to the secure desktop when prompting for elevation – Enable
User Account Control: Virtualize file and registry write failures to per-user locations – Enable
Feel free to tune this as per your requirements.
Thank you for stopping by.
