USGCB CCE-8655-3, CCE-8740-3 CCE-8804-7, CCE-8806-2, CCE-8807-0, CCE8811
These are a little tricky, you need a new tool to be able to view them.
Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing) Highest protection, source routing is completely disabled To prevent attackers from obscuring the location and address of their computer via source routing. All incoming source-routed IPv6 packets will be ignored. AC-3 CM-6 CM-7 SC-5 HKLM\System\CurrentControlSet\Services\Tcpip6\Parameters\DisableIPSourceRouting
Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options Interactive logon: Message title for users attempting to logon — WARNING –? Although its not likely to dissuade a serious attacker the warning message helps reinforce organizational policy during the logon process. Agencies should use replace the text suggested here with text that meets their business requirements. Users will be see a message dialog box before they can complete the logon process.
Organizations are free to use the text provided in this document however they should implement text that meets their organization’s business and policy requirements. AC-8 CM-6 CM-7 SC-5 HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\LegalNoticeCaption
Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options Network security: Allow LocalSystem NULL session fallback Disabled To prevent the computer from using NULL sessions. Applications that require NULL sessions for LocalSystem will fail. IA-2 CM-7 HKLM\System\CurrentControlSet\Control\Lsa\MSV1_0\allownullsessionfallback
Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options Network security: LAN Manager authentication level Send NTLMv2 Response only. Refuse LM and NTLM To prevent the use of less secure authentication protocols. The computer will not be able to authenticate to or share resource with computers that do not support NTLMv2 authentication. AC-3 CM-6 HKLM\System\CurrentControlSet\Control\Lsa\LmCompatibilityLevel CCE-
Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options Recovery console: Allow automatic administrative logon Disabled To prevent anyone with physical access to the console from gaining administrative privileges. A valid username and password will be required to access the Recovery Console. IA-2 AC-14 HKLM\Software\Microsoft\Windows NT\CurrentVersion\Setup\RecoveryConsole\SecurityLevel
Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options User Account Control: Admin Approval Mode for the Built-in Administrator account Enabled To lessen the burden UAC has on administrators. Users who logon with the local administrator account will always see elevation prompts rather than the secure desktop when opening programs that require administrator privileges. AC-2 IA-2 HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\FilterAdministratorToken