|
Server : Apache/2.4.43 (Win64) OpenSSL/1.1.1g PHP/7.4.6 System : Windows NT USER-PC 6.1 build 7601 (Windows 7 Professional Edition Service Pack 1) AMD64 User : User ( 0) PHP Version : 7.4.6 Disable Function : NONE Directory : C:/Windows/inf/ |
; Copyright (c) Microsoft Corporation. All rights reserved. ; ; Security Configuration Template for Security Configuration Editor ; ; Template Name: SCERegVl.INF ; Template Version: 05.00.DR.0000 ; ; Revision History ; 0000 - Original [version] signature="$CHICAGO$" DriverVer=06/21/2006,6.1.7601.17514 [Register Registry Values] ; ; Syntax: RegPath,RegType,DisplayName,DisplayType,Options ; where ; RegPath: Includes the registry keypath and value ; RegType: 1 - REG_SZ, 2 - REG_EXPAND_SZ, 3 - REG_BINARY, 4 - REG_DWORD, 7 - REG_MULTI_SZ ; Display Name: Is a localizable string defined in the [strings] section ; Display type: 0 - boolean, 1 - Number, 2 - String, 3 - Choices, 4 - Multivalued, 5 - Bitmask ; Options: If Displaytype is 3 (Choices) or 5 (Bitmask), then specify the range of values and corresponding display strings ; in value|displaystring format separated by a comma. MACHINE\System\CurrentControlSet\Control\Lsa\AuditBaseObjects,4,%AuditBaseObjects%,0 MACHINE\System\CurrentControlSet\Control\Lsa\CrashOnAuditFail,4,%CrashOnAuditFail%,0 MACHINE\System\CurrentControlSet\Control\Lsa\DisableDomainCreds,4,%DisableDomainCreds%,0 MACHINE\System\CurrentControlSet\Control\Lsa\EveryoneIncludesAnonymous,4,%EveryoneIncludesAnonymous%,0 MACHINE\System\CurrentControlSet\Control\Lsa\ForceGuest,4,%ForceGuest%,3,0|%Classic%,1|%GuestBased% MACHINE\System\CurrentControlSet\Control\Lsa\FullPrivilegeAuditing,3,%FullPrivilegeAuditing%,0 MACHINE\System\CurrentControlSet\Control\Lsa\LimitBlankPasswordUse,4,%LimitBlankPasswordUse%,0 MACHINE\System\CurrentControlSet\Control\Lsa\LmCompatibilityLevel,4,%LmCompatibilityLevel%,3,0|%LMCLevel0%,1|%LMCLevel1%,2|%LMCLevel2%,3|%LMCLevel3%,4|%LMCLevel4%,5|%LMCLevel5% MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0\NTLMMinClientSec,4,%NTLMMinClientSec%,5,524288|%NTLMv2Session%,536870912|%NTLM128% MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0\NTLMMinServerSec,4,%NTLMMinServerSec%,5,524288|%NTLMv2Session%,536870912|%NTLM128% MACHINE\System\CurrentControlSet\Control\Lsa\NoLMHash,4,%NoLMHash%,0 MACHINE\System\CurrentControlSet\Control\Lsa\RestrictAnonymous,4,%RestrictAnonymous%,0 MACHINE\System\CurrentControlSet\Control\Lsa\RestrictAnonymousSAM,4,%RestrictAnonymousSAM%,0 MACHINE\System\CurrentControlSet\Control\Lsa\SubmitControl,4,%SubmitControl%,0 MACHINE\System\CurrentControlSet\Control\Lsa\SCENoApplyLegacyAuditPolicy,4,%SCENoApplyLegacyAuditPolicy%,0 MACHINE\System\CurrentControlSet\Control\Print\Providers\LanMan Print Services\Servers\AddPrinterDrivers,4,%AddPrintDrivers%,0 MACHINE\System\CurrentControlSet\Control\SecurePipeServers\Winreg\AllowedPaths\Machine,7,%AllowedPaths%,4 MACHINE\System\CurrentControlSet\Control\SecurePipeServers\Winreg\AllowedExactPaths\Machine,7,%AllowedExactPaths%,4 MACHINE\System\CurrentControlSet\Control\Session Manager\Kernel\ObCaseInsensitive,4,%ObCaseInsensitive%,0 MACHINE\System\CurrentControlSet\Control\Session Manager\Memory Management\ClearPageFileAtShutdown,4,%ClearPageFileAtShutdown%,0 MACHINE\System\CurrentControlSet\Control\Session Manager\ProtectionMode,4,%ProtectionMode%,0 MACHINE\System\CurrentControlSet\Control\Session Manager\SubSystems\optional,7,%OptionalSubSystems%,4 MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\EnableSecuritySignature,4,%EnableSMBSignServer%,0 MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\RequireSecuritySignature,4,%RequireSMBSignServer%,0 MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\EnableForcedLogOff,4,%EnableForcedLogoff%,0 MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\AutoDisconnect,4,%AutoDisconnect%,1,%Unit-Minutes% MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\RestrictNullSessAccess,4,%RestrictNullSessAccess%,0 MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\NullSessionPipes,7,%NullPipes%,4 MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\NullSessionShares,7,%NullShares%,4 MACHINE\System\CurrentControlSet\Services\LanmanWorkstation\Parameters\EnableSecuritySignature,4,%EnableSMBSignRDR%,0 MACHINE\System\CurrentControlSet\Services\LanmanWorkstation\Parameters\RequireSecuritySignature,4,%RequireSMBSignRDR%,0 MACHINE\System\CurrentControlSet\Services\LanmanWorkstation\Parameters\EnablePlainTextPassword,4,%EnablePlainTextPassword%,0 MACHINE\System\CurrentControlSet\Services\LDAP\LDAPClientIntegrity,4,%LDAPClientIntegrity%,3,0|%LDAPClient0%,1|%LDAPClient1%,2|%LDAPClient2% MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\DisablePasswordChange,4,%DisablePWChange%,0 MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\MaximumPasswordAge,4,%MaximumPWAge%,1,%Unit-Days% MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\RefusePasswordChange,4,%RefusePWChange%,0 MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\SignSecureChannel,4,%SignSecureChannel%,0 MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\SealSecureChannel,4,%SealSecureChannel%,0 MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\RequireSignOrSeal,4,%SignOrSeal%,0 MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\RequireStrongKey,4,%StrongKey%,0 MACHINE\System\CurrentControlSet\Services\NTDS\Parameters\LDAPServerIntegrity,4,%LDAPServerIntegrity%,3,1|%LDAPServer1%,2|%LDAPServer2% MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableCAD,4,%DisableCAD%,0 MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\DontDisplayLastUserName,4,%DontDisplayLastUserName%,0 MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\DontDisplayLockedUserId,4,%DontDisplayLockedUserId%,3,1|%LockedUserID0%,2|%LockedUserID1%,3|%LockedUserID2% MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\LegalNoticeCaption,1,%LegalNoticeCaption%,2 MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\LegalNoticeText,7,%LegalNoticeText%,4 MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\ScForceOption,4,%ScForceOption%,0 MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\ShutdownWithoutLogon,4,%ShutdownWithoutLogon%,0 MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\UndockWithoutLogon,4,%UndockWithoutLogon%,0 MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Setup\RecoveryConsole\SecurityLevel,4,%RCAdmin%,0 MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Setup\RecoveryConsole\SetCommand,4,%RCSet%,0 MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\CachedLogonsCount,1,%CachedLogonsCount%,1,%Unit-Logons% MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ForceUnlockLogon,4,%ForceUnlockLogon%,0 MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\PasswordExpiryWarning,4,%PasswordExpiryWarning%,1,%Unit-Days% MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ScRemoveOption,1,%ScRemove%,3,0|%ScRemove0%,1|%ScRemove1%,2|%ScRemove2%,3|%ScRemove3% MACHINE\Software\Policies\Microsoft\Cryptography\ForceKeyProtection,4,%ForceHighProtection%,3,0|%CryptAllowNoUI%,1|%CryptAllowNoPass%,2|%CryptUsePass% MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\AuthenticodeEnabled,4,%AuthenticodeEnabled%,0 MACHINE\Software\Policies\Microsoft\Windows NT\DCOM\MachineLaunchRestriction,1,%DCOMLaunchRestriction%,2 MACHINE\Software\Policies\Microsoft\Windows NT\DCOM\MachineAccessRestriction,1,%DCOMAccessRestriction%,2 ; delete these values from the UI - Rdr in case NT4 w SCE MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\DisableCAD MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\DontDisplayLastUserName MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\LegalNoticeCaption MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\LegalNoticeText MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ShutdownWithoutLogon MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\CmdConsSecurityLevel MACHINE\System\CurrentControlSet\Control\Print\Providers\LanMan Print Services\AddPrintDrivers MACHINE\System\CurrentControlSet\Services\MRxSMB\Parameters\EnableSecuritySignature MACHINE\System\CurrentControlSet\Services\MRxSMB\Parameters\RequireSecuritySignature MACHINE\System\CurrentControlSet\Services\MRxSMB\Parameters\EnablePlainTextPassword MACHINE\System\CurrentControlSet\Services\Rdr\Parameters\EnableSecuritySignature MACHINE\System\CurrentControlSet\Services\Rdr\Parameters\RequireSecuritySignature MACHINE\System\CurrentControlSet\Services\Rdr\Parameters\EnablePlainTextPassword MACHINE\Software\Microsoft\Windows\CurrentVersion\NetCache\EncryptEntireCache MACHINE\Software\Microsoft\Windows NT\CurrentVersion\EFS\AlgorithmID MACHINE\Software\Microsoft\Non-Driver Signing\Policy MACHINE\Software\Policies\Microsoft\Cryptography\ForceHighProtection [Strings] ;================================ Accounts ============================================================================ ;Specified in UI code - Accounts: Administrator account status ;Specified in UI code - Accounts: Guest account status ;Specified in UI code - Accounts: Rename administrator account ;Specified in UI code - Accounts: Rename guest account LimitBlankPasswordUse = "@wsecedit.dll,-59001" ;================================ Audit =============================================================================== AuditBaseObjects="@wsecedit.dll,-59002" FullPrivilegeAuditing="@wsecedit.dll,-59003" CrashOnAuditFail="@wsecedit.dll,-59004" SCENoApplyLegacyAuditPolicy="@wsecedit.dll,-59104" ;================================ Devices ============================================================================= AddPrintDrivers="@wsecedit.dll,-59005" UndockWithoutLogon="@wsecedit.dll,-59010" ;================================ Domain controller ==================================================================== SubmitControl="@wsecedit.dll,-59011" RefusePWChange="@wsecedit.dll,-59012" LDAPServerIntegrity = "@wsecedit.dll,-59013" LDAPServer1 = "@wsecedit.dll,-59014" LDAPServer2 = "@wsecedit.dll,-59015" ;================================ Domain member ======================================================================== DisablePWChange="@wsecedit.dll,-59016" MaximumPWAge="@wsecedit.dll,-59017" SignOrSeal="@wsecedit.dll,-59018" SealSecureChannel="@wsecedit.dll,-59019" SignSecureChannel="@wsecedit.dll,-59020" StrongKey="@wsecedit.dll,-59021" ;================================ Interactive logon ==================================================================== DisableCAD = "@wsecedit.dll,-59022" DontDisplayLastUserName = "@wsecedit.dll,-59023" DontDisplayLockedUserId = "@wsecedit.dll,-59024" LockedUserId0 = "@wsecedit.dll,-59025" LockedUserId1 = "@wsecedit.dll,-59026" LockedUserId2 = "@wsecedit.dll,-59027" LegalNoticeText = "@wsecedit.dll,-59028" LegalNoticeCaption = "@wsecedit.dll,-59029" CachedLogonsCount = "@wsecedit.dll,-59030" PasswordExpiryWarning = "@wsecedit.dll,-59031" ForceUnlockLogon = "@wsecedit.dll,-59032" ScForceOption = "@wsecedit.dll,-59033" ScRemove = "@wsecedit.dll,-59034" ScRemove0 = "@wsecedit.dll,-59035" ScRemove1 = "@wsecedit.dll,-59036" ScRemove2 = "@wsecedit.dll,-59037" ScRemove3 = "@wsecedit.dll,-59038" ;================================ Microsoft network client ============================================================= RequireSMBSignRdr="@wsecedit.dll,-59039" EnableSMBSignRdr="@wsecedit.dll,-59040" EnablePlainTextPassword="@wsecedit.dll,-59041" ;================================ Microsoft network server ============================================================= AutoDisconnect="@wsecedit.dll,-59042" RequireSMBSignServer="@wsecedit.dll,-59043" EnableSMBSignServer="@wsecedit.dll,-59044" EnableForcedLogoff="@wsecedit.dll,-59045" ;================================ Network access ======================================================================= ;Specified in UI code - Network access: Allow anonymous SID/Name translation DisableDomainCreds = "@wsecedit.dll,-59046" RestrictAnonymousSAM = "@wsecedit.dll,-59047" RestrictAnonymous = "@wsecedit.dll,-59048" EveryoneIncludesAnonymous = "@wsecedit.dll,-59049" RestrictNullSessAccess = "@wsecedit.dll,-59050" NullPipes = "@wsecedit.dll,-59051" NullShares = "@wsecedit.dll,-59052" AllowedPaths = "@wsecedit.dll,-59053" AllowedExactPaths = "@wsecedit.dll,-59054" ForceGuest = "@wsecedit.dll,-59055" Classic = "@wsecedit.dll,-59056" GuestBased = "@wsecedit.dll,-59057" ;================================ Network security ===================================================================== ;Specified in UI code - Network security: Enforce logon hour restrictions NoLMHash = "@wsecedit.dll,-59058" LmCompatibilityLevel = "@wsecedit.dll,-59059" LMCLevel0 = "@wsecedit.dll,-59060" LMCLevel1 = "@wsecedit.dll,-59061" LMCLevel2 = "@wsecedit.dll,-59062" LMCLevel3 = "@wsecedit.dll,-59063" LMCLevel4 = "@wsecedit.dll,-59064" LMCLevel5 = "@wsecedit.dll,-59065" NTLMMinClientSec = "@wsecedit.dll,-59066" NTLMMinServerSec = "@wsecedit.dll,-59067" NTLMv2Session = "@wsecedit.dll,-59070" NTLM128 = "@wsecedit.dll,-59071" LDAPClientIntegrity = "@wsecedit.dll,-59072" LDAPClient0 = "@wsecedit.dll,-59073" LDAPClient1 = "@wsecedit.dll,-59074" LDAPClient2 = "@wsecedit.dll,-59075" ;================================ Recovery console ==================================================================== RCAdmin="@wsecedit.dll,-59076" RCSet="@wsecedit.dll,-59077" ;================================ Shutdown ============================================================================ ShutdownWithoutLogon="@wsecedit.dll,-59078" ClearPageFileAtShutdown="@wsecedit.dll,-59079" ProtectionMode = "@wsecedit.dll,-59080" ObCaseInsensitive = "@wsecedit.dll,-59084" ;================================ System cryptography ================================================================= FIPS="@wsecedit.dll,-59085" ForceHighProtection="@wsecedit.dll,-59086" CryptAllowNoUI="@wsecedit.dll,-59087" CryptAllowNoPass="@wsecedit.dll,-59088" CryptUsePass="@wsecedit.dll,-59089" ;================================ System Settings ===================================================================== AuthenticodeEnabled = "@wsecedit.dll,-59090" OptionalSubSystems = "@wsecedit.dll,-59091" Unit-Logons="@wsecedit.dll,-59092" Unit-Days="@wsecedit.dll,-59093" Unit-Minutes="@wsecedit.dll,-59094" Unit-Seconds="@wsecedit.dll,-59095" ;================================ DCOM Machine Restrictions =========================================================== DCOMLaunchRestriction="@wsecedit.dll,-59096" DCOMAccessRestriction="@wsecedit.dll,-59097"