AzureSecurityCenter BaselineRules Windows Linux V3

CCEID
CCE-14027-7
CCE-14054-1
CCE-14068-1
CCE-14088-9
CCE-14495-6
CCE-14716-5
CCE-14825-4
CCE-14957-5
CCE-15013-6
CCE-15018-5
CCE-17248-6
CCE-17639-6
CCE-17698-2
CCE-17742-8
CCE-17857-4
CCE-18095-0
CCE-18240-2
CCE-18455-6
CCE-3390-2
CCE-3425-6
CCE-3501-4
CCE-3522-0
CCE-3535-2
CCE-3537-8
CCE-3561-8
CCE-3566-7
CCE-3568-3
CCE-3578-2
CCE-3644-2
CCE-3660-8
CCE-3705-1
CCE-3840-6
CCE-3847-1
CCE-3916-4
CCE-3967-7
CCE-4009-7
CCE-4023-8
CCE-4030-3
CCE-4030-3
CCE-4042-8
CCE-4080-8
CCE-4091-5
CCE-4130-1
CCE-4133-5
CCE-4141-8
CCE-4146-7
CCE-4164-0
CCE-4172-3
CCE-4182-2
CCE-4209-3
CCE-4219-2
CCE-4234-1
CCE-4236-6
CCE-4236-6
CCE-4238-2
CCE-4239-0
CCE-4252-3
CCE-4265-5
CCE-4273-9
CCE-4275-4
CCE-4276-2
CCE-4286-1
CCE-4304-2
CCE-4308-3
CCE-4324-0
CCE-4325-7
CCE-4330-7
CCE-4336-4
CCE-4348-9
CCE-4355-4
CCE-4365-3
CCE-4368-7
CCE-4370-3
CCE-4421-4
CCE-4425-5
CCE-4464-4
CCE-4475-0
CCE-4491-7
CCE-4550-0
Name
Disable support for RDS.
Zeroconf networking should be disabled. (disabled)
The postfix package should be uninstalled.
The 'root' group should exist, and contain all members who can su to root
The sendmail package should be uninstalled.
Users are not allowed to set environment options for SSH.
The isdnutils-base package should be uninstalled.
No Group/World-Writeable Directory In root's $PATH
The system should not act as a network sniffer.
Postfix network listening should be disabled as appropriate.
Logs should be sent to a remote loghost (using mdsd service)
Rsyslog should not accept remote messages. (reject)
The rsyslog service should be enabled.
The syslog or rsyslog package should be installed.
All rsyslog log files should be owned by the syslog user.
File permissions for all rsyslog log files should be set to 640.
All rsyslog log files should be owned by the adm group.
The IPv6 protocol should be enabled.
The telnet service should be disabled. (disabled)
The kdump service should be disabled. (disabled)
The ldap service should be disabled. (disabled)
The nodev option should be enabled for all removable media.
The rpcgssd service should be disabled.
The rlogin service should be disabled.
IP forwarding should be disabled. (net.ipv4.ip_forward = 0)
/etc/passwd file permissions should be 0644
The rpcidmapd service should be disabled.
The named service should be disabled.
Ignoring ICMP echo requests (pings) sent to broadcast / multicast addresses should be enabled. (net.ipv4.icmp_echo_ignore_b
Remote connections from accounts with empty passwords should be disabled. - '/etc/ssh/sshd_config PermitEmptyPasswords
The ypbind service should be disabled.
Performing source validation by reverse path should be enabled for all interfaces. (net.ipv4.conf.default.rp_filter = 1)
The dovecot service should be disabled.
The tftpd package should be uninstalled.
/etc/group file permissions should be 0644
Accounts other than root must have unique UIDs greater than zero(0)
Install inetd only if appropriate and required by your distro. Secure according to current hardening standards. (if required)
SSH must be configured and managed to meet best practices. - '/etc/ssh/sshd_config IgnoreRhosts = yes'
SSH must be configured and managed to meet best practices. - '/etc/ssh/sshd_config RhostsAuthentication = no'
The nosuid option should be enabled for all removable media.
Performing source validation by reverse path should be enabled for all interfaces. (net.ipv4.conf.all.rp_filter = 1)
The default setting for accepting source routed packets should be disabled for network interfaces. (net.ipv6.conf.default.accep
/etc/shadow- file permissions should be set to 0600
Ignoring bogus ICMP responses to broadcasts should be enabled. (net.ipv4.icmp_ignore_bogus_error_responses = 1)
The rcp/rsh service should be disabled.
Randomized placement of virtual memory regions should be enabled
Install xinetd only if appropriate and required by your distro. Secure according to current hardening standards. (if required)
Kernel support for the XD/NX processor feature should be enabled
The logrotate (syslog rotater) service should be enabled. (enabled)
Kernels should only be compiled from approved sources.
The bind package should be uninstalled.
Disable inetd unless required. (inetd)
Accepting source routed packets should be disabled for all interfaces. (net.ipv4.conf.all.accept_source_route = 0)
Accepting source routed packets should be disabled for all interfaces. (net.ipv6.conf.all.accept_source_route = 0)
There are no accounts without passwords
The dovecot package should be uninstalled.
Disable xinetd unless required. (xinetd)
TCP syncookies should be enabled. (net.ipv4.tcp_syncookies = 1)
The tftp service should be disabled.
The noexec option should be enabled for all removable media.
All wireless interfaces should be disabled. (disabled)
The isdn service should be disabled.
File permissions for /etc/anacrontab should be set to root:root 600.
The rsh-server package should be uninstalled.
The crond service should be enabled. (enabled)
SSH must be configured and managed to meet best practices. - '/etc/ssh/ssh_config Protocol = 2'
All telnetd packages should be uninstalled.
The dhcpd service should be disabled.
The nis package should be uninstalled.
The bluetooth/hidd service should be disabled.
The avahi-daemon service should be disabled.
The nodev/nosuid option should be enabled for all NFS mounts.
SSH host-based authentication should be disabled. - '/etc/ssh/sshd_config HostbasedAuthentication = no'
The readahead-fedora package should be uninstalled.
The cups service should be disabled.
The isc-dhcp-server package should be uninstalled.
Emulation of the rsh command through the ssh server should be disabled. - '/etc/ssh/sshd_config RhostsRSAAuthentication =
The rpcsvcgssd service should be disabled.
The portmap service should be disabled.
CCEID
CCE-1868-9
CCE-1767-3
CCE-2410-9
CCE-2272-3
CCE-2203-8
CCE-2261-6
CCE-2362-2
CCE-1802-8
CCE-2381-2
CCE-2378-8
CCE-2356-4
CCE-2263-2
CCE-2315-0
CCE-12163-2
CCE-12284-6
CCE-13594-7
CCE-2442-2
CCE-2302-8
CCE-2434-9
CCE-2266-5
CCE-2451-3
CCE-2473-7
CCE-2487-7
CCE-2331-7
CCE-2474-5
CCE-2478-6
CCE-2509-8
CCE-2500-7
CCE-2304-4
CCE-2364-8
CCE-2256-6
CCE-2324-2
CCE-2297-0
CCE-2346-5
CCE-1448-0
CCE-1824-2
CCE-2454-7
CCE-1834-1
CCE-1843-2
CCE-2285-5
CCE-2294-7
CCE-2152-7
CCE-2257-4
CCE-2079-2
CCE-2102-2
CCE-2286-3
CCE-2113-9
CCE-2506-4
CCE-2310-1
CCE-2314-3
CCE-2360-6
CCE-1527-1
CCE-1944-8
CCE-2308-5
CCE-2004-0
CCE-2296-2
CCE-1750-9
CCE-2290-5
CCE-2026-3
CCE-2075-0
CCE-2171-7
CCE-1328-4
CCE-2382-0
CCE-2129-5
CCE-2078-4
CCE-12706-8
CCE-12504-7
CCE-2404-2
CCE-14139-0
CCE-1826-7
CCE-11888-5
CCE-13615-0
CCE-12640-9
CCE-14271-1
CCE-2320-0
CCE-12973-4
CCE-12739-9
CCE-5229-0
CCE-13197-9
CCE-1470-4
CCE-1800-2
CCE-12456-0
CCE-13230-8
CCE-13049-2
CCE-2399-4
CCE-13454-4
CCE-5263-9
CCE-12473-5
CCE-13823-0
CCE-12990-8
CCE-12562-5
CCE-2424-0
CCE-2276-4
CCE-2309-3
CCE-2421-6
CCE-2307-7
CCE-2340-8
CCE-2406-7
CCE-1553-7
CCE-2416-6
CCE-2403-4
CCE-2447-1
CCE-1962-0
CCE-2249-1
CCE-2507-2
CCE-1598-2
CCE-2377-0
CCE-2429-9
CCE-2089-1
CCE-2361-4
CCE-2199-8
CCE-2029-7
CCE-2183-2
CCE-2327-5
Name
Domain member: Digitally encrypt secure channel data (when possible)
Network security: Minimum session security for NTLM SSP based (including secure RPC) clients
Network security: Minimum session security for NTLM SSP based (including secure RPC) servers
Microsoft network client: Send unencrypted password to third-party SMB servers
Domain member: Digitally encrypt or sign secure channel data (always)
System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing
Domain member: Digitally sign secure channel data (when possible)
Domain member: Require strong (Windows 2000 or later) session key
Microsoft network server: Digitally sign communications (always)
Microsoft network client: Digitally sign communications (if server agrees)
Microsoft network client: Digitally sign communications (always)
Microsoft network server: Digitally sign communications (if client agrees)
Audit: Shut down system immediately if unable to log security audits
Retain old events
Retain old events
Retain old events
MSS: (WarningLevel) Percentage threshold for the security event log at which the system will generate a warning
User Account Control: Admin Approval Mode for the Built-in Administrator account
User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop
User Account Control: Virtualize file and registry write failures to per-user locations
System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links)
User Account Control: Only elevate UIAccess applications that are installed in secure locations
User Account Control: Detect application installations and prompt for elevation
Interactive logon: Do not require CTRL+ALT+DEL
User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode
User Account Control: Run all administrators in Admin Approval Mode
User Account Control: Only elevate executables that are signed and validated
User Account Control: Switch to the secure desktop when prompting for elevation
Network security: Do not store LAN Manager hash value on next password change
Accounts: Limit local account use of blank passwords to console logon only
Domain member: Disable machine account password changes
Interactive logon: Prompt user to change password before expiration
Interactive logon: Number of previous logons to cache (in case domain controller is not available)
Interactive logon: Require Domain Controller authentication to unlock workstation
Interactive logon: Smart card removal behavior
Network access: Let Everyone permissions apply to anonymous users
Network security: LAN Manager authentication level
Deny log on as a batch job
Manage auditing and security log
Bypass traverse checking
Restore files and directories
Devices: Prevent users from installing printer drivers
Modify firmware environment values
Act as part of the operating system
Deny log on through Terminal Services
Allow log on locally
Profile system performance
Take ownership of files or other objects
Debug programs
Deny access to this computer from the network
Profile single process
Replace a process level token
Deny log on as a service
Allow log on through Terminal Services
Adjust memory quotas for a process
Deny log on locally
Force shutdown from a remote system
Change the system time
Access Credential Manager as a trusted caller
Access this computer from the network
Change the time zone
Create a pagefile
Remove computer from docking station
Generate security audits
Shut down the system
Windows Firewall: Public: Display a notification
Windows Firewall: Domain: Firewall state
MSS: (NoDefaultExempt) Configure IPSec exemptions for various types of network traffic.
Windows Firewall: Public: Apply local firewall rules
MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing)
Windows Firewall: Domain: Apply local connection security rules
Windows Firewall: Private: Apply local firewall rules
Windows Firewall: Private: Outbound connections
Windows Firewall: Public: Apply local connection security rules
MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers
Windows Firewall: Domain: Display a notification
Windows Firewall: Private: Apply local connection security rules
MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing)
Windows Firewall: Domain: Outbound connections
MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes
MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS)
Windows Firewall: Public: Firewall state
Windows Firewall: Private: Display a notification
Windows Firewall: Public: Allow unicast response
MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds
Windows Firewall: Private: Firewall state
MSS: (TcpMaxDataRetransmissions IPv6) How many times unacknowledged data is retransmitted (3 recommended, 5 is defau
Windows Firewall: Domain: Apply local firewall rules
Windows Firewall: Domain: Allow unicast response
Windows Firewall: Public: Outbound connections
Windows Firewall: Private: Allow unicast response
MSS: (TcpMaxDataRetransmissions) How many times unacknowledged data is retransmitted (3 recommended, 5 is default)
Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings
Recovery console: Allow automatic administrative logon
System settings: Use Certificate Rules on Windows Executables for Software Restriction Policies
MSS: (AutoAdminLogon) Enable Automatic Logon (not recommended)
Network access: Do not allow anonymous enumeration of SAM accounts and shares
Network access: Sharing and security model for local accounts
Recovery console: Allow floppy copy and access to all drives and all folders
Shutdown: Clear virtual memory pagefile
Shutdown: Allow system to be shut down without having to log on
MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended)
Network access: Do not allow anonymous enumeration of SAM accounts
Devices: Allow undock without having to log on
Network access: Shares that can be accessed anonymously
System settings: Optional subsystems
Devices: Allowed to format and eject removable media
System objects: Require case insensitivity for non-Windows subsystems
Network access: Named Pipes that can be accessed anonymously
Network access: Restrict anonymous access to Named Pipes and Shares
Interactive logon: Do not display last user name
Microsoft network server: Disconnect clients when logon hours expire
MSS: (ScreenSaverGracePeriod) The time in seconds before the screen saver grace period expires (0 recommended)
Network security: LDAP client signing requirements
CceId
CCE-10637-7
CCE-10940-5
CCE-10027-1
CCE-11049-4
CCE-10772-2
CCE-10557-7
CCE-10370-5
CCE-10986-8
CCE-10643-5
CCE-10810-0
CCE-10821-7
CCE-10883-7
CCE-10900-9
CCE-10825-8
CCE-10745-8
CCE-10419-0
CCE-10983-5
CCE-10019-8
CCE-10573-4
CCE-10788-8
CCE-10035-4
CCE-10992-6
CCE-10040-4
CCE-10009-9
CCE-10970-2
CCE-10871-2
CCE-10978-5
CCE-10875-3
CCE-10838-1
CCE-10974-4
CCE-10789-6
CCE-10541-1
CCE-11010-6
CCE-10930-6
CCE-10830-8
CCE-9992-9
CCE-10775-5
CCE-10726-8
CCE-11041-1
CCE-10732-6
CCE-10123-8
CCE-10127-9
CCE-10481-0
CCE-10888-6
CCE-11019-7
CCE-10482-8
CCE-10188-1
CCE-10113-9
CCE-10798-7
CCE-10631-0
CCE-10921-5
CCE-11050-2
CCE-11120-3
CCE-10131-1
CCE-10873-8
CCE-10529-6
CCE-11103-9
CCE-11036-1
CCE-11001-5
CCE-11007-2
CCE-11160-9
CCE-10514-8
CCE-11034-6
CCE-11107-0
CCE-10737-5
CCE-10112-1
CCE-10203-8
CCE-11029-6
CCE-11003-1
CCE-10385-3
CCE-10860-5
CCE-11102-1
CCE-10741-7
CCE-10390-3
CCE-10192-3
CCE-10918-1
CCE-11011-4
CCE-11055-1
CCE-10742-5
CCE-10663-3
CCE-10297-0
CCE-10926-4
CCE-10705-2
CCE-10984-3
CCE-10614-6
CCE-10548-6
CCE-10915-7
CCE-10750-8
CCE-9961-4
CCE-10618-7
CCE-9972-1
CCE-10439-8
CCE-10955-3
CCE-10853-0
CCE-10274-9
CCE-10849-8
CCE-10733-4
CCE-9999-4
CCE-10969-4
CCE-10785-4
CCE-10858-9
CCE-10596-5
CCE-10954-6
CCE-9946-5
CCE-10792-0
CCE-10086-7
CCE-9937-4
CCE-10369-7
CCE-10232-7
CCE-10794-6
CCE-10570-0
CCE-10534-6
CCE-10865-4
CCE-10922-3
CCE-10807-6
CCE-11028-8
CCE-10684-9
CCE-10109-7
CCE-11023-9
Name
Network access: Shares that can be accessed anonymously
Devices: Allow undock without having to log on
Audit Policy: Account Management: Other Account Management Events
Audit Policy: System: Security State Change
Audit Policy: Policy Change: Authentication Policy Change
Audit Policy: Detailed Tracking: Process Creation
Audit Policy: System: System Integrity
Audit Policy: Logon-Logoff: Logon
Audit Policy: Logon-Logoff: Special Logon
Audit Policy: Account Management: User Account Management
Audit Policy: System: Security System Extension
Audit Policy: Privilege Use: Sensitive Privilege Use
Audit Policy: Policy Change: Audit Policy Change
Audit Policy: Account Management: Computer Account Management
Audit Policy: Logon-Logoff: Logoff
Audit Policy: Account Management: Security Group Management
Audit Policy: System: IPsec Driver
Audit Policy: Account Logon: Credential Validation
Retain old events
Retain old events
Retain old events
Increase a process working set
Debug programs
Deny log on locally
Increase scheduling priority
Enable computer and user accounts to be trusted for delegation
Lock pages in memory
Allow log on through Remote Desktop Services
Impersonate a client after authentication
Create global objects
Create a pagefile
User Account Control: Behavior of the elevation prompt for standard users
CceId
CCE-22742-1
CCE-24633-0
CCE-24968-0
CCE-24738-7
CCE-24907-8
CCE-22773-6
CCE-23894-9
CCE-25350-0
CCE-24663-7
CCE-24639-7
CCE-24624-9
CCE-24810-4
CCE-25111-6
CCE-25534-9
CCE-25607-3
CCE-24936-7
CCE-24452-5
CCE-23892-3
CCE-23615-8
CCE-25213-0
CCE-23900-4
CCE-25359-1
CCE-23955-8
CCE-25178-5
CCE-25674-3
CCE-24252-9
CCE-23482-3
CCE-25093-6
CCE-23670-3
CCE-25123-1
CCE-24187-7
CCE-25088-6
CCE-24691-8
CCE-24588-6
CCE-25372-4
CCE-25527-3
CCE-25035-7
CCE-25461-5
CCE-24901-1
CCE-25198-3
CCE-24809-6
CCE-24154-7
CCE-24993-8
CCE-24148-9
CCE-24748-6
CCE-23043-3
CCE-23716-4
CCE-24969-8
CCE-24812-0
CCE-23921-0
CCE-24465-7
CCE-25264-3
CCE-24740-3
CCE-24751-0
CCE-24414-5
CCE-24783-3
CCE-24354-3
CCE-23462-5
CCE-25274-2
CCE-24470-7
CCE-25217-1
CCE-24927-6
CCE-24939-1
CCE-25100-9
CCE-25120-7
CCE-24774-2
CCE-24870-8
CCE-24564-7
CCE-25803-8
CCE-23082-1
CCE-23807-1
CCE-24650-4
CCE-25245-2
CCE-24150-5
CCE-25643-8
CCE-24264-4
CCE-23656-2
CCE-25471-4
CCE-24519-1
CCE-23877-4
CCE-23295-9
CCE-23880-8
CCE-24498-8
CCE-23653-9
CCE-24134-9
CCE-24231-3
CCE-23456-7
CCE-24162-0
CCE-24555-5
CCE-24682-7
CCE-23939-2
CCE-25683-4
CCE-24406-1
CCE-23972-3
CCE-24734-6
CCE-24460-8
CCE-24911-0
CCE-25176-9
CCE-24779-1
CCE-25271-8
CCE-25518-2
CCE-24185-1
CCE-23850-1
CCE-25070-4
CCE-24550-6
CCE-25215-5
CCE-25228-8
CCE-25270-0
CCE-23723-0
CCE-23648-9
CCE-23844-4
CCE-25380-7
CCE-24938-3
CCE-25112-4
CCE-23500-2
CCE-24549-8
CCE-24632-2
CCE-24188-5
CCE-24477-2
CCE-25533-1
CCE-23829-5
CCE-25043-1
CCE-24048-1
CCE-25585-1
CCE-24243-8
CCE-23704-0
CCE-25589-3
CCE-23782-6
CCE-23646-3
CCE-23988-9
CCE-25110-8
CCE-24583-7
Name
Interactive logon: Machine account lockout threshold
Interactive logon: Machine inactivity limit
Increase a process working set
Modify an object label
Create a token object
Create a pagefile
Deny log on locally
Load and unload device drivers
Perform volume maintenance tasks
Create permanent shared objects
Debug programs
Back up files and directories
Create symbolic links
Control Event Log behavior when the log file reaches its maximum size
CceId
CCE-36173-3
CCE-37035-3
CCE-37863-8
CCE-38341-4
CCE-36326-7
CCE-37835-6
CCE-38333-1
CCE-37553-5
CCE-37439-7
CCE-36148-5
CCE-36077-6
CCE-36316-8
CCE-38335-6
CCE-36788-8
CCE-37885-1
CCE-37623-6
CCE-37637-6
CCE-37701-0
CCE-37172-4
CCE-37067-6
CCE-36351-5
CCE-37624-4
CCE-36021-4
CCE-37307-6
CCE-37853-9
CCE-36144-4
CCE-38034-5
CCE-37850-5
CCE-37855-4
CCE-38114-5
CCE-36059-4
CCE-38030-3
CCE-37133-6
CCE-38028-7
CCE-36266-5
CCE-37856-2
CCE-37741-6
CCE-38036-0
CCE-38004-8
CCE-36267-3
CCE-38237-4
CCE-38327-3
CCE-37132-8
CCE-37993-3
CCE-38235-8
CCE-37972-7
CCE-36056-0
CCE-36264-0
CCE-37942-0
CCE-37453-8
CCE-35818-4
CCE-36054-5
CCE-37639-2
CCE-38326-5
CCE-37877-8
CCE-37072-6
CCE-37452-0
CCE-35821-8
CCE-37131-0
CCE-36923-1
CCE-36876-1
CCE-37700-2
CCE-36495-0
CCE-37056-9
CCE-36861-3
CCE-37075-9
CCE-36877-9
CCE-37954-5
CCE-35912-5
CCE-38328-1
CCE-37146-8
CCE-37430-6
CCE-36867-0
CCE-38113-7
CCE-37659-0
CCE-37613-7
CCE-36143-6
CCE-35906-7
CCE-36860-5
CCE-37106-2
CCE-36318-4
CCE-38325-7
CCE-37071-8
CCE-35823-4
CCE-36532-0
CCE-37614-5
CCE-37859-6
CCE-37860-4
CCE-38239-0
CCE-36871-2
CCE-36063-6
CCE-37134-4
CCE-37861-2
CCE-36268-1
CCE-37862-0
CCE-38332-3
CCE-36146-9
CCE-36062-8
CCE-36324-2
CCE-38040-2
CCE-37621-0
CCE-36535-3
CCE-38041-0
CCE-38043-6
CCE-37434-8
CCE-37438-9
CCE-36494-3
CCE-37057-7
CCE-37069-2
CCE-37029-6
CCE-36863-9
CCE-37064-3
CCE-36866-2
CCE-36869-6
CCE-36864-7
CCE-37644-2
CCE-36533-8
CCE-36269-9
CCE-36858-9
CCE-36325-9
CCE-37864-6
CCE-37222-7
CCE-36142-8
CCE-35988-5
CCE-37130-2
CCE-36880-3
CCE-35907-5
CCE-37615-2
CCE-37508-9
CCE-37622-8
CCE-38353-9
CCE-38354-7
CCE-38348-9
CCE-38347-1
Name
Network security: Allow LocalSystem NULL session fallback
Network security: Allow Local System to use computer identity for NTLM
Audit Policy: System: Other System Events
Audit Policy: Logon-Logoff: Account Lockout
Interactive logon: Machine inactivity limit
Interactive logon: Machine account lockout threshold
Modify an object label
Create a pagefile
Create a token object
Debug programs
Deny log on as a service
Back up files and directories
Deny log on locally
Deny log on through Remote Desktop Services
Perform volume maintenance tasks
Load and unload device drivers
Create symbolic links
Create permanent shared objects
Apply UAC restrictions to local accounts on network logons
Do not display network selection UI
Allow Microsoft accounts to be optional
Prevent enabling lock screen slide show
Prevent enabling lock screen camera

AzureSecurityCenter BaselineRules Windows Linux V3

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

AzureSecurityCenter BaselineRules Windows Linux V3

Uploaded by

Copyright:

Available Formats

CCEID

You might also like