Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
8 views3 pages

Sec Guide

The document defines a set of security policies for Windows systems, including configurations for LocalAccountTokenFilterPolicy, WDigest authentication, LSASS auditing, and running LSASS as a protected process. Each policy specifies its category, supported Windows versions, and the corresponding enabled and disabled values. The policies aim to enhance security by managing user account permissions and auditing mechanisms.

Uploaded by

GeorgeProimakis
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
8 views3 pages

Sec Guide

The document defines a set of security policies for Windows systems, including configurations for LocalAccountTokenFilterPolicy, WDigest authentication, LSASS auditing, and running LSASS as a protected process. Each policy specifies its category, supported Windows versions, and the corresponding enabled and disabled values. The policies aim to enhance security by managing user account permissions and auditing mechanisms.

Uploaded by

GeorgeProimakis
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 3

<?xml version="1.0" encoding="utf-8"?

>
<policyDefinitions xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
revision="1.0"
schemaVersion="1.0"

xmlns="http://schemas.microsoft.com/GroupPolicy/2006/07/PolicyDefinitions">
<policyNamespaces>
<target prefix="SecGuide" namespace="Microsoft.Policies.SecGuide" />
<using prefix="windows" namespace="Microsoft.Policies.Windows" />
</policyNamespaces>
<resources minRequiredRevision="1.0" />
<categories>
<category name="Cat_SecGuide" displayName="$(string.Cat_SecGuide)">
</category>
</categories>
<policies>
<policy name="Pol_SecGuide_LATFP"
class="Machine"
displayName="$(string.Pol_SecGuide_LATFP)"
explainText="$(string.Pol_SecGuide_LATFP_Help)"
key="SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System"
valueName="LocalAccountTokenFilterPolicy">
<parentCategory ref="Cat_SecGuide" />
<supportedOn ref="windows:SUPPORTED_WindowsVista" />
<enabledValue>
<decimal value="0" />
</enabledValue>
<disabledValue>
<decimal value="1" />
</disabledValue>
</policy>
<policy name="Pol_SecGuide_WDigestAuthn"
class="Machine"
displayName="$(string.Pol_SecGuide_WDigestAuthn)"
explainText="$(string.Pol_SecGuide_WDigestAuthn_Help)"
key="SYSTEM\CurrentControlSet\Control\SecurityProviders\WDigest"
valueName="UseLogonCredential">
<parentCategory ref="Cat_SecGuide" />
<supportedOn ref="windows:SUPPORTED_Windows7" />
<enabledValue>
<decimal value="1" />
</enabledValue>
<disabledValue>
<decimal value="0" />
</disabledValue>
</policy>
<policy name="Pol_SecGuide_LsassAudit"
class="Machine"
displayName="$(string.Pol_SecGuide_LsassAudit)"
explainText="$(string.Pol_SecGuide_LsassAudit_Help)"
key="SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File
Execution Options\LSASS.exe"
valueName="AuditLevel">
<parentCategory ref="Cat_SecGuide" />
<supportedOn ref="windows:SUPPORTED_Windows_6_3" />
<enabledValue>
<decimal value="8" />
</enabledValue>
<disabledValue>
<decimal value="0" />
</disabledValue>
</policy>
<policy name="Pol_SecGuide_LsassRunAsPPL"
class="Machine"
displayName="$(string.Pol_SecGuide_LsassRunAsPPL)"
explainText="$(string.Pol_SecGuide_LsassRunAsPPL_Help)"
key="SYSTEM\CurrentControlSet\Control\Lsa"
valueName="RunAsPPL">
<parentCategory ref="Cat_SecGuide" />
<supportedOn ref="windows:SUPPORTED_Windows_6_3" />
<enabledValue>
<decimal value="1" />
</enabledValue>
<disabledValue>
<decimal value="0" />
</disabledValue>
</policy>
<policy name="Pol_SecGuide_RemoveRunasdifferentuser"
class="Machine"
displayName="$(string.Pol_SecGuide_RemoveRunasdifferentuser)"
explainText="$(string.Pol_SecGuide_RemoveRunasdifferentuser_Help)"
key="SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" >
>
<parentCategory ref="Cat_SecGuide" />
<supportedOn ref="windows:SUPPORTED_WindowsVista" />
<enabledList>
<item key="SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\
Explorer" valueName="NoStartBanner">
<value>
<decimal value="1" />
</value>
</item>
<item key="SOFTWARE\Classes\batfile\shell\runasuser"
valueName="SuppressionPolicy">
<value>
<!-- 4096 == 0x1000 == REST_STARTBANNER -->
<decimal value="4096" />
</value>
</item>
<item key="SOFTWARE\Classes\cmdfile\shell\runasuser"
valueName="SuppressionPolicy">
<value>
<!-- 4096 == 0x1000 == REST_STARTBANNER -->
<decimal value="4096" />
</value>
</item>
<item key="SOFTWARE\Classes\exefile\shell\runasuser"
valueName="SuppressionPolicy">
<value>
<!-- 4096 == 0x1000 == REST_STARTBANNER -->
<decimal value="4096" />
</value>
</item>
<item key="SOFTWARE\Classes\mscfile\shell\runasuser"
valueName="SuppressionPolicy">
<value>
<!-- 4096 == 0x1000 == REST_STARTBANNER -->
<decimal value="4096" />
</value>
</item>
</enabledList>
<disabledList>
<item key="SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\
Explorer" valueName="NoStartBanner">
<value>
<delete />
</value>
</item>
<item key="SOFTWARE\Classes\batfile\shell\runasuser"
valueName="SuppressionPolicy">
<value>
<delete />
</value>
</item>
<item key="SOFTWARE\Classes\cmdfile\shell\runasuser"
valueName="SuppressionPolicy">
<value>
<delete />
</value>
</item>
<item key="SOFTWARE\Classes\exefile\shell\runasuser"
valueName="SuppressionPolicy">
<value>
<delete />
</value>
</item>
<item key="SOFTWARE\Classes\mscfile\shell\runasuser"
valueName="SuppressionPolicy">
<value>
<delete />
</value>
</item>
</disabledList>
</policy>
</policies>
</policyDefinitions>

You might also like