Runs checks that are widely known, require no specialized skills or attack programs (for example, known accounts with missing passwords), and will result in direct or indirect system compromise (possibly administrator compromise).
Direct system compromise provides an authenticated named pipe session; indirect system compromise could allow an attacker to remotely list users or shares. This policy also includes checks to detect if the system has already been compromised, as well as some checks that are used to identify the system version.