home *** CD-ROM | disk | FTP | other *** search
/ PC World Komputer 2010 April / PCWorld0410.iso / WindowsServerTrial / server.iso / sources / boot.wim / 2 / Windows / inf / sceregvl.inf < prev    next >
Encoding:
Windows Setup INFormation  |  2008-01-19  |  14.6 KB  |  256 lines
  1. ; Copyright (c) Microsoft Corporation.  All rights reserved.
  2. ;
  3. ; Security Configuration Template for Security Configuration Editor
  4. ;
  5. ; Template Name:        SCERegVl.INF
  6. ; Template Version:     05.00.DR.0000
  7. ;
  8. ; Revision History
  9. ; 0000  -       Original
  10.  
  11. [version]
  12. signature="$CHICAGO$"
  13. DriverVer=06/21/2006,6.0.6001.18000
  14.  
  15. [Register Registry Values]
  16. ;
  17. ; Syntax: RegPath,RegType,DisplayName,DisplayType,Options
  18. ; where
  19. ;         RegPath:      Includes the registry keypath and value
  20. ;         RegType:      1 - REG_SZ, 2 - REG_EXPAND_SZ, 3 - REG_BINARY, 4 - REG_DWORD, 7 - REG_MULTI_SZ
  21. ;         Display Name: Is a localizable string defined in the [strings] section
  22. ;         Display type: 0 - boolean, 1 - Number, 2 - String, 3 - Choices, 4 - Multivalued, 5 - Bitmask
  23. ;         Options:      If Displaytype is 3 (Choices) or 5 (Bitmask), then specify the range of values and corresponding display strings
  24. ;                       in value|displaystring format separated by a comma.
  25.  
  26.  
  27. MACHINE\System\CurrentControlSet\Control\Lsa\AuditBaseObjects,4,%AuditBaseObjects%,0
  28. MACHINE\System\CurrentControlSet\Control\Lsa\CrashOnAuditFail,4,%CrashOnAuditFail%,0
  29. MACHINE\System\CurrentControlSet\Control\Lsa\DisableDomainCreds,4,%DisableDomainCreds%,0
  30. MACHINE\System\CurrentControlSet\Control\Lsa\EveryoneIncludesAnonymous,4,%EveryoneIncludesAnonymous%,0
  31. MACHINE\System\CurrentControlSet\Control\Lsa\ForceGuest,4,%ForceGuest%,3,0|%Classic%,1|%GuestBased%
  32. MACHINE\System\CurrentControlSet\Control\Lsa\FullPrivilegeAuditing,3,%FullPrivilegeAuditing%,0
  33. MACHINE\System\CurrentControlSet\Control\Lsa\LimitBlankPasswordUse,4,%LimitBlankPasswordUse%,0
  34. MACHINE\System\CurrentControlSet\Control\Lsa\LmCompatibilityLevel,4,%LmCompatibilityLevel%,3,0|%LMCLevel0%,1|%LMCLevel1%,2|%LMCLevel2%,3|%LMCLevel3%,4|%LMCLevel4%,5|%LMCLevel5%
  35. MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0\NTLMMinClientSec,4,%NTLMMinClientSec%,5,524288|%NTLMv2Session%,536870912|%NTLM128%
  36. MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0\NTLMMinServerSec,4,%NTLMMinServerSec%,5,524288|%NTLMv2Session%,536870912|%NTLM128%
  37. MACHINE\System\CurrentControlSet\Control\Lsa\NoLMHash,4,%NoLMHash%,0
  38. MACHINE\System\CurrentControlSet\Control\Lsa\RestrictAnonymous,4,%RestrictAnonymous%,0
  39. MACHINE\System\CurrentControlSet\Control\Lsa\RestrictAnonymousSAM,4,%RestrictAnonymousSAM%,0
  40. MACHINE\System\CurrentControlSet\Control\Lsa\SubmitControl,4,%SubmitControl%,0
  41. MACHINE\System\CurrentControlSet\Control\Lsa\SCENoApplyLegacyAuditPolicy,4,%SCENoApplyLegacyAuditPolicy%,0
  42.  
  43. MACHINE\System\CurrentControlSet\Control\Print\Providers\LanMan Print Services\Servers\AddPrinterDrivers,4,%AddPrintDrivers%,0
  44.  
  45. MACHINE\System\CurrentControlSet\Control\SecurePipeServers\Winreg\AllowedPaths\Machine,7,%AllowedPaths%,4
  46. MACHINE\System\CurrentControlSet\Control\SecurePipeServers\Winreg\AllowedExactPaths\Machine,7,%AllowedExactPaths%,4
  47.  
  48. MACHINE\System\CurrentControlSet\Control\Session Manager\Kernel\ObCaseInsensitive,4,%ObCaseInsensitive%,0
  49. MACHINE\System\CurrentControlSet\Control\Session Manager\Memory Management\ClearPageFileAtShutdown,4,%ClearPageFileAtShutdown%,0
  50. MACHINE\System\CurrentControlSet\Control\Session Manager\ProtectionMode,4,%ProtectionMode%,0
  51. MACHINE\System\CurrentControlSet\Control\Session Manager\SubSystems\optional,7,%OptionalSubSystems%,4
  52.  
  53. MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\EnableSecuritySignature,4,%EnableSMBSignServer%,0
  54. MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\RequireSecuritySignature,4,%RequireSMBSignServer%,0
  55. MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\EnableForcedLogOff,4,%EnableForcedLogoff%,0
  56. MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\AutoDisconnect,4,%AutoDisconnect%,1,%Unit-Minutes%
  57. MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\RestrictNullSessAccess,4,%RestrictNullSessAccess%,0
  58. MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\NullSessionPipes,7,%NullPipes%,4
  59. MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\NullSessionShares,7,%NullShares%,4
  60.  
  61. MACHINE\System\CurrentControlSet\Services\LanmanWorkstation\Parameters\EnableSecuritySignature,4,%EnableSMBSignRDR%,0
  62. MACHINE\System\CurrentControlSet\Services\LanmanWorkstation\Parameters\RequireSecuritySignature,4,%RequireSMBSignRDR%,0
  63. MACHINE\System\CurrentControlSet\Services\LanmanWorkstation\Parameters\EnablePlainTextPassword,4,%EnablePlainTextPassword%,0
  64.  
  65. MACHINE\System\CurrentControlSet\Services\LDAP\LDAPClientIntegrity,4,%LDAPClientIntegrity%,3,0|%LDAPClient0%,1|%LDAPClient1%,2|%LDAPClient2%
  66.  
  67. MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\DisablePasswordChange,4,%DisablePWChange%,0
  68. MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\MaximumPasswordAge,4,%MaximumPWAge%,1,%Unit-Days%
  69. MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\RefusePasswordChange,4,%RefusePWChange%,0
  70. MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\SignSecureChannel,4,%SignSecureChannel%,0
  71. MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\SealSecureChannel,4,%SealSecureChannel%,0
  72. MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\RequireSignOrSeal,4,%SignOrSeal%,0
  73. MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\RequireStrongKey,4,%StrongKey%,0
  74.  
  75. MACHINE\System\CurrentControlSet\Services\NTDS\Parameters\LDAPServerIntegrity,4,%LDAPServerIntegrity%,3,1|%LDAPServer1%,2|%LDAPServer2%
  76.  
  77. MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableCAD,4,%DisableCAD%,0
  78. MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\DontDisplayLastUserName,4,%DontDisplayLastUserName%,0
  79. MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\DontDisplayLockedUserId,4,%DontDisplayLockedUserId%,3,1|%LockedUserID0%,2|%LockedUserID1%,3|%LockedUserID2%
  80. MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\LegalNoticeCaption,1,%LegalNoticeCaption%,2
  81. MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\LegalNoticeText,7,%LegalNoticeText%,4
  82. MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\ScForceOption,4,%ScForceOption%,0
  83. MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\ShutdownWithoutLogon,4,%ShutdownWithoutLogon%,0
  84. MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\UndockWithoutLogon,4,%UndockWithoutLogon%,0
  85.  
  86.  
  87. MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Setup\RecoveryConsole\SecurityLevel,4,%RCAdmin%,0
  88. MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Setup\RecoveryConsole\SetCommand,4,%RCSet%,0
  89.  
  90. MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\CachedLogonsCount,1,%CachedLogonsCount%,1,%Unit-Logons%
  91. MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ForceUnlockLogon,4,%ForceUnlockLogon%,0
  92. MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\PasswordExpiryWarning,4,%PasswordExpiryWarning%,1,%Unit-Days%
  93. MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ScRemoveOption,1,%ScRemove%,3,0|%ScRemove0%,1|%ScRemove1%,2|%ScRemove2%,3|%ScRemove3%
  94.  
  95. MACHINE\Software\Policies\Microsoft\Cryptography\ForceKeyProtection,4,%ForceHighProtection%,3,0|%CryptAllowNoUI%,1|%CryptAllowNoPass%,2|%CryptUsePass%
  96. MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\AuthenticodeEnabled,4,%AuthenticodeEnabled%,0
  97.  
  98. MACHINE\Software\Policies\Microsoft\Windows NT\DCOM\MachineLaunchRestriction,1,%DCOMLaunchRestriction%,2
  99. MACHINE\Software\Policies\Microsoft\Windows NT\DCOM\MachineAccessRestriction,1,%DCOMAccessRestriction%,2
  100.  
  101. ; delete these values from the UI - Rdr in case NT4 w SCE
  102. MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\DisableCAD
  103. MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\DontDisplayLastUserName
  104. MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\LegalNoticeCaption
  105. MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\LegalNoticeText
  106. MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ShutdownWithoutLogon
  107. MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\CmdConsSecurityLevel
  108. MACHINE\System\CurrentControlSet\Control\Print\Providers\LanMan Print Services\AddPrintDrivers
  109. MACHINE\System\CurrentControlSet\Services\MRxSMB\Parameters\EnableSecuritySignature
  110. MACHINE\System\CurrentControlSet\Services\MRxSMB\Parameters\RequireSecuritySignature
  111. MACHINE\System\CurrentControlSet\Services\MRxSMB\Parameters\EnablePlainTextPassword
  112. MACHINE\System\CurrentControlSet\Services\Rdr\Parameters\EnableSecuritySignature
  113. MACHINE\System\CurrentControlSet\Services\Rdr\Parameters\RequireSecuritySignature
  114. MACHINE\System\CurrentControlSet\Services\Rdr\Parameters\EnablePlainTextPassword
  115. MACHINE\Software\Microsoft\Windows\CurrentVersion\NetCache\EncryptEntireCache
  116. MACHINE\Software\Microsoft\Windows NT\CurrentVersion\EFS\AlgorithmID
  117. MACHINE\Software\Microsoft\Non-Driver Signing\Policy
  118. MACHINE\Software\Policies\Microsoft\Cryptography\ForceHighProtection
  119.  
  120.  
  121.  
  122. [Strings]
  123.  
  124. ;================================ Accounts ============================================================================
  125. ;Specified in UI code - Accounts: Administrator account status
  126. ;Specified in UI code - Accounts: Guest account status
  127. ;Specified in UI code - Accounts: Rename administrator account
  128. ;Specified in UI code - Accounts: Rename guest account
  129. LimitBlankPasswordUse = "@wsecedit.dll,-59001"
  130.  
  131.  
  132. ;================================ Audit ===============================================================================
  133.  
  134. AuditBaseObjects="@wsecedit.dll,-59002"
  135. FullPrivilegeAuditing="@wsecedit.dll,-59003"
  136. CrashOnAuditFail="@wsecedit.dll,-59004"
  137. SCENoApplyLegacyAuditPolicy="@wsecedit.dll,-59104"
  138.  
  139. ;================================ Devices =============================================================================
  140. AddPrintDrivers="@wsecedit.dll,-59005"
  141. UndockWithoutLogon="@wsecedit.dll,-59010"
  142.  
  143. ;================================ Domain controller ====================================================================
  144. SubmitControl="@wsecedit.dll,-59011"
  145. RefusePWChange="@wsecedit.dll,-59012"
  146. LDAPServerIntegrity = "@wsecedit.dll,-59013"
  147. LDAPServer1 = "@wsecedit.dll,-59014"
  148. LDAPServer2 = "@wsecedit.dll,-59015"
  149.  
  150. ;================================ Domain member ========================================================================
  151. DisablePWChange="@wsecedit.dll,-59016"
  152. MaximumPWAge="@wsecedit.dll,-59017"
  153. SignOrSeal="@wsecedit.dll,-59018"
  154. SealSecureChannel="@wsecedit.dll,-59019"
  155. SignSecureChannel="@wsecedit.dll,-59020"
  156. StrongKey="@wsecedit.dll,-59021"
  157.  
  158. ;================================ Interactive logon ====================================================================
  159. DisableCAD = "@wsecedit.dll,-59022"
  160. DontDisplayLastUserName = "@wsecedit.dll,-59023"
  161. DontDisplayLockedUserId = "@wsecedit.dll,-59024"
  162. LockedUserId0 = "@wsecedit.dll,-59025"
  163. LockedUserId1 = "@wsecedit.dll,-59026"
  164. LockedUserId2 = "@wsecedit.dll,-59027"
  165. LegalNoticeText = "@wsecedit.dll,-59028"
  166. LegalNoticeCaption = "@wsecedit.dll,-59029"
  167. CachedLogonsCount = "@wsecedit.dll,-59030"
  168. PasswordExpiryWarning = "@wsecedit.dll,-59031"
  169. ForceUnlockLogon = "@wsecedit.dll,-59032"
  170. ScForceOption = "@wsecedit.dll,-59033"
  171. ScRemove = "@wsecedit.dll,-59034"
  172. ScRemove0 = "@wsecedit.dll,-59035"
  173. ScRemove1 = "@wsecedit.dll,-59036"
  174. ScRemove2 = "@wsecedit.dll,-59037"
  175. ScRemove3 = "@wsecedit.dll,-59038"
  176.  
  177. ;================================ Microsoft network client =============================================================
  178. RequireSMBSignRdr="@wsecedit.dll,-59039"
  179. EnableSMBSignRdr="@wsecedit.dll,-59040"
  180. EnablePlainTextPassword="@wsecedit.dll,-59041"
  181.  
  182. ;================================ Microsoft network server =============================================================
  183. AutoDisconnect="@wsecedit.dll,-59042"
  184. RequireSMBSignServer="@wsecedit.dll,-59043"
  185. EnableSMBSignServer="@wsecedit.dll,-59044"
  186. EnableForcedLogoff="@wsecedit.dll,-59045"
  187.  
  188. ;================================ Network access =======================================================================
  189. ;Specified in UI code - Network access: Allow anonymous SID/Name translation
  190. DisableDomainCreds = "@wsecedit.dll,-59046"
  191. RestrictAnonymousSAM = "@wsecedit.dll,-59047"
  192. RestrictAnonymous = "@wsecedit.dll,-59048"
  193. EveryoneIncludesAnonymous = "@wsecedit.dll,-59049"
  194. RestrictNullSessAccess = "@wsecedit.dll,-59050"
  195. NullPipes = "@wsecedit.dll,-59051"
  196. NullShares = "@wsecedit.dll,-59052"
  197. AllowedPaths = "@wsecedit.dll,-59053"
  198. AllowedExactPaths = "@wsecedit.dll,-59054"
  199. ForceGuest = "@wsecedit.dll,-59055"
  200. Classic = "@wsecedit.dll,-59056"
  201. GuestBased = "@wsecedit.dll,-59057"
  202.  
  203. ;================================ Network security =====================================================================
  204. ;Specified in UI code - Network security: Enforce logon hour restrictions
  205. NoLMHash = "@wsecedit.dll,-59058"
  206. LmCompatibilityLevel = "@wsecedit.dll,-59059"
  207. LMCLevel0 = "@wsecedit.dll,-59060"
  208. LMCLevel1 = "@wsecedit.dll,-59061"
  209. LMCLevel2 = "@wsecedit.dll,-59062"
  210. LMCLevel3 = "@wsecedit.dll,-59063"
  211. LMCLevel4 = "@wsecedit.dll,-59064"
  212. LMCLevel5 = "@wsecedit.dll,-59065"
  213. NTLMMinClientSec = "@wsecedit.dll,-59066"
  214. NTLMMinServerSec = "@wsecedit.dll,-59067"
  215. NTLMv2Session = "@wsecedit.dll,-59070"
  216. NTLM128 = "@wsecedit.dll,-59071"
  217. LDAPClientIntegrity = "@wsecedit.dll,-59072"
  218. LDAPClient0 = "@wsecedit.dll,-59073"
  219. LDAPClient1 = "@wsecedit.dll,-59074"
  220. LDAPClient2 = "@wsecedit.dll,-59075"
  221.  
  222. ;================================ Recovery console ====================================================================
  223. RCAdmin="@wsecedit.dll,-59076"
  224. RCSet="@wsecedit.dll,-59077"
  225.  
  226. ;================================ Shutdown ============================================================================
  227. ShutdownWithoutLogon="@wsecedit.dll,-59078"
  228. ClearPageFileAtShutdown="@wsecedit.dll,-59079"
  229.  
  230. ProtectionMode = "@wsecedit.dll,-59080"
  231. ObCaseInsensitive = "@wsecedit.dll,-59084"
  232.  
  233. ;================================ System cryptography =================================================================
  234. FIPS="@wsecedit.dll,-59085"
  235.  
  236. ForceHighProtection="@wsecedit.dll,-59086"
  237.  
  238. CryptAllowNoUI="@wsecedit.dll,-59087"
  239. CryptAllowNoPass="@wsecedit.dll,-59088"
  240. CryptUsePass="@wsecedit.dll,-59089"
  241.  
  242.  
  243. ;================================ System Settings =====================================================================
  244. AuthenticodeEnabled = "@wsecedit.dll,-59090"
  245. OptionalSubSystems = "@wsecedit.dll,-59091"
  246.  
  247.  
  248. Unit-Logons="@wsecedit.dll,-59092"
  249. Unit-Days="@wsecedit.dll,-59093"
  250. Unit-Minutes="@wsecedit.dll,-59094"
  251. Unit-Seconds="@wsecedit.dll,-59095"
  252.  
  253. ;================================ DCOM Machine Restrictions ===========================================================
  254. DCOMLaunchRestriction="@wsecedit.dll,-59096"
  255. DCOMAccessRestriction="@wsecedit.dll,-59097"
  256.