home *** CD-ROM | disk | FTP | other *** search
/ PC World Komputer 2010 April / PCWorld0410.iso / WindowsServerTrial / server.iso / sources / boot.wim / 2 / Windows / inf / secrecs.inf < prev    next >
Encoding:
Windows Setup INFormation  |  2008-01-19  |  8.9 KB  |  176 lines
  1. ;Supplies defaults recommendations for SCM UI
  2. ;Specify default system settings where possible
  3. ;If there are SKU differences present the more secure setting
  4.  
  5. [Version]
  6. signature="$CHICAGO$"
  7. DriverVer=06/21/2006,6.0.6001.18000
  8. [Service General Setting]
  9. PlaceHolder,4,"D:AR(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;CCLCSWLOCRRC;;;IU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
  10. [Registry Keys]
  11. "PlaceHolder",2,"D:PAR(A;CI;KA;;;BA)(A;CIIO;KA;;;CO)(A;CI;KA;;;SY)(A;CI;KR;;;BU)"
  12. [File Security]
  13. "PlaceHolder",2,"D:PAR(A;OICI;FA;;;BA)(A;OICIIO;FA;;;CO)(A;OICI;FA;;;SY)(A;OICI;0x1200a9;;;BU)"
  14.  
  15. [System Access]
  16. ;----------------------------------------------------------------
  17. ;Account Policies - Password Policy
  18. ;----------------------------------------------------------------
  19. MinimumPasswordAge = 0
  20. MaximumPasswordAge = 42
  21. MinimumPasswordLength = 0
  22. PasswordComplexity = 0
  23. PasswordHistorySize = 0
  24. RequireLogonToChangePassword = 0
  25. ClearTextPassword = 0
  26. LSAAnonymousNameLookup = 0
  27. EnableGuestAccount = 0
  28.  
  29. ;----------------------------------------------------------------
  30. ;Account Policies - Lockout Policy
  31. ;----------------------------------------------------------------
  32. LockoutBadCount = 0
  33. ;ResetLockoutCount = 30
  34. ;LockoutDuration = 30
  35.  
  36. ;----------------------------------------------------------------
  37. ;Local Policies - Security Options
  38. ;----------------------------------------------------------------
  39. ;DC Only
  40. ;ForceLogoffWhenHourExpire = 0
  41.  
  42. ;NewAdministatorName =
  43. ;NewGuestName =
  44. ;SecureSystemPartition
  45.  
  46. ;----------------------------------------------------------------
  47. ;Event Log - Log Settings
  48. ;----------------------------------------------------------------
  49. ;Audit Log Retention Period:
  50. ;0 = Overwrite Events As Needed
  51. ;1 = Overwrite Events As Specified by Retention Days Entry
  52. ;2 = Never Overwrite Events (Clear Log Manually)
  53.  
  54. [System Log]
  55. MaximumLogSize = 16384
  56. AuditLogRetentionPeriod = 0
  57. RetentionDays = 7
  58. RestrictGuestAccess = 1
  59.  
  60. [Security Log]
  61. MaximumLogSize = 16384
  62. AuditLogRetentionPeriod = 0
  63. RetentionDays = 7
  64. RestrictGuestAccess = 1
  65.  
  66. [Application Log]
  67. MaximumLogSize = 16384
  68. AuditLogRetentionPeriod = 0
  69. RetentionDays = 7
  70. RestrictGuestAccess = 1
  71.  
  72. ;----------------------------------------------------------------------
  73. ;       Local Policies\Audit Policy
  74. ;----------------------------------------------------------------------
  75. [Event Audit]
  76. AuditSystemEvents = 0
  77. AuditObjectAccess = 0
  78. AuditPrivilegeUse = 0
  79. AuditPolicyChange = 0
  80. AuditAccountManage = 0
  81. AuditProcessTracking = 0
  82. ;AuditDSAccess = 0
  83. AuditAccountLogon = 1
  84. AuditLogonEvents = 1
  85.  
  86.  
  87. ;----------------------------------------------------------------
  88. ;Registry Values
  89. ;----------------------------------------------------------------
  90. [Registry Values]
  91. ; Registry value name in full path = Type, Value
  92. ; REG_SZ                      ( 1 )
  93. ; REG_EXPAND_SZ               ( 2 )  // with environment variables to expand
  94. ; REG_BINARY                  ( 3 )
  95. ; REG_DWORD                   ( 4 )
  96. ; REG_MULTI_SZ                ( 7 )
  97.  
  98. MACHINE\System\CurrentControlSet\Control\Lsa\AuditBaseObjects=4,0
  99. MACHINE\System\CurrentControlSet\Control\Lsa\CrashOnAuditFail=4,0
  100. MACHINE\System\CurrentControlSet\Control\Lsa\DisableDomainCreds=4,0
  101. MACHINE\System\CurrentControlSet\Control\Lsa\EveryoneIncludesAnonymous=4,0
  102. MACHINE\System\CurrentControlSet\Control\Lsa\ForceGuest=4,0
  103. MACHINE\System\CurrentControlSet\Control\Lsa\FIPSAlgorithmPolicy\Enabled=4,0
  104. MACHINE\System\CurrentControlSet\Control\Lsa\FullPrivilegeAuditing=3,0
  105. MACHINE\System\CurrentControlSet\Control\Lsa\LimitBlankPasswordUse=4,1
  106. MACHINE\System\CurrentControlSet\Control\Lsa\LmCompatibilityLevel=4,3
  107. MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0\NTLMMinClientSec=4,0
  108. MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0\NTLMMinServerSec=4,0
  109. MACHINE\System\CurrentControlSet\Control\Lsa\NoLMHash=4,1
  110. MACHINE\System\CurrentControlSet\Control\Lsa\RestrictAnonymous=4,0
  111. MACHINE\System\CurrentControlSet\Control\Lsa\RestrictAnonymousSAM=4,1
  112.  
  113. MACHINE\System\CurrentControlSet\Control\SecurePipeServers\Winreg\AllowedPaths\Machine=7,Software\Microsoft\Windows NT\CurrentVersion\Print,Software\Microsoft\Windows NT\CurrentVersion\Windows,System\CurrentControlSet\Control\Print\Printers,System\CurrentControlSet\Services\Eventlog,Software\Microsoft\OLAP Server,System\CurrentControlSet\Control\ContentIndex,System\CurrentControlSet\Control\Terminal Server,System\CurrentControlSet\Control\Terminal Server\UserConfig,System\CurrentControlSet\Control\Terminal Server\DefaultUserConfiguration,Software\Microsoft\Windows NT\CurrentVersion\Perflib,System\CurrentControlSet\Services\SysmonLog
  114. MACHINE\System\CurrentControlSet\Control\SecurePipeServers\Winreg\AllowedExactPaths\Machine=7,System\CurrentControlSet\Control\ProductOptions,System\CurrentControlSet\Control\Server Applications,Software\Microsoft\Windows NT\CurrentVersion
  115.  
  116. MACHINE\System\CurrentControlSet\Control\Lsa\SubmitControl=4,0
  117.  
  118. MACHINE\System\CurrentControlSet\Control\Print\Providers\LanMan Print Services\Servers\AddPrinterDrivers=4,0
  119.  
  120. MACHINE\System\CurrentControlSet\Control\Session Manager\Kernel\ObCaseInsensitive=4,1
  121. MACHINE\System\CurrentControlSet\Control\Session Manager\Memory Management\ClearPageFileAtShutdown=4,0
  122. MACHINE\System\CurrentControlSet\Control\Session Manager\ProtectionMode=4,1
  123. MACHINE\System\CurrentControlSet\Control\Session Manager\SubSystems\optional=7,Posix
  124.  
  125. MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\EnableSecuritySignature=4,0
  126. MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\RequireSecuritySignature=4,0
  127. MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\EnableForcedLogOff=4,1
  128. MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\AutoDisconnect=4,15
  129. MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\RestrictNullSessAccess=4,1
  130. MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\NullSessionPipes=7,COMNAP,COMNODE,SQL\QUERY,LLSRPC,BROWSER,netlogon,samr
  131. MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\NullSessionShares=7,COMCFG
  132.  
  133. MACHINE\System\CurrentControlSet\Services\LanmanWorkstation\Parameters\EnableSecuritySignature=4,1
  134. MACHINE\System\CurrentControlSet\Services\LanmanWorkstation\Parameters\RequireSecuritySignature=4,0
  135. MACHINE\System\CurrentControlSet\Services\LanmanWorkstation\Parameters\EnablePlainTextPassword=4,0
  136.  
  137. MACHINE\System\CurrentControlSet\Services\LDAP\LDAPClientIntegrity=4,1
  138.  
  139. MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\DisablePasswordChange=4,0
  140. MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\MaximumPasswordAge=4,30
  141. MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\RefusePasswordChange=4,0
  142. MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\SignSecureChannel=4,1
  143. MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\SealSecureChannel=4,1
  144. MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\RequireSignOrSeal=4,1
  145. MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\RequireStrongKey=4,0
  146.  
  147. MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehavior=4,1
  148. MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableCAD=4,0
  149. MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection=4,1
  150. MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA=4,0
  151. MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization=4,1
  152. MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\DontDisplayLastUserName=4,0
  153. MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\DontDisplayLockedUserId=4,1
  154. MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\LegalNoticeCaption=1,""
  155. MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\LegalNoticeText=7,""
  156. MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\ScForceOption=4,0
  157. MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\ShutdownWithoutLogon=4,1
  158. MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\UndockWithoutLogon=4,1
  159.  
  160. MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Setup\RecoveryConsole\SecurityLevel=4,0
  161. MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Setup\RecoveryConsole\SetCommand=4,0
  162.  
  163. MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\CachedLogonsCount=1,10
  164. MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ForceUnlockLogon=4,0
  165. MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\PasswordExpiryWarning=4,14
  166. MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ScRemoveOption=1,0
  167.  
  168. MACHINE\Software\Policies\Microsoft\Cryptography\ForceKeyProtection=4,0
  169. MACHINE\Software\Policies\Microsoft\Cryptography\PasswordCacheTimeout=4,300
  170. MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\AuthenticodeEnabled=4,0
  171.  
  172.  
  173.  
  174. [Strings]
  175. SCEProfileDescription = "Default recommendations provided by Security Templates snap-in."
  176.