home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
PC World Komputer 2010 April
/
PCWorld0410.iso
/
WindowsServerTrial
/
server.iso
/
sources
/
install.wim
/
1
/
Windows
/
inf
/
sceregvl.inf
< prev
next >
Wrap
Windows Setup INFormation
|
2008-01-19
|
15KB
|
256 lines
; Copyright (c) Microsoft Corporation. All rights reserved.
;
; Security Configuration Template for Security Configuration Editor
;
; Template Name: SCERegVl.INF
; Template Version: 05.00.DR.0000
;
; Revision History
; 0000 - Original
[version]
signature="$CHICAGO$"
DriverVer=06/21/2006,6.0.6001.18000
[Register Registry Values]
;
; Syntax: RegPath,RegType,DisplayName,DisplayType,Options
; where
; RegPath: Includes the registry keypath and value
; RegType: 1 - REG_SZ, 2 - REG_EXPAND_SZ, 3 - REG_BINARY, 4 - REG_DWORD, 7 - REG_MULTI_SZ
; Display Name: Is a localizable string defined in the [strings] section
; Display type: 0 - boolean, 1 - Number, 2 - String, 3 - Choices, 4 - Multivalued, 5 - Bitmask
; Options: If Displaytype is 3 (Choices) or 5 (Bitmask), then specify the range of values and corresponding display strings
; in value|displaystring format separated by a comma.
MACHINE\System\CurrentControlSet\Control\Lsa\AuditBaseObjects,4,%AuditBaseObjects%,0
MACHINE\System\CurrentControlSet\Control\Lsa\CrashOnAuditFail,4,%CrashOnAuditFail%,0
MACHINE\System\CurrentControlSet\Control\Lsa\DisableDomainCreds,4,%DisableDomainCreds%,0
MACHINE\System\CurrentControlSet\Control\Lsa\EveryoneIncludesAnonymous,4,%EveryoneIncludesAnonymous%,0
MACHINE\System\CurrentControlSet\Control\Lsa\ForceGuest,4,%ForceGuest%,3,0|%Classic%,1|%GuestBased%
MACHINE\System\CurrentControlSet\Control\Lsa\FullPrivilegeAuditing,3,%FullPrivilegeAuditing%,0
MACHINE\System\CurrentControlSet\Control\Lsa\LimitBlankPasswordUse,4,%LimitBlankPasswordUse%,0
MACHINE\System\CurrentControlSet\Control\Lsa\LmCompatibilityLevel,4,%LmCompatibilityLevel%,3,0|%LMCLevel0%,1|%LMCLevel1%,2|%LMCLevel2%,3|%LMCLevel3%,4|%LMCLevel4%,5|%LMCLevel5%
MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0\NTLMMinClientSec,4,%NTLMMinClientSec%,5,524288|%NTLMv2Session%,536870912|%NTLM128%
MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0\NTLMMinServerSec,4,%NTLMMinServerSec%,5,524288|%NTLMv2Session%,536870912|%NTLM128%
MACHINE\System\CurrentControlSet\Control\Lsa\NoLMHash,4,%NoLMHash%,0
MACHINE\System\CurrentControlSet\Control\Lsa\RestrictAnonymous,4,%RestrictAnonymous%,0
MACHINE\System\CurrentControlSet\Control\Lsa\RestrictAnonymousSAM,4,%RestrictAnonymousSAM%,0
MACHINE\System\CurrentControlSet\Control\Lsa\SubmitControl,4,%SubmitControl%,0
MACHINE\System\CurrentControlSet\Control\Lsa\SCENoApplyLegacyAuditPolicy,4,%SCENoApplyLegacyAuditPolicy%,0
MACHINE\System\CurrentControlSet\Control\Print\Providers\LanMan Print Services\Servers\AddPrinterDrivers,4,%AddPrintDrivers%,0
MACHINE\System\CurrentControlSet\Control\SecurePipeServers\Winreg\AllowedPaths\Machine,7,%AllowedPaths%,4
MACHINE\System\CurrentControlSet\Control\SecurePipeServers\Winreg\AllowedExactPaths\Machine,7,%AllowedExactPaths%,4
MACHINE\System\CurrentControlSet\Control\Session Manager\Kernel\ObCaseInsensitive,4,%ObCaseInsensitive%,0
MACHINE\System\CurrentControlSet\Control\Session Manager\Memory Management\ClearPageFileAtShutdown,4,%ClearPageFileAtShutdown%,0
MACHINE\System\CurrentControlSet\Control\Session Manager\ProtectionMode,4,%ProtectionMode%,0
MACHINE\System\CurrentControlSet\Control\Session Manager\SubSystems\optional,7,%OptionalSubSystems%,4
MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\EnableSecuritySignature,4,%EnableSMBSignServer%,0
MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\RequireSecuritySignature,4,%RequireSMBSignServer%,0
MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\EnableForcedLogOff,4,%EnableForcedLogoff%,0
MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\AutoDisconnect,4,%AutoDisconnect%,1,%Unit-Minutes%
MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\RestrictNullSessAccess,4,%RestrictNullSessAccess%,0
MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\NullSessionPipes,7,%NullPipes%,4
MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\NullSessionShares,7,%NullShares%,4
MACHINE\System\CurrentControlSet\Services\LanmanWorkstation\Parameters\EnableSecuritySignature,4,%EnableSMBSignRDR%,0
MACHINE\System\CurrentControlSet\Services\LanmanWorkstation\Parameters\RequireSecuritySignature,4,%RequireSMBSignRDR%,0
MACHINE\System\CurrentControlSet\Services\LanmanWorkstation\Parameters\EnablePlainTextPassword,4,%EnablePlainTextPassword%,0
MACHINE\System\CurrentControlSet\Services\LDAP\LDAPClientIntegrity,4,%LDAPClientIntegrity%,3,0|%LDAPClient0%,1|%LDAPClient1%,2|%LDAPClient2%
MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\DisablePasswordChange,4,%DisablePWChange%,0
MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\MaximumPasswordAge,4,%MaximumPWAge%,1,%Unit-Days%
MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\RefusePasswordChange,4,%RefusePWChange%,0
MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\SignSecureChannel,4,%SignSecureChannel%,0
MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\SealSecureChannel,4,%SealSecureChannel%,0
MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\RequireSignOrSeal,4,%SignOrSeal%,0
MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\RequireStrongKey,4,%StrongKey%,0
MACHINE\System\CurrentControlSet\Services\NTDS\Parameters\LDAPServerIntegrity,4,%LDAPServerIntegrity%,3,1|%LDAPServer1%,2|%LDAPServer2%
MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableCAD,4,%DisableCAD%,0
MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\DontDisplayLastUserName,4,%DontDisplayLastUserName%,0
MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\DontDisplayLockedUserId,4,%DontDisplayLockedUserId%,3,1|%LockedUserID0%,2|%LockedUserID1%,3|%LockedUserID2%
MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\LegalNoticeCaption,1,%LegalNoticeCaption%,2
MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\LegalNoticeText,7,%LegalNoticeText%,4
MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\ScForceOption,4,%ScForceOption%,0
MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\ShutdownWithoutLogon,4,%ShutdownWithoutLogon%,0
MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\UndockWithoutLogon,4,%UndockWithoutLogon%,0
MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Setup\RecoveryConsole\SecurityLevel,4,%RCAdmin%,0
MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Setup\RecoveryConsole\SetCommand,4,%RCSet%,0
MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\CachedLogonsCount,1,%CachedLogonsCount%,1,%Unit-Logons%
MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ForceUnlockLogon,4,%ForceUnlockLogon%,0
MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\PasswordExpiryWarning,4,%PasswordExpiryWarning%,1,%Unit-Days%
MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ScRemoveOption,1,%ScRemove%,3,0|%ScRemove0%,1|%ScRemove1%,2|%ScRemove2%,3|%ScRemove3%
MACHINE\Software\Policies\Microsoft\Cryptography\ForceKeyProtection,4,%ForceHighProtection%,3,0|%CryptAllowNoUI%,1|%CryptAllowNoPass%,2|%CryptUsePass%
MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\AuthenticodeEnabled,4,%AuthenticodeEnabled%,0
MACHINE\Software\Policies\Microsoft\Windows NT\DCOM\MachineLaunchRestriction,1,%DCOMLaunchRestriction%,2
MACHINE\Software\Policies\Microsoft\Windows NT\DCOM\MachineAccessRestriction,1,%DCOMAccessRestriction%,2
; delete these values from the UI - Rdr in case NT4 w SCE
MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\DisableCAD
MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\DontDisplayLastUserName
MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\LegalNoticeCaption
MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\LegalNoticeText
MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ShutdownWithoutLogon
MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\CmdConsSecurityLevel
MACHINE\System\CurrentControlSet\Control\Print\Providers\LanMan Print Services\AddPrintDrivers
MACHINE\System\CurrentControlSet\Services\MRxSMB\Parameters\EnableSecuritySignature
MACHINE\System\CurrentControlSet\Services\MRxSMB\Parameters\RequireSecuritySignature
MACHINE\System\CurrentControlSet\Services\MRxSMB\Parameters\EnablePlainTextPassword
MACHINE\System\CurrentControlSet\Services\Rdr\Parameters\EnableSecuritySignature
MACHINE\System\CurrentControlSet\Services\Rdr\Parameters\RequireSecuritySignature
MACHINE\System\CurrentControlSet\Services\Rdr\Parameters\EnablePlainTextPassword
MACHINE\Software\Microsoft\Windows\CurrentVersion\NetCache\EncryptEntireCache
MACHINE\Software\Microsoft\Windows NT\CurrentVersion\EFS\AlgorithmID
MACHINE\Software\Microsoft\Non-Driver Signing\Policy
MACHINE\Software\Policies\Microsoft\Cryptography\ForceHighProtection
[Strings]
;================================ Accounts ============================================================================
;Specified in UI code - Accounts: Administrator account status
;Specified in UI code - Accounts: Guest account status
;Specified in UI code - Accounts: Rename administrator account
;Specified in UI code - Accounts: Rename guest account
LimitBlankPasswordUse = "@wsecedit.dll,-59001"
;================================ Audit ===============================================================================
AuditBaseObjects="@wsecedit.dll,-59002"
FullPrivilegeAuditing="@wsecedit.dll,-59003"
CrashOnAuditFail="@wsecedit.dll,-59004"
SCENoApplyLegacyAuditPolicy="@wsecedit.dll,-59104"
;================================ Devices =============================================================================
AddPrintDrivers="@wsecedit.dll,-59005"
UndockWithoutLogon="@wsecedit.dll,-59010"
;================================ Domain controller ====================================================================
SubmitControl="@wsecedit.dll,-59011"
RefusePWChange="@wsecedit.dll,-59012"
LDAPServerIntegrity = "@wsecedit.dll,-59013"
LDAPServer1 = "@wsecedit.dll,-59014"
LDAPServer2 = "@wsecedit.dll,-59015"
;================================ Domain member ========================================================================
DisablePWChange="@wsecedit.dll,-59016"
MaximumPWAge="@wsecedit.dll,-59017"
SignOrSeal="@wsecedit.dll,-59018"
SealSecureChannel="@wsecedit.dll,-59019"
SignSecureChannel="@wsecedit.dll,-59020"
StrongKey="@wsecedit.dll,-59021"
;================================ Interactive logon ====================================================================
DisableCAD = "@wsecedit.dll,-59022"
DontDisplayLastUserName = "@wsecedit.dll,-59023"
DontDisplayLockedUserId = "@wsecedit.dll,-59024"
LockedUserId0 = "@wsecedit.dll,-59025"
LockedUserId1 = "@wsecedit.dll,-59026"
LockedUserId2 = "@wsecedit.dll,-59027"
LegalNoticeText = "@wsecedit.dll,-59028"
LegalNoticeCaption = "@wsecedit.dll,-59029"
CachedLogonsCount = "@wsecedit.dll,-59030"
PasswordExpiryWarning = "@wsecedit.dll,-59031"
ForceUnlockLogon = "@wsecedit.dll,-59032"
ScForceOption = "@wsecedit.dll,-59033"
ScRemove = "@wsecedit.dll,-59034"
ScRemove0 = "@wsecedit.dll,-59035"
ScRemove1 = "@wsecedit.dll,-59036"
ScRemove2 = "@wsecedit.dll,-59037"
ScRemove3 = "@wsecedit.dll,-59038"
;================================ Microsoft network client =============================================================
RequireSMBSignRdr="@wsecedit.dll,-59039"
EnableSMBSignRdr="@wsecedit.dll,-59040"
EnablePlainTextPassword="@wsecedit.dll,-59041"
;================================ Microsoft network server =============================================================
AutoDisconnect="@wsecedit.dll,-59042"
RequireSMBSignServer="@wsecedit.dll,-59043"
EnableSMBSignServer="@wsecedit.dll,-59044"
EnableForcedLogoff="@wsecedit.dll,-59045"
;================================ Network access =======================================================================
;Specified in UI code - Network access: Allow anonymous SID/Name translation
DisableDomainCreds = "@wsecedit.dll,-59046"
RestrictAnonymousSAM = "@wsecedit.dll,-59047"
RestrictAnonymous = "@wsecedit.dll,-59048"
EveryoneIncludesAnonymous = "@wsecedit.dll,-59049"
RestrictNullSessAccess = "@wsecedit.dll,-59050"
NullPipes = "@wsecedit.dll,-59051"
NullShares = "@wsecedit.dll,-59052"
AllowedPaths = "@wsecedit.dll,-59053"
AllowedExactPaths = "@wsecedit.dll,-59054"
ForceGuest = "@wsecedit.dll,-59055"
Classic = "@wsecedit.dll,-59056"
GuestBased = "@wsecedit.dll,-59057"
;================================ Network security =====================================================================
;Specified in UI code - Network security: Enforce logon hour restrictions
NoLMHash = "@wsecedit.dll,-59058"
LmCompatibilityLevel = "@wsecedit.dll,-59059"
LMCLevel0 = "@wsecedit.dll,-59060"
LMCLevel1 = "@wsecedit.dll,-59061"
LMCLevel2 = "@wsecedit.dll,-59062"
LMCLevel3 = "@wsecedit.dll,-59063"
LMCLevel4 = "@wsecedit.dll,-59064"
LMCLevel5 = "@wsecedit.dll,-59065"
NTLMMinClientSec = "@wsecedit.dll,-59066"
NTLMMinServerSec = "@wsecedit.dll,-59067"
NTLMv2Session = "@wsecedit.dll,-59070"
NTLM128 = "@wsecedit.dll,-59071"
LDAPClientIntegrity = "@wsecedit.dll,-59072"
LDAPClient0 = "@wsecedit.dll,-59073"
LDAPClient1 = "@wsecedit.dll,-59074"
LDAPClient2 = "@wsecedit.dll,-59075"
;================================ Recovery console ====================================================================
RCAdmin="@wsecedit.dll,-59076"
RCSet="@wsecedit.dll,-59077"
;================================ Shutdown ============================================================================
ShutdownWithoutLogon="@wsecedit.dll,-59078"
ClearPageFileAtShutdown="@wsecedit.dll,-59079"
ProtectionMode = "@wsecedit.dll,-59080"
ObCaseInsensitive = "@wsecedit.dll,-59084"
;================================ System cryptography =================================================================
FIPS="@wsecedit.dll,-59085"
ForceHighProtection="@wsecedit.dll,-59086"
CryptAllowNoUI="@wsecedit.dll,-59087"
CryptAllowNoPass="@wsecedit.dll,-59088"
CryptUsePass="@wsecedit.dll,-59089"
;================================ System Settings =====================================================================
AuthenticodeEnabled = "@wsecedit.dll,-59090"
OptionalSubSystems = "@wsecedit.dll,-59091"
Unit-Logons="@wsecedit.dll,-59092"
Unit-Days="@wsecedit.dll,-59093"
Unit-Minutes="@wsecedit.dll,-59094"
Unit-Seconds="@wsecedit.dll,-59095"
;================================ DCOM Machine Restrictions ===========================================================
DCOMLaunchRestriction="@wsecedit.dll,-59096"
DCOMAccessRestriction="@wsecedit.dll,-59097"