home *** CD-ROM | disk | FTP | other *** search

---

/ PC World Komputer 2010 April / PCWorld0410.iso / WindowsServerTrial / server.iso / sources / install.wim / 4 / Windows / inf / secrecs.inf

< prev

next >

Wrap

Windows Setup INFormation  |  2008-01-19  |  9KB  |  176 lines

---

1. ;Supplies defaults recommendations for SCM UI
2. ;Specify default system settings where possible
3. ;If there are SKU differences present the more secure setting
4.  
5. [Version]
6. signature="$CHICAGO$"
7. DriverVer=06/21/2006,6.0.6001.18000
8. [Service General Setting]
9. PlaceHolder,4,"D:AR(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;CCLCSWLOCRRC;;;IU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)"
10. [Registry Keys]
11. "PlaceHolder",2,"D:PAR(A;CI;KA;;;BA)(A;CIIO;KA;;;CO)(A;CI;KA;;;SY)(A;CI;KR;;;BU)"
12. [File Security]
13. "PlaceHolder",2,"D:PAR(A;OICI;FA;;;BA)(A;OICIIO;FA;;;CO)(A;OICI;FA;;;SY)(A;OICI;0x1200a9;;;BU)"
14.  
15. [System Access]
16. ;----------------------------------------------------------------
17. ;Account Policies - Password Policy
18. ;----------------------------------------------------------------
19. MinimumPasswordAge = 0
20. MaximumPasswordAge = 42
21. MinimumPasswordLength = 0
22. PasswordComplexity = 0
23. PasswordHistorySize = 0
24. RequireLogonToChangePassword = 0
25. ClearTextPassword = 0
26. LSAAnonymousNameLookup = 0
27. EnableGuestAccount = 0
28.  
29. ;----------------------------------------------------------------
30. ;Account Policies - Lockout Policy
31. ;----------------------------------------------------------------
32. LockoutBadCount = 0
33. ;ResetLockoutCount = 30
34. ;LockoutDuration = 30
35.  
36. ;----------------------------------------------------------------
37. ;Local Policies - Security Options
38. ;----------------------------------------------------------------
39. ;DC Only
40. ;ForceLogoffWhenHourExpire = 0
41.  
42. ;NewAdministatorName =
43. ;NewGuestName =
44. ;SecureSystemPartition
45.  
46. ;----------------------------------------------------------------
47. ;Event Log - Log Settings
48. ;----------------------------------------------------------------
49. ;Audit Log Retention Period:
50. ;0 = Overwrite Events As Needed
51. ;1 = Overwrite Events As Specified by Retention Days Entry
52. ;2 = Never Overwrite Events (Clear Log Manually)
53.  
54. [System Log]
55. MaximumLogSize = 16384
56. AuditLogRetentionPeriod = 0
57. RetentionDays = 7
58. RestrictGuestAccess = 1
59.  
60. [Security Log]
61. MaximumLogSize = 16384
62. AuditLogRetentionPeriod = 0
63. RetentionDays = 7
64. RestrictGuestAccess = 1
65.  
66. [Application Log]
67. MaximumLogSize = 16384
68. AuditLogRetentionPeriod = 0
69. RetentionDays = 7
70. RestrictGuestAccess = 1
71.  
72. ;----------------------------------------------------------------------
73. ;       Local Policies\Audit Policy
74. ;----------------------------------------------------------------------
75. [Event Audit]
76. AuditSystemEvents = 0
77. AuditObjectAccess = 0
78. AuditPrivilegeUse = 0
79. AuditPolicyChange = 0
80. AuditAccountManage = 0
81. AuditProcessTracking = 0
82. ;AuditDSAccess = 0
83. AuditAccountLogon = 1
84. AuditLogonEvents = 1
85.  
86.  
87. ;----------------------------------------------------------------
88. ;Registry Values
89. ;----------------------------------------------------------------
90. [Registry Values]
91. ; Registry value name in full path = Type, Value
92. ; REG_SZ                      ( 1 )
93. ; REG_EXPAND_SZ               ( 2 )  // with environment variables to expand
94. ; REG_BINARY                  ( 3 )
95. ; REG_DWORD                   ( 4 )
96. ; REG_MULTI_SZ                ( 7 )
97.  
98. MACHINE\System\CurrentControlSet\Control\Lsa\AuditBaseObjects=4,0
99. MACHINE\System\CurrentControlSet\Control\Lsa\CrashOnAuditFail=4,0
100. MACHINE\System\CurrentControlSet\Control\Lsa\DisableDomainCreds=4,0
101. MACHINE\System\CurrentControlSet\Control\Lsa\EveryoneIncludesAnonymous=4,0
102. MACHINE\System\CurrentControlSet\Control\Lsa\ForceGuest=4,0
103. MACHINE\System\CurrentControlSet\Control\Lsa\FIPSAlgorithmPolicy\Enabled=4,0
104. MACHINE\System\CurrentControlSet\Control\Lsa\FullPrivilegeAuditing=3,0
105. MACHINE\System\CurrentControlSet\Control\Lsa\LimitBlankPasswordUse=4,1
106. MACHINE\System\CurrentControlSet\Control\Lsa\LmCompatibilityLevel=4,3
107. MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0\NTLMMinClientSec=4,0
108. MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0\NTLMMinServerSec=4,0
109. MACHINE\System\CurrentControlSet\Control\Lsa\NoLMHash=4,1
110. MACHINE\System\CurrentControlSet\Control\Lsa\RestrictAnonymous=4,0
111. MACHINE\System\CurrentControlSet\Control\Lsa\RestrictAnonymousSAM=4,1
112.  
113. MACHINE\System\CurrentControlSet\Control\SecurePipeServers\Winreg\AllowedPaths\Machine=7,Software\Microsoft\Windows NT\CurrentVersion\Print,Software\Microsoft\Windows NT\CurrentVersion\Windows,System\CurrentControlSet\Control\Print\Printers,System\CurrentControlSet\Services\Eventlog,Software\Microsoft\OLAP Server,System\CurrentControlSet\Control\ContentIndex,System\CurrentControlSet\Control\Terminal Server,System\CurrentControlSet\Control\Terminal Server\UserConfig,System\CurrentControlSet\Control\Terminal Server\DefaultUserConfiguration,Software\Microsoft\Windows NT\CurrentVersion\Perflib,System\CurrentControlSet\Services\SysmonLog
114. MACHINE\System\CurrentControlSet\Control\SecurePipeServers\Winreg\AllowedExactPaths\Machine=7,System\CurrentControlSet\Control\ProductOptions,System\CurrentControlSet\Control\Server Applications,Software\Microsoft\Windows NT\CurrentVersion
115.  
116. MACHINE\System\CurrentControlSet\Control\Lsa\SubmitControl=4,0
117.  
118. MACHINE\System\CurrentControlSet\Control\Print\Providers\LanMan Print Services\Servers\AddPrinterDrivers=4,0
119.  
120. MACHINE\System\CurrentControlSet\Control\Session Manager\Kernel\ObCaseInsensitive=4,1
121. MACHINE\System\CurrentControlSet\Control\Session Manager\Memory Management\ClearPageFileAtShutdown=4,0
122. MACHINE\System\CurrentControlSet\Control\Session Manager\ProtectionMode=4,1
123. MACHINE\System\CurrentControlSet\Control\Session Manager\SubSystems\optional=7,Posix
124.  
125. MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\EnableSecuritySignature=4,0
126. MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\RequireSecuritySignature=4,0
127. MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\EnableForcedLogOff=4,1
128. MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\AutoDisconnect=4,15
129. MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\RestrictNullSessAccess=4,1
130. MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\NullSessionPipes=7,COMNAP,COMNODE,SQL\QUERY,LLSRPC,BROWSER,netlogon,samr
131. MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\NullSessionShares=7,COMCFG
132.  
133. MACHINE\System\CurrentControlSet\Services\LanmanWorkstation\Parameters\EnableSecuritySignature=4,1
134. MACHINE\System\CurrentControlSet\Services\LanmanWorkstation\Parameters\RequireSecuritySignature=4,0
135. MACHINE\System\CurrentControlSet\Services\LanmanWorkstation\Parameters\EnablePlainTextPassword=4,0
136.  
137. MACHINE\System\CurrentControlSet\Services\LDAP\LDAPClientIntegrity=4,1
138.  
139. MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\DisablePasswordChange=4,0
140. MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\MaximumPasswordAge=4,30
141. MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\RefusePasswordChange=4,0
142. MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\SignSecureChannel=4,1
143. MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\SealSecureChannel=4,1
144. MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\RequireSignOrSeal=4,1
145. MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\RequireStrongKey=4,0
146.  
147. MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehavior=4,1
148. MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableCAD=4,0
149. MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\EnableInstallerDetection=4,1
150. MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA=4,0
151. MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\EnableVirtualization=4,1
152. MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\DontDisplayLastUserName=4,0
153. MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\DontDisplayLockedUserId=4,1
154. MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\LegalNoticeCaption=1,""
155. MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\LegalNoticeText=7,""
156. MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\ScForceOption=4,0
157. MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\ShutdownWithoutLogon=4,1
158. MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\UndockWithoutLogon=4,1
159.  
160. MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Setup\RecoveryConsole\SecurityLevel=4,0
161. MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Setup\RecoveryConsole\SetCommand=4,0
162.  
163. MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\CachedLogonsCount=1,10
164. MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ForceUnlockLogon=4,0
165. MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\PasswordExpiryWarning=4,14
166. MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ScRemoveOption=1,0
167.  
168. MACHINE\Software\Policies\Microsoft\Cryptography\ForceKeyProtection=4,0
169. MACHINE\Software\Policies\Microsoft\Cryptography\PasswordCacheTimeout=4,300
170. MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\AuthenticodeEnabled=4,0
171.  
172.  
173.  
174. [Strings]
175. SCEProfileDescription = "Default recommendations provided by Security Templates snap-in."
176.