home *** CD-ROM | disk | FTP | other *** search

---

/ PC World Komputer 2010 April / PCWorld0410.iso / WindowsServerTrial / server.iso / sources / install.wim / 5 / Windows / inf / sceregvl.inf

< prev

next >

Wrap

Windows Setup INFormation  |  2008-01-19  |  15KB  |  256 lines

---

1. ; Copyright (c) Microsoft Corporation.  All rights reserved.
2. ;
3. ; Security Configuration Template for Security Configuration Editor
4. ;
5. ; Template Name:        SCERegVl.INF
6. ; Template Version:     05.00.DR.0000
7. ;
8. ; Revision History
9. ; 0000  -       Original
10.  
11. [version]
12. signature="$CHICAGO$"
13. DriverVer=06/21/2006,6.0.6001.18000
14.  
15. [Register Registry Values]
16. ;
17. ; Syntax: RegPath,RegType,DisplayName,DisplayType,Options
18. ; where
19. ;         RegPath:      Includes the registry keypath and value
20. ;         RegType:      1 - REG_SZ, 2 - REG_EXPAND_SZ, 3 - REG_BINARY, 4 - REG_DWORD, 7 - REG_MULTI_SZ
21. ;         Display Name: Is a localizable string defined in the [strings] section
22. ;         Display type: 0 - boolean, 1 - Number, 2 - String, 3 - Choices, 4 - Multivalued, 5 - Bitmask
23. ;         Options:      If Displaytype is 3 (Choices) or 5 (Bitmask), then specify the range of values and corresponding display strings
24. ;                       in value|displaystring format separated by a comma.
25.  
26.  
27. MACHINE\System\CurrentControlSet\Control\Lsa\AuditBaseObjects,4,%AuditBaseObjects%,0
28. MACHINE\System\CurrentControlSet\Control\Lsa\CrashOnAuditFail,4,%CrashOnAuditFail%,0
29. MACHINE\System\CurrentControlSet\Control\Lsa\DisableDomainCreds,4,%DisableDomainCreds%,0
30. MACHINE\System\CurrentControlSet\Control\Lsa\EveryoneIncludesAnonymous,4,%EveryoneIncludesAnonymous%,0
31. MACHINE\System\CurrentControlSet\Control\Lsa\ForceGuest,4,%ForceGuest%,3,0|%Classic%,1|%GuestBased%
32. MACHINE\System\CurrentControlSet\Control\Lsa\FullPrivilegeAuditing,3,%FullPrivilegeAuditing%,0
33. MACHINE\System\CurrentControlSet\Control\Lsa\LimitBlankPasswordUse,4,%LimitBlankPasswordUse%,0
34. MACHINE\System\CurrentControlSet\Control\Lsa\LmCompatibilityLevel,4,%LmCompatibilityLevel%,3,0|%LMCLevel0%,1|%LMCLevel1%,2|%LMCLevel2%,3|%LMCLevel3%,4|%LMCLevel4%,5|%LMCLevel5%
35. MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0\NTLMMinClientSec,4,%NTLMMinClientSec%,5,524288|%NTLMv2Session%,536870912|%NTLM128%
36. MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0\NTLMMinServerSec,4,%NTLMMinServerSec%,5,524288|%NTLMv2Session%,536870912|%NTLM128%
37. MACHINE\System\CurrentControlSet\Control\Lsa\NoLMHash,4,%NoLMHash%,0
38. MACHINE\System\CurrentControlSet\Control\Lsa\RestrictAnonymous,4,%RestrictAnonymous%,0
39. MACHINE\System\CurrentControlSet\Control\Lsa\RestrictAnonymousSAM,4,%RestrictAnonymousSAM%,0
40. MACHINE\System\CurrentControlSet\Control\Lsa\SubmitControl,4,%SubmitControl%,0
41. MACHINE\System\CurrentControlSet\Control\Lsa\SCENoApplyLegacyAuditPolicy,4,%SCENoApplyLegacyAuditPolicy%,0
42.  
43. MACHINE\System\CurrentControlSet\Control\Print\Providers\LanMan Print Services\Servers\AddPrinterDrivers,4,%AddPrintDrivers%,0
44.  
45. MACHINE\System\CurrentControlSet\Control\SecurePipeServers\Winreg\AllowedPaths\Machine,7,%AllowedPaths%,4
46. MACHINE\System\CurrentControlSet\Control\SecurePipeServers\Winreg\AllowedExactPaths\Machine,7,%AllowedExactPaths%,4
47.  
48. MACHINE\System\CurrentControlSet\Control\Session Manager\Kernel\ObCaseInsensitive,4,%ObCaseInsensitive%,0
49. MACHINE\System\CurrentControlSet\Control\Session Manager\Memory Management\ClearPageFileAtShutdown,4,%ClearPageFileAtShutdown%,0
50. MACHINE\System\CurrentControlSet\Control\Session Manager\ProtectionMode,4,%ProtectionMode%,0
51. MACHINE\System\CurrentControlSet\Control\Session Manager\SubSystems\optional,7,%OptionalSubSystems%,4
52.  
53. MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\EnableSecuritySignature,4,%EnableSMBSignServer%,0
54. MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\RequireSecuritySignature,4,%RequireSMBSignServer%,0
55. MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\EnableForcedLogOff,4,%EnableForcedLogoff%,0
56. MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\AutoDisconnect,4,%AutoDisconnect%,1,%Unit-Minutes%
57. MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\RestrictNullSessAccess,4,%RestrictNullSessAccess%,0
58. MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\NullSessionPipes,7,%NullPipes%,4
59. MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\NullSessionShares,7,%NullShares%,4
60.  
61. MACHINE\System\CurrentControlSet\Services\LanmanWorkstation\Parameters\EnableSecuritySignature,4,%EnableSMBSignRDR%,0
62. MACHINE\System\CurrentControlSet\Services\LanmanWorkstation\Parameters\RequireSecuritySignature,4,%RequireSMBSignRDR%,0
63. MACHINE\System\CurrentControlSet\Services\LanmanWorkstation\Parameters\EnablePlainTextPassword,4,%EnablePlainTextPassword%,0
64.  
65. MACHINE\System\CurrentControlSet\Services\LDAP\LDAPClientIntegrity,4,%LDAPClientIntegrity%,3,0|%LDAPClient0%,1|%LDAPClient1%,2|%LDAPClient2%
66.  
67. MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\DisablePasswordChange,4,%DisablePWChange%,0
68. MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\MaximumPasswordAge,4,%MaximumPWAge%,1,%Unit-Days%
69. MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\RefusePasswordChange,4,%RefusePWChange%,0
70. MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\SignSecureChannel,4,%SignSecureChannel%,0
71. MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\SealSecureChannel,4,%SealSecureChannel%,0
72. MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\RequireSignOrSeal,4,%SignOrSeal%,0
73. MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\RequireStrongKey,4,%StrongKey%,0
74.  
75. MACHINE\System\CurrentControlSet\Services\NTDS\Parameters\LDAPServerIntegrity,4,%LDAPServerIntegrity%,3,1|%LDAPServer1%,2|%LDAPServer2%
76.  
77. MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableCAD,4,%DisableCAD%,0
78. MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\DontDisplayLastUserName,4,%DontDisplayLastUserName%,0
79. MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\DontDisplayLockedUserId,4,%DontDisplayLockedUserId%,3,1|%LockedUserID0%,2|%LockedUserID1%,3|%LockedUserID2%
80. MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\LegalNoticeCaption,1,%LegalNoticeCaption%,2
81. MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\LegalNoticeText,7,%LegalNoticeText%,4
82. MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\ScForceOption,4,%ScForceOption%,0
83. MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\ShutdownWithoutLogon,4,%ShutdownWithoutLogon%,0
84. MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\UndockWithoutLogon,4,%UndockWithoutLogon%,0
85.  
86.  
87. MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Setup\RecoveryConsole\SecurityLevel,4,%RCAdmin%,0
88. MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Setup\RecoveryConsole\SetCommand,4,%RCSet%,0
89.  
90. MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\CachedLogonsCount,1,%CachedLogonsCount%,1,%Unit-Logons%
91. MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ForceUnlockLogon,4,%ForceUnlockLogon%,0
92. MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\PasswordExpiryWarning,4,%PasswordExpiryWarning%,1,%Unit-Days%
93. MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ScRemoveOption,1,%ScRemove%,3,0|%ScRemove0%,1|%ScRemove1%,2|%ScRemove2%,3|%ScRemove3%
94.  
95. MACHINE\Software\Policies\Microsoft\Cryptography\ForceKeyProtection,4,%ForceHighProtection%,3,0|%CryptAllowNoUI%,1|%CryptAllowNoPass%,2|%CryptUsePass%
96. MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\AuthenticodeEnabled,4,%AuthenticodeEnabled%,0
97.  
98. MACHINE\Software\Policies\Microsoft\Windows NT\DCOM\MachineLaunchRestriction,1,%DCOMLaunchRestriction%,2
99. MACHINE\Software\Policies\Microsoft\Windows NT\DCOM\MachineAccessRestriction,1,%DCOMAccessRestriction%,2
100.  
101. ; delete these values from the UI - Rdr in case NT4 w SCE
102. MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\DisableCAD
103. MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\DontDisplayLastUserName
104. MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\LegalNoticeCaption
105. MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\LegalNoticeText
106. MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ShutdownWithoutLogon
107. MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\CmdConsSecurityLevel
108. MACHINE\System\CurrentControlSet\Control\Print\Providers\LanMan Print Services\AddPrintDrivers
109. MACHINE\System\CurrentControlSet\Services\MRxSMB\Parameters\EnableSecuritySignature
110. MACHINE\System\CurrentControlSet\Services\MRxSMB\Parameters\RequireSecuritySignature
111. MACHINE\System\CurrentControlSet\Services\MRxSMB\Parameters\EnablePlainTextPassword
112. MACHINE\System\CurrentControlSet\Services\Rdr\Parameters\EnableSecuritySignature
113. MACHINE\System\CurrentControlSet\Services\Rdr\Parameters\RequireSecuritySignature
114. MACHINE\System\CurrentControlSet\Services\Rdr\Parameters\EnablePlainTextPassword
115. MACHINE\Software\Microsoft\Windows\CurrentVersion\NetCache\EncryptEntireCache
116. MACHINE\Software\Microsoft\Windows NT\CurrentVersion\EFS\AlgorithmID
117. MACHINE\Software\Microsoft\Non-Driver Signing\Policy
118. MACHINE\Software\Policies\Microsoft\Cryptography\ForceHighProtection
119.  
120.  
121.  
122. [Strings]
123.  
124. ;================================ Accounts ============================================================================
125. ;Specified in UI code - Accounts: Administrator account status
126. ;Specified in UI code - Accounts: Guest account status
127. ;Specified in UI code - Accounts: Rename administrator account
128. ;Specified in UI code - Accounts: Rename guest account
129. LimitBlankPasswordUse = "@wsecedit.dll,-59001"
130.  
131.  
132. ;================================ Audit ===============================================================================
133.  
134. AuditBaseObjects="@wsecedit.dll,-59002"
135. FullPrivilegeAuditing="@wsecedit.dll,-59003"
136. CrashOnAuditFail="@wsecedit.dll,-59004"
137. SCENoApplyLegacyAuditPolicy="@wsecedit.dll,-59104"
138.  
139. ;================================ Devices =============================================================================
140. AddPrintDrivers="@wsecedit.dll,-59005"
141. UndockWithoutLogon="@wsecedit.dll,-59010"
142.  
143. ;================================ Domain controller ====================================================================
144. SubmitControl="@wsecedit.dll,-59011"
145. RefusePWChange="@wsecedit.dll,-59012"
146. LDAPServerIntegrity = "@wsecedit.dll,-59013"
147. LDAPServer1 = "@wsecedit.dll,-59014"
148. LDAPServer2 = "@wsecedit.dll,-59015"
149.  
150. ;================================ Domain member ========================================================================
151. DisablePWChange="@wsecedit.dll,-59016"
152. MaximumPWAge="@wsecedit.dll,-59017"
153. SignOrSeal="@wsecedit.dll,-59018"
154. SealSecureChannel="@wsecedit.dll,-59019"
155. SignSecureChannel="@wsecedit.dll,-59020"
156. StrongKey="@wsecedit.dll,-59021"
157.  
158. ;================================ Interactive logon ====================================================================
159. DisableCAD = "@wsecedit.dll,-59022"
160. DontDisplayLastUserName = "@wsecedit.dll,-59023"
161. DontDisplayLockedUserId = "@wsecedit.dll,-59024"
162. LockedUserId0 = "@wsecedit.dll,-59025"
163. LockedUserId1 = "@wsecedit.dll,-59026"
164. LockedUserId2 = "@wsecedit.dll,-59027"
165. LegalNoticeText = "@wsecedit.dll,-59028"
166. LegalNoticeCaption = "@wsecedit.dll,-59029"
167. CachedLogonsCount = "@wsecedit.dll,-59030"
168. PasswordExpiryWarning = "@wsecedit.dll,-59031"
169. ForceUnlockLogon = "@wsecedit.dll,-59032"
170. ScForceOption = "@wsecedit.dll,-59033"
171. ScRemove = "@wsecedit.dll,-59034"
172. ScRemove0 = "@wsecedit.dll,-59035"
173. ScRemove1 = "@wsecedit.dll,-59036"
174. ScRemove2 = "@wsecedit.dll,-59037"
175. ScRemove3 = "@wsecedit.dll,-59038"
176.  
177. ;================================ Microsoft network client =============================================================
178. RequireSMBSignRdr="@wsecedit.dll,-59039"
179. EnableSMBSignRdr="@wsecedit.dll,-59040"
180. EnablePlainTextPassword="@wsecedit.dll,-59041"
181.  
182. ;================================ Microsoft network server =============================================================
183. AutoDisconnect="@wsecedit.dll,-59042"
184. RequireSMBSignServer="@wsecedit.dll,-59043"
185. EnableSMBSignServer="@wsecedit.dll,-59044"
186. EnableForcedLogoff="@wsecedit.dll,-59045"
187.  
188. ;================================ Network access =======================================================================
189. ;Specified in UI code - Network access: Allow anonymous SID/Name translation
190. DisableDomainCreds = "@wsecedit.dll,-59046"
191. RestrictAnonymousSAM = "@wsecedit.dll,-59047"
192. RestrictAnonymous = "@wsecedit.dll,-59048"
193. EveryoneIncludesAnonymous = "@wsecedit.dll,-59049"
194. RestrictNullSessAccess = "@wsecedit.dll,-59050"
195. NullPipes = "@wsecedit.dll,-59051"
196. NullShares = "@wsecedit.dll,-59052"
197. AllowedPaths = "@wsecedit.dll,-59053"
198. AllowedExactPaths = "@wsecedit.dll,-59054"
199. ForceGuest = "@wsecedit.dll,-59055"
200. Classic = "@wsecedit.dll,-59056"
201. GuestBased = "@wsecedit.dll,-59057"
202.  
203. ;================================ Network security =====================================================================
204. ;Specified in UI code - Network security: Enforce logon hour restrictions
205. NoLMHash = "@wsecedit.dll,-59058"
206. LmCompatibilityLevel = "@wsecedit.dll,-59059"
207. LMCLevel0 = "@wsecedit.dll,-59060"
208. LMCLevel1 = "@wsecedit.dll,-59061"
209. LMCLevel2 = "@wsecedit.dll,-59062"
210. LMCLevel3 = "@wsecedit.dll,-59063"
211. LMCLevel4 = "@wsecedit.dll,-59064"
212. LMCLevel5 = "@wsecedit.dll,-59065"
213. NTLMMinClientSec = "@wsecedit.dll,-59066"
214. NTLMMinServerSec = "@wsecedit.dll,-59067"
215. NTLMv2Session = "@wsecedit.dll,-59070"
216. NTLM128 = "@wsecedit.dll,-59071"
217. LDAPClientIntegrity = "@wsecedit.dll,-59072"
218. LDAPClient0 = "@wsecedit.dll,-59073"
219. LDAPClient1 = "@wsecedit.dll,-59074"
220. LDAPClient2 = "@wsecedit.dll,-59075"
221.  
222. ;================================ Recovery console ====================================================================
223. RCAdmin="@wsecedit.dll,-59076"
224. RCSet="@wsecedit.dll,-59077"
225.  
226. ;================================ Shutdown ============================================================================
227. ShutdownWithoutLogon="@wsecedit.dll,-59078"
228. ClearPageFileAtShutdown="@wsecedit.dll,-59079"
229.  
230. ProtectionMode = "@wsecedit.dll,-59080"
231. ObCaseInsensitive = "@wsecedit.dll,-59084"
232.  
233. ;================================ System cryptography =================================================================
234. FIPS="@wsecedit.dll,-59085"
235.  
236. ForceHighProtection="@wsecedit.dll,-59086"
237.  
238. CryptAllowNoUI="@wsecedit.dll,-59087"
239. CryptAllowNoPass="@wsecedit.dll,-59088"
240. CryptUsePass="@wsecedit.dll,-59089"
241.  
242.  
243. ;================================ System Settings =====================================================================
244. AuthenticodeEnabled = "@wsecedit.dll,-59090"
245. OptionalSubSystems = "@wsecedit.dll,-59091"
246.  
247.  
248. Unit-Logons="@wsecedit.dll,-59092"
249. Unit-Days="@wsecedit.dll,-59093"
250. Unit-Minutes="@wsecedit.dll,-59094"
251. Unit-Seconds="@wsecedit.dll,-59095"
252.  
253. ;================================ DCOM Machine Restrictions ===========================================================
254. DCOMLaunchRestriction="@wsecedit.dll,-59096"
255. DCOMAccessRestriction="@wsecedit.dll,-59097"
256.