Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

156 lines
6.9 KiB

  1. @*:This file defines enhanced security settings for possible customer implementation.
  2. @*:Please do not edit. Instead, email kirksol with the requested change.
  3. @*:Thanks!
  4. ; Copyright (c) Microsoft Corporation. All rights reserved.
  5. ;
  6. ; Security Configuration Template for Security Configuration Editor
  7. ;
  8. ; Template Name: HiSecDC.INF
  9. ; Template Version: 05.10.HD.0000
  10. [Profile Description]
  11. %SCEHiSecDCProfileDescription%
  12. [version]
  13. signature="$CHICAGO$"
  14. revision=1
  15. [System Access]
  16. ;----------------------------------------------------------------
  17. ;Account Policies - Password Policy
  18. ;----------------------------------------------------------------
  19. MinimumPasswordAge = 2
  20. MaximumPasswordAge = 42
  21. MinimumPasswordLength = 8
  22. PasswordComplexity = 1
  23. PasswordHistorySize = 24
  24. ClearTextPassword = 0
  25. LSAAnonymousNameLookup = 0
  26. EnableGuestAccount = 0
  27. ;----------------------------------------------------------------
  28. ;Account Policies - Lockout Policy
  29. ;----------------------------------------------------------------
  30. LockoutBadCount = 5
  31. ResetLockoutCount = 30
  32. LockoutDuration = -1
  33. ;----------------------------------------------------------------
  34. ;Local Policies - Security Options
  35. ;----------------------------------------------------------------
  36. ;DC Only
  37. ForceLogoffWhenHourExpire = 1
  38. LSAAnonymousNameLookup = 0
  39. ;NewAdministatorName =
  40. ;NewGuestName =
  41. ;SecureSystemPartition
  42. ;----------------------------------------------------------------
  43. ;Event Log - Log Settings
  44. ;----------------------------------------------------------------
  45. ;Audit Log Retention Period:
  46. ;0 = Overwrite Events As Needed
  47. ;1 = Overwrite Events As Specified by Retention Days Entry
  48. ;2 = Never Overwrite Events (Clear Log Manually)
  49. [System Log]
  50. RestrictGuestAccess = 1
  51. [Security Log]
  52. AuditLogRetentionPeriod = 0
  53. RestrictGuestAccess = 1
  54. [Application Log]
  55. RestrictGuestAccess = 1
  56. ;----------------------------------------------------------------------
  57. ; Local Policies\Audit Policy
  58. ;----------------------------------------------------------------------
  59. [Event Audit]
  60. AuditSystemEvents = 3
  61. AuditObjectAccess = 3
  62. AuditPrivilegeUse = 3
  63. AuditPolicyChange = 3
  64. AuditAccountManage = 3
  65. AuditProcessTracking = 0
  66. AuditDSAccess=3
  67. AuditLogonEvents = 3
  68. AuditAccountLogon=3
  69. ;----------------------------------------------------------------------
  70. ; Local Policies\SecurityOptions
  71. ;----------------------------------------------------------------------
  72. [Registry Values]
  73. ; Registry value name in full path = Type, Value
  74. ; REG_SZ ( 1 )
  75. ; REG_EXPAND_SZ ( 2 ) // with environment variables to expand
  76. ; REG_BINARY ( 3 )
  77. ; REG_DWORD ( 4 )
  78. ; REG_MULTI_SZ ( 7 )
  79. MACHINE\System\CurrentControlSet\Control\Lsa\AuditBaseObjects=4,0
  80. MACHINE\System\CurrentControlSet\Control\Lsa\CrashOnAuditFail=4,0
  81. MACHINE\System\CurrentControlSet\Control\Lsa\DisableDomainCreds=4,1
  82. MACHINE\System\CurrentControlSet\Control\Lsa\EveryoneIncludesAnonymous=4,0
  83. ;ForceGuest is not acknowledged on DC's:
  84. ;MACHINE\System\CurrentControlSet\Control\Lsa\ForceGuest=4,0
  85. MACHINE\System\CurrentControlSet\Control\Lsa\FullPrivilegeAuditing=3,0
  86. MACHINE\System\CurrentControlSet\Control\Lsa\LmCompatibilityLevel=4,5
  87. MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0\NTLMMinClientSec=4,0
  88. MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0\NTLMMinServerSec=4,0
  89. MACHINE\System\CurrentControlSet\Control\Lsa\NoLMHash=4,1
  90. MACHINE\System\CurrentControlSet\Control\Lsa\RestrictAnonymous=4,1
  91. MACHINE\System\CurrentControlSet\Control\Lsa\RestrictAnonymousSAM=4,1
  92. MACHINE\System\CurrentControlSet\Control\Lsa\SubmitControl=4,0
  93. MACHINE\System\CurrentControlSet\Control\Print\Providers\LanMan Print Services\Servers\AddPrinterDrivers=4,1
  94. MACHINE\System\CurrentControlSet\Control\Session Manager\Kernel\ObCaseInsensitive=4,1
  95. MACHINE\System\CurrentControlSet\Control\Session Manager\Memory Management\ClearPageFileAtShutdown=4,1
  96. MACHINE\System\CurrentControlSet\Control\Session Manager\ProtectionMode=4,1
  97. MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\EnableSecuritySignature=4,1
  98. MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\RequireSecuritySignature=4,1
  99. MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\EnableForcedLogOff=4,1
  100. MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\AutoDisconnect=4,15
  101. MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\RestrictNullSessAccess=4,1
  102. MACHINE\System\CurrentControlSet\Services\LanmanWorkstation\Parameters\EnableSecuritySignature=4,1
  103. MACHINE\System\CurrentControlSet\Services\LanmanWorkstation\Parameters\RequireSecuritySignature=4,0
  104. MACHINE\System\CurrentControlSet\Services\LanmanWorkstation\Parameters\EnablePlainTextPassword=4,0
  105. MACHINE\System\CurrentControlSet\Services\LDAP\LDAPClientIntegrity=4,1
  106. MACHINE\System\CurrentControlSet\Services\NTDS\Parameters\LDAPServerIntegrity=4,2
  107. MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\DisablePasswordChange=4,0
  108. MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\MaximumPasswordAge=4,30
  109. MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\RefusePasswordChange=4,0
  110. MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\SignSecureChannel=4,1
  111. MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\SealSecureChannel=4,1
  112. MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\RequireSignOrSeal=4,1
  113. MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\RequireStrongKey=4,1
  114. MACHINE\Software\Microsoft\Driver Signing\Policy=3,2
  115. MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableCAD=4,0
  116. MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\DontDisplayLastUserName=4,1
  117. MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\LegalNoticeCaption=1,""
  118. MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\LegalNoticeText=7,""
  119. MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\ShutdownWithoutLogon=4,0
  120. MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\UndockWithoutLogon=4,0
  121. MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Setup\RecoveryConsole\SecurityLevel=4,0
  122. MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Setup\RecoveryConsole\SetCommand=4,0
  123. MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\AllocateCDRoms=1,1
  124. MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\AllocateDASD=1,0
  125. MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\AllocateFloppies=1,1
  126. MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\CachedLogonsCount=1,0
  127. MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ForceUnlockLogon=4,1
  128. MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\PasswordExpiryWarning=4,14
  129. MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ScRemoveOption=1,2