archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
3 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 827363a95b
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '827363a95b'
${ noResults }
windows-server-2003/mergedcomponents/setupinfs/hisecws.inx

165 lines
7.1 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. @*:This file defines enhanced security settings for possible customer implementation.
  2. @*:Please do not edit. Instead, email kirksol with the requested change.
  3. @*:Thanks!
  4. ; Copyright (c) Microsoft Corporation. All rights reserved.
  5. ;
  6. ; Security Configuration Template for Security Configuration Editor
  7. ;
  8. ; Template Name: HighWS.INF
  9. ; Template Version: 05.10.HW.0000
  12. [Profile Description]
  13. %SCEHiSecWSProfileDescription%
  15. [version]
  16. signature="$CHICAGO$"
  17. revision=1
  19. [System Access]
  20. ;----------------------------------------------------------------
  21. ;Account Policies - Password Policy
  22. ;----------------------------------------------------------------
  23. MinimumPasswordAge = 2
  24. MaximumPasswordAge = 42
  25. MinimumPasswordLength = 8
  26. PasswordComplexity = 1
  27. PasswordHistorySize = 24
  28. ClearTextPassword = 0
  29. LSAAnonymousNameLookup = 0
  30. EnableGuestAccount = 0
  32. ;----------------------------------------------------------------
  33. ;Account Policies - Lockout Policy
  34. ;----------------------------------------------------------------
  35. LockoutBadCount = 5
  36. ResetLockoutCount = 30
  37. LockoutDuration = -1
  39. ;----------------------------------------------------------------
  40. ;Local Policies - Security Options
  41. ;----------------------------------------------------------------
  42. ;DC Only
  43. ;ForceLogoffWhenHourExpire = 1
  45. ;NewAdministatorName =
  46. ;NewGuestName =
  47. ;SecureSystemPartition
  49. ;----------------------------------------------------------------
  50. ;Event Log - Log Settings
  51. ;----------------------------------------------------------------
  52. ;Audit Log Retention Period:
  53. ;0 = Overwrite Events As Needed
  54. ;1 = Overwrite Events As Specified by Retention Days Entry
  55. ;2 = Never Overwrite Events (Clear Log Manually)
  57. [System Log]
  58. RestrictGuestAccess = 1
  60. [Security Log]
  61. MaximumLogSize = 19456
  62. AuditLogRetentionPeriod = 0
  63. RestrictGuestAccess = 1
  65. [Application Log]
  66. RestrictGuestAccess = 1
  68. ;----------------------------------------------------------------------
  69. ; Local Policies\Audit Policy
  70. ;----------------------------------------------------------------------
  71. [Event Audit]
  72. AuditSystemEvents = 3
  73. AuditObjectAccess = 3
  74. AuditPrivilegeUse = 3
  75. AuditPolicyChange = 3
  76. AuditAccountManage = 3
  77. AuditProcessTracking = 0
  78. ;AuditDSAccess=0
  79. AuditAccountLogon=3
  80. AuditLogonEvents = 3
  82. ;----------------------------------------------------------------
  83. ;Registry Values
  84. ;----------------------------------------------------------------
  85. [Registry Values]
  86. ; Registry value name in full path = Type, Value
  87. ; REG_SZ ( 1 )
  88. ; REG_EXPAND_SZ ( 2 ) // with environment variables to expand
  89. ; REG_BINARY ( 3 )
  90. ; REG_DWORD ( 4 )
  91. ; REG_MULTI_SZ ( 7 )
  93. MACHINE\System\CurrentControlSet\Control\Lsa\AuditBaseObjects=4,0
  94. MACHINE\System\CurrentControlSet\Control\Lsa\CrashOnAuditFail=4,0
  95. MACHINE\System\CurrentControlSet\Control\Lsa\DisableDomainCreds=4,1
  96. MACHINE\System\CurrentControlSet\Control\Lsa\EveryoneIncludesAnonymous=4,0
  97. ;Leave model alone
  98. ;MACHINE\System\CurrentControlSet\Control\Lsa\ForceGuest=4,0
  99. MACHINE\System\CurrentControlSet\Control\Lsa\FullPrivilegeAuditing=3,0
  100. MACHINE\System\CurrentControlSet\Control\Lsa\LimitBlankPasswordUse=4,1
  101. MACHINE\System\CurrentControlSet\Control\Lsa\LmCompatibilityLevel=4,5
  102. MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0\NTLMMinClientSec=4,0
  103. MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0\NTLMMinServerSec=4,0
  104. MACHINE\System\CurrentControlSet\Control\Lsa\NoLMHash=4,1
  105. MACHINE\System\CurrentControlSet\Control\Lsa\RestrictAnonymous=4,1
  106. MACHINE\System\CurrentControlSet\Control\Lsa\RestrictAnonymousSAM=4,1
  107. ;Domain Controllers Only
  108. ;MACHINE\System\CurrentControlSet\Control\Lsa\SubmitControl=4,0
  109. MACHINE\System\CurrentControlSet\Control\Print\Providers\LanMan Print Services\Servers\AddPrinterDrivers=4,1
  111. MACHINE\System\CurrentControlSet\Control\Session Manager\Kernel\ObCaseInsensitive=4,1
  112. MACHINE\System\CurrentControlSet\Control\Session Manager\Memory Management\ClearPageFileAtShutdown=4,1
  113. MACHINE\System\CurrentControlSet\Control\Session Manager\ProtectionMode=4,1
  115. MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\EnableSecuritySignature=4,1
  116. MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\RequireSecuritySignature=4,1
  117. MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\EnableForcedLogOff=4,1
  118. MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\AutoDisconnect=4,15
  119. MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\RestrictNullSessAccess=4,1
  121. MACHINE\System\CurrentControlSet\Services\LanmanWorkstation\Parameters\EnableSecuritySignature=4,1
  122. MACHINE\System\CurrentControlSet\Services\LanmanWorkstation\Parameters\RequireSecuritySignature=4,0
  123. MACHINE\System\CurrentControlSet\Services\LanmanWorkstation\Parameters\EnablePlainTextPassword=4,0
  125. MACHINE\System\CurrentControlSet\Services\LDAP\LDAPClientIntegrity=4,1
  127. MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\DisablePasswordChange=4,0
  128. MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\MaximumPasswordAge=4,30
  129. MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\SignSecureChannel=4,1
  130. MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\SealSecureChannel=4,1
  131. MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\RequireSignOrSeal=4,1
  132. MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\RequireStrongKey=4,1
  134. MACHINE\Software\Microsoft\Driver Signing\Policy=3,2
  136. MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableCAD=4,0
  137. MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\DontDisplayLastUserName=4,1
  138. MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\LegalNoticeCaption=1,""
  139. MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\LegalNoticeText=7,""
  140. ;Requiring logon to shutdown makes sense only if machine is physically secured.
  141. ;MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\ShutdownWithoutLogon=4,0
  142. MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\UndockWithoutLogon=4,0
  144. MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Setup\RecoveryConsole\SecurityLevel=4,0
  145. MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Setup\RecoveryConsole\SetCommand=4,0
  147. MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\AllocateCDRoms=1,0
  148. MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\AllocateDASD=1,0
  149. MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\AllocateFloppies=1,0
  150. MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\CachedLogonsCount=1,0
  151. MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ForceUnlockLogon=4,1
  152. MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\PasswordExpiryWarning=4,14
  153. MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ScRemoveOption=1,1
  155. [Group Membership]
  156. ;Default Power User ACLs are insecure. Make sure nobody is a Power User.
  157. %SceInfPowerUsers%__Memberof =
  158. %SceInfPowerUsers%__Members =
  159. ;Make sure only Admins are Admins
  160. %SceInfAdmins%__Memberof =
  161. %SceInfAdmins%__Members = %SceInfDomainAdmins%, %SceInfAdministrator%