

































[Strings]

;================================ Accounts ============================================================================
;Specified in UI code - Accounts: Administrator account status
;Specified in UI code - Accounts: Guest account status
;Specified in UI code - Accounts: Rename administrator account
;Specified in UI code - Accounts: Rename guest account
LimitBlankPasswordUse = "Accounts: Limit local account use of blank passwords to console logon only"


;================================ Audit ===============================================================================
AuditBaseObjects="Audit: Audit the access of global system objects"
FullPrivilegeAuditing="Audit: Audit the use of Backup and Restore privilege"
CrashOnAuditFail="Audit: Shut down system immediately if unable to log security audits"

;================================ Devices =============================================================================
AllocateDASD="Devices: Allowed to format and eject removable media"
AllocateDASD0="Administrators"
AllocateDASD1="Administrators and Power Users"
AllocateDASD2="Administrators and Interactive Users"
AddPrintDrivers="Devices: Prevent users from installing printer drivers"
AllocateCDRoms="Devices: Restrict CD-ROM access to locally logged-on user only"
AllocateFloppies="Devices: Restrict floppy access to locally logged-on user only"
DriverSigning="Devices: Unsigned driver installation behavior"
DriverSigning0="Silently succeed "
DriverSigning1="Warn but allow installation"
DriverSigning2="Do not allow installation"
UndockWithoutLogon="Devices: Allow undock without having to log on"

;================================ Domain controller ====================================================================
SubmitControl="Domain controller: Allow server operators to schedule tasks"
RefusePWChange="Domain controller: Refuse machine account password changes"
LDAPServerIntegrity = "Domain controller: LDAP server signing requirements"
LDAPServer1 = "None"
LDAPServer2 = "Require signing"

;================================ Domain member ========================================================================
DisablePWChange="Domain member: Disable machine account password changes"
MaximumPWAge="Domain member: Maximum machine account password age"
SignOrSeal="Domain member: Digitally encrypt or sign secure channel data (always)"
SealSecureChannel="Domain member: Digitally encrypt secure channel data (when possible)"
SignSecureChannel="Domain member: Digitally sign secure channel data (when possible)"
StrongKey="Domain member: Require strong (Windows 2000 or later) session key"

;================================ Interactive logon ====================================================================
DisableCAD = "Interactive logon: Do not require CTRL+ALT+DEL"
DontDisplayLastUserName = "Interactive logon: Do not display last user name"
LegalNoticeText = "Interactive logon: Message text for users attempting to log on"
LegalNoticeCaption = "Interactive logon: Message title for users attempting to log on"
CachedLogonsCount = "Interactive logon: Number of previous logons to cache (in case domain controller is not available)"
PasswordExpiryWarning = "Interactive logon: Prompt user to change password before expiration"
ForceUnlockLogon = "Interactive logon: Require Domain Controller authentication to unlock workstation"
ScForceOption = "Interactive logon: Require smart card"
ScRemove = "Interactive logon: Smart card removal behavior"
ScRemove0 = "No Action"
ScRemove1 = "Lock Workstation"
ScRemove2 = "Force Logoff"

;================================ Microsoft network client =============================================================
RequireSMBSignRdr="Microsoft network client: Digitally sign communications (always)"
EnableSMBSignRdr="Microsoft network client: Digitally sign communications (if server agrees)"
EnablePlainTextPassword="Microsoft network client: Send unencrypted password to third-party SMB servers"

;================================ Microsoft network server =============================================================
AutoDisconnect="Microsoft network server: Amount of idle time required before suspending session"
RequireSMBSignServer="Microsoft network server: Digitally sign communications (always)"
EnableSMBSignServer="Microsoft network server: Digitally sign communications (if client agrees)"
EnableForcedLogoff="Microsoft network server: Disconnect clients when logon hours expire"

;================================ Network access =======================================================================
;Specified in UI code - Network access: Allow anonymous SID/Name translation
DisableDomainCreds = "Network access: Do not allow storage of credentials or .NET Passports for network authentication"
RestrictAnonymousSAM = "Network access: Do not allow anonymous enumeration of SAM accounts"
RestrictAnonymous = "Network access: Do not allow anonymous enumeration of SAM accounts and shares"
EveryoneIncludesAnonymous = "Network access: Let Everyone permissions apply to anonymous users"
RestrictNullSessAccess = "Network access: Restrict anonymous access to Named Pipes and Shares"
NullPipes = "Network access: Named Pipes that can be accessed anonymously"
NullShares = "Network access: Shares that can be accessed anonymously"
AllowedPaths = "Network access: Remotely accessible registry paths and sub-paths"
AllowedExactPaths = "Network access: Remotely accessible registry paths"
ForceGuest = "Network access: Sharing and security model for local accounts"
Classic = "Classic - local users authenticate as themselves"
GuestBased = "Guest only - local users authenticate as Guest"

;================================ Network security =====================================================================
;Specified in UI code - Network security: Enforce logon hour restrictions
NoLMHash = "Network security: Do not store LAN Manager hash value on next password change"
LmCompatibilityLevel = "Network security: LAN Manager authentication level"
LMCLevel0 = "Send LM & NTLM responses"
LMCLevel1 = "Send LM & NTLM - use NTLMv2 session security if negotiated"
LMCLevel2 = "Send NTLM response only"
LMCLevel3 = "Send NTLMv2 response only"
LMCLevel4 = "Send NTLMv2 response only\refuse LM"
LMCLevel5 = "Send NTLMv2 response only\refuse LM & NTLM"
NTLMMinClientSec = "Network security: Minimum session security for NTLM SSP based (including secure RPC) clients"
NTLMMinServerSec = "Network security: Minimum session security for NTLM SSP based (including secure RPC) servers"
NTLMIntegrity = "Require message integrity"
NTLMConfidentiality = "Require message confidentiality"
NTLMv2Session = "Require NTLMv2 session security"
NTLM128 = "Require 128-bit encryption"
LDAPClientIntegrity = "Network security: LDAP client signing requirements"
LDAPClient0 = "None"
LDAPClient1 = "Negotiate signing"
LDAPClient2 = "Require signing"

;================================ Recovery console ====================================================================
RCAdmin="Recovery console: Allow automatic administrative logon"
RCSet="Recovery console: Allow floppy copy and access to all drives and all folders"

;================================ Shutdown ============================================================================
ShutdownWithoutLogon="Shutdown: Allow system to be shut down without having to log on"
ClearPageFileAtShutdown="Shutdown: Clear virtual memory pagefile"

ProtectionMode = "System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links)"
NoDefaultAdminOwner = "System objects: Default owner for objects created by members of the Administrators group"
DefaultOwner0 = "Administrators group"
DefaultOwner1 = "Object creator"
ObCaseInsensitive = "System objects: Require case insensitivity for non-Windows subsystems"

;================================ System cryptography =================================================================
FIPS="System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing"

ForceHighProtection="System cryptography: Force strong key protection for user keys stored on the computer"

CryptAllowNoUI="User input is not required when new keys are stored and used"
CryptAllowNoPass="User is prompted when the key is first used"
CryptUsePass="User must enter a password each time they use a key"


;================================ System Settings =====================================================================
AuthenticodeEnabled = "System settings: Use Certificate Rules on Windows Executables for Software Restriction Policies"
OptionalSubSystems = "System settings: Optional subsystems"


Unit-Logons="logons"
Unit-Days="days"
Unit-Minutes="minutes"
Unit-Seconds="seconds"