You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
172 lines
8.8 KiB
172 lines
8.8 KiB
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
[Strings]
|
|
|
|
;================================ Accounts ============================================================================
|
|
;Specified in UI code - Accounts: Administrator account status
|
|
;Specified in UI code - Accounts: Guest account status
|
|
;Specified in UI code - Accounts: Rename administrator account
|
|
;Specified in UI code - Accounts: Rename guest account
|
|
LimitBlankPasswordUse = "Accounts: Limit local account use of blank passwords to console logon only"
|
|
|
|
|
|
;================================ Audit ===============================================================================
|
|
AuditBaseObjects="Audit: Audit the access of global system objects"
|
|
FullPrivilegeAuditing="Audit: Audit the use of Backup and Restore privilege"
|
|
CrashOnAuditFail="Audit: Shut down system immediately if unable to log security audits"
|
|
|
|
;================================ Devices =============================================================================
|
|
AllocateDASD="Devices: Allowed to format and eject removable media"
|
|
AllocateDASD0="Administrators"
|
|
AllocateDASD1="Administrators and Power Users"
|
|
AllocateDASD2="Administrators and Interactive Users"
|
|
AddPrintDrivers="Devices: Prevent users from installing printer drivers"
|
|
AllocateCDRoms="Devices: Restrict CD-ROM access to locally logged-on user only"
|
|
AllocateFloppies="Devices: Restrict floppy access to locally logged-on user only"
|
|
DriverSigning="Devices: Unsigned driver installation behavior"
|
|
DriverSigning0="Silently succeed "
|
|
DriverSigning1="Warn but allow installation"
|
|
DriverSigning2="Do not allow installation"
|
|
UndockWithoutLogon="Devices: Allow undock without having to log on"
|
|
|
|
;================================ Domain controller ====================================================================
|
|
SubmitControl="Domain controller: Allow server operators to schedule tasks"
|
|
RefusePWChange="Domain controller: Refuse machine account password changes"
|
|
LDAPServerIntegrity = "Domain controller: LDAP server signing requirements"
|
|
LDAPServer1 = "None"
|
|
LDAPServer2 = "Require signing"
|
|
|
|
;================================ Domain member ========================================================================
|
|
DisablePWChange="Domain member: Disable machine account password changes"
|
|
MaximumPWAge="Domain member: Maximum machine account password age"
|
|
SignOrSeal="Domain member: Digitally encrypt or sign secure channel data (always)"
|
|
SealSecureChannel="Domain member: Digitally encrypt secure channel data (when possible)"
|
|
SignSecureChannel="Domain member: Digitally sign secure channel data (when possible)"
|
|
StrongKey="Domain member: Require strong (Windows 2000 or later) session key"
|
|
|
|
;================================ Interactive logon ====================================================================
|
|
DisableCAD = "Interactive logon: Do not require CTRL+ALT+DEL"
|
|
DontDisplayLastUserName = "Interactive logon: Do not display last user name"
|
|
LegalNoticeText = "Interactive logon: Message text for users attempting to log on"
|
|
LegalNoticeCaption = "Interactive logon: Message title for users attempting to log on"
|
|
CachedLogonsCount = "Interactive logon: Number of previous logons to cache (in case domain controller is not available)"
|
|
PasswordExpiryWarning = "Interactive logon: Prompt user to change password before expiration"
|
|
ForceUnlockLogon = "Interactive logon: Require Domain Controller authentication to unlock workstation"
|
|
ScForceOption = "Interactive logon: Require smart card"
|
|
ScRemove = "Interactive logon: Smart card removal behavior"
|
|
ScRemove0 = "No Action"
|
|
ScRemove1 = "Lock Workstation"
|
|
ScRemove2 = "Force Logoff"
|
|
|
|
;================================ Microsoft network client =============================================================
|
|
RequireSMBSignRdr="Microsoft network client: Digitally sign communications (always)"
|
|
EnableSMBSignRdr="Microsoft network client: Digitally sign communications (if server agrees)"
|
|
EnablePlainTextPassword="Microsoft network client: Send unencrypted password to third-party SMB servers"
|
|
|
|
;================================ Microsoft network server =============================================================
|
|
AutoDisconnect="Microsoft network server: Amount of idle time required before suspending session"
|
|
RequireSMBSignServer="Microsoft network server: Digitally sign communications (always)"
|
|
EnableSMBSignServer="Microsoft network server: Digitally sign communications (if client agrees)"
|
|
EnableForcedLogoff="Microsoft network server: Disconnect clients when logon hours expire"
|
|
|
|
;================================ Network access =======================================================================
|
|
;Specified in UI code - Network access: Allow anonymous SID/Name translation
|
|
DisableDomainCreds = "Network access: Do not allow storage of credentials or .NET Passports for network authentication"
|
|
RestrictAnonymousSAM = "Network access: Do not allow anonymous enumeration of SAM accounts"
|
|
RestrictAnonymous = "Network access: Do not allow anonymous enumeration of SAM accounts and shares"
|
|
EveryoneIncludesAnonymous = "Network access: Let Everyone permissions apply to anonymous users"
|
|
RestrictNullSessAccess = "Network access: Restrict anonymous access to Named Pipes and Shares"
|
|
NullPipes = "Network access: Named Pipes that can be accessed anonymously"
|
|
NullShares = "Network access: Shares that can be accessed anonymously"
|
|
AllowedPaths = "Network access: Remotely accessible registry paths and sub-paths"
|
|
AllowedExactPaths = "Network access: Remotely accessible registry paths"
|
|
ForceGuest = "Network access: Sharing and security model for local accounts"
|
|
Classic = "Classic - local users authenticate as themselves"
|
|
GuestBased = "Guest only - local users authenticate as Guest"
|
|
|
|
;================================ Network security =====================================================================
|
|
;Specified in UI code - Network security: Enforce logon hour restrictions
|
|
NoLMHash = "Network security: Do not store LAN Manager hash value on next password change"
|
|
LmCompatibilityLevel = "Network security: LAN Manager authentication level"
|
|
LMCLevel0 = "Send LM & NTLM responses"
|
|
LMCLevel1 = "Send LM & NTLM - use NTLMv2 session security if negotiated"
|
|
LMCLevel2 = "Send NTLM response only"
|
|
LMCLevel3 = "Send NTLMv2 response only"
|
|
LMCLevel4 = "Send NTLMv2 response only\refuse LM"
|
|
LMCLevel5 = "Send NTLMv2 response only\refuse LM & NTLM"
|
|
NTLMMinClientSec = "Network security: Minimum session security for NTLM SSP based (including secure RPC) clients"
|
|
NTLMMinServerSec = "Network security: Minimum session security for NTLM SSP based (including secure RPC) servers"
|
|
NTLMIntegrity = "Require message integrity"
|
|
NTLMConfidentiality = "Require message confidentiality"
|
|
NTLMv2Session = "Require NTLMv2 session security"
|
|
NTLM128 = "Require 128-bit encryption"
|
|
LDAPClientIntegrity = "Network security: LDAP client signing requirements"
|
|
LDAPClient0 = "None"
|
|
LDAPClient1 = "Negotiate signing"
|
|
LDAPClient2 = "Require signing"
|
|
|
|
;================================ Recovery console ====================================================================
|
|
RCAdmin="Recovery console: Allow automatic administrative logon"
|
|
RCSet="Recovery console: Allow floppy copy and access to all drives and all folders"
|
|
|
|
;================================ Shutdown ============================================================================
|
|
ShutdownWithoutLogon="Shutdown: Allow system to be shut down without having to log on"
|
|
ClearPageFileAtShutdown="Shutdown: Clear virtual memory pagefile"
|
|
|
|
ProtectionMode = "System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links)"
|
|
NoDefaultAdminOwner = "System objects: Default owner for objects created by members of the Administrators group"
|
|
DefaultOwner0 = "Administrators group"
|
|
DefaultOwner1 = "Object creator"
|
|
ObCaseInsensitive = "System objects: Require case insensitivity for non-Windows subsystems"
|
|
|
|
;================================ System cryptography =================================================================
|
|
FIPS="System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing"
|
|
|
|
ForceHighProtection="System cryptography: Force strong key protection for user keys stored on the computer"
|
|
|
|
CryptAllowNoUI="User input is not required when new keys are stored and used"
|
|
CryptAllowNoPass="User is prompted when the key is first used"
|
|
CryptUsePass="User must enter a password each time they use a key"
|
|
|
|
|
|
;================================ System Settings =====================================================================
|
|
AuthenticodeEnabled = "System settings: Use Certificate Rules on Windows Executables for Software Restriction Policies"
|
|
OptionalSubSystems = "System settings: Optional subsystems"
|
|
|
|
|
|
Unit-Logons="logons"
|
|
Unit-Days="days"
|
|
Unit-Minutes="minutes"
|
|
Unit-Seconds="seconds"
|