# OSSEC Linux Audit - (C) 2018 OSSEC Project Atomicorp
#
# Released under the same license as OSSEC.
# More details at the LICENSE file included with OSSEC or online
# at: https://github.com/ossec/ossec-hids/blob/master/LICENSE
#
#
#2.3.1.4 Ensure 'Accounts: Limit local account use of blank passwords to console logon only' is set to 'Enabled'  
[CIS - Microsoft Windows 12 - 2.3.1.4 Ensure 'Accounts: Limit local account use of blank passwords to console logon only' is set to 'Enabled'] [any] [https://www.atomicorp.com]
r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa -> LimitBlankPasswordUse -> 0;
r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa -> !LimitBlankPasswordUse;
#
#
#2.3.2.1 Ensure 'Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings' is set to 'Enabled'  
[CIS - Microsoft Windows 12 - 2.3.2.1 Ensure 'Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings' is set to 'Enabled'] [any] [https://www.atomicorp.com]
r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa -> SCENoApplyLegacyAuditPolicy -> 0;
r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa -> !SCENoApplyLegacyAuditPolicy;
#
#
#2.3.2.2 Ensure 'Audit: Shut down system immediately if unable to log security audits' is set to 'Disabled'  
[CIS - Microsoft Windows 12 - 2.3.2.2 Ensure 'Audit: Shut down system immediately if unable to log security audits' is set to 'Disabled'] [any] [https://www.atomicorp.com]
r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa -> CrashOnAuditFail -> 1;
r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa -> !CrashOnAuditFail;
#
#
#2.3.4.2 Ensure 'Devices: Prevent users from installing printer drivers' is set to 'Enabled'  
[CIS - Microsoft Windows 12 - 2.3.4.2 Ensure 'Devices: Prevent users from installing printer drivers' is set to 'Enabled'] [any] [https://www.atomicorp.com]
r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Providers\LanManPrintServices\Servers -> AddPrinterDrivers -> 0;
r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Providers\LanManPrintServices\Servers -> !AddPrinterDrivers;
#
#
#2.3.6.1 Ensure 'Domain member: Digitally encrypt or sign secure channel data (always)' is set to 'Enabled'  
[CIS - Microsoft Windows 12 - 2.3.6.1 Ensure 'Domain member: Digitally encrypt or sign secure channel data (always)' is set to 'Enabled'] [any] [https://www.atomicorp.com]
r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters -> RequireSignOrSeal -> 0;
r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters -> !RequireSignOrSeal;
#
#
#2.3.6.2 Ensure 'Domain member: Digitally encrypt secure channel data (when possible)' is set to 'Enabled'  
[CIS - Microsoft Windows 12 - 2.3.6.2 Ensure 'Domain member: Digitally encrypt secure channel data (when possible)' is set to 'Enabled'] [any] [https://www.atomicorp.com]
r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters -> SealSecureChannel -> 0;
r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters -> !SealSecureChannel;
#
#
#2.3.6.3 Ensure 'Domain member: Digitally sign secure channel data (when possible)' is set to 'Enabled'  
[CIS - Microsoft Windows 12 - 2.3.6.3 Ensure 'Domain member: Digitally sign secure channel data (when possible)' is set to 'Enabled'] [any] [https://www.atomicorp.com]
r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters -> SignSecureChannel -> 0;
r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters -> !SignSecureChannel;
#
#
#2.3.6.4 Ensure 'Domain member: Disable machine account password changes' is set to 'Disabled'  
[CIS - Microsoft Windows 12 - 2.3.6.4 Ensure 'Domain member: Disable machine account password changes' is set to 'Disabled'] [any] [https://www.atomicorp.com]
r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters -> DisablePasswordChange -> 1;
r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters -> !DisablePasswordChange;
#
#
#2.3.6.6 Ensure 'Domain member: Require strong (Windows 2000 or later) session key' is set to 'Enabled'  
[CIS - Microsoft Windows 12 - 2.3.6.6 Ensure 'Domain member: Require strong (Windows 2000 or later) session key' is set to 'Enabled'] [any] [https://www.atomicorp.com]
r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters -> RequireStrongKey -> 0;
r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters -> !RequireStrongKey;
#
#
#2.3.7.1 Ensure 'Interactive logon: Do not display last user name' is set to 'Enabled'  
[CIS - Microsoft Windows 12 - 2.3.7.1 Ensure 'Interactive logon: Do not display last user name' is set to 'Enabled'] [any] [https://www.atomicorp.com]
r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> DontDisplayLastUserName -> 0;
r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> !DontDisplayLastUserName;
#
#
#2.3.7.2 Ensure 'Interactive logon: Do not require CTRL+ALT+DEL' is set to 'Disabled'  
[CIS - Microsoft Windows 12 - 2.3.7.2 Ensure 'Interactive logon: Do not require CTRL+ALT+DEL' is set to 'Disabled'] [any] [https://www.atomicorp.com]
r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> DisableCAD -> 1;
r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> !DisableCAD;
#
#
#2.3.7.8 Ensure 'Interactive logon: Require Domain Controller Authentication to unlock workstation' is set to 'Enabled'    
[CIS - Microsoft Windows 12 - 2.3.7.8 Ensure 'Interactive logon: Require Domain Controller Authentication to unlock workstation' is set to 'Enabled'] [any] [https://www.atomicorp.com]
r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon -> ForceUnlockLogon -> 0;
r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon -> !ForceUnlockLogon;
#
#
#2.3.8.1 Ensure 'Microsoft network client: Digitally sign communications (always)' is set to 'Enabled'  
[CIS - Microsoft Windows 12 - 2.3.8.1 Ensure 'Microsoft network client: Digitally sign communications (always)' is set to 'Enabled'] [any] [https://www.atomicorp.com]
r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters -> RequireSecuritySignature -> 0;
r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters -> !RequireSecuritySignature;
#
#
#2.3.8.2 Ensure 'Microsoft network client: Digitally sign communications (if server agrees)' is set to 'Enabled'  
[CIS - Microsoft Windows 12 - 2.3.8.2 Ensure 'Microsoft network client: Digitally sign communications (if server agrees)' is set to 'Enabled'] [any] [https://www.atomicorp.com]
r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters -> EnableSecuritySignature -> 0;
r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters -> !EnableSecuritySignature;
#
#
#2.3.8.3 Ensure 'Microsoft network client: Send unencrypted password to third-party SMB servers' is set to 'Disabled'  
[CIS - Microsoft Windows 12 - 2.3.8.3 Ensure 'Microsoft network client: Send unencrypted password to third-party SMB servers' is set to 'Disabled'] [any] [https://www.atomicorp.com]
r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters -> EnablePlainTextPassword -> 1;
r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters -> !EnablePlainTextPassword;
#
#
#2.3.9.2 Ensure 'Microsoft network server: Digitally sign communications (always)' is set to 'Enabled'  
[CIS - Microsoft Windows 12 - 2.3.9.2 Ensure 'Microsoft network server: Digitally sign communications (always)' is set to 'Enabled'] [any] [https://www.atomicorp.com]
r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanManServer\Parameters -> RequireSecuritySignature -> 0;
r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanManServer\Parameters -> !RequireSecuritySignature;
#
#
#2.3.9.3 Ensure 'Microsoft network server: Digitally sign communications (if client agrees)' is set to 'Enabled'  
[CIS - Microsoft Windows 12 - 2.3.9.3 Ensure 'Microsoft network server: Digitally sign communications (if client agrees)' is set to 'Enabled'] [any] [https://www.atomicorp.com]
r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanManServer\Parameters -> EnableSecuritySignature -> 0;
r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanManServer\Parameters -> !EnableSecuritySignature;
#
#
#2.3.9.4 Ensure 'Microsoft network server: Disconnect clients when logon hours expire' is set to 'Enabled'  
[CIS - Microsoft Windows 12 - 2.3.9.4 Ensure 'Microsoft network server: Disconnect clients when logon hours expire' is set to 'Enabled'] [any] [https://www.atomicorp.com]
r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanManServer\Parameters -> enableforcedlogoff -> 0;
r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanManServer\Parameters -> !enableforcedlogoff;
#
#
#2.3.10.2 Ensure 'Network access: Do not allow anonymous enumeration of SAM accounts' is set to 'Enabled'    
[CIS - Microsoft Windows 12 - 2.3.10.2 Ensure 'Network access: Do not allow anonymous enumeration of SAM accounts' is set to 'Enabled'] [any] [https://www.atomicorp.com]
r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa -> RestrictAnonymousSAM -> 0;
r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa -> !RestrictAnonymousSAM;
#
#
#2.3.10.3 Ensure 'Network access: Do not allow anonymous enumeration of SAM accounts and shares' is set to 'Enabled'    
[CIS - Microsoft Windows 12 - 2.3.10.3 Ensure 'Network access: Do not allow anonymous enumeration of SAM accounts and shares' is set to 'Enabled'] [any] [https://www.atomicorp.com]
r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa -> RestrictAnonymous -> 0;
r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa -> !RestrictAnonymous;
#
#
#2.3.10.5 Ensure 'Network access: Let Everyone permissions apply to anonymous users' is set to 'Disabled'  
[CIS - Microsoft Windows 12 - 2.3.10.5 Ensure 'Network access: Let Everyone permissions apply to anonymous users' is set to 'Disabled'] [any] [https://www.atomicorp.com]
r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa -> EveryoneIncludesAnonymous -> 1;
r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa -> !EveryoneIncludesAnonymous;
#
#
#2.3.10.9 Ensure 'Network access: Restrict anonymous access to Named Pipes and Shares' is set to 'Enabled'  
[CIS - Microsoft Windows 12 - 2.3.10.9 Ensure 'Network access: Restrict anonymous access to Named Pipes and Shares' is set to 'Enabled'] [any] [https://www.atomicorp.com]
r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanManServer\Parameters -> RestrictNullSessAccess -> 0;
r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanManServer\Parameters -> !RestrictNullSessAccess;
#
#
#2.3.11.1 Ensure 'Network security: Allow Local System to use computer identity for NTLM' is set to 'Enabled'  
[CIS - Microsoft Windows 12 - 2.3.11.1 Ensure 'Network security: Allow Local System to use computer identity for NTLM' is set to 'Enabled'] [any] [https://www.atomicorp.com]
r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa -> UseMachineId -> 0;
r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa -> !UseMachineId;
#
#
#2.3.11.2 Ensure 'Network security: Allow LocalSystem NULL session fallback' is set to 'Disabled'  
[CIS - Microsoft Windows 12 - 2.3.11.2 Ensure 'Network security: Allow LocalSystem NULL session fallback' is set to 'Disabled'] [any] [https://www.atomicorp.com]
r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0 -> AllowNullSessionFallback -> 1;
r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0 -> !AllowNullSessionFallback;
#
#
#2.3.11.3 Ensure 'Network Security: Allow PKU2U authentication requests to this computer to use online identities' is set to 'Disabled'  
[CIS - Microsoft Windows 12 - 2.3.11.3 Ensure 'Network Security: Allow PKU2U authentication requests to this computer to use online identities' is set to 'Disabled'] [any] [https://www.atomicorp.com]
r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\pku2u -> AllowOnlineID -> 1;
r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\pku2u -> !AllowOnlineID;
#
#
#2.3.11.5 Ensure 'Network security: Do not store LAN Manager hash value on next password change' is set to 'Enabled'  
[CIS - Microsoft Windows 12 - 2.3.11.5 Ensure 'Network security: Do not store LAN Manager hash value on next password change' is set to 'Enabled'] [any] [https://www.atomicorp.com]
r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa -> NoLMHash -> 0;
r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa -> !NoLMHash;
#
#
#2.3.13.1 Ensure 'Shutdown: Allow system to be shut down without having to log on' is set to 'Disabled'  
[CIS - Microsoft Windows 12 - 2.3.13.1 Ensure 'Shutdown: Allow system to be shut down without having to log on' is set to 'Disabled'] [any] [https://www.atomicorp.com]
r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> ShutdownWithoutLogon -> 1;
r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> !ShutdownWithoutLogon;
#
#
#2.3.15.1 Ensure 'System objects: Require case insensitivity for non-Windows subsystems' is set to 'Enabled'  
[CIS - Microsoft Windows 12 - 2.3.15.1 Ensure 'System objects: Require case insensitivity for non-Windows subsystems' is set to 'Enabled'] [any] [https://www.atomicorp.com]
r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SessionManager\Kernel -> ObCaseInsensitive -> 0;
r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SessionManager\Kernel -> !ObCaseInsensitive;
#
#
#2.3.15.2 Ensure 'System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links)' is set to 'Enabled'  
[CIS - Microsoft Windows 12 - 2.3.15.2 Ensure 'System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links)' is set to 'Enabled'] [any] [https://www.atomicorp.com]
r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SessionManager -> ProtectionMode -> 0;
r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SessionManager -> !ProtectionMode;
#
#
#2.3.17.1 Ensure 'User Account Control: Admin Approval Mode for the Built-in Administrator account' is set to 'Enabled'  
[CIS - Microsoft Windows 12 - 2.3.17.1 Ensure 'User Account Control: Admin Approval Mode for the Built-in Administrator account' is set to 'Enabled'] [any] [https://www.atomicorp.com]
r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> FilterAdministratorToken -> 0;
r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> !FilterAdministratorToken;
#
#
#2.3.17.2 Ensure 'User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop' is set to 'Disabled'  
[CIS - Microsoft Windows 12 - 2.3.17.2 Ensure 'User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop' is set to 'Disabled'] [any] [https://www.atomicorp.com]
r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> EnableUIADesktopToggle -> 1;
r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> !EnableUIADesktopToggle;
#
#
#2.3.17.5 Ensure 'User Account Control: Detect application installations and prompt for elevation' is set to 'Enabled'  
[CIS - Microsoft Windows 12 - 2.3.17.5 Ensure 'User Account Control: Detect application installations and prompt for elevation' is set to 'Enabled'] [any] [https://www.atomicorp.com]
r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> EnableInstallerDetection -> 0;
r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> !EnableInstallerDetection;
#
#
#2.3.17.6 Ensure 'User Account Control: Only elevate UIAccess applications that are installed in secure locations' is set to 'Enabled'  
[CIS - Microsoft Windows 12 - 2.3.17.6 Ensure 'User Account Control: Only elevate UIAccess applications that are installed in secure locations' is set to 'Enabled'] [any] [https://www.atomicorp.com]
r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> EnableSecureUIAPaths -> 0;
r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> !EnableSecureUIAPaths;
#
#
#2.3.17.7 Ensure 'User Account Control: Run all administrators in Admin Approval Mode' is set to 'Enabled'  
[CIS - Microsoft Windows 12 - 2.3.17.7 Ensure 'User Account Control: Run all administrators in Admin Approval Mode' is set to 'Enabled'] [any] [https://www.atomicorp.com]
r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> EnableLUA -> 0;
r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> !EnableLUA;
#
#
#2.3.17.8 Ensure 'User Account Control: Switch to the secure desktop when prompting for elevation' is set to 'Enabled'  
[CIS - Microsoft Windows 12 - 2.3.17.8 Ensure 'User Account Control: Switch to the secure desktop when prompting for elevation' is set to 'Enabled'] [any] [https://www.atomicorp.com]
r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> PromptOnSecureDesktop -> 0;
r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> !PromptOnSecureDesktop;
#
#
#2.3.17.9 Ensure 'User Account Control: Virtualize file and registry write failures to per-user locations' is set to 'Enabled'  
[CIS - Microsoft Windows 12 - 2.3.17.9 Ensure 'User Account Control: Virtualize file and registry write failures to per-user locations' is set to 'Enabled'] [any] [https://www.atomicorp.com]
r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> EnableVirtualization -> 0;
r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> !EnableVirtualization;
#
#
#18.2.2 Ensure 'Do not allow password expiration time longer than required by policy' is set to 'Enabled'    
[CIS - Microsoft Windows 12 - 18.2.2 Ensure 'Do not allow password expiration time longer than required by policy' is set to 'Enabled'] [any] [https://www.atomicorp.com]
r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\MicrosoftServices\AdmPwd -> PwdExpirationProtectionEnabled -> 0;
r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\MicrosoftServices\AdmPwd -> !PwdExpirationProtectionEnabled;
#
#
#18.2.3 Ensure 'Enable Local Admin Password Management' is set to 'Enabled'    
[CIS - Microsoft Windows 12 - 18.2.3 Ensure 'Enable Local Admin Password Management' is set to 'Enabled'] [any] [https://www.atomicorp.com]
r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\MicrosoftServices\AdmPwd -> AdmPwdEnabled -> 0;
r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\MicrosoftServices\AdmPwd -> !AdmPwdEnabled;
#
#
#18.2.4 Ensure 'Password Settings: Password Complexity' is set to 'Enabled: Large letters + small letters + numbers + special characters'    
[CIS - Microsoft Windows 12 - 18.2.4 Ensure 'Password Settings: Password Complexity' is set to 'Enabled: Large letters + small letters + numbers + special characters'] [any] [https://www.atomicorp.com]
r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\MicrosoftServices\AdmPwd -> PasswordComplexity -> 0;
r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\MicrosoftServices\AdmPwd -> !PasswordComplexity;
#
#
#18.2.5 Ensure 'Password Settings: Password Length' is set to 'Enabled: 15 or more'    
[CIS - Microsoft Windows 12 - 18.2.5 Ensure 'Password Settings: Password Length' is set to 'Enabled: 15 or more'] [any] [https://www.atomicorp.com]
r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\MicrosoftServices\AdmPwd -> PasswordLength -> 0;
r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\MicrosoftServices\AdmPwd -> !PasswordLength;
#
#
#18.2.6 Ensure 'Password Settings: Password Age (Days)' is set to 'Enabled: 30 or fewer'    
[CIS - Microsoft Windows 12 - 18.2.6 Ensure 'Password Settings: Password Age (Days)' is set to 'Enabled: 30 or fewer'] [any] [https://www.atomicorp.com]
r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\MicrosoftServices\AdmPwd -> PasswordAgeDays -> 0;
r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\MicrosoftServices\AdmPwd -> !PasswordAgeDays;
#
#
#18.3.1 Ensure 'Apply UAC restrictions to local accounts on network logons' is set to 'Enabled'    
[CIS - Microsoft Windows 12 - 18.3.1 Ensure 'Apply UAC restrictions to local accounts on network logons' is set to 'Enabled'] [any] [https://www.atomicorp.com]
r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> LocalAccountTokenFilterPolicy -> 0;
r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> !LocalAccountTokenFilterPolicy;
#
#
#18.3.2 Ensure 'Configure SMB v1 client' is set to 'Enabled: Bowser, MRxSmb20, NSI'  
[CIS - Microsoft Windows 12 - 18.3.2 Ensure 'Configure SMB v1 client' is set to 'Enabled: Bowser, MRxSmb20, NSI'] [any] [https://www.atomicorp.com]
r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation -> DependOnService -> 0;
r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation -> !DependOnService;
#
#
#18.3.3 Ensure 'Configure SMB v1 client driver' is set to 'Enabled: Disable driver'  
[CIS - Microsoft Windows 12 - 18.3.3 Ensure 'Configure SMB v1 client driver' is set to 'Enabled: Disable driver'] [any] [https://www.atomicorp.com]
r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mrxsmb10 -> Start -> 0;
r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mrxsmb10 -> !Start;
#
#
#18.3.4 Ensure 'Configure SMB v1 server' is set to 'Disabled'  
[CIS - Microsoft Windows 12 - 18.3.4 Ensure 'Configure SMB v1 server' is set to 'Disabled'] [any] [https://www.atomicorp.com]
r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters -> SMB1 -> 1;
r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters -> !SMB1;
#
#
#18.3.5 Ensure 'Enable Structured Exception Handling Overwrite Protection (SEHOP)' is set to 'Enabled'  
[CIS - Microsoft Windows 12 - 18.3.5 Ensure 'Enable Structured Exception Handling Overwrite Protection (SEHOP)' is set to 'Enabled'] [any] [https://www.atomicorp.com]
r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SessionManager\kernel -> DisableExceptionChainValidation -> 0;
r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SessionManager\kernel -> !DisableExceptionChainValidation;
#
#
#18.3.6 Ensure 'WDigest Authentication' is set to 'Disabled'  
[CIS - Microsoft Windows 12 - 18.3.6 Ensure 'WDigest Authentication' is set to 'Disabled'] [any] [https://www.atomicorp.com]
r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\WDigest -> UseLogonCredential -> 1;
r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\WDigest -> !UseLogonCredential;
#
#
#18.4.1 Ensure 'MSS: (AutoAdminLogon) Enable Automatic Logon (not recommended)' is set to 'Disabled'  
[CIS - Microsoft Windows 12 - 18.4.1 Ensure 'MSS: (AutoAdminLogon) Enable Automatic Logon (not recommended)' is set to 'Disabled'] [any] [https://www.atomicorp.com]
r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon -> AutoAdminLogon -> 1;
r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon -> !AutoAdminLogon;
#
#
#18.4.2 Ensure 'MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing)' is set to 'Enabled: Highest protection, source routing is completely disabled'  
[CIS - Microsoft Windows 12 - 18.4.2 Ensure 'MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing)' is set to 'Enabled: Highest protection, source routing is completely disabled'] [any] [https://www.atomicorp.com]
r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters -> DisableIPSourceRouting -> 0;
r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters -> !DisableIPSourceRouting;
#
#
#18.4.3 Ensure 'MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing)' is set to 'Enabled: Highest protection, source routing is completely disabled'  
[CIS - Microsoft Windows 12 - 18.4.3 Ensure 'MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing)' is set to 'Enabled: Highest protection, source routing is completely disabled'] [any] [https://www.atomicorp.com]
r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters -> DisableIPSourceRouting -> 0;
r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters -> !DisableIPSourceRouting;
#
#
#18.4.4 Ensure 'MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes' is set to 'Disabled'  
[CIS - Microsoft Windows 12 - 18.4.4 Ensure 'MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes' is set to 'Disabled'] [any] [https://www.atomicorp.com]
r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters -> EnableICMPRedirect -> 1;
r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters -> !EnableICMPRedirect;
#
#
#18.4.6 Ensure 'MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers' is set to 'Enabled'  
[CIS - Microsoft Windows 12 - 18.4.6 Ensure 'MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers' is set to 'Enabled'] [any] [https://www.atomicorp.com]
r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters -> NoNameReleaseOnDemand -> 0;
r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters -> !NoNameReleaseOnDemand;
#
#
#18.4.8 Ensure 'MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended)' is set to 'Enabled'  
[CIS - Microsoft Windows 12 - 18.4.8 Ensure 'MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended)' is set to 'Enabled'] [any] [https://www.atomicorp.com]
r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SessionManager -> SafeDllSearchMode -> 0;
r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SessionManager -> !SafeDllSearchMode;
#
#
#18.4.9 Ensure 'MSS: (ScreenSaverGracePeriod) The time in seconds before the screen saver grace period expires (0 recommended)' is set to 'Enabled: 5 or fewer seconds'  
[CIS - Microsoft Windows 12 - 18.4.9 Ensure 'MSS: (ScreenSaverGracePeriod) The time in seconds before the screen saver grace period expires (0 recommended)' is set to 'Enabled: 5 or fewer seconds'] [any] [https://www.atomicorp.com]
r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon -> ScreenSaverGracePeriod -> 0;
r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon -> !ScreenSaverGracePeriod;
#
#
#18.4.12 Ensure 'MSS: (WarningLevel) Percentage threshold for the security event log at which the system will generate a warning' is set to 'Enabled: 90% or less'  
[CIS - Microsoft Windows 12 - 18.4.12 Ensure 'MSS: (WarningLevel) Percentage threshold for the security event log at which the system will generate a warning' is set to 'Enabled: 90% or less'] [any] [https://www.atomicorp.com]
r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security -> WarningLevel -> 0;
r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security -> !WarningLevel;
#
#
#18.5.4.2 Ensure 'Turn off multicast name resolution' is set to 'Enabled' (MS Only)  
[CIS - Microsoft Windows 12 - 18.5.4.2 Ensure 'Turn off multicast name resolution' is set to 'Enabled' (MS Only)] [any] [https://www.atomicorp.com]
r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsNT\DNSClient -> EnableMulticast -> 0;
r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsNT\DNSClient -> !EnableMulticast;
#
#
#18.5.11.2 Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled'  
[CIS - Microsoft Windows 12 - 18.5.11.2 Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled'] [any] [https://www.atomicorp.com]
r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\NetworkConnections -> NC_AllowNetBridge_NLA -> 0;
r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\NetworkConnections -> !NC_AllowNetBridge_NLA;
#
#
#18.5.11.3 Ensure 'Require domain users to elevate when setting a network's location' is set to 'Enabled'  
[CIS - Microsoft Windows 12 - 18.5.11.3 Ensure 'Require domain users to elevate when setting a network's location' is set to 'Enabled'] [any] [https://www.atomicorp.com]
r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\NetworkConnections -> NC_StdDomainUserSetLocation -> 0;
r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\NetworkConnections -> !NC_StdDomainUserSetLocation;
#
#
#18.5.21.1 Ensure 'Minimize the number of simultaneous connections to the Internet or a Windows Domain' is set to 'Enabled'  
[CIS - Microsoft Windows 12 - 18.5.21.1 Ensure 'Minimize the number of simultaneous connections to the Internet or a Windows Domain' is set to 'Enabled'] [any] [https://www.atomicorp.com]
r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WcmSvc\GroupPolicy -> fMinimizeConnections -> 0;
r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WcmSvc\GroupPolicy -> !fMinimizeConnections;
#
#
#18.8.3.1 Ensure 'Include command line in process creation events' is set to 'Disabled'  
[CIS - Microsoft Windows 12 - 18.8.3.1 Ensure 'Include command line in process creation events' is set to 'Disabled'] [any] [https://www.atomicorp.com]
r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\Audit -> ProcessCreationIncludeCmdLine_Enabled -> 1;
r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\Audit -> !ProcessCreationIncludeCmdLine_Enabled;
#
#
#18.8.14.1 Ensure 'Boot-Start Driver Initialization Policy' is set to 'Enabled: Good, unknown and bad but critical'  
[CIS - Microsoft Windows 12 - 18.8.14.1 Ensure 'Boot-Start Driver Initialization Policy' is set to 'Enabled: Good, unknown and bad but critical'] [any] [https://www.atomicorp.com]
r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Policies\EarlyLaunch -> DriverLoadPolicy -> 0;
r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Policies\EarlyLaunch -> !DriverLoadPolicy;
#
#
#18.8.21.2 Ensure 'Configure registry policy processing: Do not apply during periodic background processing' is set to 'Enabled: FALSE'  
[CIS - Microsoft Windows 12 - 18.8.21.2 Ensure 'Configure registry policy processing: Do not apply during periodic background processing' is set to 'Enabled: FALSE'] [any] [https://www.atomicorp.com]
r: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}\NoBackgroundPolicy -> 0;
r: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}\NoBackgroundPolicy -> !DriverLoadPolicy;
#
#
#18.8.21.3 Ensure 'Configure registry policy processing: Process even if the Group Policy objects have not changed' is set to 'Enabled: TRUE'  
[CIS - Microsoft Windows 12 - 18.8.21.3 Ensure 'Configure registry policy processing: Process even if the Group Policy objects have not changed' is set to 'Enabled: TRUE'] [any] [https://www.atomicorp.com]
r: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}\NoGPOListChanges -> 0;
r: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}\NoGPOListChanges -> !DriverLoadPolicy;
#
#
#18.8.22.1.1 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled'  
[CIS - Microsoft Windows 12 - 18.8.22.1.1 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled'] [any] [https://www.atomicorp.com]
r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsNT\Printers -> DisableWebPnPDownload -> 0;
r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsNT\Printers -> !DisableWebPnPDownload;
#
#
#18.8.22.1.5 Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'  
[CIS - Microsoft Windows 12 - 18.8.22.1.5 Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'] [any] [https://www.atomicorp.com]
r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoWebServices -> 0;
r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoWebServices;
#
#
#18.8.22.1.6 Ensure 'Turn off printing over HTTP' is set to 'Enabled'  
[CIS - Microsoft Windows 12 - 18.8.22.1.6 Ensure 'Turn off printing over HTTP' is set to 'Enabled'] [any] [https://www.atomicorp.com]
r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsNT\Printers -> DisableHTTPPrinting -> 0;
r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsNT\Printers -> !DisableHTTPPrinting;
#
#
#18.8.27.1 Ensure 'Do not display network selection UI' is set to 'Enabled'  
[CIS - Microsoft Windows 12 - 18.8.27.1 Ensure 'Do not display network selection UI' is set to 'Enabled'] [any] [https://www.atomicorp.com]
r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System -> DontDisplayNetworkSelectionUI -> 0;
r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System -> !DontDisplayNetworkSelectionUI;
#
#
#18.8.27.2 Ensure 'Do not enumerate connected users on domain-joined computers' is set to 'Enabled'  
[CIS - Microsoft Windows 12 - 18.8.27.2 Ensure 'Do not enumerate connected users on domain-joined computers' is set to 'Enabled'] [any] [https://www.atomicorp.com]
r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System -> DontEnumerateConnectedUsers -> 0;
r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System -> !DontEnumerateConnectedUsers;
#
#
#18.8.27.3 Ensure 'Enumerate local users on domain-joined computers' is set to 'Disabled'    
[CIS - Microsoft Windows 12 - 18.8.27.3 Ensure 'Enumerate local users on domain-joined computers' is set to 'Disabled'] [any] [https://www.atomicorp.com]
r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System -> EnumerateLocalUsers -> 1;
r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System -> !EnumerateLocalUsers;
#
#
#18.8.27.4 Ensure 'Turn off app notifications on the lock screen' is set to 'Enabled'  
[CIS - Microsoft Windows 12 - 18.8.27.4 Ensure 'Turn off app notifications on the lock screen' is set to 'Enabled'] [any] [https://www.atomicorp.com]
r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System -> DisableLockScreenAppNotifications -> 0;
r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System -> !DisableLockScreenAppNotifications;
#
#
#18.8.27.5 Ensure 'Turn off picture password sign-in' is set to 'Enabled'  
[CIS - Microsoft Windows 12 - 18.8.27.5 Ensure 'Turn off picture password sign-in' is set to 'Enabled'] [any] [https://www.atomicorp.com]
r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System -> BlockDomainPicturePassword -> 0;
r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System -> !BlockDomainPicturePassword;
#
#
#18.8.27.6 Ensure 'Turn on convenience PIN sign-in' is set to 'Disabled'  
[CIS - Microsoft Windows 12 - 18.8.27.6 Ensure 'Turn on convenience PIN sign-in' is set to 'Disabled'] [any] [https://www.atomicorp.com]
r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System -> AllowDomainPINLogon -> 1;
r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System -> !AllowDomainPINLogon;
#
#
#18.8.33.6.1 Ensure 'Require a password when a computer wakes (on battery)' is set to 'Enabled'  
[CIS - Microsoft Windows 12 - 18.8.33.6.1 Ensure 'Require a password when a computer wakes (on battery)' is set to 'Enabled'] [any] [https://www.atomicorp.com]
r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Power\PowerSettings\0e796bdb-100d-47d6-a2d5-f7d2daa51f51 -> DCSettingIndex -> 0;
r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Power\PowerSettings\0e796bdb-100d-47d6-a2d5-f7d2daa51f51 -> !DCSettingIndex;
#
#
#18.8.33.6.2 Ensure 'Require a password when a computer wakes (plugged in)' is set to 'Enabled'  
[CIS - Microsoft Windows 12 - 18.8.33.6.2 Ensure 'Require a password when a computer wakes (plugged in)' is set to 'Enabled'] [any] [https://www.atomicorp.com]
r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Power\PowerSettings\0e796bdb-100d-47d6-a2d5-f7d2daa51f51 -> ACSettingIndex -> 0;
r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Power\PowerSettings\0e796bdb-100d-47d6-a2d5-f7d2daa51f51 -> !ACSettingIndex;
#
#
#18.8.35.1 Ensure 'Configure Offer Remote Assistance' is set to 'Disabled'  
[CIS - Microsoft Windows 12 - 18.8.35.1 Ensure 'Configure Offer Remote Assistance' is set to 'Disabled'] [any] [https://www.atomicorp.com]
r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsNT\TerminalServices -> fAllowUnsolicited -> 1;
r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsNT\TerminalServices -> !fAllowUnsolicited;
#
#
#18.8.35.2 Ensure 'Configure Solicited Remote Assistance' is set to 'Disabled'  
[CIS - Microsoft Windows 12 - 18.8.35.2 Ensure 'Configure Solicited Remote Assistance' is set to 'Disabled'] [any] [https://www.atomicorp.com]
r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsNT\TerminalServices -> fAllowToGetHelp -> 1;
r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsNT\TerminalServices -> !fAllowToGetHelp;
#
#
#18.8.36.1 Ensure 'Enable RPC Endpoint Mapper Client Authentication' is set to 'Enabled'    
[CIS - Microsoft Windows 12 - 18.8.36.1 Ensure 'Enable RPC Endpoint Mapper Client Authentication' is set to 'Enabled'] [any] [https://www.atomicorp.com]
r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsNT\Rpc -> EnableAuthEpResolution -> 0;
r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsNT\Rpc -> !EnableAuthEpResolution;
#
#
#18.9.8.1 Ensure 'Disallow Autoplay for non-volume devices' is set to 'Enabled'  
[CIS - Microsoft Windows 12 - 18.9.8.1 Ensure 'Disallow Autoplay for non-volume devices' is set to 'Enabled'] [any] [https://www.atomicorp.com]
r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> NoAutoplayfornonVolume -> 0;
r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> !NoAutoplayfornonVolume;
#
#
#18.9.8.2 Ensure 'Set the default behavior for AutoRun' is set to 'Enabled: Do not execute any autorun commands'  
[CIS - Microsoft Windows 12 - 18.9.8.2 Ensure 'Set the default behavior for AutoRun' is set to 'Enabled: Do not execute any autorun commands'] [any] [https://www.atomicorp.com]
r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoAutorun -> 0;
r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoAutorun;
#
#
#18.9.8.3 Ensure 'Turn off Autoplay' is set to 'Enabled: All drives'  
[CIS - Microsoft Windows 12 - 18.9.8.3 Ensure 'Turn off Autoplay' is set to 'Enabled: All drives'] [any] [https://www.atomicorp.com]
r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoDriveTypeAutoRun -> 0;
r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoDriveTypeAutoRun;
#
#
#18.9.15.1 Ensure 'Do not display the password reveal button' is set to 'Enabled'  
[CIS - Microsoft Windows 12 - 18.9.15.1 Ensure 'Do not display the password reveal button' is set to 'Enabled'] [any] [https://www.atomicorp.com]
r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CredUI -> DisablePasswordReveal -> 0;
r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CredUI -> !DisablePasswordReveal;
#
#
#18.9.15.2 Ensure 'Enumerate administrator accounts on elevation' is set to 'Disabled'  
[CIS - Microsoft Windows 12 - 18.9.15.2 Ensure 'Enumerate administrator accounts on elevation' is set to 'Disabled'] [any] [https://www.atomicorp.com]
r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\CredUI -> EnumerateAdministrators -> 1;
r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\CredUI -> !EnumerateAdministrators;
#
#
#18.9.24.2 Ensure 'Default Action and Mitigation Settings' is set to 'Enabled' (plus subsettings)  
[CIS - Microsoft Windows 12 - 18.9.24.2 Ensure 'Default Action and Mitigation Settings' is set to 'Enabled' (plus subsettings)] [any] [https://www.atomicorp.com]
r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\SysSettings -> AntiDetour -> 0;
r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\SysSettings -> !AntiDetour;
r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\SysSettings -> BannedFunction -> 0;
r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\SysSettings -> !BannedFunction;
r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\SysSettings -> DeepHook -> 0;
r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\SysSettings -> !DeepHook;
r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\SysSettings -> ExploitAction -> 0;
r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\SysSettings -> !ExploitAction;
#
#
#18.9.24.3 Ensure 'Default Protections for Internet Explorer' is set to 'Enabled'  
[CIS - Microsoft Windows 12 - 18.9.24.3 Ensure 'Default Protections for Internet Explorer' is set to 'Enabled'] [any] [https://www.atomicorp.com]
r: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\IE -> 0;
r: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults\IE -> !ExploitAction;
#
#
#18.9.24.4 Ensure 'Default Protections for Popular Software' is set to 'Enabled'  
[CIS - Microsoft Windows 12 - 18.9.24.4 Ensure 'Default Protections for Popular Software' is set to 'Enabled'] [any] [https://www.atomicorp.com]
r: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults -> 0;
r: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults -> !ExploitAction;
#
#
#18.9.24.5 Ensure 'Default Protections for Recommended Software' is set to 'Enabled'  
[CIS - Microsoft Windows 12 - 18.9.24.5 Ensure 'Default Protections for Recommended Software' is set to 'Enabled'] [any] [https://www.atomicorp.com]
r: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults -> 0;
r: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\Defaults -> !ExploitAction;
#
#
#18.9.24.6 Ensure 'System ASLR' is set to 'Enabled: Application Opt-In'  
[CIS - Microsoft Windows 12 - 18.9.24.6 Ensure 'System ASLR' is set to 'Enabled: Application Opt-In'] [any] [https://www.atomicorp.com]
r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\SysSettings -> ASLR -> 0;
r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\SysSettings -> !ASLR;
#
#
#18.9.24.7 Ensure 'System DEP' is set to 'Enabled: Application Opt-Out'  
[CIS - Microsoft Windows 12 - 18.9.24.7 Ensure 'System DEP' is set to 'Enabled: Application Opt-Out'] [any] [https://www.atomicorp.com]
r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\SysSettings -> DEP -> 0;
r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\SysSettings -> !DEP;
#
#
#18.9.24.8 Ensure 'System SEHOP' is set to 'Enabled: Application Opt-Out'  
[CIS - Microsoft Windows 12 - 18.9.24.8 Ensure 'System SEHOP' is set to 'Enabled: Application Opt-Out'] [any] [https://www.atomicorp.com]
r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\SysSettings -> SEHOP -> 0;
r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\EMET\SysSettings -> !SEHOP;
#
#
#18.9.26.1.1 Ensure 'Application: Control Event Log behavior when the log file reaches its maximum size' is set to 'Disabled'  
[CIS - Microsoft Windows 12 - 18.9.26.1.1 Ensure 'Application: Control Event Log behavior when the log file reaches its maximum size' is set to 'Disabled'] [any] [https://www.atomicorp.com]
r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Application -> Retention -> 1;
r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Application -> !Retention;
#
#
#18.9.26.1.2 Ensure 'Application: Specify the maximum log file size (KB)' is set to 'Enabled: 32,768 or greater'  
[CIS - Microsoft Windows 12 - 18.9.26.1.2 Ensure 'Application: Specify the maximum log file size (KB)' is set to 'Enabled: 32,768 or greater'] [any] [https://www.atomicorp.com]
r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Application -> MaxSize -> 0;
r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Application -> !MaxSize;
#
#
#18.9.26.2.1 Ensure 'Security: Control Event Log behavior when the log file reaches its maximum size' is set to 'Disabled'  
[CIS - Microsoft Windows 12 - 18.9.26.2.1 Ensure 'Security: Control Event Log behavior when the log file reaches its maximum size' is set to 'Disabled'] [any] [https://www.atomicorp.com]
r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Security -> Retention -> 1;
r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Security -> !Retention;
#
#
#18.9.26.2.2 Ensure 'Security: Specify the maximum log file size (KB)' is set to 'Enabled: 196,608 or greater'  
[CIS - Microsoft Windows 12 - 18.9.26.2.2 Ensure 'Security: Specify the maximum log file size (KB)' is set to 'Enabled: 196,608 or greater'] [any] [https://www.atomicorp.com]
r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Security -> MaxSize -> 0;
r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Security -> !MaxSize;
#
#
#18.9.26.3.1 Ensure 'Setup: Control Event Log behavior when the log file reaches its maximum size' is set to 'Disabled'  
[CIS - Microsoft Windows 12 - 18.9.26.3.1 Ensure 'Setup: Control Event Log behavior when the log file reaches its maximum size' is set to 'Disabled'] [any] [https://www.atomicorp.com]
r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Setup -> Retention -> 1;
r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Setup -> !Retention;
#
#
#18.9.26.3.2 Ensure 'Setup: Specify the maximum log file size (KB)' is set to 'Enabled: 32,768 or greater'  
[CIS - Microsoft Windows 12 - 18.9.26.3.2 Ensure 'Setup: Specify the maximum log file size (KB)' is set to 'Enabled: 32,768 or greater'] [any] [https://www.atomicorp.com]
r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Setup -> MaxSize -> 0;
r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\Setup -> !MaxSize;
#
#
#18.9.26.4.1 Ensure 'System: Control Event Log behavior when the log file reaches its maximum size' is set to 'Disabled'  
[CIS - Microsoft Windows 12 - 18.9.26.4.1 Ensure 'System: Control Event Log behavior when the log file reaches its maximum size' is set to 'Disabled'] [any] [https://www.atomicorp.com]
r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\System -> Retention -> 1;
r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\System -> !Retention;
#
#
#18.9.26.4.2 Ensure 'System: Specify the maximum log file size (KB)' is set to 'Enabled: 32,768 or greater'  
[CIS - Microsoft Windows 12 - 18.9.26.4.2 Ensure 'System: Specify the maximum log file size (KB)' is set to 'Enabled: 32,768 or greater'] [any] [https://www.atomicorp.com]
r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\System -> MaxSize -> 0;
r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\System -> !MaxSize;
#
#
#18.9.30.2 Ensure 'Turn off Data Execution Prevention for Explorer' is set to 'Disabled'  
[CIS - Microsoft Windows 12 - 18.9.30.2 Ensure 'Turn off Data Execution Prevention for Explorer' is set to 'Disabled'] [any] [https://www.atomicorp.com]
r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> NoDataExecutionPrevention -> 1;
r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> !NoDataExecutionPrevention;
#
#
#18.9.30.3 Ensure 'Turn off heap termination on corruption' is set to 'Disabled'  
[CIS - Microsoft Windows 12 - 18.9.30.3 Ensure 'Turn off heap termination on corruption' is set to 'Disabled'] [any] [https://www.atomicorp.com]
r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> NoHeapTerminationOnCorruption -> 1;
r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Explorer -> !NoHeapTerminationOnCorruption;
#
#
#18.9.30.4 Ensure 'Turn off shell protocol protected mode' is set to 'Disabled'  
[CIS - Microsoft Windows 12 - 18.9.30.4 Ensure 'Turn off shell protocol protected mode' is set to 'Disabled'] [any] [https://www.atomicorp.com]
r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> PreXPSP2ShellProtocolBehavior -> 1;
r:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !PreXPSP2ShellProtocolBehavior;
#
#
#18.9.52.1 Ensure 'Prevent the usage of OneDrive for file storage' is set to 'Enabled'  
[CIS - Microsoft Windows 12 - 18.9.52.1 Ensure 'Prevent the usage of OneDrive for file storage' is set to 'Enabled'] [any] [https://www.atomicorp.com]
r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\OneDrive -> DisableFileSyncNGSC -> 0;
r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\OneDrive -> !DisableFileSyncNGSC;
#
#
#18.9.52.2 Ensure 'Prevent the usage of OneDrive for file storage on Windows 8.1' is set to 'Enabled'  
[CIS - Microsoft Windows 12 - 18.9.52.2 Ensure 'Prevent the usage of OneDrive for file storage on Windows 8.1' is set to 'Enabled'] [any] [https://www.atomicorp.com]
r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\OneDrive -> DisableFileSync -> 0;
r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\OneDrive -> !DisableFileSync;
#
#
#18.9.58.2.2 Ensure 'Do not allow passwords to be saved' is set to 'Enabled'  
[CIS - Microsoft Windows 12 - 18.9.58.2.2 Ensure 'Do not allow passwords to be saved' is set to 'Enabled'] [any] [https://www.atomicorp.com]
r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsNT\TerminalServices -> DisablePasswordSaving -> 0;
r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsNT\TerminalServices -> !DisablePasswordSaving;
#
#
#18.9.58.3.3.2 Ensure 'Do not allow drive redirection' is set to 'Enabled'  
[CIS - Microsoft Windows 12 - 18.9.58.3.3.2 Ensure 'Do not allow drive redirection' is set to 'Enabled'] [any] [https://www.atomicorp.com]
r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsNT\TerminalServices -> fDisableCdm -> 0;
r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsNT\TerminalServices -> !fDisableCdm;
#
#
#18.9.58.3.9.1 Ensure 'Always prompt for password upon connection' is set to 'Enabled'  
[CIS - Microsoft Windows 12 - 18.9.58.3.9.1 Ensure 'Always prompt for password upon connection' is set to 'Enabled'] [any] [https://www.atomicorp.com]
r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsNT\TerminalServices -> fPromptForPassword -> 0;
r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsNT\TerminalServices -> !fPromptForPassword;
#
#
#18.9.58.3.9.2 Ensure 'Require secure RPC communication' is set to 'Enabled'  
[CIS - Microsoft Windows 12 - 18.9.58.3.9.2 Ensure 'Require secure RPC communication' is set to 'Enabled'] [any] [https://www.atomicorp.com]
r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsNT\TerminalServices -> fEncryptRPCTraffic -> 0;
r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsNT\TerminalServices -> !fEncryptRPCTraffic;
#
#
#18.9.58.3.9.3 Ensure 'Set client connection encryption level' is set to 'Enabled: High Level'  
[CIS - Microsoft Windows 12 - 18.9.58.3.9.3 Ensure 'Set client connection encryption level' is set to 'Enabled: High Level'] [any] [https://www.atomicorp.com]
r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsNT\TerminalServices -> MinEncryptionLevel -> 0;
r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsNT\TerminalServices -> !MinEncryptionLevel;
#
#
#18.9.58.3.11.1 Ensure 'Do not delete temp folders upon exit' is set to 'Disabled'  
[CIS - Microsoft Windows 12 - 18.9.58.3.11.1 Ensure 'Do not delete temp folders upon exit' is set to 'Disabled'] [any] [https://www.atomicorp.com]
r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsNT\TerminalServices -> DeleteTempDirsOnExit -> 1;
r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsNT\TerminalServices -> !DeleteTempDirsOnExit;
#
#
#18.9.58.3.11.2 Ensure 'Do not use temporary folders per session' is set to 'Disabled'  
[CIS - Microsoft Windows 12 - 18.9.58.3.11.2 Ensure 'Do not use temporary folders per session' is set to 'Disabled'] [any] [https://www.atomicorp.com]
r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsNT\TerminalServices -> PerSessionTempDir -> 1;
r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsNT\TerminalServices -> !PerSessionTempDir;
#
#
#18.9.59.1 Ensure 'Prevent downloading of enclosures' is set to 'Enabled'  
[CIS - Microsoft Windows 12 - 18.9.59.1 Ensure 'Prevent downloading of enclosures' is set to 'Enabled'] [any] [https://www.atomicorp.com]
r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\InternetExplorer\Feeds -> DisableEnclosureDownload -> 0;
r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\InternetExplorer\Feeds -> !DisableEnclosureDownload;
#
#
#18.9.60.2 Ensure 'Allow indexing of encrypted files' is set to 'Disabled'  
[CIS - Microsoft Windows 12 - 18.9.60.2 Ensure 'Allow indexing of encrypted files' is set to 'Disabled'] [any] [https://www.atomicorp.com]
r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsSearch -> AllowIndexingEncryptedStoresOrItems -> 1;
r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsSearch -> !AllowIndexingEncryptedStoresOrItems;
#
#
#18.9.76.3.1 Ensure 'Configure local setting override for reporting to Microsoft MAPS' is set to 'Disabled'  
[CIS - Microsoft Windows 12 - 18.9.76.3.1 Ensure 'Configure local setting override for reporting to Microsoft MAPS' is set to 'Disabled'] [any] [https://www.atomicorp.com]
r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsDefender\Spynet -> LocalSettingOverrideSpynetReporting -> 1;
r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsDefender\Spynet -> !LocalSettingOverrideSpynetReporting;
#
#
#18.9.76.7.1 Ensure 'Turn on behavior monitoring' is set to 'Enabled'  
[CIS - Microsoft Windows 12 - 18.9.76.7.1 Ensure 'Turn on behavior monitoring' is set to 'Enabled'] [any] [https://www.atomicorp.com]
r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsDefender\Real-TimeProtection -> DisableBehaviorMonitoring -> 0;
r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsDefender\Real-TimeProtection -> !DisableBehaviorMonitoring;
#
#
#18.9.76.10.1 Ensure 'Scan removable drives' is set to 'Enabled'  
[CIS - Microsoft Windows 12 - 18.9.76.10.1 Ensure 'Scan removable drives' is set to 'Enabled'] [any] [https://www.atomicorp.com]
r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsDefender\Scan -> DisableRemovableDriveScanning -> 0;
r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsDefender\Scan -> !DisableRemovableDriveScanning;
#
#
#18.9.76.10.2 Ensure 'Turn on e-mail scanning' is set to 'Enabled'  
[CIS - Microsoft Windows 12 - 18.9.76.10.2 Ensure 'Turn on e-mail scanning' is set to 'Enabled'] [any] [https://www.atomicorp.com]
r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsDefender\Scan -> DisableEmailScanning -> 0;
r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsDefender\Scan -> !DisableEmailScanning;
#
#
#18.9.76.14 Ensure 'Turn off Windows Defender AntiVirus' is set to 'Disabled'  
[CIS - Microsoft Windows 12 - 18.9.76.14 Ensure 'Turn off Windows Defender AntiVirus' is set to 'Disabled'] [any] [https://www.atomicorp.com]
r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsDefender -> DisableAntiSpyware -> 1;
r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsDefender -> !DisableAntiSpyware;
#
#
#18.9.81.2.1 Ensure 'Configure Default consent' is set to 'Enabled: Always ask before sending data'  
[CIS - Microsoft Windows 12 - 18.9.81.2.1 Ensure 'Configure Default consent' is set to 'Enabled: Always ask before sending data'] [any] [https://www.atomicorp.com]
r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsErrorReporting\Consent -> DefaultConsent -> 0;
r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsErrorReporting\Consent -> !DefaultConsent;
#
#
#18.9.85.1 Ensure 'Allow user control over installs' is set to 'Disabled'  
[CIS - Microsoft Windows 12 - 18.9.85.1 Ensure 'Allow user control over installs' is set to 'Disabled'] [any] [https://www.atomicorp.com]
r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Installer -> EnableUserControl -> 1;
r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Installer -> !EnableUserControl;
#
#
#18.9.85.2 Ensure 'Always install with elevated privileges' is set to 'Disabled'  
[CIS - Microsoft Windows 12 - 18.9.85.2 Ensure 'Always install with elevated privileges' is set to 'Disabled'] [any] [https://www.atomicorp.com]
r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Installer -> AlwaysInstallElevated -> 1;
r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Installer -> !AlwaysInstallElevated;
#
#
#18.9.95.1 Ensure 'Turn on PowerShell Script Block Logging' is set to 'Disabled'  
[CIS - Microsoft Windows 12 - 18.9.95.1 Ensure 'Turn on PowerShell Script Block Logging' is set to 'Disabled'] [any] [https://www.atomicorp.com]
r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging -> EnableScriptBlockLogging -> 1;
r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging -> !EnableScriptBlockLogging;
#
#
#18.9.95.2 Ensure 'Turn on PowerShell Transcription' is set to 'Disabled'  
[CIS - Microsoft Windows 12 - 18.9.95.2 Ensure 'Turn on PowerShell Transcription' is set to 'Disabled'] [any] [https://www.atomicorp.com]
r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\PowerShell\Transcription -> EnableTranscripting -> 1;
r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\PowerShell\Transcription -> !EnableTranscripting;
#
#
#18.9.97.1.1 Ensure 'Allow Basic authentication' is set to 'Disabled'  
[CIS - Microsoft Windows 12 - 18.9.97.1.1 Ensure 'Allow Basic authentication' is set to 'Disabled'] [any] [https://www.atomicorp.com]
r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WinRM\Client -> AllowBasic -> 1;
r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WinRM\Client -> !AllowBasic;
#
#
#18.9.97.1.2 Ensure 'Allow unencrypted traffic' is set to 'Disabled'  
[CIS - Microsoft Windows 12 - 18.9.97.1.2 Ensure 'Allow unencrypted traffic' is set to 'Disabled'] [any] [https://www.atomicorp.com]
r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WinRM\Client -> AllowUnencryptedTraffic -> 1;
r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WinRM\Client -> !AllowUnencryptedTraffic;
#
#
#18.9.97.1.3 Ensure 'Disallow Digest authentication' is set to 'Enabled'  
[CIS - Microsoft Windows 12 - 18.9.97.1.3 Ensure 'Disallow Digest authentication' is set to 'Enabled'] [any] [https://www.atomicorp.com]
r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WinRM\Client -> AllowDigest -> 0;
r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WinRM\Client -> !AllowDigest;
#
#
#18.9.97.2.1 Ensure 'Allow Basic authentication' is set to 'Disabled'  
[CIS - Microsoft Windows 12 - 18.9.97.2.1 Ensure 'Allow Basic authentication' is set to 'Disabled'] [any] [https://www.atomicorp.com]
r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WinRM\Service -> AllowBasic -> 1;
r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WinRM\Service -> !AllowBasic;
#
#
#18.9.97.2.3 Ensure 'Allow unencrypted traffic' is set to 'Disabled'  
[CIS - Microsoft Windows 12 - 18.9.97.2.3 Ensure 'Allow unencrypted traffic' is set to 'Disabled'] [any] [https://www.atomicorp.com]
r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WinRM\Service -> AllowUnencryptedTraffic -> 1;
r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WinRM\Service -> !AllowUnencryptedTraffic;
#
#
#18.9.97.2.4 Ensure 'Disallow WinRM from storing RunAs credentials' is set to 'Enabled'  
[CIS - Microsoft Windows 12 - 18.9.97.2.4 Ensure 'Disallow WinRM from storing RunAs credentials' is set to 'Enabled'] [any] [https://www.atomicorp.com]
r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WinRM\Service -> DisableRunAs -> 0;
r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WinRM\Service -> !DisableRunAs;
#
#
#18.9.101.2 Ensure 'Configure Automatic Updates' is set to 'Enabled'  
[CIS - Microsoft Windows 12 - 18.9.101.2 Ensure 'Configure Automatic Updates' is set to 'Enabled'] [any] [https://www.atomicorp.com]
r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU -> NoAutoUpdate -> 0;
r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU -> !NoAutoUpdate;
#
#
#18.9.101.4 Ensure 'No auto-restart with logged on users for scheduled automatic updates installations' is set to 'Disabled'  
[CIS - Microsoft Windows 12 - 18.9.101.4 Ensure 'No auto-restart with logged on users for scheduled automatic updates installations' is set to 'Disabled'] [any] [https://www.atomicorp.com]
r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU -> NoAutoRebootWithLoggedOnUsers -> 1;
r:HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU -> !NoAutoRebootWithLoggedOnUsers;
#
#
#19.1.3.1 Ensure 'Enable screen saver' is set to 'Enabled'  
[CIS - Microsoft Windows 12 - 19.1.3.1 Ensure 'Enable screen saver' is set to 'Enabled'] [any] [https://www.atomicorp.com]
r:HKEY_USERS\[USERSID]\SOFTWARE\Policies\Microsoft\Windows\ControlPanel\Desktop -> ScreenSaveActive -> 0;
r:HKEY_USERS\[USERSID]\SOFTWARE\Policies\Microsoft\Windows\ControlPanel\Desktop -> !ScreenSaveActive;
#
#
#19.1.3.2 Ensure 'Force specific screen saver: Screen saver executable name' is set to 'Enabled: scrnsave.scr'  
[CIS - Microsoft Windows 12 - 19.1.3.2 Ensure 'Force specific screen saver: Screen saver executable name' is set to 'Enabled: scrnsave.scr'] [any] [https://www.atomicorp.com]
r:HKEY_USERS\[USERSID]\SOFTWARE\Policies\Microsoft\Windows\ControlPanel\Desktop -> SCRNSAVE.EXE -> 0;
r:HKEY_USERS\[USERSID]\SOFTWARE\Policies\Microsoft\Windows\ControlPanel\Desktop -> !SCRNSAVE.EXE;
#
#
#19.1.3.3 Ensure 'Password protect the screen saver' is set to 'Enabled'  
[CIS - Microsoft Windows 12 - 19.1.3.3 Ensure 'Password protect the screen saver' is set to 'Enabled'] [any] [https://www.atomicorp.com]
r:HKEY_USERS\[USERSID]\SOFTWARE\Policies\Microsoft\Windows\ControlPanel\Desktop -> ScreenSaverIsSecure -> 0;
r:HKEY_USERS\[USERSID]\SOFTWARE\Policies\Microsoft\Windows\ControlPanel\Desktop -> !ScreenSaverIsSecure;
#
#
#19.1.3.4 Ensure 'Screen saver timeout' is set to 'Enabled: 900 seconds or fewer, but not 0'  
[CIS - Microsoft Windows 12 - 19.1.3.4 Ensure 'Screen saver timeout' is set to 'Enabled: 900 seconds or fewer, but not 0'] [any] [https://www.atomicorp.com]
r:HKEY_USERS\[USERSID]\SOFTWARE\Policies\Microsoft\Windows\ControlPanel\Desktop -> ScreenSaveTimeOut -> 0;
r:HKEY_USERS\[USERSID]\SOFTWARE\Policies\Microsoft\Windows\ControlPanel\Desktop -> !ScreenSaveTimeOut;
#
#
#19.5.1.1 Ensure 'Turn off toast notifications on the lock screen' is set to 'Enabled'  
[CIS - Microsoft Windows 12 - 19.5.1.1 Ensure 'Turn off toast notifications on the lock screen' is set to 'Enabled'] [any] [https://www.atomicorp.com]
r:HKEY_USERS\[USERSID]\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\PushNotifications -> NoToastApplicationNotificationOnLockScreen -> 0;
r:HKEY_USERS\[USERSID]\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\PushNotifications -> !NoToastApplicationNotificationOnLockScreen;
#
#
#19.7.4.1 Ensure 'Do not preserve zone information in file attachments' is set to 'Disabled'  
[CIS - Microsoft Windows 12 - 19.7.4.1 Ensure 'Do not preserve zone information in file attachments' is set to 'Disabled'] [any] [https://www.atomicorp.com]
r:HKEY_USERS\[USERSID]\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Attachments -> SaveZoneInformation -> 1;
r:HKEY_USERS\[USERSID]\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Attachments -> !SaveZoneInformation;
#
#
#19.7.4.2 Ensure 'Notify antivirus programs when opening attachments' is set to 'Enabled'  
[CIS - Microsoft Windows 12 - 19.7.4.2 Ensure 'Notify antivirus programs when opening attachments' is set to 'Enabled'] [any] [https://www.atomicorp.com]
r:HKEY_USERS\[USERSID]\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Attachments -> ScanWithAntiVirus -> 0;
r:HKEY_USERS\[USERSID]\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Attachments -> !ScanWithAntiVirus;
#
#
#19.7.26.1 Ensure 'Prevent users from sharing files within their profile.' is set to 'Enabled'  
[CIS - Microsoft Windows 12 - 19.7.26.1 Ensure 'Prevent users from sharing files within their profile.' is set to 'Enabled'] [any] [https://www.atomicorp.com]
r:HKEY_USERS\[USERSID]\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoInplaceSharing -> 0;
r:HKEY_USERS\[USERSID]\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> !NoInplaceSharing;
#
#
#19.7.40.1 Ensure 'Always install with elevated privileges' is set to 'Disabled'  
[CIS - Microsoft Windows 12 - 19.7.40.1 Ensure 'Always install with elevated privileges' is set to 'Disabled'] [any] [https://www.atomicorp.com]
r:HKEY_USERS\[USERSID]\SOFTWARE\Policies\Microsoft\Windows\Installer -> AlwaysInstallElevated -> 1;
r:HKEY_USERS\[USERSID]\SOFTWARE\Policies\Microsoft\Windows\Installer -> !AlwaysInstallElevated;
#
#
