网站首页 > 精选文章 / 正文
Control | Set Correctly | ||
Yes | No | ||
18.9.17 | Delivery Optimization | ||
18.9.18 | Desktop Gadgets | ||
18.9.19 | Desktop Window Manager | ||
18.9.20 | Device and Driver Compatibility | ||
18.9.21 | Device Registration (formerly Workplace Join) | ||
18.9.22 | Digital Locker | ||
18.9.23 | Edge UI | ||
18.9.24 | EMET | ||
18.9.25 | Event Forwarding | ||
18.9.26 | Event Log Service | ||
18.9.26.1 | Application | ||
18.9.26.1.1 | (L1) Ensure 'Application: Control Event Log behavior when the log file reaches its maximum size' is set to 'Disabled' (Automated) | ||
18.9.26.1.2 | (L1) Ensure 'Application: Specify the maximum log file size (KB)' is set to 'Enabled: 32,768 or greater' (Automated) | ||
18.9.26.2 | Security | ||
18.9.26.2.1 | (L1) Ensure 'Security: Control Event Log behavior when the log file reaches its maximum size' is set to 'Disabled' (Automated) | ||
18.9.26.2.2 | (L1) Ensure 'Security: Specify the maximum log file size (KB)' is set to 'Enabled: 196,608 or greater' (Automated) | ||
18.9.26.3 | Setup | ||
18.9.26.3.1 | (L1) Ensure 'Setup: Control Event Log behavior when the log file reaches its maximum size' is set to 'Disabled' (Automated) | ||
18.9.26.3.2 | (L1) Ensure 'Setup: Specify the maximum log file size (KB)' is set to 'Enabled: 32,768 or greater' (Automated) | ||
18.9.26.4 | System | ||
18.9.26.4.1 | (L1) Ensure 'System: Control Event Log behavior when the log file reaches its maximum size' is set to 'Disabled' (Automated) | ||
18.9.26.4.2 | (L1) Ensure 'System: Specify the maximum log file size (KB)' is set to 'Enabled: 32,768 or greater' (Automated) | ||
18.9.27 | Event Logging | ||
18.9.28 | Event Viewer | ||
18.9.29 | Family Safety (formerly Parental Controls) | ||
18.9.30 | File Explorer (formerly Windows Explorer) | ||
18.9.30.1 | Previous Versions | ||
Control | Set Correctly | ||
Yes | No | ||
18.9.30.2 | (L1) Ensure 'Turn off Data Execution Prevention for Explorer' is set to 'Disabled' (Automated) | ||
18.9.30.3 | (L1) Ensure 'Turn off heap termination on corruption' is set to 'Disabled' (Automated) | ||
18.9.30.4 | (L1) Ensure 'Turn off shell protocol protected mode' is set to 'Disabled' (Automated) | ||
18.9.31 | File History | ||
18.9.32 | Find My Device | ||
18.9.33 | Game Explorer | ||
18.9.34 | Handwriting | ||
18.9.35 | HomeGroup | ||
18.9.36 | Import Video | ||
18.9.37 | Internet Explorer | ||
18.9.38 | Internet Information Services | ||
18.9.39 | Location and Sensors | ||
18.9.39.1 | (L2) Ensure 'Turn off location' is set to 'Enabled' (Automated) | ||
18.9.40 | Maintenance Scheduler | ||
18.9.41 | Maps | ||
18.9.42 | MDM | ||
18.9.43 | Messaging | ||
18.9.43.1 | (L2) Ensure 'Allow Message Service Cloud Sync' is set to 'Disabled' (Automated) | ||
18.9.44 | Microsoft account | ||
18.9.44.1 | (L1) Ensure 'Block all consumer Microsoft account user authentication' is set to 'Enabled' (Automated) | ||
18.9.45 | Microsoft Defender Antivirus (formerly Windows Defender and Windows Defender Antivirus) | ||
18.9.45.1 | Client Interface | ||
18.9.45.2 | Exclusions | ||
18.9.45.3 | MAPS | ||
18.9.45.3.1 | (L1) Ensure 'Configure local setting override for reporting to Microsoft MAPS' is set to 'Disabled' (Automated) | ||
18.9.45.3.2 | (L2) Ensure 'Join Microsoft MAPS' is set to 'Disabled' (Automated) | ||
18.9.45.4 | Microsoft Defender Exploit Guard (formerly Windows Defender Exploit Guard) | ||
18.9.45.4.1 | Attack Surface Reduction | ||
18.9.45.4.1.1 | (L1) Ensure 'Configure Attack Surface Reduction rules' is set to 'Enabled' (Automated) | ||
Control | Set Correctly | ||
Yes | No | ||
18.9.45.4.1.2 | (L1) Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is configured (Automated) | ||
18.9.45.4.2 | Controlled Folder Access | ||
18.9.45.4.3 | Network Protection | ||
18.9.45.4.3.1 | (L1) Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block' (Automated) | ||
18.9.45.5 | MpEngine | ||
18.9.45.5.1 | (L2) Ensure 'Enable file hash computation feature' is set to 'Enabled' (Automated) | ||
18.9.45.6 | Network Inspection System | ||
18.9.45.7 | Quarantine | ||
18.9.45.8 | Real-time Protection | ||
18.9.45.8.1 | (L1) Ensure 'Scan all downloaded files and attachments' is set to 'Enabled' (Automated) | ||
18.9.45.8.2 | (L1) Ensure 'Turn off real-time protection' is set to 'Disabled' (Automated) | ||
18.9.45.8.3 | (L1) Ensure 'Turn on behavior monitoring' is set to 'Enabled' (Automated) | ||
18.9.45.9 | Remediation | ||
18.9.45.10 | Reporting | ||
18.9.45.10.1 | (L2) Ensure 'Configure Watson events' is set to 'Disabled' (Automated) | ||
18.9.45.11 | Scan | ||
18.9.45.11.1 | (L1) Ensure 'Scan removable drives' is set to 'Enabled' (Automated) | ||
18.9.45.11.2 | (L1) Ensure 'Turn on e-mail scanning' is set to 'Enabled' (Automated) | ||
18.9.45.12 | Security Intelligence Updates (formerly Signature Updates) | ||
18.9.45.13 | Threats | ||
18.9.45.14 | (L1) Ensure 'Configure detection for potentially unwanted applications' is set to 'Enabled: Block' (Automated) | ||
18.9.45.15 | (L1) Ensure 'Turn off Microsoft Defender AntiVirus' is set to 'Disabled' (Automated) | ||
18.9.46 | Microsoft Defender Application Guard (formerly Windows Defender Application Guard) | ||
18.9.47 | Microsoft Defender Exploit Guard (formerly Windows Defender Exploit Guard) | ||
18.9.48 | Microsoft Edge | ||
18.9.49 | Microsoft FIDO Authentication | ||
18.9.50 | Microsoft Secondary Authentication Factor | ||
Control | Set Correctly | ||
Yes | No | ||
18.9.51 | Microsoft User Experience Virtualization | ||
18.9.52 | NetMeeting | ||
18.9.53 | Network Access Protection | ||
18.9.54 | Network Projector | ||
18.9.55 | OneDrive (formerly SkyDrive) | ||
18.9.55.1 | (L1) Ensure 'Prevent the usage of OneDrive for file storage' is set to 'Enabled' (Automated) | ||
18.9.56 | Online Assistance | ||
18.9.57 | OOBE | ||
18.9.58 | Password Synchronization | ||
18.9.59 | Portable Operating System | ||
18.9.60 | Presentation Settings | ||
18.9.61 | Push To Install | ||
18.9.62 | Remote Desktop Services (formerly Terminal Services) | ||
18.9.62.1 | RD Licensing (formerly TS Licensing) | ||
18.9.62.2 | Remote Desktop Connection Client | ||
18.9.62.2.1 | RemoteFX USB Device Redirection | ||
18.9.62.2.2 | (L1) Ensure 'Do not allow passwords to be saved' is set to 'Enabled' (Automated) | ||
18.9.62.3 | Remote Desktop Session Host (formerly Terminal Server) | ||
18.9.62.3.1 | Application Compatibility | ||
18.9.62.3.2 | Connections | ||
18.9.62.3.2.1 | (L2) Ensure 'Restrict Remote Desktop Services users to a single Remote Desktop Services session' is set to 'Enabled' (Automated) | ||
18.9.62.3.3 | Device and Resource Redirection | ||
18.9.62.3.3.1 | (L2) Ensure 'Do not allow COM port redirection' is set to 'Enabled' (Automated) | ||
18.9.62.3.3.2 | (L1) Ensure 'Do not allow drive redirection' is set to 'Enabled' (Automated) | ||
18.9.62.3.3.3 | (L2) Ensure 'Do not allow LPT port redirection' is set to 'Enabled' (Automated) | ||
18.9.62.3.3.4 | (L2) Ensure 'Do not allow supported Plug and Play device redirection' is set to 'Enabled' (Automated) | ||
18.9.62.3.4 | Licensing | ||
18.9.62.3.5 | Printer Redirection | ||
18.9.62.3.6 | Profiles | ||
18.9.62.3.7 | RD Connection Broker (formerly TS Connection Broker) | ||
18.9.62.3.8 | Remote Session Environment | ||
18.9.62.3.9 | Security | ||
Control | Set Correctly | ||
Yes | No | ||
18.9.62.3.9.1 | (L1) Ensure 'Always prompt for password upon connection' is set to 'Enabled' (Automated) | ||
18.9.62.3.9.2 | (L1) Ensure 'Require secure RPC communication' is set to 'Enabled' (Automated) | ||
18.9.62.3.9.3 | (L1) Ensure 'Require use of specific security layer for remote (RDP) connections' is set to 'Enabled: SSL' (Automated) | ||
18.9.62.3.9.4 | (L1) Ensure 'Require user authentication for remote connections by using Network Level Authentication' is set to 'Enabled' (Automated) | ||
18.9.62.3.9.5 | (L1) Ensure 'Set client connection encryption level' is set to 'Enabled: High Level' (Automated) | ||
18.9.62.3.10 | Session Time Limits | ||
18.9.62.3.10.1 | (L2) Ensure 'Set time limit for active but idle Remote Desktop Services sessions' is set to 'Enabled: 15 minutes or less, but not Never (0)' (Automated) | ||
18.9.62.3.10.2 | (L2) Ensure 'Set time limit for disconnected sessions' is set to 'Enabled: 1 minute' (Automated) | ||
18.9.62.3.11 | Temporary folders | ||
18.9.62.3.11.1 | (L1) Ensure 'Do not delete temp folders upon exit' is set to 'Disabled' (Automated) | ||
18.9.62.3.11.2 | (L1) Ensure 'Do not use temporary folders per session' is set to 'Disabled' (Automated) | ||
18.9.63 | RSS Feeds | ||
18.9.63.1 | (L1) Ensure 'Prevent downloading of enclosures' is set to 'Enabled' (Automated) | ||
18.9.64 | Search | ||
18.9.64.1 | OCR | ||
18.9.64.2 | (L2) Ensure 'Allow Cloud Search' is set to 'Enabled: Disable Cloud Search' (Automated) | ||
18.9.64.3 | (L1) Ensure 'Allow indexing of encrypted files' is set to 'Disabled' (Automated) | ||
18.9.65 | Security Center | ||
18.9.66 | Server for NIS | ||
18.9.67 | Shutdown Options | ||
18.9.68 | Smart Card | ||
18.9.69 | Software Protection Platform | ||
18.9.69.1 | (L2) Ensure 'Turn off KMS Client Online AVS Validation' is set to 'Enabled' (Automated) | ||
18.9.70 | Sound Recorder | ||
18.9.71 | Speech | ||
Control | Set Correctly | ||
Yes | No | ||
18.9.72 | Store | ||
18.9.73 | Sync your settings | ||
18.9.74 | Tablet PC | ||
18.9.75 | Task Scheduler | ||
18.9.76 | Text Input | ||
18.9.77 | Windows Calendar | ||
18.9.78 | Windows Color System | ||
18.9.79 | Windows Customer Experience Improvement Program | ||
18.9.80 | Windows Defender SmartScreen | ||
18.9.80.1 | Explorer | ||
18.9.80.1.1 | (L1) Ensure 'Configure Windows Defender SmartScreen' is set to 'Enabled: Warn and prevent bypass' (Automated) | ||
18.9.81 | Windows Error Reporting | ||
18.9.82 | Windows Game Recording and Broadcasting | ||
18.9.83 | Windows Hello for Business (formerly Microsoft Passport for Work) | ||
18.9.84 | Windows Ink Workspace | ||
18.9.84.1 | (L2) Ensure 'Allow suggested apps in Windows Ink Workspace' is set to 'Disabled' (Automated) | ||
18.9.84.2 | (L1) Ensure 'Allow Windows Ink Workspace' is set to 'Enabled: On, but disallow access above lock' OR 'Disabled' but not 'Enabled: On' (Automated) | ||
18.9.85 | Windows Installer | ||
18.9.85.1 | (L1) Ensure 'Allow user control over installs' is set to 'Disabled' (Automated) | ||
18.9.85.2 | (L1) Ensure 'Always install with elevated privileges' is set to 'Disabled' (Automated) | ||
18.9.85.3 | (L2) Ensure 'Prevent Internet Explorer security prompt for Windows Installer scripts' is set to 'Disabled' (Automated) | ||
18.9.86 | Windows Logon Options | ||
18.9.86.1 | (L1) Ensure 'Sign-in and lock last interactive user automatically after a restart' is set to 'Disabled' (Automated) | ||
18.9.87 | Windows Mail | ||
18.9.88 | Windows Media Center | ||
18.9.89 | Windows Media Digital Rights Management | ||
18.9.90 | Windows Media Player | ||
18.9.91 | Windows Meeting Space | ||
18.9.92 | Windows Messenger | ||
18.9.93 | Windows Mobility Center | ||
18.9.94 | Windows Movie Maker | ||
Control | Set Correctly | ||
Yes | No | ||
18.9.95 | Windows PowerShell | ||
18.9.95.1 | (L1) Ensure 'Turn on PowerShell Script Block Logging' is set to 'Disabled' (Automated) | ||
18.9.95.2 | (L1) Ensure 'Turn on PowerShell Transcription' is set to 'Disabled' (Automated) | ||
18.9.96 | Windows Reliability Analysis | ||
18.9.97 | Windows Remote Management (WinRM) | ||
18.9.97.1 | WinRM Client | ||
18.9.97.1.1 | (L1) Ensure 'Allow Basic authentication' is set to 'Disabled' (Automated) | ||
18.9.97.1.2 | (L1) Ensure 'Allow unencrypted traffic' is set to 'Disabled' (Automated) | ||
18.9.97.1.3 | (L1) Ensure 'Disallow Digest authentication' is set to 'Enabled' (Automated) | ||
18.9.97.2 | WinRM Service | ||
18.9.97.2.1 | (L1) Ensure 'Allow Basic authentication' is set to 'Disabled' (Automated) | ||
18.9.97.2.2 | (L2) Ensure 'Allow remote server management through WinRM' is set to 'Disabled' (Automated) | ||
18.9.97.2.3 | (L1) Ensure 'Allow unencrypted traffic' is set to 'Disabled' (Automated) | ||
18.9.97.2.4 | (L1) Ensure 'Disallow WinRM from storing RunAs credentials' is set to 'Enabled' (Automated) | ||
18.9.98 | Windows Remote Shell | ||
18.9.98.1 | (L2) Ensure 'Allow Remote Shell Access' is set to 'Disabled' (Automated) | ||
18.9.99 | Windows Security (formerly Windows Defender Security Center) | ||
18.9.99.1 | Account protection | ||
18.9.99.2 | App and browser protection | ||
18.9.99.2.1 | (L1) Ensure 'Prevent users from modifying settings' is set to 'Enabled' (Automated) | ||
18.9.100 | Windows SideShow | ||
18.9.101 | Windows System Resource Manager | ||
18.9.102 | Windows Update | ||
18.9.102.1 | Windows Update for Business (formerly Defer Windows Updates) | ||
18.9.102.1.1 | (L1) Ensure 'Manage preview builds' is set to 'Enabled: Disable preview builds' (Automated) | ||
18.9.102.1.2 | (L1) Ensure 'Select when Preview Builds and Feature Updates are received' is set to 'Enabled: Semi-Annual Channel, 180 or more days' (Automated) | ||
Control | Set Correctly | ||
Yes | No | ||
18.9.102.1.3 | (L1) Ensure 'Select when Quality Updates are received' is set to 'Enabled: 0 days' (Automated) | ||
18.9.102.2 | (L1) Ensure 'Configure Automatic Updates' is set to 'Enabled' (Automated) | ||
18.9.102.3 | (L1) Ensure 'Configure Automatic Updates: Scheduled install day' is set to '0 - Every day' (Automated) | ||
18.9.102.4 | (L1) Ensure 'No auto-restart with logged on users for scheduled automatic updates installations' is set to 'Disabled' (Automated) | ||
19 | Administrative Templates (User) | ||
19.1 | Control Panel | ||
19.1.1 | Add or Remove Programs | ||
19.1.2 | Display | ||
19.1.3 | Personalization (formerly Desktop Themes) | ||
19.1.3.1 | (L1) Ensure 'Enable screen saver' is set to 'Enabled' (Automated) | ||
19.1.3.2 | (L1) Ensure 'Force specific screen saver: Screen saver executable name' is set to 'Enabled: scrnsave.scr' (Automated) | ||
19.1.3.3 | (L1) Ensure 'Password protect the screen saver' is set to 'Enabled' (Automated) | ||
19.1.3.4 | (L1) Ensure 'Screen saver timeout' is set to 'Enabled: 900 seconds or fewer, but not 0' (Automated) | ||
19.2 | Desktop | ||
19.3 | Network | ||
19.4 | Shared Folders | ||
19.5 | Start Menu and Taskbar | ||
19.5.1 | Notifications | ||
19.5.1.1 | (L1) Ensure 'Turn off toast notifications on the lock screen' is set to 'Enabled' (Automated) | ||
19.6 | System | ||
19.6.1 | Ctrl+Alt+Del Options | ||
19.6.2 | Display | ||
19.6.3 | Driver Installation | ||
19.6.4 | Folder Redirection | ||
19.6.5 | Group Policy | ||
19.6.6 | Internet Communication Management | ||
19.6.6.1 | Internet Communication settings | ||
19.6.6.1.1 | (L2) Ensure 'Turn off Help Experience Improvement Program' is set to 'Enabled' (Automated) | ||
Control | Set Correctly | ||
Yes | No | ||
19.7 | Windows Components | ||
19.7.1 | Add features to Windows 8 / 8.1 / 10 (formerly Windows Anytime Upgrade) | ||
19.7.2 | App runtime | ||
19.7.3 | Application Compatibility | ||
19.7.4 | Attachment Manager | ||
19.7.4.1 | (L1) Ensure 'Do not preserve zone information in file attachments' is set to 'Disabled' (Automated) | ||
19.7.4.2 | (L1) Ensure 'Notify antivirus programs when opening attachments' is set to 'Enabled' (Automated) | ||
19.7.5 | AutoPlay Policies | ||
19.7.6 | Backup | ||
19.7.7 | Calculator | ||
19.7.8 | Cloud Content | ||
19.7.8.1 | (L1) Ensure 'Configure Windows spotlight on lock screen' is set to Disabled' (Automated) | ||
19.7.8.2 | (L1) Ensure 'Do not suggest third-party content in Windows spotlight' is set to 'Enabled' (Automated) | ||
19.7.8.3 | (L2) Ensure 'Do not use diagnostic data for tailored experiences' is set to 'Enabled' (Automated) | ||
19.7.8.4 | (L2) Ensure 'Turn off all Windows spotlight features' is set to 'Enabled' (Automated) | ||
19.7.9 | Credential User Interface | ||
19.7.10 | Data Collection and Preview Builds | ||
19.7.11 | Desktop Gadgets | ||
19.7.12 | Desktop Window Manager | ||
19.7.13 | Digital Locker | ||
19.7.14 | Edge UI | ||
19.7.15 | File Explorer (formerly Windows Explorer) | ||
19.7.16 | File Revocation | ||
19.7.17 | IME | ||
19.7.18 | Import Video | ||
19.7.19 | Instant Search | ||
19.7.20 | Internet Explorer | ||
19.7.21 | Location and Sensors | ||
19.7.22 | Microsoft Edge | ||
19.7.23 | Microsoft Management Console | ||
19.7.24 | Microsoft User Experience Virtualization | ||
19.7.25 | Multitasking | ||
19.7.26 | NetMeeting | ||
Control | Set Correctly | ||
Yes | No | ||
19.7.27 | Network Projector | ||
19.7.28 | Network Sharing | ||
19.7.28.1 | (L1) Ensure 'Prevent users from sharing files within their profile.' is set to 'Enabled' (Automated) | ||
19.7.29 | OOBE | ||
19.7.30 | Presentation Settings | ||
19.7.31 | Remote Desktop Services (formerly Terminal Services) | ||
19.7.32 | RSS Feeds | ||
19.7.33 | Search | ||
19.7.34 | Sound Recorder | ||
19.7.35 | Store | ||
19.7.36 | Tablet PC | ||
19.7.37 | Task Scheduler | ||
19.7.38 | Windows Calendar | ||
19.7.39 | Windows Color System | ||
19.7.40 | Windows Defender SmartScreen | ||
19.7.41 | Windows Error Reporting | ||
19.7.42 | Windows Hello for Business (formerly Microsoft Passport for Work) | ||
19.7.43 | Windows Installer | ||
19.7.43.1 | (L1) Ensure 'Always install with elevated privileges' is set to 'Disabled' (Automated) | ||
19.7.44 | Windows Logon Options | ||
19.7.45 | Windows Mail | ||
19.7.46 | Windows Media Center | ||
19.7.47 | Windows Media Player | ||
19.7.47.1 | Networking | ||
19.7.47.2 | Playback | ||
19.7.47.2.1 | (L2) Ensure 'Prevent Codec Download' is set to 'Enabled' (Automated) | ||
Tags:video autoplay
猜你喜欢
- 2025-06-24 设计稿智能生成代码如何识别组件?Imgcook 3.0 解析
- 2025-06-24 教你从头开始写课堂签到的微信小程序(二)实现签到及视频播放
- 2025-06-24 Spring boot + Jsoup 搭建,解析系统接口只需1分钟
- 2025-06-24 1,vue播放视频之—引入.m3u8后缀的hsl视频流
- 2025-06-24 基于ArkTS语言的OpenHarmony APP应用开发:多媒体管理
- 2025-06-24 如何在微信小程序中加入音频或视频?
- 2025-06-24 创造营2021投票通道在哪里?创造营2021投票榜单链接数据入口
- 2025-06-24 监狱变妓院!实拍俄罗斯黑帮老大狱中与“人权女斗士”啪啪
- 2025-06-24 使用canvas实现简单的贪吃蛇游戏,html+css+js
- 2025-06-24 视中人·浙人匠心①(北京市中国人寿中心大楼图片)