hpntbast101_6
- 6 -
SeDebugPrivilege
No one
SeIncreaseBasePriorityPrivilege
Administrators
SeIncreaseQuotaPrivilege
Administrators
SeInteractiveLogonRight
Administrators
SeLoadDriverPrivilege
Administrators
SeLockMemoryPrivilege
No one
SeNetworkLogonRight
No one
SeProfileSingleProcessPrivilege
Administrators
SeRemoteShutdownPrivilege
No one
SeRestorePrivilege
Administrators
SeSecurityPrivilege
Administrators
SeShutdownPrivilege
Administrators
SeSystemEnvironmentPrivilege
Administrators
SeSystemProfilePrivilege
Administrators
SeSystemTimePrivilege
Administrators
SeTakeOwnershipPrivilege
Administrators
SeTcbPrivilege
No one
SeMachineAccountPrivilege
No one
SeChangeNotifyPrivilege
Everyone
SeBatchLogonRight
No one
SeServiceLogonRight
No one
Event log settings
The Application, System and Security logs are configured to be up to 100MB each. They will overwrite events as
needed, but only entries older than 30 days. Anonymous access to the logs is disabled.
Registry Values
The policy will also apply the following changes to the registry.
KEY
Type
Value
MACHINE\System\CurrentControlSet\Control\Print\Providers\LanMan Print
Services\AddPrintDrivers
REG_DWORD
1
MACHINE\System\CurrentControlSet\Services\Rdr\Parameters\EnablePlainTextPassword
REG_DWORD
0
MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\AutoDisconnect
REG_DWORD
15
MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\AutoShareWks
REG_DWORD
0
MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\AutoShareServer
REG_DWORD
0
MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\EnableForcedLogOff
REG_DWORD
1
MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\RequireSecuritySignature
REG_DWORD
1
MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\EnableSecuritySignature
REG_DWORD
1
MACHINE\System\CurrentControlSet\Services\Rdr\Parameters\RequireSecuritySignature
REG_DWORD
1
MACHINE\System\CurrentControlSet\Services\Rdr\Parameters\EnableSecuritySignature
REG_DWORD
1
MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\RequireSignOrSeal
REG_DWORD
1
MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\SealSecureChannel
REG_DWORD
1
MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\SignSecureChannel
REG_DWORD
1
MACHINE\System\CurrentControlSet\Control\Lsa\RestrictAnonymous
REG_DWORD
1
MACHINE\System\CurrentControlSet\Control\Session Manager\ProtectionMode
REG_DWORD
1
MACHINE\System\CurrentControlSet\Control\Lsa\LmCompatibilityLevel
REG_DWORD
2
MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\LegalNoticeText
REG_SZ
This is a private
system. Unauthorized
use is prohibited.
MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\LegalNoticeCaption
REG_SZ
Hardened by HP
Consulting
MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\DontDisplayLastUserName
REG_SZ
1
MACHINE\System\CurrentControlSet\Control\Lsa\CrashOnAuditFail
REG_DWORD
1
MACHINE\System\CurrentControlSet\Control\Session Manager\Memory
Management\ClearPageFileAtShutdown
REG_DWORD
1
MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\CachedLogonsCount
REG_SZ
0
MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\AllocateFloppies
REG_SZ
1
MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\AllocateCDRoms
REG_SZ
1
MACHINE\System\CurrentControlSet\Control\Lsa\AuditBaseObjects
REG_DWORD
1
MACHINE\System\CurrentControlSet\Control\Lsa\SubmitControl
REG_DWORD
0
MACHINE\System\CurrentControlSet\Control\Lsa\FullPrivilegeAuditing
REG_BINARY
1
MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ShutdownWithoutLogon
REG_SZ
1