Microsoft Windows Server 2019 Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
Windows Server 2019 Event Viewer must be protected from unauthorized modification and deletion.
Protecting audit information also includes identifying and protecting the tools used to view and manipulate log data. Therefore, protecting audit tools is necessary to prevent unauthorized operatio...Rule Medium Severity -
SRG-OS-000297-GPOS-00115
Group -
SRG-OS-000297-GPOS-00115
Group -
Windows Server 2019 "Deny log on through Remote Desktop Services" user right on domain-joined member servers must be configured to prevent access from highly privileged domain accounts and all local accounts and from unauthenticated access on all systems.
Inappropriate granting of user rights can provide system, administrative, and other high-level capabilities. The "Deny log on through Remote Desktop Services" user right defines the accounts that ...Rule Medium Severity -
SRG-OS-000312-GPOS-00122
Group -
Windows Server 2019 permissions for the system drive root directory (usually C:\) must conform to minimum requirements.
Changing the system's file and directory permissions allows the possibility of unauthorized and anonymous modification to the operating system and installed applications. The default permissions a...Rule Medium Severity -
SRG-OS-000312-GPOS-00122
Group -
Windows Server 2019 permissions for program file directories must conform to minimum requirements.
Changing the system's file and directory permissions allows the possibility of unauthorized and anonymous modification to the operating system and installed applications. The default permissions a...Rule Medium Severity -
SRG-OS-000312-GPOS-00122
Group -
Windows Server 2019 permissions for the Windows installation directory must conform to minimum requirements.
Changing the system's file and directory permissions allows the possibility of unauthorized and anonymous modification to the operating system and installed applications. The default permissions a...Rule Medium Severity -
SRG-OS-000324-GPOS-00125
Group -
Windows Server 2019 default permissions for the HKEY_LOCAL_MACHINE registry hive must be maintained.
The registry is integral to the function, security, and stability of the Windows system. Changing the system's registry permissions allows the possibility of unauthorized and anonymous modification...Rule Medium Severity -
SRG-OS-000324-GPOS-00125
Group -
Windows Server 2019 must only allow administrators responsible for the domain controller to have Administrator rights on the system.
An account that does not have Administrator duties must not have Administrator rights. Such rights would allow the account to bypass or modify required security restrictions on that machine and mak...Rule High Severity -
SRG-OS-000324-GPOS-00125
Group -
Windows Server 2019 permissions on the Active Directory data files must only allow System and Administrators access.
Improper access permissions for directory data-related files could allow unauthorized users to read, modify, or delete directory data or audit trails.Rule High Severity -
SRG-OS-000324-GPOS-00125
Group -
Windows Server 2019 Active Directory SYSVOL directory must have the proper access control permissions.
Improper access permissions for directory data files could allow unauthorized users to read, modify, or delete directory data. The SYSVOL directory contains public files (to the domain) such as po...Rule High Severity -
SRG-OS-000324-GPOS-00125
Group -
SRG-OS-000324-GPOS-00125
Group
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.