Microsoft Windows Server 2022 Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
SRG-OS-000423-GPOS-00187
Group -
Windows Server 2022 domain controllers must require LDAP access signing.
Unsigned network traffic is susceptible to man-in-the-middle attacks, where an intruder captures packets between the server and the client and modifies them before forwarding them to the client. In...Rule Medium Severity -
SRG-OS-000480-GPOS-00227
Group -
SRG-OS-000080-GPOS-00048
Group -
Windows Server 2022 Access this computer from the network user right must only be assigned to the Administrators, Authenticated Users, and Enterprise Domain Controllers groups on domain controllers.
Inappropriate granting of user rights can provide system, administrative, and other high-level capabilities. Accounts with the "Access this computer from the network" right may access resources on...Rule Medium Severity -
SRG-OS-000324-GPOS-00125
Group -
SRG-OS-000080-GPOS-00048
Group -
Windows Server 2022 Allow log on through Remote Desktop Services user right must only be assigned to the Administrators group on domain controllers.
Inappropriate granting of user rights can provide system, administrative, and other high-level capabilities. Accounts with the "Allow log on through Remote Desktop Services" user right can access ...Rule Medium Severity -
SRG-OS-000080-GPOS-00048
Group -
Windows Server 2022 Deny access to this computer from the network user right on domain controllers must be configured to prevent unauthenticated access.
Inappropriate granting of user rights can provide system, administrative, and other high-level capabilities. The "Deny access to this computer from the network" user right defines the accounts tha...Rule Medium Severity -
SRG-OS-000080-GPOS-00048
Group -
Windows Server 2022 Deny log on as a batch job user right on domain controllers must be configured to prevent unauthenticated access.
Inappropriate granting of user rights can provide system, administrative, and other high-level capabilities. The "Deny log on as a batch job" user right defines accounts that are prevented from lo...Rule Medium Severity -
SRG-OS-000080-GPOS-00048
Group -
Windows Server 2022 Deny log on as a service user right must be configured to include no accounts or groups (blank) on domain controllers.
Inappropriate granting of user rights can provide system, administrative, and other high-level capabilities. The "Deny log on as a service" user right defines accounts that are denied logon as a s...Rule Medium Severity -
SRG-OS-000080-GPOS-00048
Group -
Windows Server 2022 Deny log on locally user right on domain controllers must be configured to prevent unauthenticated access.
Inappropriate granting of user rights can provide system, administrative, and other high-level capabilities. The "Deny log on locally" user right defines accounts that are prevented from logging o...Rule Medium Severity -
SRG-OS-000297-GPOS-00115
Group -
SRG-OS-000324-GPOS-00125
Group -
Windows Server 2022 Enable computer and user accounts to be trusted for delegation user right must only be assigned to the Administrators group on domain controllers.
Inappropriate granting of user rights can provide system, administrative, and other high-level capabilities. The "Enable computer and user accounts to be trusted for delegation" user right allows ...Rule Medium Severity -
SRG-OS-000480-GPOS-00227
Group
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.