Microsoft Windows Server 2022 Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
SRG-OS-000480-GPOS-00227
Group -
Windows Server 2022 session security for NTLM SSP-based servers must be configured to require NTLMv2 session security and 128-bit encryption.
Microsoft has implemented a variety of security support providers for use with Remote Procedure Call (RPC) sessions. All of the options must be enabled to ensure the maximum security level.Rule Medium Severity -
SRG-OS-000067-GPOS-00035
Group -
SRG-OS-000478-GPOS-00223
Group -
Windows Server 2022 must be configured to use FIPS-compliant algorithms for encryption, hashing, and signing.
This setting ensures the system uses algorithms that are FIPS-compliant for encryption, hashing, and signing. FIPS-compliant algorithms meet specific standards established by the U.S. Government an...Rule Medium Severity -
SRG-OS-000480-GPOS-00227
Group -
SRG-OS-000373-GPOS-00156
Group -
Windows Server 2022 User Account Control (UAC) approval mode for the built-in Administrator must be enabled.
UAC is a security mechanism for limiting the elevation of privileges, including administrative accounts, unless authorized. This setting configures the built-in Administrator account so that it run...Rule Medium Severity -
SRG-OS-000134-GPOS-00068
Group -
Windows Server 2022 UIAccess applications must not be allowed to prompt for elevation without using the secure desktop.
User Account Control (UAC) is a security mechanism for limiting the elevation of privileges, including administrative accounts, unless authorized. This setting prevents User Interface Accessibility...Rule Medium Severity -
SRG-OS-000134-GPOS-00068
Group -
SRG-OS-000373-GPOS-00156
Group -
Windows Server 2022 User Account Control (UAC) must automatically deny standard user requests for elevation.
UAC is a security mechanism for limiting the elevation of privileges, including administrative accounts, unless authorized. This setting controls the behavior of elevation when requested by a stand...Rule Medium Severity -
SRG-OS-000134-GPOS-00068
Group -
Windows Server 2022 User Account Control (UAC) must be configured to detect application installations and prompt for elevation.
UAC is a security mechanism for limiting the elevation of privileges, including administrative accounts, unless authorized. This setting requires Windows to respond to application installation requ...Rule Medium Severity -
SRG-OS-000134-GPOS-00068
Group -
Windows Server 2022 User Account Control (UAC) must only elevate UIAccess applications that are installed in secure locations.
UAC is a security mechanism for limiting the elevation of privileges, including administrative accounts, unless authorized. This setting configures Windows to only allow applications installed in a...Rule Medium Severity -
SRG-OS-000373-GPOS-00156
Group -
SRG-OS-000134-GPOS-00068
Group -
SRG-OS-000480-GPOS-00227
Group
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.