Microsoft Windows Server 2022 Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
Windows Server 2022 title for legal banner dialog box must be configured with the appropriate text.
<VulnDiscussion>Failure to display the logon banner prior to a logon attempt will negate legal proceedings resulting from unauthorized access...Rule Low Severity -
SRG-OS-000480-GPOS-00227
<GroupDescription></GroupDescription>Group -
Windows Server 2022 Smart Card removal option must be configured to Force Logoff or Lock Workstation.
<VulnDiscussion>Unattended systems are susceptible to unauthorized use and must be locked. Configuring a system to lock when a smart card is ...Rule Medium Severity -
SRG-OS-000423-GPOS-00187
<GroupDescription></GroupDescription>Group -
Windows Server 2022 setting Microsoft network client: Digitally sign communications (always) must be configured to Enabled.
<VulnDiscussion>The server message block (SMB) protocol provides the basis for many network operations. Digitally signed SMB packets aid in p...Rule Medium Severity -
SRG-OS-000423-GPOS-00187
<GroupDescription></GroupDescription>Group -
Windows Server 2022 setting Microsoft network client: Digitally sign communications (if server agrees) must be configured to Enabled.
<VulnDiscussion>The server message block (SMB) protocol provides the basis for many network operations. If this policy is enabled, the SMB cl...Rule Medium Severity -
SRG-OS-000074-GPOS-00042
<GroupDescription></GroupDescription>Group -
Windows Server 2022 unencrypted passwords must not be sent to third-party Server Message Block (SMB) servers.
<VulnDiscussion>Some non-Microsoft SMB servers only support unencrypted (plain-text) password authentication. Sending plain-text passwords ac...Rule Medium Severity -
SRG-OS-000423-GPOS-00187
<GroupDescription></GroupDescription>Group -
Windows Server 2022 setting Microsoft network server: Digitally sign communications (always) must be configured to Enabled.
<VulnDiscussion>The server message block (SMB) protocol provides the basis for many network operations. Digitally signed SMB packets aid in p...Rule Medium Severity -
SRG-OS-000423-GPOS-00187
<GroupDescription></GroupDescription>Group -
Windows Server 2022 setting Microsoft network server: Digitally sign communications (if client agrees) must be configured to Enabled.
<VulnDiscussion>The server message block (SMB) protocol provides the basis for many network operations. Digitally signed SMB packets aid in p...Rule Medium Severity -
SRG-OS-000480-GPOS-00227
<GroupDescription></GroupDescription>Group -
Windows Server 2022 must not allow anonymous SID/Name translation.
<VulnDiscussion>Allowing anonymous SID/Name translation can provide sensitive information for accessing a system. Only authorized users must ...Rule High Severity -
SRG-OS-000480-GPOS-00227
<GroupDescription></GroupDescription>Group -
Windows Server 2022 must not allow anonymous enumeration of Security Account Manager (SAM) accounts.
<VulnDiscussion>Anonymous enumeration of SAM accounts allows anonymous logon users (null session connections) to list all accounts names, thu...Rule High Severity -
SRG-OS-000138-GPOS-00069
<GroupDescription></GroupDescription>Group -
Windows Server 2022 back up files and directories user right must only be assigned to the Administrators group.
<VulnDiscussion>Inappropriate granting of user rights can provide system, administrative, and other high-level capabilities. Accounts with t...Rule Medium Severity -
Windows Server 2022 must be configured to prevent anonymous users from having the same permissions as the Everyone group.
<VulnDiscussion>Access by anonymous users must be restricted. If this setting is enabled, anonymous users have the same rights and permission...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.