III - Administrative Public
Rules and Groups employed by this XCCDF Profile
-
SRG-OS-000480
Group -
User accounts with domain level administrative privileges must be members of the Protected Users group in domains with a domain functional level of Windows 2012 R2 or higher.
User accounts with domain level administrative privileges are highly prized in Pass-the-Hash/credential theft attacks. The Protected Users group provides extra protections to accounts such as prev...Rule Medium Severity -
SRG-OS-000480
Group -
Domain-joined systems (excluding domain controllers) must not be configured for unconstrained delegation.
Unconstrained delegation enabled on a computer can allow the computer account to be impersonated without limitation. If delegation is required, it must be limited/constrained to the specific servic...Rule Medium Severity -
SRG-OS-000480
Group
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Capacity
Modules