JSI Tip 8746. Security configuration guidance support.

Microsoft Knowledge Base Article 885409 contains the following summary:

Microsoft, the Center for Internet Security (CIS), the National Security Agency (NSA), the Defense Information Systems Agency (DISA), and the National Institute of Standards and Technology (NIST) have published “security configuration guidance” for Microsoft Windows.

The high security levels that are specified in some of these guides may significantly restrict functionality of a system. Therefore, you should perform significant testing before you deploy these recommendations. We recommend that you take additional precautions when you do the following:
Edit access control lists (ACLs) for files and registry keys
Enable Microsoft network client: Digitally sign communications (always)
Enable Network Security: Do Not Store LAN Manager hash value on next password change
Enable System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing
Disable Automatic Update Service or Background Intelligent Transfer Service (BITS)
Disable NetLogon Service
Enable NoNameReleaseOnDemand
Microsoft strongly supports industry efforts to provide security guidance for deployments in high security areas . However, you must thoroughly test the guidance in the target environment . If you require additional security settings beyond the default settings, we highly recommend that you see the Microsoft-issued guides . These guides can serve as a starting point for your organization's requirements . For support or questions regarding third-party guides, contact the organization that issued the guidance.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.