From b81ea45fad9a13d99c48d021522e3e793012bfdc Mon Sep 17 00:00:00 2001 From: Michael Schneider Date: Mon, 4 Dec 2023 13:33:09 +0100 Subject: [PATCH] HardeningKitty Update --- HardeningKitty.psd1 | 382 ++++++------ HardeningKitty.psm1 | 571 ++++++++++-------- README.md | 27 +- lists/finding_list_0x6d69636b_user.csv | 9 +- ...oft_windows_10_enterprise_22h2_machine.csv | 2 +- lists/finding_list_microsoft_windows_tls.csv | 24 +- ...ding_list_microsoft_windows_tls_future.csv | 32 +- ...sft_security_baseline_edge_117_machine.csv | 20 + ...urity_baseline_windows_11_23h2_machine.csv | 408 +++++++++++++ ...security_baseline_windows_11_23h2_user.csv | 6 + 10 files changed, 1008 insertions(+), 473 deletions(-) create mode 100644 lists/finding_list_msft_security_baseline_edge_117_machine.csv create mode 100644 lists/finding_list_msft_security_baseline_windows_11_23h2_machine.csv create mode 100644 lists/finding_list_msft_security_baseline_windows_11_23h2_user.csv diff --git a/HardeningKitty.psd1 b/HardeningKitty.psd1 index f8f5e6f..2c9d7c8 100644 --- a/HardeningKitty.psd1 +++ b/HardeningKitty.psd1 @@ -1,7 +1,7 @@ # # Module manifest for module 'HardeningKitty' # Generated by: Michael Schneider -# Generated on: 2022-12-30 +# Generated on: 2023-07-06 # @{ @@ -10,13 +10,13 @@ RootModule = 'HardeningKitty.psm1' # Version number of this module. - ModuleVersion = '0.9.1' + ModuleVersion = '0.9.2' # Supported PSEditions # CompatiblePSEditions = @() # ID used to uniquely identify this module - GUID = '2bb9428b-c689-40e6-bc49-793c413926d4' + GUID = '321dfbea-1bbe-11ee-be56-0242ac120002' # Author of this module Author = 'Michael Schneider' @@ -119,176 +119,214 @@ } # SIG # Begin signature block -# MIIgIAYJKoZIhvcNAQcCoIIgETCCIA0CAQExCzAJBgUrDgMCGgUAMGkGCisGAQQB +# MIInLwYJKoZIhvcNAQcCoIInIDCCJxwCAQExCzAJBgUrDgMCGgUAMGkGCisGAQQB # gjcCAQSgWzBZMDQGCisGAQQBgjcCAR4wJgIDAQAABBAfzDtgWUsITrck0sYpfvNR -# AgEAAgEAAgEAAgEAAgEAMCEwCQYFKw4DAhoFAAQUjOv7Tk6jHK/gQDA5o9D+rjWV -# G/ugghnzMIIF4DCCBMigAwIBAgIQeO1YDfU4t32dWmgwBkYSEDANBgkqhkiG9w0B -# AQsFADCBkTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3Rl -# cjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQx -# NzA1BgNVBAMTLkNPTU9ETyBSU0EgRXh0ZW5kZWQgVmFsaWRhdGlvbiBDb2RlIFNp -# Z25pbmcgQ0EwHhcNMjAwODA3MDAwMDAwWhcNMjMwODA3MjM1OTU5WjCBzzEYMBYG -# A1UEBRMPQ0hFLTEwOS44MDQuMzgyMRMwEQYLKwYBBAGCNzwCAQMTAkNIMR0wGwYD -# VQQPExRQcml2YXRlIE9yZ2FuaXphdGlvbjELMAkGA1UEBhMCQ0gxDTALBgNVBBEM -# BDgwNDgxEDAOBgNVBAgMB1rDvHJpY2gxEDAOBgNVBAcMB1rDvHJpY2gxGzAZBgNV -# BAkMEkJhZGVuZXJzdHJhc3NlIDYyMzEQMA4GA1UECgwHU2NpcCBBRzEQMA4GA1UE -# AwwHU2NpcCBBRzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAIvjKOZT -# ryv6pmIKN6ep8UVCcm+a5wTAt27yUUh4JyZhQjhMRk1SJZy5lLXimBQhmNlWAOWL -# yz5Gyecx3wBbaRYKQHIVH0LDBLDL2WU803JfTUi7TbsZCatq57oI/TAVoDClragI -# 0aPK/kbhREN1UN/mBKY3MLQmtJONeQawsEhLI1kwU+xmcllWu/VvO9Ld/K7rEvBi -# Pl+MR2vjc/Ns0h/gAizGxo6BlzD22XwyQWxPL8NTpTWSX+ZKrgh3AT+5iN/Q3mRV -# ewNR06W7TaKknwI8+wNrz2h/wNDAAO5BZmJ9aMvbJiJMF6IRx8907SoC2W+an0sX -# apQ12yFH6lCOm0MCAwEAAaOCAfIwggHuMB8GA1UdIwQYMBaAFN+P8yAM6cqmBNhb -# WDcqPatG3INJMB0GA1UdDgQWBBTRzSa1SEaHkraxCoNENvT8MuEWHTAOBgNVHQ8B -# Af8EBAMCB4AwDAYDVR0TAQH/BAIwADATBgNVHSUEDDAKBggrBgEFBQcDAzARBglg -# hkgBhvhCAQEEBAMCBBAwSQYDVR0gBEIwQDA1BgwrBgEEAbIxAQIBBgEwJTAjBggr -# BgEFBQcCARYXaHR0cHM6Ly9zZWN0aWdvLmNvbS9DUFMwBwYFZ4EMAQMwVQYDVR0f -# BE4wTDBKoEigRoZEaHR0cDovL2NybC5jb21vZG9jYS5jb20vQ09NT0RPUlNBRXh0 -# ZW5kZWRWYWxpZGF0aW9uQ29kZVNpZ25pbmdDQS5jcmwwgYYGCCsGAQUFBwEBBHow -# eDBQBggrBgEFBQcwAoZEaHR0cDovL2NydC5jb21vZG9jYS5jb20vQ09NT0RPUlNB -# RXh0ZW5kZWRWYWxpZGF0aW9uQ29kZVNpZ25pbmdDQS5jcnQwJAYIKwYBBQUHMAGG -# GGh0dHA6Ly9vY3NwLmNvbW9kb2NhLmNvbTA7BgNVHREENDAyoCIGCCsGAQUFBwgD -# oBYwFAwSQ0gtQ0hFLTEwOS44MDQuMzgygQxpbmZvQHNjaXAuY2gwDQYJKoZIhvcN -# AQELBQADggEBACT7DLCxFVqNzRaCA/6PeNy1jJrCiCLLJsRM9Da7pkp7IJsVeKTC -# 4pF3YaiWf9/ZFwuBKorzoXZwH+P2EHi4fqjOlwBOxonnM6JxuMts5llladNiacoB -# dTiYe7xrkM/31vRauAuIj8zBNiNqfllmA3UJMHDObix9OAIbtDjZPli0IpAPDKKb -# pPTgoTjgyc33dVtF7rMZMPok/2iHsXJVzKBuYfwktZXTIQVKvHuwkG4+Vdw40/c9 -# eBpPRpDvjrtXjoVcDy5eEYo4j2rxSkmfvOgLcoLBtjuqWw44+AAdfoCgNa2kfJ1j -# Xb7NDzGQS1hgiUuTOiTYtvKbUOuJoFXxDW8wggYiMIIECqADAgECAhBt1HLrAq4E -# BuPdhD9f4UXhMA0GCSqGSIb3DQEBDAUAMIGFMQswCQYDVQQGEwJHQjEbMBkGA1UE -# CBMSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQK -# ExFDT01PRE8gQ0EgTGltaXRlZDErMCkGA1UEAxMiQ09NT0RPIFJTQSBDZXJ0aWZp -# Y2F0aW9uIEF1dGhvcml0eTAeFw0xNDEyMDMwMDAwMDBaFw0yOTEyMDIyMzU5NTla -# MIGRMQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3JlYXRlciBNYW5jaGVzdGVyMRAw -# DgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01PRE8gQ0EgTGltaXRlZDE3MDUG -# A1UEAxMuQ09NT0RPIFJTQSBFeHRlbmRlZCBWYWxpZGF0aW9uIENvZGUgU2lnbmlu -# ZyBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAIr9vUPwPchVH/NZ -# ivBatNyT0WQVSoqEpS3LJvjgRTijuQHFTxMIWdAxVMrNkGGjPizyTRVc1O7DaiKX -# SNEGQzQJmcnPMMSfRP1WnO7M54O5gc3I2gscEkj/b6LsxHXLCXDPUeW7i5+qvXgG -# fZXWYYH22lPHrJ2zALoe1L5AYgmZgz1F3U1llQTM/PrHW3riLgw9VTVXNUiJifK5 -# VqVLUBsc3piQvfMu3Iip8XWbqD6iBdlBte93rRfAWvWj202f0cSxe4O17hCUKy5y -# rr7vlSmcUmLFLG0i931EehBfY5NpTdl9spqxTrVZv/+F+72s7OErpuMsLOjZbttf -# TRd4y1MCAwEAAaOCAX4wggF6MB8GA1UdIwQYMBaAFLuvfgI9+qbxPISOre44mOzZ -# MjLUMB0GA1UdDgQWBBTfj/MgDOnKpgTYW1g3Kj2rRtyDSTAOBgNVHQ8BAf8EBAMC -# AYYwEgYDVR0TAQH/BAgwBgEB/wIBADATBgNVHSUEDDAKBggrBgEFBQcDAzA+BgNV -# HSAENzA1MDMGBFUdIAAwKzApBggrBgEFBQcCARYdaHR0cHM6Ly9zZWN1cmUuY29t -# b2RvLmNvbS9DUFMwTAYDVR0fBEUwQzBBoD+gPYY7aHR0cDovL2NybC5jb21vZG9j -# YS5jb20vQ09NT0RPUlNBQ2VydGlmaWNhdGlvbkF1dGhvcml0eS5jcmwwcQYIKwYB -# BQUHAQEEZTBjMDsGCCsGAQUFBzAChi9odHRwOi8vY3J0LmNvbW9kb2NhLmNvbS9D -# T01PRE9SU0FBZGRUcnVzdENBLmNydDAkBggrBgEFBQcwAYYYaHR0cDovL29jc3Au -# Y29tb2RvY2EuY29tMA0GCSqGSIb3DQEBDAUAA4ICAQBmTuy3FndvEegbXWpO2fKL -# bLFWKECLwDHEmUgjPfgO6ICX720gCx8TxIb7FzQV4Y5U98K4AHMV4CjZ2rr6glTC -# 9+u/wzbQMJ/loRyU3+986PYseKKszyZqFaEVMdYxNJi9U0/EhIOjxJZcPdj+1vlU -# /2eTbfg+K2ssogh8VkiBMhiybqyQwdvk3jmLhuXHGEBZpN+WR7qyf7H4Vw+FgHQ4 -# DjpYYh7+UuPmrlMJhv6Pm9tWVswHsInBBPFTC2xvd+yyH+z2W0BDYA8bqxhUtBAE -# jvgO6cuDsXryNE5qVEzpgyrpsDAlHM5ijg7rheYp/rFK4/KuPJH1TKG+yBcOXLtC -# TeMaipLNPiB+3el1seofdFyeVMKUN7Jh3QcWWX+WgBbgmbXSbrDJIwYVrNEj9DOL -# znXwwYbT/+Eu+pBP/kb5u9tPu7f+0Q0rBPHS0ZWFLIouuIVW8sOEUqHpM7HrUMih -# sJ/jw4s6h57nVdPTbTQXMA1oIgvVue1zNXLD7ac3zeNDrkXNNL8oyodi7UOkr/rL -# McshWGFGXrbGeqYeUyqo+FxRHzpaEA8owOR0i3TGBKr4SyYoCjKJ250qYHFqw5ZO -# Frljv2GVZ4xLLruwToPpTTHljici9Twme0SR09Ra8NN89Di+FJqZDouxW+rkiw8R -# nXdCghxcOtTaq4gvjVcwVDCCBuwwggTUoAMCAQICEDAPb6zdZph0fKlGNqd4Lbkw -# DQYJKoZIhvcNAQEMBQAwgYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpOZXcgSmVy -# c2V5MRQwEgYDVQQHEwtKZXJzZXkgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVT -# VCBOZXR3b3JrMS4wLAYDVQQDEyVVU0VSVHJ1c3QgUlNBIENlcnRpZmljYXRpb24g -# QXV0aG9yaXR5MB4XDTE5MDUwMjAwMDAwMFoXDTM4MDExODIzNTk1OVowfTELMAkG +# AgEAAgEAAgEAAgEAAgEAMCEwCQYFKw4DAhoFAAQUfUJ6etCo0Rwz1xQ4kh6qa8u8 +# NC+ggiA+MIIFbzCCBFegAwIBAgIQSPyTtGBVlI02p8mKidaUFjANBgkqhkiG9w0B +# AQwFADB7MQswCQYDVQQGEwJHQjEbMBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVy +# MRAwDgYDVQQHDAdTYWxmb3JkMRowGAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDEh +# MB8GA1UEAwwYQUFBIENlcnRpZmljYXRlIFNlcnZpY2VzMB4XDTIxMDUyNTAwMDAw +# MFoXDTI4MTIzMTIzNTk1OVowVjELMAkGA1UEBhMCR0IxGDAWBgNVBAoTD1NlY3Rp +# Z28gTGltaXRlZDEtMCsGA1UEAxMkU2VjdGlnbyBQdWJsaWMgQ29kZSBTaWduaW5n +# IFJvb3QgUjQ2MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAjeeUEiIE +# JHQu/xYjApKKtq42haxH1CORKz7cfeIxoFFvrISR41KKteKW3tCHYySJiv/vEpM7 +# fbu2ir29BX8nm2tl06UMabG8STma8W1uquSggyfamg0rUOlLW7O4ZDakfko9qXGr +# YbNzszwLDO/bM1flvjQ345cbXf0fEj2CA3bm+z9m0pQxafptszSswXp43JJQ8mTH +# qi0Eq8Nq6uAvp6fcbtfo/9ohq0C/ue4NnsbZnpnvxt4fqQx2sycgoda6/YDnAdLv +# 64IplXCN/7sVz/7RDzaiLk8ykHRGa0c1E3cFM09jLrgt4b9lpwRrGNhx+swI8m2J +# mRCxrds+LOSqGLDGBwF1Z95t6WNjHjZ/aYm+qkU+blpfj6Fby50whjDoA7NAxg0P +# OM1nqFOI+rgwZfpvx+cdsYN0aT6sxGg7seZnM5q2COCABUhA7vaCZEao9XOwBpXy +# bGWfv1VbHJxXGsd4RnxwqpQbghesh+m2yQ6BHEDWFhcp/FycGCvqRfXvvdVnTyhe +# Be6QTHrnxvTQ/PrNPjJGEyA2igTqt6oHRpwNkzoJZplYXCmjuQymMDg80EY2NXyc +# uu7D1fkKdvp+BRtAypI16dV60bV/AK6pkKrFfwGcELEW/MxuGNxvYv6mUKe4e7id +# FT/+IAx1yCJaE5UZkADpGtXChvHjjuxf9OUCAwEAAaOCARIwggEOMB8GA1UdIwQY +# MBaAFKARCiM+lvEH7OKvKe+CpX/QMKS0MB0GA1UdDgQWBBQy65Ka/zWWSC8oQEJw +# IDaRXBeF5jAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zATBgNVHSUE +# DDAKBggrBgEFBQcDAzAbBgNVHSAEFDASMAYGBFUdIAAwCAYGZ4EMAQQBMEMGA1Ud +# HwQ8MDowOKA2oDSGMmh0dHA6Ly9jcmwuY29tb2RvY2EuY29tL0FBQUNlcnRpZmlj +# YXRlU2VydmljZXMuY3JsMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0 +# cDovL29jc3AuY29tb2RvY2EuY29tMA0GCSqGSIb3DQEBDAUAA4IBAQASv6Hvi3Sa +# mES4aUa1qyQKDKSKZ7g6gb9Fin1SB6iNH04hhTmja14tIIa/ELiueTtTzbT72ES+ +# BtlcY2fUQBaHRIZyKtYyFfUSg8L54V0RQGf2QidyxSPiAjgaTCDi2wH3zUZPJqJ8 +# ZsBRNraJAlTH/Fj7bADu/pimLpWhDFMpH2/YGaZPnvesCepdgsaLr4CnvYFIUoQx +# 2jLsFeSmTD1sOXPUC4U5IOCFGmjhp0g4qdE2JXfBjRkWxYhMZn0vY86Y6GnfrDyo +# XZ3JHFuu2PMvdM+4fvbXg50RlmKarkUT2n/cR/vfw1Kf5gZV6Z2M8jpiUbzsJA8p +# 1FiAhORFe1rYMIIGHDCCBASgAwIBAgIQM9cIqJFAUxnipbvTObmtbjANBgkqhkiG +# 9w0BAQwFADBWMQswCQYDVQQGEwJHQjEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVk +# MS0wKwYDVQQDEyRTZWN0aWdvIFB1YmxpYyBDb2RlIFNpZ25pbmcgUm9vdCBSNDYw +# HhcNMjEwMzIyMDAwMDAwWhcNMzYwMzIxMjM1OTU5WjBXMQswCQYDVQQGEwJHQjEY +# MBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMS4wLAYDVQQDEyVTZWN0aWdvIFB1Ymxp +# YyBDb2RlIFNpZ25pbmcgQ0EgRVYgUjM2MIIBojANBgkqhkiG9w0BAQEFAAOCAY8A +# MIIBigKCAYEAu9H+HrdCW3j1kKeuLIPxjSHTMIaFe9/TzdkWS6yFxbsBz+KMKBFy +# BHYsgcWrEnpASsUQ6IEUORtfTwf2MDAwfzUl5cBzPUAJlOio+Os5C1XVtgyLHif4 +# 3j4iwb/vZe5z7mXdKN27H32bMn+3mVUXqrJJqDwQajrDIbKZqEPXO4KoGWG1Pmpa +# Xbi8nhPQCp71W49pOGjqpR9byiPuC+280B5DQ26wU4zCcypEMW6+j7jGAva7ggQV +# eQxSIOiYJ3Fh7y/k+AL7M1m19MNV59/2CCKuttEJWewBn3OJt0NP1fLZvVZZCd23 +# F/bEdIC6h0asBtvbBA3VTrrujAk0GZUb5nATBCXfj7jXhDOMbKYM62i6lU98ROjU +# aY0lecMh8TV3+E+2ElWV0FboGALV7nnIhqFp8RtOlBNqB2Lw0GuZpZdQnhwzoR7u +# YYsFaByO9e4mkIPW/nGFp5ryDRQ+NrUSrXd1esznRjZqkFPLxpRx3gc6IfnWMmfg +# nG5UhqBkoIPLAgMBAAGjggFjMIIBXzAfBgNVHSMEGDAWgBQy65Ka/zWWSC8oQEJw +# IDaRXBeF5jAdBgNVHQ4EFgQUgTKSQSsozUbIxKLGKjkS7EipPxQwDgYDVR0PAQH/ +# BAQDAgGGMBIGA1UdEwEB/wQIMAYBAf8CAQAwEwYDVR0lBAwwCgYIKwYBBQUHAwMw +# GgYDVR0gBBMwETAGBgRVHSAAMAcGBWeBDAEDMEsGA1UdHwREMEIwQKA+oDyGOmh0 +# dHA6Ly9jcmwuc2VjdGlnby5jb20vU2VjdGlnb1B1YmxpY0NvZGVTaWduaW5nUm9v +# dFI0Ni5jcmwwewYIKwYBBQUHAQEEbzBtMEYGCCsGAQUFBzAChjpodHRwOi8vY3J0 +# LnNlY3RpZ28uY29tL1NlY3RpZ29QdWJsaWNDb2RlU2lnbmluZ1Jvb3RSNDYucDdj +# MCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5zZWN0aWdvLmNvbTANBgkqhkiG9w0B +# AQwFAAOCAgEAXzas+/n2cloUt/ALHd7Y/ZcB0v0B7pkthuj2t/A5/9aBSlqnQkoK +# LRWd5pT9xWlKstdL8RYSTPa+kGZliy101KsI92oRAwh3fL5p4bDbnySJA9beXKTg +# sta0z+M41bltzCfWzmQR6BBydtP54OksielJ07OXlgYK4fYKyEGakV2B2DZ3mMqA +# QZeo+JE/Y5+qzVRUS4Dq9Rdm05Rx/Z79RzHj6RqGHdO+INI/sVJfspO9jJUJmHKP +# lQH0mEOlSvsUJqqdNr9ysPzcvYQN7O00qF6VKzgWYwV12fYxLhVr4pSyKtJ0NbWY +# mqP++CsvthdLJ2xa5rl2XtqG3atk1mrqgxiIGzGC9YizlCXAIS8IaQLjTLtMKhEw +# 64F5BuFBlSrUIPYLk+R8dgydHSZrX4QB9iqZza/ex/DkGKJOmy8qDGamknUmvtlA +# NRNvrqY3GnrorRxRYwcqVgZs7X4Y9uPsZHOmbQg2i68Pma51axcrwk1qw1FGQVbp +# j8KN/xNxm9rtntOfq+VFphLFFFpSQZejBgAIxeYc6ieCPDvb5kbE7y0ANRPNNn2d +# 5aonCAXMzsA2DksZT9Bjmm2/xSlTMSLbdVB3htDy+GruawYbPoUjK5fIfnqZQQzd +# WH8OqMMSPTo1m+CdLIwXgVREqHodmJ2Wf1lYplRl/1FCC/hH68/45b8wgga+MIIF +# JqADAgECAhBY1/j+ACGVk7Nfk2EAZ7N7MA0GCSqGSIb3DQEBCwUAMFcxCzAJBgNV +# BAYTAkdCMRgwFgYDVQQKEw9TZWN0aWdvIExpbWl0ZWQxLjAsBgNVBAMTJVNlY3Rp +# Z28gUHVibGljIENvZGUgU2lnbmluZyBDQSBFViBSMzYwHhcNMjMwODIxMDAwMDAw +# WhcNMjYwODIwMjM1OTU5WjCBkTEYMBYGA1UEBRMPQ0hFLTEwOS44MDQuMzgyMRMw +# EQYLKwYBBAGCNzwCAQMTAkNIMR0wGwYDVQQPExRQcml2YXRlIE9yZ2FuaXphdGlv +# bjELMAkGA1UEBhMCQ0gxEDAOBgNVBAgMB1rDvHJpY2gxEDAOBgNVBAoMB3NjaXAg +# YWcxEDAOBgNVBAMMB3NjaXAgYWcwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK +# AoICAQCzQ6oCVeUUYjACeXvIhnAvENhDTMoRQ3l5uChhnt76mVcpy3mnMrwexqqL +# J9xvoXx4N95BXiloBbpa8OGc/c1O4pasVFP56Xiqf0IaaUwHqaTWoM2LdpEUo3Wj +# ULGcNxxRoQC3Ui4UTtHOVlixHU5uPoxVp5EaMb3iW8ybFGjcoYRd1Tvoe+tl4818 +# KnAWrnqnyoFVc5P1ofh93n8ZIb9kL79c2uz94PiYMVCZvGQi6vVTytZSLItYpxsP +# 41B8q2qX9acmVKhB4VTweP6J/G2Y8BG8DbLJGuNEuCTKRLj4o7hDEpYI7NKstJyY +# f3AIAQT9zB4BNLlj37q6YqX9/uZ4dYdydBJl3hix5u3I7hCbrE3FbZkfi5t8BYK3 +# v/1+Wt9C6+uooUmcLRdos8mYSB4IusKRI4nnupCYC/2blAUCQSyp5jLsOJexdgal +# VdKe7Aj8md62lBRGca2ajCCzGEpk5iAMfq43EnKcaoiY4ajsRniDfKDRgkJ1JUWV +# CiCwiI/UTuLav2ilQkc3BzPrv3LXQQM68dAeR6Er0Pz46iSJ/b3sgIbQonvfPCi3 +# xrSvaxfVueO8IZgZ+oY5M4fYE3peYI1UFDSuvjhmpFln/OlVq6SgaKe2wigOunuf +# R3eDOu+Ltq8Ht6X4Rv5LSrU/BjENRhPsp27fyWADiJpZ7ru3AQIDAQABo4IByTCC +# AcUwHwYDVR0jBBgwFoAUgTKSQSsozUbIxKLGKjkS7EipPxQwHQYDVR0OBBYEFPlP +# y5ch4ih7wuj28WV5r6p7U6ITMA4GA1UdDwEB/wQEAwIHgDAMBgNVHRMBAf8EAjAA +# MBMGA1UdJQQMMAoGCCsGAQUFBwMDMEkGA1UdIARCMEAwNQYMKwYBBAGyMQECAQYB +# MCUwIwYIKwYBBQUHAgEWF2h0dHBzOi8vc2VjdGlnby5jb20vQ1BTMAcGBWeBDAED +# MEsGA1UdHwREMEIwQKA+oDyGOmh0dHA6Ly9jcmwuc2VjdGlnby5jb20vU2VjdGln +# b1B1YmxpY0NvZGVTaWduaW5nQ0FFVlIzNi5jcmwwewYIKwYBBQUHAQEEbzBtMEYG +# CCsGAQUFBzAChjpodHRwOi8vY3J0LnNlY3RpZ28uY29tL1NlY3RpZ29QdWJsaWND +# b2RlU2lnbmluZ0NBRVZSMzYuY3J0MCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5z +# ZWN0aWdvLmNvbTA7BgNVHREENDAyoCIGCCsGAQUFBwgDoBYwFAwSQ0gtQ0hFLTEw +# OS44MDQuMzgygQxtaXNjQHNjaXAuY2gwDQYJKoZIhvcNAQELBQADggGBAIPzM0vd +# +ZHVmIl+VseC1DVUkkukcEW7UG+bopOaTw/nqr6dMzqglpCMTnDuYK3zSl3ptTlW +# Cnok1EGjFNssPfr8uoFsgooblOZpEgolbc45pNvT0ERSP/85MOvTJqVH1kfJhWDA +# KG9BxJkhkhlc9bE98MgvrlEJ/q/wx+lXH739Zeerwvs2Y/MMUeSqZPmTuc2YkhiL +# TpmpIT9KXcvjYaFQB2mKHRerQTpmLGgu2tzo7yoJJrBcGp2trQH+68dWTiywsME7 +# glrrSKkJTB+87UmiSTdETx2H2pGOh65He3/NQe/+vcI2SBB0CXStw2AhhReemj/w +# 6INi2FYkhO1Sag9inF/1K62w//gZsSR/YB8dlG0+MAsNaPJaCXnciPP5fG2XIZsQ +# caKd8dT9Y+wtBEigoNX0Js0NmMWwvygL33pGwjzIc9td3k7KkO3gJeO9VI5oqp7R +# PIAew0HTB5PyWS1C0BXNVMLoONdinpBGTXp0P8DH2YYsHBQqPgmIgUeVNzCCBuww +# ggTUoAMCAQICEDAPb6zdZph0fKlGNqd4LbkwDQYJKoZIhvcNAQEMBQAwgYgxCzAJ +# BgNVBAYTAlVTMRMwEQYDVQQIEwpOZXcgSmVyc2V5MRQwEgYDVQQHEwtKZXJzZXkg +# Q2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMS4wLAYDVQQDEyVV +# U0VSVHJ1c3QgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTE5MDUwMjAw +# MDAwMFoXDTM4MDExODIzNTk1OVowfTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdy +# ZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEYMBYGA1UEChMPU2Vj +# dGlnbyBMaW1pdGVkMSUwIwYDVQQDExxTZWN0aWdvIFJTQSBUaW1lIFN0YW1waW5n +# IENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAyBsBr9ksfoiZfQGY +# PyCQvZyAIVSTuc+gPlPvs1rAdtYaBKXOR4O168TMSTTL80VlufmnZBYmCfvVMlJ5 +# LsljwhObtoY/AQWSZm8hq9VxEHmH9EYqzcRaydvXXUlNclYP3MnjU5g6Kh78zlhJ +# 07/zObu5pCNCrNAVw3+eolzXOPEWsnDTo8Tfs8VyrC4Kd/wNlFK3/B+VcyQ9ASi8 +# Dw1Ps5EBjm6dJ3VV0Rc7NCF7lwGUr3+Az9ERCleEyX9W4L1GnIK+lJ2/tCCwYH64 +# TfUNP9vQ6oWMilZx0S2UTMiMPNMUopy9Jv/TUyDHYGmbWApU9AXn/TGs+ciFF8e4 +# KRmkKS9G493bkV+fPzY+DjBnK0a3Na+WvtpMYMyou58NFNQYxDCYdIIhz2JWtSFz +# Eh79qsoIWId3pBXrGVX/0DlULSbuRRo6b83XhPDX8CjFT2SDAtT74t7xvAIo9G3a +# J4oG0paH3uhrDvBbfel2aZMgHEqXLHcZK5OVmJyXnuuOwXhWxkQl3wYSmgYtnwNe +# /YOiU2fKsfqNoWTJiJJZy6hGwMnypv99V9sSdvqKQSTUG/xypRSi1K1DHKRJi0E5 +# FAMeKfobpSKupcNNgtCN2mu32/cYQFdz8HGj+0p9RTbB942C+rnJDVOAffq2OVgy +# 728YUInXT50zvRq1naHelUF6p4MCAwEAAaOCAVowggFWMB8GA1UdIwQYMBaAFFN5 +# v1qqK0rPVIDh2JvAnfKyA2bLMB0GA1UdDgQWBBQaofhhGSAPw0F3RSiO0TVfBhIE +# VTAOBgNVHQ8BAf8EBAMCAYYwEgYDVR0TAQH/BAgwBgEB/wIBADATBgNVHSUEDDAK +# BggrBgEFBQcDCDARBgNVHSAECjAIMAYGBFUdIAAwUAYDVR0fBEkwRzBFoEOgQYY/ +# aHR0cDovL2NybC51c2VydHJ1c3QuY29tL1VTRVJUcnVzdFJTQUNlcnRpZmljYXRp +# b25BdXRob3JpdHkuY3JsMHYGCCsGAQUFBwEBBGowaDA/BggrBgEFBQcwAoYzaHR0 +# cDovL2NydC51c2VydHJ1c3QuY29tL1VTRVJUcnVzdFJTQUFkZFRydXN0Q0EuY3J0 +# MCUGCCsGAQUFBzABhhlodHRwOi8vb2NzcC51c2VydHJ1c3QuY29tMA0GCSqGSIb3 +# DQEBDAUAA4ICAQBtVIGlM10W4bVTgZF13wN6MgstJYQRsrDbKn0qBfW8Oyf0WqC5 +# SVmQKWxhy7VQ2+J9+Z8A70DDrdPi5Fb5WEHP8ULlEH3/sHQfj8ZcCfkzXuqgHCZY +# XPO0EQ/V1cPivNVYeL9IduFEZ22PsEMQD43k+ThivxMBxYWjTMXMslMwlaTW9JZW +# CLjNXH8Blr5yUmo7Qjd8Fng5k5OUm7Hcsm1BbWfNyW+QPX9FcsEbI9bCVYRm5LPF +# Zgb289ZLXq2jK0KKIZL+qG9aJXBigXNjXqC72NzXStM9r4MGOBIdJIct5PwC1j53 +# BLwENrXnd8ucLo0jGLmjwkcd8F3WoXNXBWiap8k3ZR2+6rzYQoNDBaWLpgn/0aGU +# pk6qPQn1BWy30mRa2Coiwkud8TleTN5IPZs0lpoJX47997FSkc4/ifYcobWpdR9x +# v1tDXWU9UIFuq/DQ0/yysx+2mZYm9Dx5i1xkzM3uJ5rloMAMcofBbk1a0x7q8ETm +# Mm8c6xdOlMN4ZSA7D0GqH+mhQZ3+sbigZSo04N6o+TzmwTC7wKBjLPxcFgCo0MR/ +# 6hGdHgbGpm0yXbQ4CStJB6r97DDa8acvz7f9+tCjhNknnvsBZne5VhDhIG7GrrH5 +# trrINV0zdo7xfCAMKneutaIChrop7rRaALGMq+P5CslUXdS5anSevUiumDCCBvUw +# ggTdoAMCAQICEDlMJeF8oG0nqGXiO9kdItQwDQYJKoZIhvcNAQEMBQAwfTELMAkG # A1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMH # U2FsZm9yZDEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMSUwIwYDVQQDExxTZWN0 -# aWdvIFJTQSBUaW1lIFN0YW1waW5nIENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A -# MIICCgKCAgEAyBsBr9ksfoiZfQGYPyCQvZyAIVSTuc+gPlPvs1rAdtYaBKXOR4O1 -# 68TMSTTL80VlufmnZBYmCfvVMlJ5LsljwhObtoY/AQWSZm8hq9VxEHmH9EYqzcRa -# ydvXXUlNclYP3MnjU5g6Kh78zlhJ07/zObu5pCNCrNAVw3+eolzXOPEWsnDTo8Tf -# s8VyrC4Kd/wNlFK3/B+VcyQ9ASi8Dw1Ps5EBjm6dJ3VV0Rc7NCF7lwGUr3+Az9ER -# CleEyX9W4L1GnIK+lJ2/tCCwYH64TfUNP9vQ6oWMilZx0S2UTMiMPNMUopy9Jv/T -# UyDHYGmbWApU9AXn/TGs+ciFF8e4KRmkKS9G493bkV+fPzY+DjBnK0a3Na+WvtpM -# YMyou58NFNQYxDCYdIIhz2JWtSFzEh79qsoIWId3pBXrGVX/0DlULSbuRRo6b83X -# hPDX8CjFT2SDAtT74t7xvAIo9G3aJ4oG0paH3uhrDvBbfel2aZMgHEqXLHcZK5OV -# mJyXnuuOwXhWxkQl3wYSmgYtnwNe/YOiU2fKsfqNoWTJiJJZy6hGwMnypv99V9sS -# dvqKQSTUG/xypRSi1K1DHKRJi0E5FAMeKfobpSKupcNNgtCN2mu32/cYQFdz8HGj -# +0p9RTbB942C+rnJDVOAffq2OVgy728YUInXT50zvRq1naHelUF6p4MCAwEAAaOC -# AVowggFWMB8GA1UdIwQYMBaAFFN5v1qqK0rPVIDh2JvAnfKyA2bLMB0GA1UdDgQW -# BBQaofhhGSAPw0F3RSiO0TVfBhIEVTAOBgNVHQ8BAf8EBAMCAYYwEgYDVR0TAQH/ -# BAgwBgEB/wIBADATBgNVHSUEDDAKBggrBgEFBQcDCDARBgNVHSAECjAIMAYGBFUd -# IAAwUAYDVR0fBEkwRzBFoEOgQYY/aHR0cDovL2NybC51c2VydHJ1c3QuY29tL1VT -# RVJUcnVzdFJTQUNlcnRpZmljYXRpb25BdXRob3JpdHkuY3JsMHYGCCsGAQUFBwEB -# BGowaDA/BggrBgEFBQcwAoYzaHR0cDovL2NydC51c2VydHJ1c3QuY29tL1VTRVJU -# cnVzdFJTQUFkZFRydXN0Q0EuY3J0MCUGCCsGAQUFBzABhhlodHRwOi8vb2NzcC51 -# c2VydHJ1c3QuY29tMA0GCSqGSIb3DQEBDAUAA4ICAQBtVIGlM10W4bVTgZF13wN6 -# MgstJYQRsrDbKn0qBfW8Oyf0WqC5SVmQKWxhy7VQ2+J9+Z8A70DDrdPi5Fb5WEHP -# 8ULlEH3/sHQfj8ZcCfkzXuqgHCZYXPO0EQ/V1cPivNVYeL9IduFEZ22PsEMQD43k -# +ThivxMBxYWjTMXMslMwlaTW9JZWCLjNXH8Blr5yUmo7Qjd8Fng5k5OUm7Hcsm1B -# bWfNyW+QPX9FcsEbI9bCVYRm5LPFZgb289ZLXq2jK0KKIZL+qG9aJXBigXNjXqC7 -# 2NzXStM9r4MGOBIdJIct5PwC1j53BLwENrXnd8ucLo0jGLmjwkcd8F3WoXNXBWia -# p8k3ZR2+6rzYQoNDBaWLpgn/0aGUpk6qPQn1BWy30mRa2Coiwkud8TleTN5IPZs0 -# lpoJX47997FSkc4/ifYcobWpdR9xv1tDXWU9UIFuq/DQ0/yysx+2mZYm9Dx5i1xk -# zM3uJ5rloMAMcofBbk1a0x7q8ETmMm8c6xdOlMN4ZSA7D0GqH+mhQZ3+sbigZSo0 -# 4N6o+TzmwTC7wKBjLPxcFgCo0MR/6hGdHgbGpm0yXbQ4CStJB6r97DDa8acvz7f9 -# +tCjhNknnvsBZne5VhDhIG7GrrH5trrINV0zdo7xfCAMKneutaIChrop7rRaALGM -# q+P5CslUXdS5anSevUiumDCCBvUwggTdoAMCAQICEDlMJeF8oG0nqGXiO9kdItQw -# DQYJKoZIhvcNAQEMBQAwfTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIg -# TWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEYMBYGA1UEChMPU2VjdGlnbyBM -# aW1pdGVkMSUwIwYDVQQDExxTZWN0aWdvIFJTQSBUaW1lIFN0YW1waW5nIENBMB4X -# DTIzMDUwMzAwMDAwMFoXDTM0MDgwMjIzNTk1OVowajELMAkGA1UEBhMCR0IxEzAR -# BgNVBAgTCk1hbmNoZXN0ZXIxGDAWBgNVBAoTD1NlY3RpZ28gTGltaXRlZDEsMCoG -# A1UEAwwjU2VjdGlnbyBSU0EgVGltZSBTdGFtcGluZyBTaWduZXIgIzQwggIiMA0G -# CSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCkkyhSS88nh3akKRyZOMDnDtTRHOxo -# ywFk5IrNd7BxZYK8n/yLu7uVmPslEY5aiAlmERRYsroiW+b2MvFdLcB6og7g4FZk -# 7aHlgSByIGRBbMfDCPrzfV3vIZrCftcsw7oRmB780yAIQrNfv3+IWDKrMLPYjHqW -# ShkTXKz856vpHBYusLA4lUrPhVCrZwMlobs46Q9vqVqakSgTNbkf8z3hJMhrsZno -# De+7TeU9jFQDkdD8Lc9VMzh6CRwH0SLgY4anvv3Sg3MSFJuaTAlGvTS84UtQe3Lg -# W/0Zux88ahl7brstRCq+PEzMrIoEk8ZXhqBzNiuBl/obm36Ih9hSeYn+bnc317tQ -# n/oYJU8T8l58qbEgWimro0KHd+D0TAJI3VilU6ajoO0ZlmUVKcXtMzAl5paDgZr2 -# YGaQWAeAzUJ1rPu0kdDF3QFAaraoEO72jXq3nnWv06VLGKEMn1ewXiVHkXTNdRLR -# nG/kXg2b7HUm7v7T9ZIvUoXo2kRRKqLMAMqHZkOjGwDvorWWnWKtJwvyG0rJw5RC -# N4gghKiHrsO6I3J7+FTv+GsnsIX1p0OF2Cs5dNtadwLRpPr1zZw9zB+uUdB7bNgd -# LRFCU3F0wuU1qi1SEtklz/DT0JFDEtcyfZhs43dByP8fJFTvbq3GPlV78VyHOmTx -# YEsFT++5L+wJEwIDAQABo4IBgjCCAX4wHwYDVR0jBBgwFoAUGqH4YRkgD8NBd0Uo -# jtE1XwYSBFUwHQYDVR0OBBYEFAMPMciRKpO9Y/PRXU2kNA/SlQEYMA4GA1UdDwEB -# /wQEAwIGwDAMBgNVHRMBAf8EAjAAMBYGA1UdJQEB/wQMMAoGCCsGAQUFBwMIMEoG -# A1UdIARDMEEwNQYMKwYBBAGyMQECAQMIMCUwIwYIKwYBBQUHAgEWF2h0dHBzOi8v -# c2VjdGlnby5jb20vQ1BTMAgGBmeBDAEEAjBEBgNVHR8EPTA7MDmgN6A1hjNodHRw -# Oi8vY3JsLnNlY3RpZ28uY29tL1NlY3RpZ29SU0FUaW1lU3RhbXBpbmdDQS5jcmww -# dAYIKwYBBQUHAQEEaDBmMD8GCCsGAQUFBzAChjNodHRwOi8vY3J0LnNlY3RpZ28u -# Y29tL1NlY3RpZ29SU0FUaW1lU3RhbXBpbmdDQS5jcnQwIwYIKwYBBQUHMAGGF2h0 -# dHA6Ly9vY3NwLnNlY3RpZ28uY29tMA0GCSqGSIb3DQEBDAUAA4ICAQBMm2VY+uB5 -# z+8VwzJt3jOR63dY4uu9y0o8dd5+lG3DIscEld9laWETDPYMnvWJIF7Bh8cDJMrH -# pfAm3/j4MWUN4OttUVemjIRSCEYcKsLe8tqKRfO+9/YuxH7t+O1ov3pWSOlh5Zo5 -# d7y+upFkiHX/XYUWNCfSKcv/7S3a/76TDOxtog3Mw/FuvSGRGiMAUq2X1GJ4KoR5 -# qNc9rCGPcMMkeTqX8Q2jo1tT2KsAulj7NYBPXyhxbBlewoNykK7gxtjymfvqtJJl -# fAd8NUQdrVgYa2L73mzECqls0yFGcNwvjXVMI8JB0HqWO8NL3c2SJnR2XDegmiSe -# Tl9O048P5RNPWURlS0Nkz0j4Z2e5Tb/MDbE6MNChPUitemXk7N/gAfCzKko5rMGk -# +al9NdAyQKCxGSoYIbLIfQVxGksnNqrgmByDdefHfkuEQ81D+5CXdioSrEDBcFuZ -# CkD6gG2UYXvIbrnIZ2ckXFCNASDeB/cB1PguEc2dg+X4yiUcRD0n5bCGRyoLG4R2 -# fXtoT4239xO07aAt7nMP2RC6nZksfNd1H48QxJTmfiTllUqIjCfWhWYd+a5kdpHo -# SP7IVQrtKcMf3jimwBT7Mj34qYNiNsjDvgCHHKv6SkIciQPc9Vx8cNldeE7un14g -# 5glqfCsIo0j1FfwET9/NIRx65fWOGtS5QDGCBZcwggWTAgEBMIGmMIGRMQswCQYD -# VQQGEwJHQjEbMBkGA1UECBMSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdT -# YWxmb3JkMRowGAYDVQQKExFDT01PRE8gQ0EgTGltaXRlZDE3MDUGA1UEAxMuQ09N -# T0RPIFJTQSBFeHRlbmRlZCBWYWxpZGF0aW9uIENvZGUgU2lnbmluZyBDQQIQeO1Y -# DfU4t32dWmgwBkYSEDAJBgUrDgMCGgUAoHgwGAYKKwYBBAGCNwIBDDEKMAigAoAA -# oQKAADAZBgkqhkiG9w0BCQMxDAYKKwYBBAGCNwIBBDAcBgorBgEEAYI3AgELMQ4w -# DAYKKwYBBAGCNwIBFTAjBgkqhkiG9w0BCQQxFgQU+Q8NboB63CJbW+HW7SrbNRzf -# 1GwwDQYJKoZIhvcNAQEBBQAEggEAMQ89F9CxThT3gTYKx1nFjdD6vnJGjZ+SsoPS -# OahBX8DNVKLGxzIMAUKV9LC5gNkWyEz9otHIImNdv5XjNGqZkd4+7wUtacDaUIAN -# lRjAiXDhCdMImmakkD/8QZVCM5eycrXlOEwQNdAhcX/lNcEdvopLpML9N73p2JGW -# w/nJsbBGBMY8m9AqhloDKYNoADxxlGvmRcQH8U04LijDvUsQVcgsnHMTFI7sEZhH -# OdHgJ2DkpFA3KiXYI5HcwWv5365HHXmX37LwI70XQRX56ihlss1h+CJj+lbZwDge -# gLmbPv+o+9q9A8jh7KG/eBfAcv9+4yTJ0ojuPru2TTn0yAJVO6GCA0swggNHBgkq -# hkiG9w0BCQYxggM4MIIDNAIBATCBkTB9MQswCQYDVQQGEwJHQjEbMBkGA1UECBMS -# R3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRgwFgYDVQQKEw9T -# ZWN0aWdvIExpbWl0ZWQxJTAjBgNVBAMTHFNlY3RpZ28gUlNBIFRpbWUgU3RhbXBp -# bmcgQ0ECEDlMJeF8oG0nqGXiO9kdItQwDQYJYIZIAWUDBAICBQCgeTAYBgkqhkiG -# 9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0yMzA3MDYwNTE2Mzda -# MD8GCSqGSIb3DQEJBDEyBDAtcd+vRELwnftWWZD2jYXo2Fz0Nstvz0EFtnI5Qb5i -# rASxuKxC+fFTV1Z5gijwZf0wDQYJKoZIhvcNAQEBBQAEggIAjg9x1K5czA6Ibi9G -# /AkWd8MjVHolR0t06PqbSc8qUT0Zp4tiu8Rp+aqiokIIDP+5KT+QcveGFy7iO15p -# +K3Q2CcJ8FZ54SDGHPx/m4CdJknNJI9tOcw2gnokPs4vfggu5p/Xr9PJ3N+bBTA6 -# hAAwcWEShi8IGDJ81IgrslAJcRlxPQOmHllMUYi3s1hF8VvhPxpr6vnfyV2Ha5Qi -# xagVBvFf0Ps6Q0z6wbBHTI3kxDUrbaGjeODIh3/b8MmvV2kocSefTp3kXcL3PbS3 -# JuFl/Cmfc0BnoZg8Ba/YBi/Uz9C+q+dNBFUc+qVdQh5yvGVxnNpXaQ+bG5NTleVZ -# ew655HBO2qkydOonW87rIgIump8srmyu8WRcmqCQuh8B5SN8EgRkXYrngHVBWydL -# tWJt6NwHhwA+miEZjqz1dI/W5BgZDhCZ0QRFn5DRpqSfgttpjXl7TPVelTYofzuo -# DvlLYMKLnIw6uj/lVmxSK08Kke8hlNAk+fyVNmb1P+9Afj5YLUTanEPPMc7HGNro -# HK43t8+ORnz6zhGysU1bTE+LiLLtR1vhORkdT5LkI7kSs+GQbpLGG+CHxKL2coYS -# jxO114AvXgm2FXXeLwMgj2+J3NwlCcJCJQWsfWrNiMEl6WDjUcffdlpIbpqqyhRL -# lRX8/0TnWtvwv9N7euRXkmP9YwA= +# aWdvIFJTQSBUaW1lIFN0YW1waW5nIENBMB4XDTIzMDUwMzAwMDAwMFoXDTM0MDgw +# MjIzNTk1OVowajELMAkGA1UEBhMCR0IxEzARBgNVBAgTCk1hbmNoZXN0ZXIxGDAW +# BgNVBAoTD1NlY3RpZ28gTGltaXRlZDEsMCoGA1UEAwwjU2VjdGlnbyBSU0EgVGlt +# ZSBTdGFtcGluZyBTaWduZXIgIzQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK +# AoICAQCkkyhSS88nh3akKRyZOMDnDtTRHOxoywFk5IrNd7BxZYK8n/yLu7uVmPsl +# EY5aiAlmERRYsroiW+b2MvFdLcB6og7g4FZk7aHlgSByIGRBbMfDCPrzfV3vIZrC +# ftcsw7oRmB780yAIQrNfv3+IWDKrMLPYjHqWShkTXKz856vpHBYusLA4lUrPhVCr +# ZwMlobs46Q9vqVqakSgTNbkf8z3hJMhrsZnoDe+7TeU9jFQDkdD8Lc9VMzh6CRwH +# 0SLgY4anvv3Sg3MSFJuaTAlGvTS84UtQe3LgW/0Zux88ahl7brstRCq+PEzMrIoE +# k8ZXhqBzNiuBl/obm36Ih9hSeYn+bnc317tQn/oYJU8T8l58qbEgWimro0KHd+D0 +# TAJI3VilU6ajoO0ZlmUVKcXtMzAl5paDgZr2YGaQWAeAzUJ1rPu0kdDF3QFAarao +# EO72jXq3nnWv06VLGKEMn1ewXiVHkXTNdRLRnG/kXg2b7HUm7v7T9ZIvUoXo2kRR +# KqLMAMqHZkOjGwDvorWWnWKtJwvyG0rJw5RCN4gghKiHrsO6I3J7+FTv+GsnsIX1 +# p0OF2Cs5dNtadwLRpPr1zZw9zB+uUdB7bNgdLRFCU3F0wuU1qi1SEtklz/DT0JFD +# EtcyfZhs43dByP8fJFTvbq3GPlV78VyHOmTxYEsFT++5L+wJEwIDAQABo4IBgjCC +# AX4wHwYDVR0jBBgwFoAUGqH4YRkgD8NBd0UojtE1XwYSBFUwHQYDVR0OBBYEFAMP +# MciRKpO9Y/PRXU2kNA/SlQEYMA4GA1UdDwEB/wQEAwIGwDAMBgNVHRMBAf8EAjAA +# MBYGA1UdJQEB/wQMMAoGCCsGAQUFBwMIMEoGA1UdIARDMEEwNQYMKwYBBAGyMQEC +# AQMIMCUwIwYIKwYBBQUHAgEWF2h0dHBzOi8vc2VjdGlnby5jb20vQ1BTMAgGBmeB +# DAEEAjBEBgNVHR8EPTA7MDmgN6A1hjNodHRwOi8vY3JsLnNlY3RpZ28uY29tL1Nl +# Y3RpZ29SU0FUaW1lU3RhbXBpbmdDQS5jcmwwdAYIKwYBBQUHAQEEaDBmMD8GCCsG +# AQUFBzAChjNodHRwOi8vY3J0LnNlY3RpZ28uY29tL1NlY3RpZ29SU0FUaW1lU3Rh +# bXBpbmdDQS5jcnQwIwYIKwYBBQUHMAGGF2h0dHA6Ly9vY3NwLnNlY3RpZ28uY29t +# MA0GCSqGSIb3DQEBDAUAA4ICAQBMm2VY+uB5z+8VwzJt3jOR63dY4uu9y0o8dd5+ +# lG3DIscEld9laWETDPYMnvWJIF7Bh8cDJMrHpfAm3/j4MWUN4OttUVemjIRSCEYc +# KsLe8tqKRfO+9/YuxH7t+O1ov3pWSOlh5Zo5d7y+upFkiHX/XYUWNCfSKcv/7S3a +# /76TDOxtog3Mw/FuvSGRGiMAUq2X1GJ4KoR5qNc9rCGPcMMkeTqX8Q2jo1tT2KsA +# ulj7NYBPXyhxbBlewoNykK7gxtjymfvqtJJlfAd8NUQdrVgYa2L73mzECqls0yFG +# cNwvjXVMI8JB0HqWO8NL3c2SJnR2XDegmiSeTl9O048P5RNPWURlS0Nkz0j4Z2e5 +# Tb/MDbE6MNChPUitemXk7N/gAfCzKko5rMGk+al9NdAyQKCxGSoYIbLIfQVxGksn +# NqrgmByDdefHfkuEQ81D+5CXdioSrEDBcFuZCkD6gG2UYXvIbrnIZ2ckXFCNASDe +# B/cB1PguEc2dg+X4yiUcRD0n5bCGRyoLG4R2fXtoT4239xO07aAt7nMP2RC6nZks +# fNd1H48QxJTmfiTllUqIjCfWhWYd+a5kdpHoSP7IVQrtKcMf3jimwBT7Mj34qYNi +# NsjDvgCHHKv6SkIciQPc9Vx8cNldeE7un14g5glqfCsIo0j1FfwET9/NIRx65fWO +# GtS5QDGCBlswggZXAgEBMGswVzELMAkGA1UEBhMCR0IxGDAWBgNVBAoTD1NlY3Rp +# Z28gTGltaXRlZDEuMCwGA1UEAxMlU2VjdGlnbyBQdWJsaWMgQ29kZSBTaWduaW5n +# IENBIEVWIFIzNgIQWNf4/gAhlZOzX5NhAGezezAJBgUrDgMCGgUAoHgwGAYKKwYB +# BAGCNwIBDDEKMAigAoAAoQKAADAZBgkqhkiG9w0BCQMxDAYKKwYBBAGCNwIBBDAc +# BgorBgEEAYI3AgELMQ4wDAYKKwYBBAGCNwIBFTAjBgkqhkiG9w0BCQQxFgQUI/Oe +# J6ECVgyXF9LeqerCWGCgOtcwDQYJKoZIhvcNAQEBBQAEggIAIy7QQehq/dyGrC0D +# +pg/IXCC2cljuS+tU6F+cV1IMHvwgb46/w2pSMv+0IxlajCQSTK4lZGZD+a+oV8J +# YZI0Kmrl8q/6DgDG5Kc1fWX5y3s1vQq5MilCK1O3waF7AKoeTgryoH3Cbd6I9ZFY +# f2lQ3nm92hM9UwyRR+az3XBmegn/gkwE4EEuFJqLQTkFrtpf1KPCLlLoJL7zvDo3 +# kJnwWoQNxRAQxAyG7TUo5m6JZ33GDuGFmzVzKbOKZpsA9/CyVD3ilsv0pBPrZdPD +# J+rvdW0BR1XnQiIJjTF5rgcu/fIgbaivGZa5+GE0kTHfen3Bm1dJWl5j6IWEqRxI +# owmDae1xjcJNJHhYmZcfdnHT9Ie++au1Hzx9Eq+j/E3IljY0yR6EnIt6vu3xXpF9 +# F5ml804aRBDVIif6hBPS000z6Sh5iA+yo02n7UcFVuphIbtNmwCYtN/3Psw8qtjA +# reUqr/nUZ3aclqzcJfsJDiSRhjCuH0jSh1lmzl6AX8FHhkymi6xNQZ8JEuK5JQDu +# dLtxRRy9lzZ/Fpiwkhd7Fj88q2CRuFBl2c+Dn/OqqXR2FmpC+ndGB5+tXCQmRwhB +# yKImacadmN7dd3/kYZ8czrJoHjABQ901ead+yyhND1LztOuznxZ+11+23xSAOjXy +# nUvDaNjPVD0dtKE4+BbH0P+VUNOhggNLMIIDRwYJKoZIhvcNAQkGMYIDODCCAzQC +# AQEwgZEwfTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3Rl +# cjEQMA4GA1UEBxMHU2FsZm9yZDEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMSUw +# IwYDVQQDExxTZWN0aWdvIFJTQSBUaW1lIFN0YW1waW5nIENBAhA5TCXhfKBtJ6hl +# 4jvZHSLUMA0GCWCGSAFlAwQCAgUAoHkwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEH +# ATAcBgkqhkiG9w0BCQUxDxcNMjMxMjA0MTIzMDQzWjA/BgkqhkiG9w0BCQQxMgQw +# QFMmdZuyyWJzyuQI4z8Q9DPzwakxVBBEcia21fpzAMTnRlDdxc88QKqU50eibk7p +# MA0GCSqGSIb3DQEBAQUABIICADa3/YYH0MYLr/gHRZ3inOkisZE0ZWAJG1s/Bs+w +# +YrJfj8y6Xzn4W8tweVAWp0XG/BqySW9tlGZwMy6cXi1iSSueICIClWWebEbyqDT +# XqtJh8TqBH2A6k5KjSpVS78JUwHGgQ6Uu4WVeHkGaCOzQtBNLJqh8Vota5royUB/ +# Qe8ZfzPX1kxLxveAM8i57uy+Uu5Zkfe3v0o26MzB4/HDQ55Rfr1FjO4ta3mVwjdc +# zD0gCpD+3eiVFI2SfShazAtRTF31zCPOLQyjelW+H90ClZi37c1ghLf10PCt9YUQ +# svEnnkT+IDA/hQmYPGDdBXHHylw6vxTiDkhlpHmhg8kVm58eDbts2Gbkl4xLz1Wf +# /Xz9olw7GWXlTd6htdZIqW1IpE6MnRiZyBFf5wu2rqYY/tSoNVVxrcfVwV6L5vIa +# bvwiWWyrxStM56K1CShvD5M2s1L1/HOGDyzq6N9tsWOHLVYxmcXfhtP49aB9yKiJ +# O8HGwX+WE6+dy/pL8SW+O4DLAkZUI6noUt/mso4vV91tab7NYoEWy+x2RpvJV2MX +# q5i/vzE8CHxFybz/GdTeRAL/O9YzjEwiYL7CyYE1C1/BqgQKqrZLBhjbfGu8BYtt +# uZfzJqvFKGOsZ9NLPY6QBh3a56KnTnfl6uFCcFoJIbz8+nwZ5sx1R/nKUDl8VYN4 +# 9DA1 # SIG # End signature block diff --git a/HardeningKitty.psm1 b/HardeningKitty.psm1 index 0659b95..02d31dd 100644 --- a/HardeningKitty.psm1 +++ b/HardeningKitty.psm1 @@ -605,7 +605,7 @@ # # Start Main # - $HardeningKittyVersion = "0.9.1-1682943550" + $HardeningKittyVersion = "0.9.2-1690255284" # # Log, report and backup file @@ -843,6 +843,10 @@ $Result = "-NODATA-" } Else { $Result = $Finding.DefaultValue + # Multiline Registry Keys need a semicolon instead of a space + If ($Finding.RegistryItem -eq "Machine") { + $Result = $Result.Replace(";", " ") + } } } } @@ -1448,7 +1452,7 @@ # Hardened UNC Paths => Remove spaces in result and recommendation only if result is not null or empty # If ($Finding.Method -eq 'Registry' -and $Finding.RegistryItem -eq "Machine") { - $Finding.RecommendedValue = $Finding.RecommendedValue.Replace(";", " ") + # $Finding.RecommendedValue = $Finding.RecommendedValue.Replace(";", " ") } ElseIf ($Finding.Method -eq 'Registry' -and $Finding.RegistryPath -eq "HKLM:\Software\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths") { If (![string]::IsNullOrEmpty($Result)) { $Result = $Result.Replace(" ", "") @@ -3037,93 +3041,106 @@ # The GPO mode create a GPO containing every registry method remediation. # Elseif ($Mode -eq "GPO") { - Write-Output "`n" - If ($GPOname.Length -eq 0) { - # Control if a GPO name is given - $Message = "The GPO Name $GPOname was not found." - Write-ProtocolEntry -Text $Message -LogLevel "Error" - Break - } - If ($FileFindingList.Length -eq 0) { - # Control if a Finding list is given - $CurrentLocation = $PSScriptRoot - $DefaultList = "$CurrentLocation\lists\finding_list_0x6d69636b_machine.csv" - - If (Test-Path -Path $DefaultList) { - $FileFindingList = $DefaultList - } Else { - $Message = "The finding list $DefaultList was not found." - Write-ProtocolEntry -Text $Message -LogLevel "Error" - Break - } - } - - # Should check if user is domain admin - - Try - { - New-GPO -Name $GPOname -ErrorAction Stop | Out-Null - } - Catch [System.ArgumentException] { - # Control if the Name of the GPO is ok - Write-ProtocolEntry -Text $_.Exception.Message -LogLevel "Error" - Break - } - - # Iterrate over finding list - $FindingList = Import-Csv -Path $FileFindingList -Delimiter "," - ForEach ($Finding in $FindingList) { - # - # Only Registry Method Policies - # - If ($Finding.Method -eq "Registry") { - $RegType = "String" - - # - # Basically this is true, but there is an exception for the finding "MitigationOptions_FontBocking", - # the value "10000000000" is written to the registry as a string... - # - # ... and more exceptions are added over time: - # - # MitigationOptions_FontBocking => Mitigation Options: Untrusted Font Blocking - # Machine => Network access: Remotely accessible registry paths - # Retention => Event Log Service: *: Control Event Log behavior when the log file reaches its maximum size - # AllocateDASD => Devices: Allowed to format and eject removable media - # ScRemoveOption => Interactive logon: Smart card removal behavior - # AutoAdminLogon => MSS: (AutoAdminLogon) Enable Automatic Logon (not recommended) - # - If ($Finding.RegistryItem -eq "MitigationOptions_FontBocking" -Or $Finding.RegistryItem -eq "Retention" -Or $Finding.RegistryItem -eq "AllocateDASD" -Or $Finding.RegistryItem -eq "ScRemoveOption" -Or $Finding.RegistryItem -eq "AutoAdminLogon") { - $RegType = "String" - } ElseIf ($Finding.RegistryItem -eq "Machine") { - $RegType = "MultiString" - $Finding.RecommendedValue = $Finding.RecommendedValue -split ";" - } ElseIf ($Finding.RecommendedValue -match "^\d+$") { - $RegType = "DWord" - $Finding.RecommendedValue = ConvertToInt -string $Finding.RecommendedValue - } - $RegPath = $Finding.RegistryPath.Replace(":","") - $RegItem = $Finding.RegistryItem - - try{ - Set-GPRegistryValue -Name $GPOname -Key $RegPath -ValueName $RegItem -Type $RegType -Value $Finding.RecommendedValue | Out-Null - $ResultText = "Registry value added successfully" - $Message = "ID " + $Finding.ID + ", " + $Finding.RegistryPath + ", " + $Finding.RegistryItem + ", " + $ResultText - $MessageSeverity = "Passed" - $TestResult = "Passed" - } catch { - $ResultText = "Failed to add registry key" - $Message = "ID " + $Finding.ID + ", " + $Finding.RegistryPath + ", " + $ResultText - $MessageSeverity = "High" - $TestResult = "Failed" - - } finally { - Write-ResultEntry -Text $Message -SeverityLevel $MessageSeverity - If ($Log) { - Add-MessageToFile -Text $Message -File $LogFile - } - } - } - } + + Write-Output "`n" + If ($GPOname.Length -eq 0) { + # Control if a GPO name is given + $Message = "The GPO Name $GPOname was not found." + Write-ProtocolEntry -Text $Message -LogLevel "Error" + Break + } + If ($FileFindingList.Length -eq 0) { + # Control if a Finding list is given + $CurrentLocation = $PSScriptRoot + $DefaultList = "$CurrentLocation\lists\finding_list_0x6d69636b_machine.csv" + + If (Test-Path -Path $DefaultList) { + $FileFindingList = $DefaultList + } Else { + $Message = "The finding list $DefaultList was not found." + Write-ProtocolEntry -Text $Message -LogLevel "Error" + Break + } + } + + # Check if the user has admin rights, skip test if not + If (-not($IsAdmin)) { + Write-NotAdminError -FindingID "0" -FindingName "GPO Mode" -FindingMethod "Create a GPO" + Continue + } + + # Check if the New-GPO cmdlet is available + try { + $CheckRsatStatus = Get-Command New-GPO -ErrorAction Stop + } catch { + Write-BinaryError -Binary "Group Policy Management PowerShell Module" -FindingID "0" -FindingName "GPO Mode" -FindingMethod "Create a GPO" + Continue + } + + # Should check if user is domain admin + try { + New-GPO -Name $GPOname -ErrorAction Stop | Out-Null + } + catch [System.ArgumentException] { + # Control if the Name of the GPO is ok + Write-ProtocolEntry -Text $_.Exception.Message -LogLevel "Error" + Break + } + + # Iterrate over finding list + $FindingList = Import-Csv -Path $FileFindingList -Delimiter "," + ForEach ($Finding in $FindingList) { + # + # Only Registry Method Policies + # + If ($Finding.Method -eq "Registry") { + $RegType = "String" + + # + # Basically this is true, but there is an exception for the finding "MitigationOptions_FontBocking", + # the value "10000000000" is written to the registry as a string... + # + # ... and more exceptions are added over time: + # + # MitigationOptions_FontBocking => Mitigation Options: Untrusted Font Blocking + # Machine => Network access: Remotely accessible registry paths + # Retention => Event Log Service: *: Control Event Log behavior when the log file reaches its maximum size + # AllocateDASD => Devices: Allowed to format and eject removable media + # ScRemoveOption => Interactive logon: Smart card removal behavior + # AutoAdminLogon => MSS: (AutoAdminLogon) Enable Automatic Logon (not recommended) + # + If ($Finding.RegistryItem -eq "MitigationOptions_FontBocking" -Or $Finding.RegistryItem -eq "Retention" -Or $Finding.RegistryItem -eq "AllocateDASD" -Or $Finding.RegistryItem -eq "ScRemoveOption" -Or $Finding.RegistryItem -eq "AutoAdminLogon") { + $RegType = "String" + } ElseIf ($Finding.RegistryItem -eq "Machine") { + $RegType = "MultiString" + $Finding.RecommendedValue = $Finding.RecommendedValue -split ";" + } ElseIf ($Finding.RecommendedValue -match "^\d+$") { + $RegType = "DWord" + $Finding.RecommendedValue = ConvertToInt -string $Finding.RecommendedValue + } + $RegPath = $Finding.RegistryPath.Replace(":","") + $RegItem = $Finding.RegistryItem + + try { + Set-GPRegistryValue -Name $GPOname -Key $RegPath -ValueName $RegItem -Type $RegType -Value $Finding.RecommendedValue | Out-Null + $ResultText = "Registry value added successfully" + $Message = "ID " + $Finding.ID + ", " + $Finding.RegistryPath + ", " + $Finding.RegistryItem + ", " + $ResultText + $MessageSeverity = "Passed" + $TestResult = "Passed" + } catch { + $ResultText = "Failed to add registry key" + $Message = "ID " + $Finding.ID + ", " + $Finding.RegistryPath + ", " + $ResultText + $MessageSeverity = "High" + $TestResult = "Failed" + + } finally { + Write-ResultEntry -Text $Message -SeverityLevel $MessageSeverity + If ($Log) { + Add-MessageToFile -Text $Message -File $LogFile + } + } + } + } } Write-Output "`n" @@ -3173,176 +3190,214 @@ Export-ModuleMember -Function Invoke-HardeningKitty # SIG # Begin signature block -# MIIgIAYJKoZIhvcNAQcCoIIgETCCIA0CAQExCzAJBgUrDgMCGgUAMGkGCisGAQQB +# MIInLwYJKoZIhvcNAQcCoIInIDCCJxwCAQExCzAJBgUrDgMCGgUAMGkGCisGAQQB # gjcCAQSgWzBZMDQGCisGAQQBgjcCAR4wJgIDAQAABBAfzDtgWUsITrck0sYpfvNR -# AgEAAgEAAgEAAgEAAgEAMCEwCQYFKw4DAhoFAAQUcXVHe2qDFIH/v3Jc9DPfyETz -# 67CgghnzMIIF4DCCBMigAwIBAgIQeO1YDfU4t32dWmgwBkYSEDANBgkqhkiG9w0B -# AQsFADCBkTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3Rl -# cjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQx -# NzA1BgNVBAMTLkNPTU9ETyBSU0EgRXh0ZW5kZWQgVmFsaWRhdGlvbiBDb2RlIFNp -# Z25pbmcgQ0EwHhcNMjAwODA3MDAwMDAwWhcNMjMwODA3MjM1OTU5WjCBzzEYMBYG -# A1UEBRMPQ0hFLTEwOS44MDQuMzgyMRMwEQYLKwYBBAGCNzwCAQMTAkNIMR0wGwYD -# VQQPExRQcml2YXRlIE9yZ2FuaXphdGlvbjELMAkGA1UEBhMCQ0gxDTALBgNVBBEM -# BDgwNDgxEDAOBgNVBAgMB1rDvHJpY2gxEDAOBgNVBAcMB1rDvHJpY2gxGzAZBgNV -# BAkMEkJhZGVuZXJzdHJhc3NlIDYyMzEQMA4GA1UECgwHU2NpcCBBRzEQMA4GA1UE -# AwwHU2NpcCBBRzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAIvjKOZT -# ryv6pmIKN6ep8UVCcm+a5wTAt27yUUh4JyZhQjhMRk1SJZy5lLXimBQhmNlWAOWL -# yz5Gyecx3wBbaRYKQHIVH0LDBLDL2WU803JfTUi7TbsZCatq57oI/TAVoDClragI -# 0aPK/kbhREN1UN/mBKY3MLQmtJONeQawsEhLI1kwU+xmcllWu/VvO9Ld/K7rEvBi -# Pl+MR2vjc/Ns0h/gAizGxo6BlzD22XwyQWxPL8NTpTWSX+ZKrgh3AT+5iN/Q3mRV -# ewNR06W7TaKknwI8+wNrz2h/wNDAAO5BZmJ9aMvbJiJMF6IRx8907SoC2W+an0sX -# apQ12yFH6lCOm0MCAwEAAaOCAfIwggHuMB8GA1UdIwQYMBaAFN+P8yAM6cqmBNhb -# WDcqPatG3INJMB0GA1UdDgQWBBTRzSa1SEaHkraxCoNENvT8MuEWHTAOBgNVHQ8B -# Af8EBAMCB4AwDAYDVR0TAQH/BAIwADATBgNVHSUEDDAKBggrBgEFBQcDAzARBglg -# hkgBhvhCAQEEBAMCBBAwSQYDVR0gBEIwQDA1BgwrBgEEAbIxAQIBBgEwJTAjBggr -# BgEFBQcCARYXaHR0cHM6Ly9zZWN0aWdvLmNvbS9DUFMwBwYFZ4EMAQMwVQYDVR0f -# BE4wTDBKoEigRoZEaHR0cDovL2NybC5jb21vZG9jYS5jb20vQ09NT0RPUlNBRXh0 -# ZW5kZWRWYWxpZGF0aW9uQ29kZVNpZ25pbmdDQS5jcmwwgYYGCCsGAQUFBwEBBHow -# eDBQBggrBgEFBQcwAoZEaHR0cDovL2NydC5jb21vZG9jYS5jb20vQ09NT0RPUlNB -# RXh0ZW5kZWRWYWxpZGF0aW9uQ29kZVNpZ25pbmdDQS5jcnQwJAYIKwYBBQUHMAGG -# GGh0dHA6Ly9vY3NwLmNvbW9kb2NhLmNvbTA7BgNVHREENDAyoCIGCCsGAQUFBwgD -# oBYwFAwSQ0gtQ0hFLTEwOS44MDQuMzgygQxpbmZvQHNjaXAuY2gwDQYJKoZIhvcN -# AQELBQADggEBACT7DLCxFVqNzRaCA/6PeNy1jJrCiCLLJsRM9Da7pkp7IJsVeKTC -# 4pF3YaiWf9/ZFwuBKorzoXZwH+P2EHi4fqjOlwBOxonnM6JxuMts5llladNiacoB -# dTiYe7xrkM/31vRauAuIj8zBNiNqfllmA3UJMHDObix9OAIbtDjZPli0IpAPDKKb -# pPTgoTjgyc33dVtF7rMZMPok/2iHsXJVzKBuYfwktZXTIQVKvHuwkG4+Vdw40/c9 -# eBpPRpDvjrtXjoVcDy5eEYo4j2rxSkmfvOgLcoLBtjuqWw44+AAdfoCgNa2kfJ1j -# Xb7NDzGQS1hgiUuTOiTYtvKbUOuJoFXxDW8wggYiMIIECqADAgECAhBt1HLrAq4E -# BuPdhD9f4UXhMA0GCSqGSIb3DQEBDAUAMIGFMQswCQYDVQQGEwJHQjEbMBkGA1UE -# CBMSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQK -# ExFDT01PRE8gQ0EgTGltaXRlZDErMCkGA1UEAxMiQ09NT0RPIFJTQSBDZXJ0aWZp -# Y2F0aW9uIEF1dGhvcml0eTAeFw0xNDEyMDMwMDAwMDBaFw0yOTEyMDIyMzU5NTla -# MIGRMQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3JlYXRlciBNYW5jaGVzdGVyMRAw -# DgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01PRE8gQ0EgTGltaXRlZDE3MDUG -# A1UEAxMuQ09NT0RPIFJTQSBFeHRlbmRlZCBWYWxpZGF0aW9uIENvZGUgU2lnbmlu -# ZyBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAIr9vUPwPchVH/NZ -# ivBatNyT0WQVSoqEpS3LJvjgRTijuQHFTxMIWdAxVMrNkGGjPizyTRVc1O7DaiKX -# SNEGQzQJmcnPMMSfRP1WnO7M54O5gc3I2gscEkj/b6LsxHXLCXDPUeW7i5+qvXgG -# fZXWYYH22lPHrJ2zALoe1L5AYgmZgz1F3U1llQTM/PrHW3riLgw9VTVXNUiJifK5 -# VqVLUBsc3piQvfMu3Iip8XWbqD6iBdlBte93rRfAWvWj202f0cSxe4O17hCUKy5y -# rr7vlSmcUmLFLG0i931EehBfY5NpTdl9spqxTrVZv/+F+72s7OErpuMsLOjZbttf -# TRd4y1MCAwEAAaOCAX4wggF6MB8GA1UdIwQYMBaAFLuvfgI9+qbxPISOre44mOzZ -# MjLUMB0GA1UdDgQWBBTfj/MgDOnKpgTYW1g3Kj2rRtyDSTAOBgNVHQ8BAf8EBAMC -# AYYwEgYDVR0TAQH/BAgwBgEB/wIBADATBgNVHSUEDDAKBggrBgEFBQcDAzA+BgNV -# HSAENzA1MDMGBFUdIAAwKzApBggrBgEFBQcCARYdaHR0cHM6Ly9zZWN1cmUuY29t -# b2RvLmNvbS9DUFMwTAYDVR0fBEUwQzBBoD+gPYY7aHR0cDovL2NybC5jb21vZG9j -# YS5jb20vQ09NT0RPUlNBQ2VydGlmaWNhdGlvbkF1dGhvcml0eS5jcmwwcQYIKwYB -# BQUHAQEEZTBjMDsGCCsGAQUFBzAChi9odHRwOi8vY3J0LmNvbW9kb2NhLmNvbS9D -# T01PRE9SU0FBZGRUcnVzdENBLmNydDAkBggrBgEFBQcwAYYYaHR0cDovL29jc3Au -# Y29tb2RvY2EuY29tMA0GCSqGSIb3DQEBDAUAA4ICAQBmTuy3FndvEegbXWpO2fKL -# bLFWKECLwDHEmUgjPfgO6ICX720gCx8TxIb7FzQV4Y5U98K4AHMV4CjZ2rr6glTC -# 9+u/wzbQMJ/loRyU3+986PYseKKszyZqFaEVMdYxNJi9U0/EhIOjxJZcPdj+1vlU -# /2eTbfg+K2ssogh8VkiBMhiybqyQwdvk3jmLhuXHGEBZpN+WR7qyf7H4Vw+FgHQ4 -# DjpYYh7+UuPmrlMJhv6Pm9tWVswHsInBBPFTC2xvd+yyH+z2W0BDYA8bqxhUtBAE -# jvgO6cuDsXryNE5qVEzpgyrpsDAlHM5ijg7rheYp/rFK4/KuPJH1TKG+yBcOXLtC -# TeMaipLNPiB+3el1seofdFyeVMKUN7Jh3QcWWX+WgBbgmbXSbrDJIwYVrNEj9DOL -# znXwwYbT/+Eu+pBP/kb5u9tPu7f+0Q0rBPHS0ZWFLIouuIVW8sOEUqHpM7HrUMih -# sJ/jw4s6h57nVdPTbTQXMA1oIgvVue1zNXLD7ac3zeNDrkXNNL8oyodi7UOkr/rL -# McshWGFGXrbGeqYeUyqo+FxRHzpaEA8owOR0i3TGBKr4SyYoCjKJ250qYHFqw5ZO -# Frljv2GVZ4xLLruwToPpTTHljici9Twme0SR09Ra8NN89Di+FJqZDouxW+rkiw8R -# nXdCghxcOtTaq4gvjVcwVDCCBuwwggTUoAMCAQICEDAPb6zdZph0fKlGNqd4Lbkw -# DQYJKoZIhvcNAQEMBQAwgYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpOZXcgSmVy -# c2V5MRQwEgYDVQQHEwtKZXJzZXkgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVT -# VCBOZXR3b3JrMS4wLAYDVQQDEyVVU0VSVHJ1c3QgUlNBIENlcnRpZmljYXRpb24g -# QXV0aG9yaXR5MB4XDTE5MDUwMjAwMDAwMFoXDTM4MDExODIzNTk1OVowfTELMAkG +# AgEAAgEAAgEAAgEAAgEAMCEwCQYFKw4DAhoFAAQUYYl8xktEXR9Y0nRaPDQT+6UQ +# 4H+ggiA+MIIFbzCCBFegAwIBAgIQSPyTtGBVlI02p8mKidaUFjANBgkqhkiG9w0B +# AQwFADB7MQswCQYDVQQGEwJHQjEbMBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVy +# MRAwDgYDVQQHDAdTYWxmb3JkMRowGAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDEh +# MB8GA1UEAwwYQUFBIENlcnRpZmljYXRlIFNlcnZpY2VzMB4XDTIxMDUyNTAwMDAw +# MFoXDTI4MTIzMTIzNTk1OVowVjELMAkGA1UEBhMCR0IxGDAWBgNVBAoTD1NlY3Rp +# Z28gTGltaXRlZDEtMCsGA1UEAxMkU2VjdGlnbyBQdWJsaWMgQ29kZSBTaWduaW5n +# IFJvb3QgUjQ2MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAjeeUEiIE +# JHQu/xYjApKKtq42haxH1CORKz7cfeIxoFFvrISR41KKteKW3tCHYySJiv/vEpM7 +# fbu2ir29BX8nm2tl06UMabG8STma8W1uquSggyfamg0rUOlLW7O4ZDakfko9qXGr +# YbNzszwLDO/bM1flvjQ345cbXf0fEj2CA3bm+z9m0pQxafptszSswXp43JJQ8mTH +# qi0Eq8Nq6uAvp6fcbtfo/9ohq0C/ue4NnsbZnpnvxt4fqQx2sycgoda6/YDnAdLv +# 64IplXCN/7sVz/7RDzaiLk8ykHRGa0c1E3cFM09jLrgt4b9lpwRrGNhx+swI8m2J +# mRCxrds+LOSqGLDGBwF1Z95t6WNjHjZ/aYm+qkU+blpfj6Fby50whjDoA7NAxg0P +# OM1nqFOI+rgwZfpvx+cdsYN0aT6sxGg7seZnM5q2COCABUhA7vaCZEao9XOwBpXy +# bGWfv1VbHJxXGsd4RnxwqpQbghesh+m2yQ6BHEDWFhcp/FycGCvqRfXvvdVnTyhe +# Be6QTHrnxvTQ/PrNPjJGEyA2igTqt6oHRpwNkzoJZplYXCmjuQymMDg80EY2NXyc +# uu7D1fkKdvp+BRtAypI16dV60bV/AK6pkKrFfwGcELEW/MxuGNxvYv6mUKe4e7id +# FT/+IAx1yCJaE5UZkADpGtXChvHjjuxf9OUCAwEAAaOCARIwggEOMB8GA1UdIwQY +# MBaAFKARCiM+lvEH7OKvKe+CpX/QMKS0MB0GA1UdDgQWBBQy65Ka/zWWSC8oQEJw +# IDaRXBeF5jAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zATBgNVHSUE +# DDAKBggrBgEFBQcDAzAbBgNVHSAEFDASMAYGBFUdIAAwCAYGZ4EMAQQBMEMGA1Ud +# HwQ8MDowOKA2oDSGMmh0dHA6Ly9jcmwuY29tb2RvY2EuY29tL0FBQUNlcnRpZmlj +# YXRlU2VydmljZXMuY3JsMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0 +# cDovL29jc3AuY29tb2RvY2EuY29tMA0GCSqGSIb3DQEBDAUAA4IBAQASv6Hvi3Sa +# mES4aUa1qyQKDKSKZ7g6gb9Fin1SB6iNH04hhTmja14tIIa/ELiueTtTzbT72ES+ +# BtlcY2fUQBaHRIZyKtYyFfUSg8L54V0RQGf2QidyxSPiAjgaTCDi2wH3zUZPJqJ8 +# ZsBRNraJAlTH/Fj7bADu/pimLpWhDFMpH2/YGaZPnvesCepdgsaLr4CnvYFIUoQx +# 2jLsFeSmTD1sOXPUC4U5IOCFGmjhp0g4qdE2JXfBjRkWxYhMZn0vY86Y6GnfrDyo +# XZ3JHFuu2PMvdM+4fvbXg50RlmKarkUT2n/cR/vfw1Kf5gZV6Z2M8jpiUbzsJA8p +# 1FiAhORFe1rYMIIGHDCCBASgAwIBAgIQM9cIqJFAUxnipbvTObmtbjANBgkqhkiG +# 9w0BAQwFADBWMQswCQYDVQQGEwJHQjEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVk +# MS0wKwYDVQQDEyRTZWN0aWdvIFB1YmxpYyBDb2RlIFNpZ25pbmcgUm9vdCBSNDYw +# HhcNMjEwMzIyMDAwMDAwWhcNMzYwMzIxMjM1OTU5WjBXMQswCQYDVQQGEwJHQjEY +# MBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMS4wLAYDVQQDEyVTZWN0aWdvIFB1Ymxp +# YyBDb2RlIFNpZ25pbmcgQ0EgRVYgUjM2MIIBojANBgkqhkiG9w0BAQEFAAOCAY8A +# MIIBigKCAYEAu9H+HrdCW3j1kKeuLIPxjSHTMIaFe9/TzdkWS6yFxbsBz+KMKBFy +# BHYsgcWrEnpASsUQ6IEUORtfTwf2MDAwfzUl5cBzPUAJlOio+Os5C1XVtgyLHif4 +# 3j4iwb/vZe5z7mXdKN27H32bMn+3mVUXqrJJqDwQajrDIbKZqEPXO4KoGWG1Pmpa +# Xbi8nhPQCp71W49pOGjqpR9byiPuC+280B5DQ26wU4zCcypEMW6+j7jGAva7ggQV +# eQxSIOiYJ3Fh7y/k+AL7M1m19MNV59/2CCKuttEJWewBn3OJt0NP1fLZvVZZCd23 +# F/bEdIC6h0asBtvbBA3VTrrujAk0GZUb5nATBCXfj7jXhDOMbKYM62i6lU98ROjU +# aY0lecMh8TV3+E+2ElWV0FboGALV7nnIhqFp8RtOlBNqB2Lw0GuZpZdQnhwzoR7u +# YYsFaByO9e4mkIPW/nGFp5ryDRQ+NrUSrXd1esznRjZqkFPLxpRx3gc6IfnWMmfg +# nG5UhqBkoIPLAgMBAAGjggFjMIIBXzAfBgNVHSMEGDAWgBQy65Ka/zWWSC8oQEJw +# IDaRXBeF5jAdBgNVHQ4EFgQUgTKSQSsozUbIxKLGKjkS7EipPxQwDgYDVR0PAQH/ +# BAQDAgGGMBIGA1UdEwEB/wQIMAYBAf8CAQAwEwYDVR0lBAwwCgYIKwYBBQUHAwMw +# GgYDVR0gBBMwETAGBgRVHSAAMAcGBWeBDAEDMEsGA1UdHwREMEIwQKA+oDyGOmh0 +# dHA6Ly9jcmwuc2VjdGlnby5jb20vU2VjdGlnb1B1YmxpY0NvZGVTaWduaW5nUm9v +# dFI0Ni5jcmwwewYIKwYBBQUHAQEEbzBtMEYGCCsGAQUFBzAChjpodHRwOi8vY3J0 +# LnNlY3RpZ28uY29tL1NlY3RpZ29QdWJsaWNDb2RlU2lnbmluZ1Jvb3RSNDYucDdj +# MCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5zZWN0aWdvLmNvbTANBgkqhkiG9w0B +# AQwFAAOCAgEAXzas+/n2cloUt/ALHd7Y/ZcB0v0B7pkthuj2t/A5/9aBSlqnQkoK +# LRWd5pT9xWlKstdL8RYSTPa+kGZliy101KsI92oRAwh3fL5p4bDbnySJA9beXKTg +# sta0z+M41bltzCfWzmQR6BBydtP54OksielJ07OXlgYK4fYKyEGakV2B2DZ3mMqA +# QZeo+JE/Y5+qzVRUS4Dq9Rdm05Rx/Z79RzHj6RqGHdO+INI/sVJfspO9jJUJmHKP +# lQH0mEOlSvsUJqqdNr9ysPzcvYQN7O00qF6VKzgWYwV12fYxLhVr4pSyKtJ0NbWY +# mqP++CsvthdLJ2xa5rl2XtqG3atk1mrqgxiIGzGC9YizlCXAIS8IaQLjTLtMKhEw +# 64F5BuFBlSrUIPYLk+R8dgydHSZrX4QB9iqZza/ex/DkGKJOmy8qDGamknUmvtlA +# NRNvrqY3GnrorRxRYwcqVgZs7X4Y9uPsZHOmbQg2i68Pma51axcrwk1qw1FGQVbp +# j8KN/xNxm9rtntOfq+VFphLFFFpSQZejBgAIxeYc6ieCPDvb5kbE7y0ANRPNNn2d +# 5aonCAXMzsA2DksZT9Bjmm2/xSlTMSLbdVB3htDy+GruawYbPoUjK5fIfnqZQQzd +# WH8OqMMSPTo1m+CdLIwXgVREqHodmJ2Wf1lYplRl/1FCC/hH68/45b8wgga+MIIF +# JqADAgECAhBY1/j+ACGVk7Nfk2EAZ7N7MA0GCSqGSIb3DQEBCwUAMFcxCzAJBgNV +# BAYTAkdCMRgwFgYDVQQKEw9TZWN0aWdvIExpbWl0ZWQxLjAsBgNVBAMTJVNlY3Rp +# Z28gUHVibGljIENvZGUgU2lnbmluZyBDQSBFViBSMzYwHhcNMjMwODIxMDAwMDAw +# WhcNMjYwODIwMjM1OTU5WjCBkTEYMBYGA1UEBRMPQ0hFLTEwOS44MDQuMzgyMRMw +# EQYLKwYBBAGCNzwCAQMTAkNIMR0wGwYDVQQPExRQcml2YXRlIE9yZ2FuaXphdGlv +# bjELMAkGA1UEBhMCQ0gxEDAOBgNVBAgMB1rDvHJpY2gxEDAOBgNVBAoMB3NjaXAg +# YWcxEDAOBgNVBAMMB3NjaXAgYWcwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK +# AoICAQCzQ6oCVeUUYjACeXvIhnAvENhDTMoRQ3l5uChhnt76mVcpy3mnMrwexqqL +# J9xvoXx4N95BXiloBbpa8OGc/c1O4pasVFP56Xiqf0IaaUwHqaTWoM2LdpEUo3Wj +# ULGcNxxRoQC3Ui4UTtHOVlixHU5uPoxVp5EaMb3iW8ybFGjcoYRd1Tvoe+tl4818 +# KnAWrnqnyoFVc5P1ofh93n8ZIb9kL79c2uz94PiYMVCZvGQi6vVTytZSLItYpxsP +# 41B8q2qX9acmVKhB4VTweP6J/G2Y8BG8DbLJGuNEuCTKRLj4o7hDEpYI7NKstJyY +# f3AIAQT9zB4BNLlj37q6YqX9/uZ4dYdydBJl3hix5u3I7hCbrE3FbZkfi5t8BYK3 +# v/1+Wt9C6+uooUmcLRdos8mYSB4IusKRI4nnupCYC/2blAUCQSyp5jLsOJexdgal +# VdKe7Aj8md62lBRGca2ajCCzGEpk5iAMfq43EnKcaoiY4ajsRniDfKDRgkJ1JUWV +# CiCwiI/UTuLav2ilQkc3BzPrv3LXQQM68dAeR6Er0Pz46iSJ/b3sgIbQonvfPCi3 +# xrSvaxfVueO8IZgZ+oY5M4fYE3peYI1UFDSuvjhmpFln/OlVq6SgaKe2wigOunuf +# R3eDOu+Ltq8Ht6X4Rv5LSrU/BjENRhPsp27fyWADiJpZ7ru3AQIDAQABo4IByTCC +# AcUwHwYDVR0jBBgwFoAUgTKSQSsozUbIxKLGKjkS7EipPxQwHQYDVR0OBBYEFPlP +# y5ch4ih7wuj28WV5r6p7U6ITMA4GA1UdDwEB/wQEAwIHgDAMBgNVHRMBAf8EAjAA +# MBMGA1UdJQQMMAoGCCsGAQUFBwMDMEkGA1UdIARCMEAwNQYMKwYBBAGyMQECAQYB +# MCUwIwYIKwYBBQUHAgEWF2h0dHBzOi8vc2VjdGlnby5jb20vQ1BTMAcGBWeBDAED +# MEsGA1UdHwREMEIwQKA+oDyGOmh0dHA6Ly9jcmwuc2VjdGlnby5jb20vU2VjdGln +# b1B1YmxpY0NvZGVTaWduaW5nQ0FFVlIzNi5jcmwwewYIKwYBBQUHAQEEbzBtMEYG +# CCsGAQUFBzAChjpodHRwOi8vY3J0LnNlY3RpZ28uY29tL1NlY3RpZ29QdWJsaWND +# b2RlU2lnbmluZ0NBRVZSMzYuY3J0MCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5z +# ZWN0aWdvLmNvbTA7BgNVHREENDAyoCIGCCsGAQUFBwgDoBYwFAwSQ0gtQ0hFLTEw +# OS44MDQuMzgygQxtaXNjQHNjaXAuY2gwDQYJKoZIhvcNAQELBQADggGBAIPzM0vd +# +ZHVmIl+VseC1DVUkkukcEW7UG+bopOaTw/nqr6dMzqglpCMTnDuYK3zSl3ptTlW +# Cnok1EGjFNssPfr8uoFsgooblOZpEgolbc45pNvT0ERSP/85MOvTJqVH1kfJhWDA +# KG9BxJkhkhlc9bE98MgvrlEJ/q/wx+lXH739Zeerwvs2Y/MMUeSqZPmTuc2YkhiL +# TpmpIT9KXcvjYaFQB2mKHRerQTpmLGgu2tzo7yoJJrBcGp2trQH+68dWTiywsME7 +# glrrSKkJTB+87UmiSTdETx2H2pGOh65He3/NQe/+vcI2SBB0CXStw2AhhReemj/w +# 6INi2FYkhO1Sag9inF/1K62w//gZsSR/YB8dlG0+MAsNaPJaCXnciPP5fG2XIZsQ +# caKd8dT9Y+wtBEigoNX0Js0NmMWwvygL33pGwjzIc9td3k7KkO3gJeO9VI5oqp7R +# PIAew0HTB5PyWS1C0BXNVMLoONdinpBGTXp0P8DH2YYsHBQqPgmIgUeVNzCCBuww +# ggTUoAMCAQICEDAPb6zdZph0fKlGNqd4LbkwDQYJKoZIhvcNAQEMBQAwgYgxCzAJ +# BgNVBAYTAlVTMRMwEQYDVQQIEwpOZXcgSmVyc2V5MRQwEgYDVQQHEwtKZXJzZXkg +# Q2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMS4wLAYDVQQDEyVV +# U0VSVHJ1c3QgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTE5MDUwMjAw +# MDAwMFoXDTM4MDExODIzNTk1OVowfTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdy +# ZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEYMBYGA1UEChMPU2Vj +# dGlnbyBMaW1pdGVkMSUwIwYDVQQDExxTZWN0aWdvIFJTQSBUaW1lIFN0YW1waW5n +# IENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAyBsBr9ksfoiZfQGY +# PyCQvZyAIVSTuc+gPlPvs1rAdtYaBKXOR4O168TMSTTL80VlufmnZBYmCfvVMlJ5 +# LsljwhObtoY/AQWSZm8hq9VxEHmH9EYqzcRaydvXXUlNclYP3MnjU5g6Kh78zlhJ +# 07/zObu5pCNCrNAVw3+eolzXOPEWsnDTo8Tfs8VyrC4Kd/wNlFK3/B+VcyQ9ASi8 +# Dw1Ps5EBjm6dJ3VV0Rc7NCF7lwGUr3+Az9ERCleEyX9W4L1GnIK+lJ2/tCCwYH64 +# TfUNP9vQ6oWMilZx0S2UTMiMPNMUopy9Jv/TUyDHYGmbWApU9AXn/TGs+ciFF8e4 +# KRmkKS9G493bkV+fPzY+DjBnK0a3Na+WvtpMYMyou58NFNQYxDCYdIIhz2JWtSFz +# Eh79qsoIWId3pBXrGVX/0DlULSbuRRo6b83XhPDX8CjFT2SDAtT74t7xvAIo9G3a +# J4oG0paH3uhrDvBbfel2aZMgHEqXLHcZK5OVmJyXnuuOwXhWxkQl3wYSmgYtnwNe +# /YOiU2fKsfqNoWTJiJJZy6hGwMnypv99V9sSdvqKQSTUG/xypRSi1K1DHKRJi0E5 +# FAMeKfobpSKupcNNgtCN2mu32/cYQFdz8HGj+0p9RTbB942C+rnJDVOAffq2OVgy +# 728YUInXT50zvRq1naHelUF6p4MCAwEAAaOCAVowggFWMB8GA1UdIwQYMBaAFFN5 +# v1qqK0rPVIDh2JvAnfKyA2bLMB0GA1UdDgQWBBQaofhhGSAPw0F3RSiO0TVfBhIE +# VTAOBgNVHQ8BAf8EBAMCAYYwEgYDVR0TAQH/BAgwBgEB/wIBADATBgNVHSUEDDAK +# BggrBgEFBQcDCDARBgNVHSAECjAIMAYGBFUdIAAwUAYDVR0fBEkwRzBFoEOgQYY/ +# aHR0cDovL2NybC51c2VydHJ1c3QuY29tL1VTRVJUcnVzdFJTQUNlcnRpZmljYXRp +# b25BdXRob3JpdHkuY3JsMHYGCCsGAQUFBwEBBGowaDA/BggrBgEFBQcwAoYzaHR0 +# cDovL2NydC51c2VydHJ1c3QuY29tL1VTRVJUcnVzdFJTQUFkZFRydXN0Q0EuY3J0 +# MCUGCCsGAQUFBzABhhlodHRwOi8vb2NzcC51c2VydHJ1c3QuY29tMA0GCSqGSIb3 +# DQEBDAUAA4ICAQBtVIGlM10W4bVTgZF13wN6MgstJYQRsrDbKn0qBfW8Oyf0WqC5 +# SVmQKWxhy7VQ2+J9+Z8A70DDrdPi5Fb5WEHP8ULlEH3/sHQfj8ZcCfkzXuqgHCZY +# XPO0EQ/V1cPivNVYeL9IduFEZ22PsEMQD43k+ThivxMBxYWjTMXMslMwlaTW9JZW +# CLjNXH8Blr5yUmo7Qjd8Fng5k5OUm7Hcsm1BbWfNyW+QPX9FcsEbI9bCVYRm5LPF +# Zgb289ZLXq2jK0KKIZL+qG9aJXBigXNjXqC72NzXStM9r4MGOBIdJIct5PwC1j53 +# BLwENrXnd8ucLo0jGLmjwkcd8F3WoXNXBWiap8k3ZR2+6rzYQoNDBaWLpgn/0aGU +# pk6qPQn1BWy30mRa2Coiwkud8TleTN5IPZs0lpoJX47997FSkc4/ifYcobWpdR9x +# v1tDXWU9UIFuq/DQ0/yysx+2mZYm9Dx5i1xkzM3uJ5rloMAMcofBbk1a0x7q8ETm +# Mm8c6xdOlMN4ZSA7D0GqH+mhQZ3+sbigZSo04N6o+TzmwTC7wKBjLPxcFgCo0MR/ +# 6hGdHgbGpm0yXbQ4CStJB6r97DDa8acvz7f9+tCjhNknnvsBZne5VhDhIG7GrrH5 +# trrINV0zdo7xfCAMKneutaIChrop7rRaALGMq+P5CslUXdS5anSevUiumDCCBvUw +# ggTdoAMCAQICEDlMJeF8oG0nqGXiO9kdItQwDQYJKoZIhvcNAQEMBQAwfTELMAkG # A1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMH # U2FsZm9yZDEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMSUwIwYDVQQDExxTZWN0 -# aWdvIFJTQSBUaW1lIFN0YW1waW5nIENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A -# MIICCgKCAgEAyBsBr9ksfoiZfQGYPyCQvZyAIVSTuc+gPlPvs1rAdtYaBKXOR4O1 -# 68TMSTTL80VlufmnZBYmCfvVMlJ5LsljwhObtoY/AQWSZm8hq9VxEHmH9EYqzcRa -# ydvXXUlNclYP3MnjU5g6Kh78zlhJ07/zObu5pCNCrNAVw3+eolzXOPEWsnDTo8Tf -# s8VyrC4Kd/wNlFK3/B+VcyQ9ASi8Dw1Ps5EBjm6dJ3VV0Rc7NCF7lwGUr3+Az9ER -# CleEyX9W4L1GnIK+lJ2/tCCwYH64TfUNP9vQ6oWMilZx0S2UTMiMPNMUopy9Jv/T -# UyDHYGmbWApU9AXn/TGs+ciFF8e4KRmkKS9G493bkV+fPzY+DjBnK0a3Na+WvtpM -# YMyou58NFNQYxDCYdIIhz2JWtSFzEh79qsoIWId3pBXrGVX/0DlULSbuRRo6b83X -# hPDX8CjFT2SDAtT74t7xvAIo9G3aJ4oG0paH3uhrDvBbfel2aZMgHEqXLHcZK5OV -# mJyXnuuOwXhWxkQl3wYSmgYtnwNe/YOiU2fKsfqNoWTJiJJZy6hGwMnypv99V9sS -# dvqKQSTUG/xypRSi1K1DHKRJi0E5FAMeKfobpSKupcNNgtCN2mu32/cYQFdz8HGj -# +0p9RTbB942C+rnJDVOAffq2OVgy728YUInXT50zvRq1naHelUF6p4MCAwEAAaOC -# AVowggFWMB8GA1UdIwQYMBaAFFN5v1qqK0rPVIDh2JvAnfKyA2bLMB0GA1UdDgQW -# BBQaofhhGSAPw0F3RSiO0TVfBhIEVTAOBgNVHQ8BAf8EBAMCAYYwEgYDVR0TAQH/ -# BAgwBgEB/wIBADATBgNVHSUEDDAKBggrBgEFBQcDCDARBgNVHSAECjAIMAYGBFUd -# IAAwUAYDVR0fBEkwRzBFoEOgQYY/aHR0cDovL2NybC51c2VydHJ1c3QuY29tL1VT -# RVJUcnVzdFJTQUNlcnRpZmljYXRpb25BdXRob3JpdHkuY3JsMHYGCCsGAQUFBwEB -# BGowaDA/BggrBgEFBQcwAoYzaHR0cDovL2NydC51c2VydHJ1c3QuY29tL1VTRVJU -# cnVzdFJTQUFkZFRydXN0Q0EuY3J0MCUGCCsGAQUFBzABhhlodHRwOi8vb2NzcC51 -# c2VydHJ1c3QuY29tMA0GCSqGSIb3DQEBDAUAA4ICAQBtVIGlM10W4bVTgZF13wN6 -# MgstJYQRsrDbKn0qBfW8Oyf0WqC5SVmQKWxhy7VQ2+J9+Z8A70DDrdPi5Fb5WEHP -# 8ULlEH3/sHQfj8ZcCfkzXuqgHCZYXPO0EQ/V1cPivNVYeL9IduFEZ22PsEMQD43k -# +ThivxMBxYWjTMXMslMwlaTW9JZWCLjNXH8Blr5yUmo7Qjd8Fng5k5OUm7Hcsm1B -# bWfNyW+QPX9FcsEbI9bCVYRm5LPFZgb289ZLXq2jK0KKIZL+qG9aJXBigXNjXqC7 -# 2NzXStM9r4MGOBIdJIct5PwC1j53BLwENrXnd8ucLo0jGLmjwkcd8F3WoXNXBWia -# p8k3ZR2+6rzYQoNDBaWLpgn/0aGUpk6qPQn1BWy30mRa2Coiwkud8TleTN5IPZs0 -# lpoJX47997FSkc4/ifYcobWpdR9xv1tDXWU9UIFuq/DQ0/yysx+2mZYm9Dx5i1xk -# zM3uJ5rloMAMcofBbk1a0x7q8ETmMm8c6xdOlMN4ZSA7D0GqH+mhQZ3+sbigZSo0 -# 4N6o+TzmwTC7wKBjLPxcFgCo0MR/6hGdHgbGpm0yXbQ4CStJB6r97DDa8acvz7f9 -# +tCjhNknnvsBZne5VhDhIG7GrrH5trrINV0zdo7xfCAMKneutaIChrop7rRaALGM -# q+P5CslUXdS5anSevUiumDCCBvUwggTdoAMCAQICEDlMJeF8oG0nqGXiO9kdItQw -# DQYJKoZIhvcNAQEMBQAwfTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIg -# TWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEYMBYGA1UEChMPU2VjdGlnbyBM -# aW1pdGVkMSUwIwYDVQQDExxTZWN0aWdvIFJTQSBUaW1lIFN0YW1waW5nIENBMB4X -# DTIzMDUwMzAwMDAwMFoXDTM0MDgwMjIzNTk1OVowajELMAkGA1UEBhMCR0IxEzAR -# BgNVBAgTCk1hbmNoZXN0ZXIxGDAWBgNVBAoTD1NlY3RpZ28gTGltaXRlZDEsMCoG -# A1UEAwwjU2VjdGlnbyBSU0EgVGltZSBTdGFtcGluZyBTaWduZXIgIzQwggIiMA0G -# CSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCkkyhSS88nh3akKRyZOMDnDtTRHOxo -# ywFk5IrNd7BxZYK8n/yLu7uVmPslEY5aiAlmERRYsroiW+b2MvFdLcB6og7g4FZk -# 7aHlgSByIGRBbMfDCPrzfV3vIZrCftcsw7oRmB780yAIQrNfv3+IWDKrMLPYjHqW -# ShkTXKz856vpHBYusLA4lUrPhVCrZwMlobs46Q9vqVqakSgTNbkf8z3hJMhrsZno -# De+7TeU9jFQDkdD8Lc9VMzh6CRwH0SLgY4anvv3Sg3MSFJuaTAlGvTS84UtQe3Lg -# W/0Zux88ahl7brstRCq+PEzMrIoEk8ZXhqBzNiuBl/obm36Ih9hSeYn+bnc317tQ -# n/oYJU8T8l58qbEgWimro0KHd+D0TAJI3VilU6ajoO0ZlmUVKcXtMzAl5paDgZr2 -# YGaQWAeAzUJ1rPu0kdDF3QFAaraoEO72jXq3nnWv06VLGKEMn1ewXiVHkXTNdRLR -# nG/kXg2b7HUm7v7T9ZIvUoXo2kRRKqLMAMqHZkOjGwDvorWWnWKtJwvyG0rJw5RC -# N4gghKiHrsO6I3J7+FTv+GsnsIX1p0OF2Cs5dNtadwLRpPr1zZw9zB+uUdB7bNgd -# LRFCU3F0wuU1qi1SEtklz/DT0JFDEtcyfZhs43dByP8fJFTvbq3GPlV78VyHOmTx -# YEsFT++5L+wJEwIDAQABo4IBgjCCAX4wHwYDVR0jBBgwFoAUGqH4YRkgD8NBd0Uo -# jtE1XwYSBFUwHQYDVR0OBBYEFAMPMciRKpO9Y/PRXU2kNA/SlQEYMA4GA1UdDwEB -# /wQEAwIGwDAMBgNVHRMBAf8EAjAAMBYGA1UdJQEB/wQMMAoGCCsGAQUFBwMIMEoG -# A1UdIARDMEEwNQYMKwYBBAGyMQECAQMIMCUwIwYIKwYBBQUHAgEWF2h0dHBzOi8v -# c2VjdGlnby5jb20vQ1BTMAgGBmeBDAEEAjBEBgNVHR8EPTA7MDmgN6A1hjNodHRw -# Oi8vY3JsLnNlY3RpZ28uY29tL1NlY3RpZ29SU0FUaW1lU3RhbXBpbmdDQS5jcmww -# dAYIKwYBBQUHAQEEaDBmMD8GCCsGAQUFBzAChjNodHRwOi8vY3J0LnNlY3RpZ28u -# Y29tL1NlY3RpZ29SU0FUaW1lU3RhbXBpbmdDQS5jcnQwIwYIKwYBBQUHMAGGF2h0 -# dHA6Ly9vY3NwLnNlY3RpZ28uY29tMA0GCSqGSIb3DQEBDAUAA4ICAQBMm2VY+uB5 -# z+8VwzJt3jOR63dY4uu9y0o8dd5+lG3DIscEld9laWETDPYMnvWJIF7Bh8cDJMrH -# pfAm3/j4MWUN4OttUVemjIRSCEYcKsLe8tqKRfO+9/YuxH7t+O1ov3pWSOlh5Zo5 -# d7y+upFkiHX/XYUWNCfSKcv/7S3a/76TDOxtog3Mw/FuvSGRGiMAUq2X1GJ4KoR5 -# qNc9rCGPcMMkeTqX8Q2jo1tT2KsAulj7NYBPXyhxbBlewoNykK7gxtjymfvqtJJl -# fAd8NUQdrVgYa2L73mzECqls0yFGcNwvjXVMI8JB0HqWO8NL3c2SJnR2XDegmiSe -# Tl9O048P5RNPWURlS0Nkz0j4Z2e5Tb/MDbE6MNChPUitemXk7N/gAfCzKko5rMGk -# +al9NdAyQKCxGSoYIbLIfQVxGksnNqrgmByDdefHfkuEQ81D+5CXdioSrEDBcFuZ -# CkD6gG2UYXvIbrnIZ2ckXFCNASDeB/cB1PguEc2dg+X4yiUcRD0n5bCGRyoLG4R2 -# fXtoT4239xO07aAt7nMP2RC6nZksfNd1H48QxJTmfiTllUqIjCfWhWYd+a5kdpHo -# SP7IVQrtKcMf3jimwBT7Mj34qYNiNsjDvgCHHKv6SkIciQPc9Vx8cNldeE7un14g -# 5glqfCsIo0j1FfwET9/NIRx65fWOGtS5QDGCBZcwggWTAgEBMIGmMIGRMQswCQYD -# VQQGEwJHQjEbMBkGA1UECBMSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdT -# YWxmb3JkMRowGAYDVQQKExFDT01PRE8gQ0EgTGltaXRlZDE3MDUGA1UEAxMuQ09N -# T0RPIFJTQSBFeHRlbmRlZCBWYWxpZGF0aW9uIENvZGUgU2lnbmluZyBDQQIQeO1Y -# DfU4t32dWmgwBkYSEDAJBgUrDgMCGgUAoHgwGAYKKwYBBAGCNwIBDDEKMAigAoAA -# oQKAADAZBgkqhkiG9w0BCQMxDAYKKwYBBAGCNwIBBDAcBgorBgEEAYI3AgELMQ4w -# DAYKKwYBBAGCNwIBFTAjBgkqhkiG9w0BCQQxFgQUkuSr8AhOmP1UPEb5hzYyjj/h -# oIcwDQYJKoZIhvcNAQEBBQAEggEAAlo5mnqIpnL3z4nDuZlsOzN4cdhsohZ8zauA -# pOkn626o7NPlE1jRwt8i9lmrhwOCnhzrMnF9wcP/gofOGic/P0x3cGo7047vHoKQ -# J2W8z02nIO+e7hK8urql/lJXwYbdSru34HnjP3p9wK9lhJNoFQP4RK3oEWj4m2sa -# RHgFlcJYgx25Co7QHrnZarkUrBs6HdIypXcxNmgI/SY4rj/rGlXPQWUuip0R1bOY -# IH23hG6kytvVdhax69em0NykpMcdeqduCMF0j3kUKlhUVcxwqL6PmpWG7jKy1mMb -# bIm6aiQpnqUQS442oUwQ+oTdw9iNein/8sV19dPtwgk8e92v56GCA0swggNHBgkq -# hkiG9w0BCQYxggM4MIIDNAIBATCBkTB9MQswCQYDVQQGEwJHQjEbMBkGA1UECBMS -# R3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRgwFgYDVQQKEw9T -# ZWN0aWdvIExpbWl0ZWQxJTAjBgNVBAMTHFNlY3RpZ28gUlNBIFRpbWUgU3RhbXBp -# bmcgQ0ECEDlMJeF8oG0nqGXiO9kdItQwDQYJYIZIAWUDBAICBQCgeTAYBgkqhkiG -# 9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0yMzA3MDYwNTE2NDNa -# MD8GCSqGSIb3DQEJBDEyBDC8T2gKmAgkca9niSfPQQUMaWTW9hCWNArVS1SBtN4J -# G9COUWCOQ+TdFBHbmIgGed4wDQYJKoZIhvcNAQEBBQAEggIAF+InwYpqiNdu8NLI -# RfD5kRKkd9eNjThICgRE9dgbPK+cOxLyttgxHqeMLNotfMMx2UH0u5T/LI9bruQa -# G3Glo3pDYd04aPQe+4EYZOPDlQU3PBQPB9cuftBv0FPbCF5XE+kWZvdrNwGQU/vn -# Wmd6AArNo+YlI7FKjwMC1ODELXdMN7BeH4aDY3h53qW/uasVwNKIhZTD73mmw/0R -# YWk8+OyGR+atDzuMzlh61nXMC8ySplj+9OZFGnNdQHdpgtbYzj5kPCt9ZmI+p1DD -# aKM5z+3qxbXLd+kq/bsXbtioN+hCkfNk9PlALpttg5JbjjPLRdCWL5bpIbJSrxWO -# X4t7ULBQiVElNCSr/rjQ0OG5YQup/a2OAho2Xv4xx+GoZ7lalqw9lxDAaVOkhPMj -# PvLmdf4jj/vCLSkqbg1OB3SI+PoqS0VqpXI3dwDR0RoEt8O7bXzYpcnewavIMxOj -# 9qHPSOYnpZDi3g1zDHzuaJr62EmQHJtu9EtM47XeAs0L9qMj1eveBsZrFzCUDu5K -# hiuFc9U9A45/XBIE8d6gIIOSLiCOZBO0gCfZ9Cgr8CJe4QJrdnvA0vZR9X0mHkXq -# VI4GXgX03BC3bo1asLzsaOtbRio1QlWj050i7JO32cMjb5SayMpY67BQA8J3TO1h -# dBUFCL2sFMqJx/fRQUHL3tWjf1k= +# aWdvIFJTQSBUaW1lIFN0YW1waW5nIENBMB4XDTIzMDUwMzAwMDAwMFoXDTM0MDgw +# MjIzNTk1OVowajELMAkGA1UEBhMCR0IxEzARBgNVBAgTCk1hbmNoZXN0ZXIxGDAW +# BgNVBAoTD1NlY3RpZ28gTGltaXRlZDEsMCoGA1UEAwwjU2VjdGlnbyBSU0EgVGlt +# ZSBTdGFtcGluZyBTaWduZXIgIzQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK +# AoICAQCkkyhSS88nh3akKRyZOMDnDtTRHOxoywFk5IrNd7BxZYK8n/yLu7uVmPsl +# EY5aiAlmERRYsroiW+b2MvFdLcB6og7g4FZk7aHlgSByIGRBbMfDCPrzfV3vIZrC +# ftcsw7oRmB780yAIQrNfv3+IWDKrMLPYjHqWShkTXKz856vpHBYusLA4lUrPhVCr +# ZwMlobs46Q9vqVqakSgTNbkf8z3hJMhrsZnoDe+7TeU9jFQDkdD8Lc9VMzh6CRwH +# 0SLgY4anvv3Sg3MSFJuaTAlGvTS84UtQe3LgW/0Zux88ahl7brstRCq+PEzMrIoE +# k8ZXhqBzNiuBl/obm36Ih9hSeYn+bnc317tQn/oYJU8T8l58qbEgWimro0KHd+D0 +# TAJI3VilU6ajoO0ZlmUVKcXtMzAl5paDgZr2YGaQWAeAzUJ1rPu0kdDF3QFAarao +# EO72jXq3nnWv06VLGKEMn1ewXiVHkXTNdRLRnG/kXg2b7HUm7v7T9ZIvUoXo2kRR +# KqLMAMqHZkOjGwDvorWWnWKtJwvyG0rJw5RCN4gghKiHrsO6I3J7+FTv+GsnsIX1 +# p0OF2Cs5dNtadwLRpPr1zZw9zB+uUdB7bNgdLRFCU3F0wuU1qi1SEtklz/DT0JFD +# EtcyfZhs43dByP8fJFTvbq3GPlV78VyHOmTxYEsFT++5L+wJEwIDAQABo4IBgjCC +# AX4wHwYDVR0jBBgwFoAUGqH4YRkgD8NBd0UojtE1XwYSBFUwHQYDVR0OBBYEFAMP +# MciRKpO9Y/PRXU2kNA/SlQEYMA4GA1UdDwEB/wQEAwIGwDAMBgNVHRMBAf8EAjAA +# MBYGA1UdJQEB/wQMMAoGCCsGAQUFBwMIMEoGA1UdIARDMEEwNQYMKwYBBAGyMQEC +# AQMIMCUwIwYIKwYBBQUHAgEWF2h0dHBzOi8vc2VjdGlnby5jb20vQ1BTMAgGBmeB +# DAEEAjBEBgNVHR8EPTA7MDmgN6A1hjNodHRwOi8vY3JsLnNlY3RpZ28uY29tL1Nl +# Y3RpZ29SU0FUaW1lU3RhbXBpbmdDQS5jcmwwdAYIKwYBBQUHAQEEaDBmMD8GCCsG +# AQUFBzAChjNodHRwOi8vY3J0LnNlY3RpZ28uY29tL1NlY3RpZ29SU0FUaW1lU3Rh +# bXBpbmdDQS5jcnQwIwYIKwYBBQUHMAGGF2h0dHA6Ly9vY3NwLnNlY3RpZ28uY29t +# MA0GCSqGSIb3DQEBDAUAA4ICAQBMm2VY+uB5z+8VwzJt3jOR63dY4uu9y0o8dd5+ +# lG3DIscEld9laWETDPYMnvWJIF7Bh8cDJMrHpfAm3/j4MWUN4OttUVemjIRSCEYc +# KsLe8tqKRfO+9/YuxH7t+O1ov3pWSOlh5Zo5d7y+upFkiHX/XYUWNCfSKcv/7S3a +# /76TDOxtog3Mw/FuvSGRGiMAUq2X1GJ4KoR5qNc9rCGPcMMkeTqX8Q2jo1tT2KsA +# ulj7NYBPXyhxbBlewoNykK7gxtjymfvqtJJlfAd8NUQdrVgYa2L73mzECqls0yFG +# cNwvjXVMI8JB0HqWO8NL3c2SJnR2XDegmiSeTl9O048P5RNPWURlS0Nkz0j4Z2e5 +# Tb/MDbE6MNChPUitemXk7N/gAfCzKko5rMGk+al9NdAyQKCxGSoYIbLIfQVxGksn +# NqrgmByDdefHfkuEQ81D+5CXdioSrEDBcFuZCkD6gG2UYXvIbrnIZ2ckXFCNASDe +# B/cB1PguEc2dg+X4yiUcRD0n5bCGRyoLG4R2fXtoT4239xO07aAt7nMP2RC6nZks +# fNd1H48QxJTmfiTllUqIjCfWhWYd+a5kdpHoSP7IVQrtKcMf3jimwBT7Mj34qYNi +# NsjDvgCHHKv6SkIciQPc9Vx8cNldeE7un14g5glqfCsIo0j1FfwET9/NIRx65fWO +# GtS5QDGCBlswggZXAgEBMGswVzELMAkGA1UEBhMCR0IxGDAWBgNVBAoTD1NlY3Rp +# Z28gTGltaXRlZDEuMCwGA1UEAxMlU2VjdGlnbyBQdWJsaWMgQ29kZSBTaWduaW5n +# IENBIEVWIFIzNgIQWNf4/gAhlZOzX5NhAGezezAJBgUrDgMCGgUAoHgwGAYKKwYB +# BAGCNwIBDDEKMAigAoAAoQKAADAZBgkqhkiG9w0BCQMxDAYKKwYBBAGCNwIBBDAc +# BgorBgEEAYI3AgELMQ4wDAYKKwYBBAGCNwIBFTAjBgkqhkiG9w0BCQQxFgQU206j +# DzUW5RPPcSPIWC8bqKcHIfowDQYJKoZIhvcNAQEBBQAEggIAiel1Lb5Luk8RsAz7 +# Tbs5/rJzNKTLHkp52QuJfp92pGuthQ8QTFIv6l7NaVmmCzSObJzKkbTF/bqc9r4S +# Ny1fb5wraqDRVmHEkLa+RGfH2oGqXwBYPQLrVu5l5UsLCyWG/m+larPcOz/hNEd+ +# vcyh8Rh/jTxxsQDDzgt4wFHPPDFWtQPRcajGM3RFrapx1piPp1DTKnYzRkOFHNdZ +# qz8liEErwy9KS0F3bBKg84q872JpXOYlvEbMpkX/zUQJ+wjCJmysVrYYzng8pQaj +# uCOhGF1D7++TYy+mBv/Fmz0jGLVEek06jOKXCEmmVZV9R0+r4u4Ghp8JAXqMwbBq +# vsT0dfnoc1ih7sHzosb6W5HSKfqG/HxK1OYjhCZgkMFJc5unO8SBdAT5lvgC11mT +# kkeDzafvtPhzcAtFXO9F3qdILhdZrtVTXdynsu5yQQrk7FsIRDTXgaaFtL3dMyt1 +# hN2w/tyl8RJva7Ffeg5ut5hePx0ialZ2Fe9imat1AjdLY0AnMVvw3vX5GMOYoynf +# TmGX0OUT/zBmgu62j+h6zMAQGWFx+BJllXFSO8uMRxYdhrU5AYrhVWSRTQc8vN03 +# IbR+BOr11Ad1hgDSvcjHvPNKcNva3ISeI6j51Dm+PZldg7oJexd9+woNP3KQ4W5l +# lycatUyrBwPm3VMIFnJqH7jAubShggNLMIIDRwYJKoZIhvcNAQkGMYIDODCCAzQC +# AQEwgZEwfTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3Rl +# cjEQMA4GA1UEBxMHU2FsZm9yZDEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMSUw +# IwYDVQQDExxTZWN0aWdvIFJTQSBUaW1lIFN0YW1waW5nIENBAhA5TCXhfKBtJ6hl +# 4jvZHSLUMA0GCWCGSAFlAwQCAgUAoHkwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEH +# ATAcBgkqhkiG9w0BCQUxDxcNMjMxMjA0MTIzMDU1WjA/BgkqhkiG9w0BCQQxMgQw +# rg3WKLqHhwpq69PyYD7PJVcbL+IV07vU+bc8IyuYhomFn7mH9JhtFZCvOhAmZDMj +# MA0GCSqGSIb3DQEBAQUABIICAHqdVMYZPocCYaTlvgsq8AAGGzu10LGstdE5jSiy +# HJQ3qrlqlsiTHtEEdEWJJWSzir1p/cYIukog45R9rYDhYNEJM5Q5+vInPDUxowKV +# 8gghFeB8Yec7dyBbzDxkvGkhrOQkrJeh212yrvJwqvw5mqrIa4LjF8e53uXwOQky +# sXSkAbJbW7lHh1rH6a4gqzs0NjCrLdcWS2QCJXprb18Vgt4Gij1gzZ9hksWdv64R +# WHweZC7JZ5y1QLa/3kz38GSXesMOfGJ11ElMytxSG44VP9fTbKoaDyGVNadT0hwJ +# 4JJx2I1bmUZ4AxlCyUdvI9DccN2cEn/1uS7sXS1VgitQxUhBXX/lHMm/gldki2JL +# IQU+JwF3XxrUo1z5rnxRTGIm9z+i/il/afTTpTuRbNG+fZJT3zPc1LDzyahy5OTp +# wzLvtXUxCKfwfaigx8T7BjzRYojNciXyGIelk7fzBXb4ENh4f3QZYtSstSGUr/ND +# l9o0YbBu030OI0nE+et3dQAvBy2R38Ws5nxwu1glpnuWqRDgwbVJn3sLK79ArKew +# kTDQjMxJSl3kJSxxxlQ5LFGVHpqACdvtLRi4HynpYDSa96GdtvKToGISZ8iTO9t/ +# mJz4WGaVtXnhG9CcEr3wstIpvwn4eI1RsAT7Rj1SWPgztD2+LnM9hHPiwnDf11R8 +# DtYk # SIG # End signature block diff --git a/README.md b/README.md index 5d64448..2e4a43d 100644 --- a/README.md +++ b/README.md @@ -60,12 +60,12 @@ PS C:\tmp> Invoke-HardeningKitty -EmojiSupport ## How To Install -First create the directory *HardeningKitty* and for every version a sub directory like *0.9.0* in a path listed in the *PSModulePath* environment variable. +First create the directory *HardeningKitty* and for every version a sub directory like *0.9.2* in a path listed in the *PSModulePath* environment variable. Copy the module *HardeningKitty.psm1*, *HardeningKitty.psd1*, and the *lists* directory to this new directory. ```powershell -PS C:\tmp> $Version = "0.9.0" +PS C:\tmp> $Version = "0.9.2" PS C:\tmp> New-Item -Path $Env:ProgramFiles\WindowsPowerShell\Modules\HardeningKitty\$Version -ItemType Directory PS C:\tmp> Copy-Item -Path .\HardeningKitty.psd1,.\HardeningKitty.psm1,.\lists\ -Destination $Env:ProgramFiles\WindowsPowerShell\Modules\HardeningKitty\$Version\ -Recurse ``` @@ -78,8 +78,8 @@ You can use the script below to download and install the latest release of *Hard ```powershell Function InstallHardeningKitty() { - $Version = ((Invoke-WebRequest "https://api.github.com/repos/0x6d69636b/windows_hardening/releases/latest" -UseBasicParsing) | ConvertFrom-Json).Name - $HardeningKittyLatestVersionDownloadLink = ((Invoke-WebRequest "https://api.github.com/repos/0x6d69636b/windows_hardening/releases/latest" -UseBasicParsing) | ConvertFrom-Json).zipball_url + $Version = (((Invoke-WebRequest "https://api.github.com/repos/scipag/HardeningKitty/releases/latest" -UseBasicParsing) | ConvertFrom-Json).Name).SubString(2) + $HardeningKittyLatestVersionDownloadLink = ((Invoke-WebRequest "https://api.github.com/repos/scipag/HardeningKitty/releases/latest" -UseBasicParsing) | ConvertFrom-Json).zipball_url $ProgressPreference = 'SilentlyContinue' Invoke-WebRequest $HardeningKittyLatestVersionDownloadLink -Out HardeningKitty$Version.zip Expand-Archive -Path ".\HardeningKitty$Version.zip" -Destination ".\HardeningKitty$Version" -Force @@ -98,7 +98,7 @@ InstallHardeningKitty #### Audit -HardeningKitty performs an audit, saves the results in a CSV file and creates a log file. The files are automatically named and receive a timestamp. Using the parameters _ReportFile_ or _LogFile_, it is also possible to assign your own name and path. +The default mode is _audit_. HardeningKitty performs an audit, saves the results to a CSV file and creates a log file. The files are automatically named and receive a timestamp. Using the parameters _ReportFile_ or _LogFile_, it is also possible to assign your own name and path. The _Filter_ parameter can be used to filter the hardening list. For this purpose the PowerShell ScriptBlock syntax must be used, for example `{ $_.ID -eq 4505 }`. The following elements are useful for filtering: ID, Category, Name, Method, and Severity. @@ -112,16 +112,20 @@ HardeningKitty can be executed with a specific list defined by the parameter _Fi Invoke-HardeningKitty -FileFindingList .\lists\finding_list_0x6d69636b_user.csv -SkipMachineInformation ``` -HardeningKitty uses the default list, and saves the results in a specific file. +HardeningKitty uses the default list, and checks only tests with the severity Medium. ```powershell -Invoke-HardeningKitty -Mode Config -Report -ReportFile C:\tmp\my_hardeningkitty_report.csv +Invoke-HardeningKitty -Filter { $_.Severity -eq "Medium" } ``` -HardeningKitty uses the default list, and checks only tests with the severity Medium. +#### Config + +The mode _config_ retrives all current settings of a system. If a setting has not been configured, HardeningKitty will use a default value stored in the finding list. This mode can be combined with other functions, for example to create a backup. + +HardeningKitty gets the current settings and stores them in a report: ```powershell -Invoke-HardeningKitty -Filter { $_.Severity -eq "Medium" } +Invoke-HardeningKitty -Mode Config -Report -ReportFile C:\tmp\my_hardeningkitty_report.csv ``` #### Backup @@ -265,7 +269,8 @@ HardeningKitty can be used to audit systems against the following baselines / be | Microsoft Security baseline for Microsoft Edge | 98, 99, 100, 101, 102, 103, 104, 105, 106 | Final | | Microsoft Security baseline for Microsoft Edge | 107, 108, 109, 110, 111 | Final | | Microsoft Security baseline for Microsoft Edge | 112, 113 | Final | -| Microsoft Security baseline for Microsoft Edge | 114 | Final | +| Microsoft Security baseline for Microsoft Edge | 114, 115, 116 | Final | +| Microsoft Security baseline for Microsoft Edge | 117, 118, 119 | Final | | Microsoft Security baseline for Windows 10 | 2004 | Final | | Microsoft Security baseline for Windows 10 | 20H2, 21H1 | Final | | Microsoft Security baseline for Windows 10 | 21H2 | Final | @@ -274,6 +279,8 @@ HardeningKitty can be used to audit systems against the following baselines / be | Microsoft Security baseline for Windows 11 | 21H2 | Final | | Microsoft Security baseline for Windows 11 (Machine) | 22H2 | Final | | Microsoft Security baseline for Windows 11 (User) | 22H2 | Final | +| Microsoft Security baseline for Windows 11 (Machine) | 23H2 | Final | +| Microsoft Security baseline for Windows 11 (User) | 23H2 | Final | | Microsoft Security baseline for Windows Server (DC) | 2004 | Final | | Microsoft Security baseline for Windows Server (Member) | 2004 | Final | | Microsoft Security baseline for Windows Server (DC) | 20H2 | Final | diff --git a/lists/finding_list_0x6d69636b_user.csv b/lists/finding_list_0x6d69636b_user.csv index 14d8f8d..b88e47c 100644 --- a/lists/finding_list_0x6d69636b_user.csv +++ b/lists/finding_list_0x6d69636b_user.csv @@ -27,15 +27,16 @@ ID,Category,Name,Method,MethodArgument,RegistryPath,RegistryItem,ClassName,Names 4407,"Office 2016 / Office 365","Microsoft Excel: Block macros from running in Office files from the Internet",Registry,,HKCU:\Software\Policies\Microsoft\Office\16.0\Excel\Security,blockcontentexecutionfrominternet,,,,0,1,=,Medium 4408,"Office 2016 / Office 365","Microsoft Excel: VBA Macro Notification Settings",Registry,,HKCU:\Software\Microsoft\Office\16.0\Excel\Security,vbawarnings,,,,2,4,=,Medium 4409,"Office 2016 / Office 365","Microsoft Excel: VBA Macro Notification Settings (Policy)",Registry,,HKCU:\Software\Policies\Microsoft\Office\16.0\Excel\Security,vbawarnings,,,,2,4,=,Medium +4402,"Office 2016 / Office 365","Microsoft Excel: Don't update links",Registry,,HKCU:\Software\Microsoft\Office\16.0\Excel\Options,DontUpdateLinks,,,,0,1,=,Medium +4403,"Office 2016 / Office 365","Microsoft Excel: Don’t allow Dynamic Data Exchange (DDEAllowed)",Registry,,HKCU:\Software\Microsoft\Office\16.0\Excel\Options,DDEAllowed,,,,1,1,=,Medium +4404,"Office 2016 / Office 365","Microsoft Excel: Don’t allow Dynamic Data Exchange (DDECleaned)",Registry,,HKCU:\Software\Microsoft\Office\16.0\Excel\Options,DDECleaned,,,,0,1,=,Medium +4424,"Office 2016 / Office 365","Microsoft Excel: Python Notification Settings",Registry,,HKCU:\software\policies\microsoft\office\16.0\excel\security,PythonFunctionWarnings,,,,,2,=,Medium +4410,"Office 2016 / Office 365","Microsoft OneNote: Disable embedded files",Registry,,HKCU:\Software\Microsoft\Office\16.0\OneNote\Options,DisableEmbeddedFiles,,,,0,1,=,Medium 4411,"Office 2016 / Office 365","Microsoft PowerPoint: Block macros from running in Office files from the Internet",Registry,,HKCU:\Software\Policies\Microsoft\Office\16.0\PowerPoint\Security,blockcontentexecutionfrominternet,,,,0,1,=,Medium 4412,"Office 2016 / Office 365","Microsoft PowerPoint: VBA Macro Notification Settings (Policy)",Registry,,HKCU:\Software\Policies\Microsoft\Office\16.0\PowerPoint\Security,vbawarnings,,,,2,4,=,Medium 4415,"Office 2016 / Office 365","Microsoft Word: Block macros from running in Office files from the Internet",Registry,,HKCU:\Software\Policies\Microsoft\Office\16.0\Word\Security,blockcontentexecutionfrominternet,,,,0,1,=,Medium 4416,"Office 2016 / Office 365","Microsoft Word: VBA Macro Notification Settings",Registry,,HKCU:\Software\Microsoft\Office\16.0\Word\Security,vbawarnings,,,,2,4,=,Medium 4417,"Office 2016 / Office 365","Microsoft Word: VBA Macro Notification Settings (Policy)",Registry,,HKCU:\Software\Policies\Microsoft\Office\16.0\Word\Security,vbawarnings,,,,2,4,=,Medium -4402,"Office 2016 / Office 365","Microsoft Excel: Don't update links",Registry,,HKCU:\Software\Microsoft\Office\16.0\Excel\Options,DontUpdateLinks,,,,0,1,=,Medium -4403,"Office 2016 / Office 365","Microsoft Excel: Don’t allow Dynamic Data Exchange (DDEAllowed)",Registry,,HKCU:\Software\Microsoft\Office\16.0\Excel\Options,DDEAllowed,,,,1,1,=,Medium -4404,"Office 2016 / Office 365","Microsoft Excel: Don’t allow Dynamic Data Exchange (DDECleaned)",Registry,,HKCU:\Software\Microsoft\Office\16.0\Excel\Options,DDECleaned,,,,0,1,=,Medium -4410,"Office 2016 / Office 365","Microsoft OneNote: Disable embedded files",Registry,,HKCU:\Software\Microsoft\Office\16.0\OneNote\Options,DisableEmbeddedFiles,,,,0,1,=,Medium 4413,"Office 2016 / Office 365","Microsoft Word: Don't update links",Registry,,HKCU:\Software\Microsoft\Office\16.0\Word\Options,DontUpdateLinks,,,,0,1,=,Medium 4414,"Office 2016 / Office 365","Microsoft Word (Mail): Don't update links",Registry,,HKCU:\Software\Microsoft\Office\16.0\Word\Options\WordMail,DontUpdateLinks,,,,0,1,=,Medium 4418,"Office 365","Disable the Office 365 Telemetry module",Registry,,HKCU:\Software\Policies\Microsoft\office\common\clienttelemetry,DisableTelemetry,,,,,1,=,Medium diff --git a/lists/finding_list_cis_microsoft_windows_10_enterprise_22h2_machine.csv b/lists/finding_list_cis_microsoft_windows_10_enterprise_22h2_machine.csv index 2e559db..d75a9a3 100644 --- a/lists/finding_list_cis_microsoft_windows_10_enterprise_22h2_machine.csv +++ b/lists/finding_list_cis_microsoft_windows_10_enterprise_22h2_machine.csv @@ -344,7 +344,7 @@ ID,Category,Name,Method,MethodArgument,RegistryPath,RegistryItem,ClassName,Names 18.9.7.1.2,"Administrative Templates: System","Device Installation: Device Installation Restrictions: Prevent installation of devices that match ID PCI\CC_0C0A (Thunderbolt)",RegistryList,,HKLM:\SOFTWARE\Policies\Microsoft\Windows\DeviceInstall\Restrictions\DenyDeviceIDs,PCI\CC_0C0A,,,,0,PCI\CC_0C0A,=,Medium 18.9.7.1.3,"Administrative Templates: System","Device Installation: Device Installation Restrictions: Prevent installation of devices that match an ID (Retroactive)",Registry,,HKLM:\Software\Policies\Microsoft\Windows\DeviceInstall\Restrictions,DenyDeviceIDsRetroactive,,,,0,1,=,Medium 18.9.7.1.4,"Administrative Templates: System","Device Installation: Device Installation Restrictions: Prevent installation of devices using drivers that match an device setup class",Registry,,HKLM:\Software\Policies\Microsoft\Windows\DeviceInstall\Restrictions,DenyDeviceClasses,,,,0,1,=,Medium -189.7.1.5.1,"Administrative Templates: System","Device Installation: Device Installation Restrictions: Prevent installation of devices using drivers that match d48179be-ec20-11d1-b6b8-00c04fa372a7 (SBP-2 drive)",RegistryList,,HKLM:\SOFTWARE\Policies\Microsoft\Windows\DeviceInstall\Restrictions\DenyDeviceClasses,d48179be-ec20-11d1-b6b8-00c04fa372a7,,,,0,d48179be-ec20-11d1-b6b8-00c04fa372a7,=,Medium +18.9.7.1.5.1,"Administrative Templates: System","Device Installation: Device Installation Restrictions: Prevent installation of devices using drivers that match d48179be-ec20-11d1-b6b8-00c04fa372a7 (SBP-2 drive)",RegistryList,,HKLM:\SOFTWARE\Policies\Microsoft\Windows\DeviceInstall\Restrictions\DenyDeviceClasses,d48179be-ec20-11d1-b6b8-00c04fa372a7,,,,0,d48179be-ec20-11d1-b6b8-00c04fa372a7,=,Medium 18.9.7.1.5.2,"Administrative Templates: System","Device Installation: Device Installation Restrictions: Prevent installation of devices using drivers that match 7ebefbc0-3200-11d2-b4c2-00a0C9697d07 (SBP-2 drive)",RegistryList,,HKLM:\SOFTWARE\Policies\Microsoft\Windows\DeviceInstall\Restrictions\DenyDeviceClasses,7ebefbc0-3200-11d2-b4c2-00a0C9697d07,,,,0,7ebefbc0-3200-11d2-b4c2-00a0C9697d07,=,Medium 18.9.7.1.5.3,"Administrative Templates: System","Device Installation: Device Installation Restrictions: Prevent installation of devices using drivers that match c06ff265-ae09-48f0-812c-16753d7cba83 (SBP-2 drive)",RegistryList,,HKLM:\SOFTWARE\Policies\Microsoft\Windows\DeviceInstall\Restrictions\DenyDeviceClasses,c06ff265-ae09-48f0-812c-16753d7cba83,,,,0,c06ff265-ae09-48f0-812c-16753d7cba83,=,Medium 18.9.7.1.5.4,"Administrative Templates: System","Device Installation: Device Installation Restrictions: Prevent installation of devices using drivers that match 6bdd1fc1-810f-11d0-bec7-08002be2092f (SBP-2 drive)",RegistryList,,HKLM:\SOFTWARE\Policies\Microsoft\Windows\DeviceInstall\Restrictions\DenyDeviceClasses,6bdd1fc1-810f-11d0-bec7-08002be2092f,,,,0,6bdd1fc1-810f-11d0-bec7-08002be2092f,=,Medium diff --git a/lists/finding_list_microsoft_windows_tls.csv b/lists/finding_list_microsoft_windows_tls.csv index e64de19..e17f814 100644 --- a/lists/finding_list_microsoft_windows_tls.csv +++ b/lists/finding_list_microsoft_windows_tls.csv @@ -27,18 +27,18 @@ ID,Category,Name,Method,MethodArgument,RegistryPath,RegistryItem,ClassName,Names 1025,"Schannel: TLS Settings: Protocols","Server: TLSv1.2 (Disabledbydefault)",Registry,,"HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server",Disabledbydefault,,,,,0,=,Medium 1026,"Schannel: TLS Settings: Protocols","Client: TLSv1.2",Registry,,"HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client",Enabled,,,,,1,=,Medium 1027,"Schannel: TLS Settings: Protocols","Client: TLSv1.2 (Disabledbydefault)",Registry,,"HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client",Disabledbydefault,,,,,0,=,Medium -1028,"Schannel: TLS Settings: Chipers",NULL,Registry,,HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\NULL,Enabled,,,,,0,=,High -1029,"Schannel: TLS Settings: Chipers","DES 56/56",Registry,,"HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\DES 56/56",Enabled,,,,,0,=,High -1030,"Schannel: TLS Settings: Chipers","RC2 40/128",Registry,,"HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC2 40/128",Enabled,,,,,0,=,High -1031,"Schannel: TLS Settings: Chipers","RC2 56/128",Registry,,"HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC2 56/128",Enabled,,,,,0,=,High -1032,"Schannel: TLS Settings: Chipers","RC2 128/128",Registry,,"HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC2 128/128",Enabled,,,,,0,=,High -1033,"Schannel: TLS Settings: Chipers","RC4 40/128",Registry,,"HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 40/128",Enabled,,,,,0,=,High -1034,"Schannel: TLS Settings: Chipers","RC4 56/128",Registry,,"HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 56/128",Enabled,,,,,0,=,High -1035,"Schannel: TLS Settings: Chipers","RC4 64/128",Registry,,"HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 64/128",Enabled,,,,,0,=,High -1036,"Schannel: TLS Settings: Chipers","RC4 128/128",Registry,,"HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 128/128",Enabled,,,,,0,=,High -1037,"Schannel: TLS Settings: Chipers","Triple DES 168",Registry,,"HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\Triple DES 168",Enabled,,,,,0,=,Medium -1038,"Schannel: TLS Settings: Chipers","AES 128/128",Registry,,"HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\AES 128/128",Enabled,,,,,1,=,Medium -1039,"Schannel: TLS Settings: Chipers","AES 256/256",Registry,,"HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\AES 256/256",Enabled,,,,,1,=,Medium +1028,"Schannel: TLS Settings: Ciphers",NULL,Registry,,HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\NULL,Enabled,,,,,0,=,High +1029,"Schannel: TLS Settings: Ciphers","DES 56/56",Registry,,"HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\DES 56/56",Enabled,,,,,0,=,High +1030,"Schannel: TLS Settings: Ciphers","RC2 40/128",Registry,,"HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC2 40/128",Enabled,,,,,0,=,High +1031,"Schannel: TLS Settings: Ciphers","RC2 56/128",Registry,,"HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC2 56/128",Enabled,,,,,0,=,High +1032,"Schannel: TLS Settings: Ciphers","RC2 128/128",Registry,,"HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC2 128/128",Enabled,,,,,0,=,High +1033,"Schannel: TLS Settings: Ciphers","RC4 40/128",Registry,,"HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 40/128",Enabled,,,,,0,=,High +1034,"Schannel: TLS Settings: Ciphers","RC4 56/128",Registry,,"HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 56/128",Enabled,,,,,0,=,High +1035,"Schannel: TLS Settings: Ciphers","RC4 64/128",Registry,,"HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 64/128",Enabled,,,,,0,=,High +1036,"Schannel: TLS Settings: Ciphers","RC4 128/128",Registry,,"HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 128/128",Enabled,,,,,0,=,High +1037,"Schannel: TLS Settings: Ciphers","Triple DES 168",Registry,,"HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\Triple DES 168",Enabled,,,,,0,=,Medium +1038,"Schannel: TLS Settings: Ciphers","AES 128/128",Registry,,"HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\AES 128/128",Enabled,,,,,1,=,Medium +1039,"Schannel: TLS Settings: Ciphers","AES 256/256",Registry,,"HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\AES 256/256",Enabled,,,,,1,=,Medium 1040,"Administrative Templates: Network","SSL Configuration Settings: SSL Cipher Suite Order",Registry,,HKLM:\SOFTWARE\Policies\Microsoft\Cryptography\Configuration\SSL\00010002,Functions,,,,,"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",=,Medium 1065,"Administrative Templates: Network","SSL Configuration Settings: ECC Curve Order",Registry,,HKLM:\SOFTWARE\Policies\Microsoft\Cryptography\Configuration\SSL\00010002,EccCurves,,,,,NistP384;NistP256,=,Medium 1041,"Schannel: TLS Settings: Hashes",MD5,Registry,,HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Hashes\MD5,Enabled,,,,,0,=,Medium diff --git a/lists/finding_list_microsoft_windows_tls_future.csv b/lists/finding_list_microsoft_windows_tls_future.csv index 73b7a1d..c683630 100644 --- a/lists/finding_list_microsoft_windows_tls_future.csv +++ b/lists/finding_list_microsoft_windows_tls_future.csv @@ -27,22 +27,22 @@ ID,Category,Name,Method,MethodArgument,RegistryPath,RegistryItem,ClassName,Names 1025,"Schannel: TLS Settings: Protocols","Server: TLSv1.2 (Disabledbydefault)",Registry,,"HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server",Disabledbydefault,,,,,0,=,Medium 1026,"Schannel: TLS Settings: Protocols","Client: TLSv1.2",Registry,,"HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client",Enabled,,,,,1,=,Medium 1027,"Schannel: TLS Settings: Protocols","Client: TLSv1.2 (Disabledbydefault)",Registry,,"HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client",Disabledbydefault,,,,,0,=,Medium -1060,"Schannel: TLS Settings: Protocols","Server: TLSv1.3 ",Registry,,"HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Server",Enabled,,,,,0,=,Medium -1061,"Schannel: TLS Settings: Protocols","Server: TLSv1.3 (Disabledbydefault)",Registry,,"HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Server",Disabledbydefault,,,,,1,=,Medium -1062,"Schannel: TLS Settings: Protocols","Client: TLSv1.3",Registry,,"HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Client",Enabled,,,,,0,=,Medium -1063,"Schannel: TLS Settings: Protocols","Client: TLSv1.3 (Disabledbydefault)",Registry,,"HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Client",Disabledbydefault,,,,,1,=,Medium -1028,"Schannel: TLS Settings: Chipers",NULL,Registry,,HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\NULL,Enabled,,,,,0,=,High -1029,"Schannel: TLS Settings: Chipers","DES 56/56",Registry,,"HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\DES 56/56",Enabled,,,,,0,=,High -1030,"Schannel: TLS Settings: Chipers","RC2 40/128",Registry,,"HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC2 40/128",Enabled,,,,,0,=,High -1031,"Schannel: TLS Settings: Chipers","RC2 56/128",Registry,,"HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC2 56/128",Enabled,,,,,0,=,High -1032,"Schannel: TLS Settings: Chipers","RC2 128/128",Registry,,"HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC2 128/128",Enabled,,,,,0,=,High -1033,"Schannel: TLS Settings: Chipers","RC4 40/128",Registry,,"HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 40/128",Enabled,,,,,0,=,High -1034,"Schannel: TLS Settings: Chipers","RC4 56/128",Registry,,"HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 56/128",Enabled,,,,,0,=,High -1035,"Schannel: TLS Settings: Chipers","RC4 64/128",Registry,,"HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 64/128",Enabled,,,,,0,=,High -1036,"Schannel: TLS Settings: Chipers","RC4 128/128",Registry,,"HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 128/128",Enabled,,,,,0,=,High -1037,"Schannel: TLS Settings: Chipers","Triple DES 168",Registry,,"HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\Triple DES 168",Enabled,,,,,0,=,Medium -1038,"Schannel: TLS Settings: Chipers","AES 128/128",Registry,,"HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\AES 128/128",Enabled,,,,,1,=,Medium -1039,"Schannel: TLS Settings: Chipers","AES 256/256",Registry,,"HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\AES 256/256",Enabled,,,,,1,=,Medium +1060,"Schannel: TLS Settings: Protocols","Server: TLSv1.3",Registry,,"HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Server",Enabled,,,,,1,=,Medium +1061,"Schannel: TLS Settings: Protocols","Server: TLSv1.3 (Disabledbydefault)",Registry,,"HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Server",Disabledbydefault,,,,,0,=,Medium +1062,"Schannel: TLS Settings: Protocols","Client: TLSv1.3",Registry,,"HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Client",Enabled,,,,,1,=,Medium +1063,"Schannel: TLS Settings: Protocols","Client: TLSv1.3 (Disabledbydefault)",Registry,,"HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Client",Disabledbydefault,,,,,0,=,Medium +1028,"Schannel: TLS Settings: Ciphers",NULL,Registry,,HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\NULL,Enabled,,,,,0,=,High +1029,"Schannel: TLS Settings: Ciphers","DES 56/56",Registry,,"HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\DES 56/56",Enabled,,,,,0,=,High +1030,"Schannel: TLS Settings: Ciphers","RC2 40/128",Registry,,"HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC2 40/128",Enabled,,,,,0,=,High +1031,"Schannel: TLS Settings: Ciphers","RC2 56/128",Registry,,"HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC2 56/128",Enabled,,,,,0,=,High +1032,"Schannel: TLS Settings: Ciphers","RC2 128/128",Registry,,"HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC2 128/128",Enabled,,,,,0,=,High +1033,"Schannel: TLS Settings: Ciphers","RC4 40/128",Registry,,"HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 40/128",Enabled,,,,,0,=,High +1034,"Schannel: TLS Settings: Ciphers","RC4 56/128",Registry,,"HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 56/128",Enabled,,,,,0,=,High +1035,"Schannel: TLS Settings: Ciphers","RC4 64/128",Registry,,"HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 64/128",Enabled,,,,,0,=,High +1036,"Schannel: TLS Settings: Ciphers","RC4 128/128",Registry,,"HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 128/128",Enabled,,,,,0,=,High +1037,"Schannel: TLS Settings: Ciphers","Triple DES 168",Registry,,"HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\Triple DES 168",Enabled,,,,,0,=,Medium +1038,"Schannel: TLS Settings: Ciphers","AES 128/128",Registry,,"HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\AES 128/128",Enabled,,,,,1,=,Medium +1039,"Schannel: TLS Settings: Ciphers","AES 256/256",Registry,,"HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\AES 256/256",Enabled,,,,,1,=,Medium 1064,"Administrative Templates: Network","SSL Configuration Settings: SSL Cipher Suite Order",Registry,,HKLM:\SOFTWARE\Policies\Microsoft\Cryptography\Configuration\SSL\00010002,Functions,,,,,"TLS_CHACHA20_POLY1305_SHA256,TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",=,Medium 1065,"Administrative Templates: Network","SSL Configuration Settings: ECC Curve Order",Registry,,HKLM:\SOFTWARE\Policies\Microsoft\Cryptography\Configuration\SSL\00010002,EccCurves,,,,,Curve25519;NistP384;NistP256,=,Medium 1041,"Schannel: TLS Settings: Hashes",MD5,Registry,,HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Hashes\MD5,Enabled,,,,,0,=,Medium diff --git a/lists/finding_list_msft_security_baseline_edge_117_machine.csv b/lists/finding_list_msft_security_baseline_edge_117_machine.csv new file mode 100644 index 0000000..6bd428e --- /dev/null +++ b/lists/finding_list_msft_security_baseline_edge_117_machine.csv @@ -0,0 +1,20 @@ +ID,Category,Name,Method,MethodArgument,RegistryPath,RegistryItem,ClassName,Namespace,Property,DefaultValue,RecommendedValue,Operator,Severity +1015,"Microsoft Edge","Allow unconfigured sites to be reloaded in Internet Explorer mode",Registry,,HKLM:\Software\Policies\Microsoft\Edge,InternetExplorerIntegrationReloadInIEModeAllowed,,,,,0,=,Low +1000,"Microsoft Edge","Allow users to proceed from the HTTPS warning page",Registry,,HKLM:\Software\Policies\Microsoft\Edge,SSLErrorOverrideAllowed,,,,1,0,=,Low +1026,"Microsoft Edge","Automatically open downloaded MHT or MHTML files from the web in Internet Explorer mode",Registry,,HKLM:\Software\Policies\Microsoft\Edge,InternetExplorerIntegrationZoneIdentifierMhtFileAllowed,,,,,0,=,Low +1019,"Microsoft Edge","Enable browser legacy extension point blocking",Registry,,HKLM:\Software\Policies\Microsoft\Edge,BrowserLegacyExtensionPointsBlockingEnabled,,,,,1,=,Low +1001,"Microsoft Edge","Enable site isolation for every site",Registry,,HKLM:\Software\Policies\Microsoft\Edge,SitePerProcess,,,,0,1,=,Low +1023,"Microsoft Edge","Enhance images enabled",Registry,,HKLM:\Software\Policies\Microsoft\Edge,EdgeEnhanceImagesEnabled,,,,,0,=,Low +1025,"Microsoft Edge","Force WebSQL to be enabled",Registry,,HKLM:\Software\Policies\Microsoft\Edge,WebSQLAccess,,,,,0,=,Low +1021,"Microsoft Edge","Show the Reload in Internet Explorer mode button in the toolbar",Registry,,HKLM:\Software\Policies\Microsoft\Edge,InternetExplorerModeToolbarButtonEnabled,,,,,0,=,Low +1017,"Microsoft Edge","Specifies whether SharedArrayBuffers can be used in a non cross-origin-isolated context",Registry,,HKLM:\Software\Policies\Microsoft\Edge,SharedArrayBufferUnrestrictedAccessAllowed,,,,,0,=,Low +1004,"Microsoft Edge","Control which extensions cannot be installed",Registry,,HKLM:\Software\Policies\Microsoft\Edge\ExtensionInstallBlocklist,1,,,,0,*,=,Low +1012,"Microsoft Edge","Allow Basic authentication for HTTP",Registry,,HKLM:\Software\Policies\Microsoft\Edge,BasicAuthOverHttpEnabled,,,,,0,=,Low +1005,"Microsoft Edge","Supported authentication schemes",Registry,,HKLM:\Software\Policies\Microsoft\Edge,AuthSchemes,,,,0,"ntlm,negotiate",=,Low +1006,"Microsoft Edge","Allow user-level native messaging hosts (installed without admin permissions)",Registry,,HKLM:\Software\Policies\Microsoft\Edge,NativeMessagingUserLevelHosts,,,,1,0,=,Low +1016,"Microsoft Edge","Specifies whether to allow insecure websites to make requests to more-private network endpoints",Registry,,HKLM:\Software\Policies\Microsoft\Edge,InsecurePrivateNetworkRequestsAllowed,,,,,0,=,Low +1008,"Microsoft Edge","Configure Microsoft Defender SmartScreen",Registry,,HKLM:\Software\Policies\Microsoft\Edge,SmartScreenEnabled,,,,0,1,=,Low +1009,"Microsoft Edge","Configure Microsoft Defender SmartScreen to block potentially unwanted apps",Registry,,HKLM:\Software\Policies\Microsoft\Edge,SmartScreenPuaEnabled,,,,0,1,=,Low +1010,"Microsoft Edge","Prevent bypassing Microsoft Defender SmartScreen prompts for sites",Registry,,HKLM:\Software\Policies\Microsoft\Edge,PreventSmartScreenPromptOverride,,,,,1,=,Low +1011,"Microsoft Edge","Prevent bypassing of Microsoft Defender SmartScreen warnings about downloads",Registry,,HKLM:\Software\Policies\Microsoft\Edge,PreventSmartScreenPromptOverrideForFiles,,,,0,1,=,Low +1022,"Microsoft Edge","Configure Edge TyposquattingChecker",Registry,,HKLM:\Software\Policies\Microsoft\Edge,TyposquattingCheckerEnabled,,,,,1,=,Low diff --git a/lists/finding_list_msft_security_baseline_windows_11_23h2_machine.csv b/lists/finding_list_msft_security_baseline_windows_11_23h2_machine.csv new file mode 100644 index 0000000..4a545fe --- /dev/null +++ b/lists/finding_list_msft_security_baseline_windows_11_23h2_machine.csv @@ -0,0 +1,408 @@ +ID,Category,Name,Method,MethodArgument,RegistryPath,RegistryItem,ClassName,Namespace,Property,DefaultValue,RecommendedValue,Operator,Severity +10000,"Account Policies","Account lockout duration",accountpolicy,,,,,,,30,10,>=,Low +10001,"Account Policies","Account lockout threshold",accountpolicy,,,,,,,Never,10,<=,Low +10003,"Account Policies","Allow Administrator account lockout",secedit,"System Access\AllowAdministratorLockout",,,,,,1,1,=,Medium +10002,"Account Policies","Reset account lockout counter",accountpolicy,,,,,,,30,10,>=,Low +10100,"Account Policies","Length of password history maintained",accountpolicy,,,,,,,None,24,>=,Low +10101,"Account Policies","Minimum password length",accountpolicy,,,,,,,0,14,>=,Medium +10102,"Account Policies","Password must meet complexity requirements",secedit,"System Access\PasswordComplexity",,,,,,0,1,=,Medium +10103,"Account Policies","Store passwords using reversible encryption",secedit,"System Access\ClearTextPassword",,,,,,0,0,=,High +10200,"Security Options","Accounts: Limit local account use of blank passwords to console logon only",Registry,,HKLM:\System\CurrentControlSet\Control\Lsa,LimitBlankPasswordUse,,,,1,1,=,Medium +10201,"Security Options","Audit: Force audit policy subcategory settings to override audit policy category settings",Registry,,HKLM:\System\CurrentControlSet\Control\Lsa,SCENoApplyLegacyAuditPolicy,,,,1,1,=,Low +10202,"Security Options","Domain member: Digitally encrypt or sign secure channel data (always)",Registry,,HKLM:\System\CurrentControlSet\Services\Netlogon\Parameters,RequireSignOrSeal,,,,1,1,=,Medium +10203,"Security Options","Domain member: Digitally encrypt secure channel data (when possible)",Registry,,HKLM:\System\CurrentControlSet\Services\Netlogon\Parameters,SealSecureChannel,,,,1,1,=,Medium +10204,"Security Options","Domain member: Digitally sign secure channel data (when possible)",Registry,,HKLM:\System\CurrentControlSet\Services\Netlogon\Parameters,SignSecureChannel,,,,1,1,=,Medium +10205,"Security Options","Domain member: Disable machine account password changes",Registry,,HKLM:\System\CurrentControlSet\Services\Netlogon\Parameters,DisablePasswordChange,,,,0,0,=,Medium +10207,"Security Options","Domain member: Require strong (Windows 2000 or later) session key",Registry,,HKLM:\System\CurrentControlSet\Services\Netlogon\Parameters,RequireStrongKey,,,,1,1,=,Medium +10208,"Security Options","Interactive logon: Machine inactivity limit",Registry,,HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System,InactivityTimeoutSecs,,,,900,900,=,Low +10209,"Security Options","Interactive logon: Smart card removal behavior",Registry,,"HKLM:\Software\Microsoft\Windows NT\CurrentVersion\Winlogon",ScRemoveOption,,,,0,1,=,Low +10210,"Security Options","Microsoft network client: Digitally sign communications (always)",Registry,,HKLM:\System\CurrentControlSet\Services\LanmanWorkstation\Parameters,RequireSecuritySignature,,,,0,1,=,Medium +10211,"Security Options","Microsoft network client: Send unencrypted password to third-party SMB servers",Registry,,HKLM:\System\CurrentControlSet\Services\LanmanWorkstation\Parameters,EnablePlainTextPassword,,,,0,0,=,Medium +10212,"Security Options","Microsoft network server: Digitally sign communications (always)",Registry,,HKLM:\System\CurrentControlSet\Services\LanManServer\Parameters,RequireSecuritySignature,,,,0,1,=,Medium +10213,"Security Options","Network access: Allow anonymous SID/Name translation",secedit,"System Access\LSAAnonymousNameLookup",,,,,,0,0,=,Medium +10214,"Security Options","Network access: Do not allow anonymous enumeration of SAM accounts",Registry,,HKLM:\System\CurrentControlSet\Control\Lsa,RestrictAnonymousSAM,,,,1,1,=,Medium +10215,"Security Options","Network access: Do not allow anonymous enumeration of SAM accounts and shares",Registry,,HKLM:\System\CurrentControlSet\Control\Lsa,RestrictAnonymous,,,,0,1,=,Medium +10216,"Security Options","Network access: Restrict anonymous access to Named Pipes and Shares",Registry,,HKLM:\System\CurrentControlSet\Services\LanManServer\Parameters,RestrictNullSessAccess,,,,1,1,=,Medium +10217,"Security Options","Network access: Restrict clients allowed to make remote calls to SAM",Registry,,HKLM:\System\CurrentControlSet\Control\Lsa,RestrictRemoteSAM,,,,,O:BAG:BAD:(A;;RC;;;BA),=,Medium +10218,"Security Options","Network security: Allow LocalSystem NULL session fallback",Registry,,HKLM:\System\CurrentControlSet\Control\Lsa\MSV1_0,allownullsessionfallback,,,,0,0,=,Medium +10219,"Security Options","Network security: Do not store LAN Manager hash value on next password change",Registry,,HKLM:\System\CurrentControlSet\Control\Lsa,NoLMHash,,,,1,1,=,High +10220,"Security Options","Network security: LAN Manager authentication level",Registry,,HKLM:\System\CurrentControlSet\Control\Lsa,LmCompatibilityLevel,,,,3,5,=,Medium +10221,"Security Options","Network security: LDAP client signing requirements",Registry,,HKLM:\System\CurrentControlSet\Services\LDAP,LDAPClientIntegrity,,,,1,1,>=,Medium +10222,"Security Options","Network security: Minimum session security for NTLM SSP based (including secure RPC) clients",Registry,,HKLM:\System\CurrentControlSet\Control\Lsa\MSV1_0,NTLMMinClientSec,,,,536870912,537395200,=,Medium +10223,"Security Options","Network security: Minimum session security for NTLM SSP based (including secure RPC) servers",Registry,,HKLM:\System\CurrentControlSet\Control\Lsa\MSV1_0,NTLMMinServerSec,,,,536870912,537395200,=,Medium +10224,"Security Options","System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links)",Registry,,"HKLM:\System\CurrentControlSet\Control\Session Manager",ProtectionMode,,,,1,1,=,Medium +10225,"Security Options","User Account Control: Admin Approval Mode for the Built-in Administrator account",Registry,,HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System,FilterAdministratorToken,,,,0,1,=,Medium +10226,"Security Options","User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode",Registry,,HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System,ConsentPromptBehaviorAdmin,,,,5,2,=,Medium +10227,"Security Options","User Account Control: Behavior of the elevation prompt for standard users",Registry,,HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System,ConsentPromptBehaviorUser,,,,0,0,=,Medium +10228,"Security Options","User Account Control: Detect application installations and prompt for elevation",Registry,,HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System,EnableInstallerDetection,,,,1,1,=,Medium +10229,"Security Options","User Account Control: Only elevate UIAccess applications that are installed in secure locations",Registry,,HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System,EnableSecureUIAPaths,,,,1,1,=,Medium +10230,"Security Options","User Account Control: Run all administrators in Admin Approval Mode",Registry,,HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System,EnableLUA,,,,1,1,=,Medium +10231,"Security Options","User Account Control: Virtualize file and registry write failures to per-user locations",Registry,,HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System,EnableVirtualization,,,,1,1,=,Medium +10301,"User Rights Assignment","Access Credential Manager as a trusted caller",accesschk,SeTrustedCredManAccessPrivilege,,,,,,,,=,Medium +10302,"User Rights Assignment","Access this computer from the network",accesschk,SeNetworkLogonRight,,,,,,"BUILTIN\Backup Operators;BUILTIN\Users;BUILTIN\Administrators;Everyone","BUILTIN\Remote Desktop Users;BUILTIN\Administrators",=,Medium +10303,"User Rights Assignment","Act as part of the operating system",accesschk,SeTcbPrivilege,,,,,,,,=,Medium +10304,"User Rights Assignment","Allow log on locally",accesschk,SeInteractiveLogonRight,,,,,,"BUILTIN\Backup Operators;BUILTIN\Users;BUILTIN\Administrators;COMPUTERNAME\Guest",BUILTIN\Users;BUILTIN\Administrators,=,Medium +10305,"User Rights Assignment","Back up files and directories",accesschk,SeBackupPrivilege,,,,,,"BUILTIN\Administrators;BUILTIN\Backup Operators",BUILTIN\Administrators,=,Medium +10306,"User Rights Assignment","Create a pagefile",accesschk,SeCreatePagefilePrivilege,,,,,,BUILTIN\Administrators,BUILTIN\Administrators,=,Medium +10307,"User Rights Assignment","Create a token object",accesschk,SeCreateTokenPrivilege,,,,,,,,=,Medium +10308,"User Rights Assignment","Create global objects",accesschk,SeCreateGlobalPrivilege,,,,,,"NT AUTHORITY\SERVICE;BUILTIN\Administrators;NT AUTHORITY\NETWORK SERVICE;NT AUTHORITY\LOCAL SERVICE","NT AUTHORITY\SERVICE;BUILTIN\Administrators;NT AUTHORITY\NETWORK SERVICE;NT AUTHORITY\LOCAL SERVICE",=,Medium +10309,"User Rights Assignment","Create permanent shared objects",accesschk,SeCreatePermanentPrivilege,,,,,,,,=,Medium +10310,"User Rights Assignment","Debug programs",accesschk,SeDebugPrivilege,,,,,,BUILTIN\Administrators,BUILTIN\Administrators,=,Medium +10311,"User Rights Assignment","Deny access to this computer from the network",accesschk,SeDenyNetworkLogonRight,,,,,,COMPUTERNAME\Guest,"NT AUTHORITY\Local account",=,Medium +10312,"User Rights Assignment","Deny log on through Remote Desktop Services",accesschk,SeDenyRemoteInteractiveLogonRight,,,,,,,"NT AUTHORITY\Local account",=,Medium +10313,"User Rights Assignment","Enable computer and user accounts to be trusted for delegation",accesschk,SeEnableDelegationPrivilege,,,,,,,,=,Medium +10314,"User Rights Assignment","Force shutdown from a remote system",accesschk,SeRemoteShutdownPrivilege,,,,,,BUILTIN\Administrators,BUILTIN\Administrators,=,Medium +10315,"User Rights Assignment","Impersonate a client after authentication",accesschk,SeImpersonatePrivilege,,,,,,"NT AUTHORITY\SERVICE;BUILTIN\Administrators;NT AUTHORITY\NETWORK SERVICE;NT AUTHORITY\LOCAL SERVICE","NT AUTHORITY\SERVICE;BUILTIN\Administrators;NT AUTHORITY\NETWORK SERVICE;NT AUTHORITY\LOCAL SERVICE",=,Medium +10316,"User Rights Assignment","Load and unload device drivers",accesschk,SeLoadDriverPrivilege,,,,,,BUILTIN\Administrators,BUILTIN\Administrators,=,Medium +10317,"User Rights Assignment","Lock pages in memory",accesschk,SeLockMemoryPrivilege,,,,,,,,=,Medium +10318,"User Rights Assignment","Manage auditing and security log",accesschk,SeSecurityPrivilege,,,,,,BUILTIN\Administrators,BUILTIN\Administrators,=,Medium +10319,"User Rights Assignment","Modify firmware environment values",accesschk,SeSystemEnvironmentPrivilege,,,,,,BUILTIN\Administrators,BUILTIN\Administrators,=,Medium +10320,"User Rights Assignment","Perform volume maintenance tasks",accesschk,SeManageVolumePrivilege,,,,,,BUILTIN\Administrators,BUILTIN\Administrators,=,Medium +10321,"User Rights Assignment","Profile single process",accesschk,SeProfileSingleProcessPrivilege,,,,,,BUILTIN\Administrators,BUILTIN\Administrators,=,Medium +10322,"User Rights Assignment","Restore files and directories",accesschk,SeRestorePrivilege,,,,,,"BUILTIN\Backup Operators;BUILTIN\Administrators",BUILTIN\Administrators,=,Medium +10323,"User Rights Assignment","Take ownership of files or other objects",accesschk,SeTakeOwnershipPrivilege,,,,,,BUILTIN\Administrators,BUILTIN\Administrators,=,Medium +10400,"Advanced Audit Policy Configuration","Credential Validation",auditpol,{0CCE923F-69AE-11D9-BED3-505054503030},,,,,,"No Auditing","Success and Failure",=,Low +10401,"Advanced Audit Policy Configuration","Security Group Management",auditpol,{0CCE9237-69AE-11D9-BED3-505054503030},,,,,,Success,Success,contains,Low +10402,"Advanced Audit Policy Configuration","User Account Management",auditpol,{0CCE9235-69AE-11D9-BED3-505054503030},,,,,,Success,"Success and Failure",=,Low +10403,"Advanced Audit Policy Configuration","Plug and Play Events",auditpol,{0cce9248-69ae-11d9-bed3-505054503030},,,,,,"No Auditing",Success,contains,Low +10404,"Advanced Audit Policy Configuration","Process Creation",auditpol,{0CCE922B-69AE-11D9-BED3-505054503030},,,,,,"No Auditing",Success,contains,Low +10405,"Advanced Audit Policy Configuration","Account Lockout",auditpol,{0CCE9217-69AE-11D9-BED3-505054503030},,,,,,Success,Failure,contains,Low +10406,"Advanced Audit Policy Configuration","Group Membership",auditpol,{0cce9249-69ae-11d9-bed3-505054503030},,,,,,"No Auditing",Success,contains,Low +10407,"Advanced Audit Policy Configuration",Logon,auditpol,{0CCE9215-69AE-11D9-BED3-505054503030},,,,,,"Success and Failure","Success and Failure",=,Low +10408,"Advanced Audit Policy Configuration","Other Logon/Logoff Events",auditpol,{0CCE921C-69AE-11D9-BED3-505054503030},,,,,,"No Auditing","Success and Failure",=,Low +10409,"Advanced Audit Policy Configuration","Special Logon",auditpol,{0CCE921B-69AE-11D9-BED3-505054503030},,,,,,Success,Success,contains,Low +10410,"Advanced Audit Policy Configuration","Detailed File Share",auditpol,{0CCE9244-69AE-11D9-BED3-505054503030},,,,,,"No Auditing",Failure,contains,Low +10411,"Advanced Audit Policy Configuration","File Share",auditpol,{0CCE9224-69AE-11D9-BED3-505054503030},,,,,,"No Auditing","Success and Failure",=,Low +10412,"Advanced Audit Policy Configuration","Other Object Access Events",auditpol,{0CCE9227-69AE-11D9-BED3-505054503030},,,,,,"No Auditing","Success and Failure",=,Low +10413,"Advanced Audit Policy Configuration","Removable Storage",auditpol,{0CCE9245-69AE-11D9-BED3-505054503030},,,,,,"No Auditing","Success and Failure",=,Low +10414,"Advanced Audit Policy Configuration","Audit Policy Change",auditpol,{0CCE922F-69AE-11D9-BED3-505054503030},,,,,,Success,Success,contains,Low +10415,"Advanced Audit Policy Configuration","Authentication Policy Change",auditpol,{0CCE9230-69AE-11D9-BED3-505054503030},,,,,,Success,Success,contains,Low +10416,"Advanced Audit Policy Configuration","MPSSVC Rule-Level Policy Change",auditpol,{0CCE9232-69AE-11D9-BED3-505054503030},,,,,,"No Auditing","Success and Failure",=,Low +10417,"Advanced Audit Policy Configuration","Other Policy Change Events",auditpol,{0CCE9234-69AE-11D9-BED3-505054503030},,,,,,"No Auditing",Failure,contains,Low +10418,"Advanced Audit Policy Configuration","Sensitive Privilege Use",auditpol,{0CCE9228-69AE-11D9-BED3-505054503030},,,,,,"No Auditing",Success,=,Low +10419,"Advanced Audit Policy Configuration","Other System Events",auditpol,{0CCE9214-69AE-11D9-BED3-505054503030},,,,,,"Success and Failure","Success and Failure",=,Low +10420,"Advanced Audit Policy Configuration","Security State Change",auditpol,{0CCE9210-69AE-11D9-BED3-505054503030},,,,,,Success,Success,contains,Low +10421,"Advanced Audit Policy Configuration","Security System Extension",auditpol,{0CCE9211-69AE-11D9-BED3-505054503030},,,,,,"No Auditing",Success,contains,Low +10422,"Advanced Audit Policy Configuration","System Integrity",auditpol,{0CCE9212-69AE-11D9-BED3-505054503030},,,,,,"Success and Failure","Success and Failure",=,Low +10501,"Windows Firewall","EnableFirewall (Domain Profile, Policy)",Registry,,HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile,EnableFirewall,,,,0,1,=,Medium +10503,"Windows Firewall","Inbound Connections (Domain Profile, Policy)",Registry,,HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile,DefaultInboundAction,,,,1,1,=,Medium +10505,"Windows Firewall","Outbound Connections (Domain Profile, Policy)",Registry,,HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile,DefaultOutboundAction,,,,0,0,=,Medium +10507,"Windows Firewall","Display a notification (Domain Profile, Policy)",Registry,,HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile,DisableNotifications,,,,0,1,=,Low +10509,"Windows Firewall","Log size limit (Domain Profile, Policy)",Registry,,HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging,LogFileSize,,,,4096,16384,>=,Medium +10511,"Windows Firewall","Log dropped packets (Domain Profile, Policy)",Registry,,HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging,LogDroppedPackets,,,,0,1,=,Medium +10513,"Windows Firewall","Log successful connections (Domain Profile, Policy)",Registry,,HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging,LogSuccessfulConnections,,,,0,1,=,Low +10515,"Windows Firewall","EnableFirewall (Private Profile, Policy)",Registry,,HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile,EnableFirewall,,,,0,1,=,Medium +10517,"Windows Firewall","Inbound Connections (Private Profile, Policy)",Registry,,HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile,DefaultInboundAction,,,,1,1,=,Medium +10519,"Windows Firewall","Outbound Connections (Private Profile, Policy)",Registry,,HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile,DefaultOutboundAction,,,,0,0,=,Medium +10521,"Windows Firewall","Display a notification (Private Profile, Policy)",Registry,,HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile,DisableNotifications,,,,0,1,=,Low +10523,"Windows Firewall","Log size limit (Private Profile, Policy)",Registry,,HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile\Logging,LogFileSize,,,,4096,16384,>=,Medium +10525,"Windows Firewall","Log dropped packets (Private Profile, Policy)",Registry,,HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile\Logging,LogDroppedPackets,,,,0,1,=,Medium +10527,"Windows Firewall","Log successful connections (Private Profile, Policy)",Registry,,HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile\Logging,LogSuccessfulConnections,,,,0,1,=,Low +10529,"Windows Firewall","EnableFirewall (Public Profile, Policy)",Registry,,HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile,EnableFirewall,,,,0,1,=,Medium +10531,"Windows Firewall","Inbound Connections (Public Profile, Policy)",Registry,,HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile,DefaultInboundAction,,,,1,1,=,Medium +10533,"Windows Firewall","Outbound Connections (Public Profile, Policy)",Registry,,HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile,DefaultOutboundAction,,,,0,0,=,Medium +10535,"Windows Firewall","Display a notification (Public Profile, Policy)",Registry,,HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile,DisableNotifications,,,,0,1,=,Low +10537,"Windows Firewall","Apply local firewall rules (Public Profile, Policy)",Registry,,HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile,AllowLocalPolicyMerge,,,,0,0,=,Low +10538,"Windows Firewall","Apply local connection security rules (Public Profile, Policy)",Registry,,HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile,AllowLocalIPsecPolicyMerge,,,,0,0,=,Low +10539,"Windows Firewall","Log size limit (Public Profile, Policy)",Registry,,HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\Logging,LogFileSize,,,,4096,16384,>=,Medium +10541,"Windows Firewall","Log dropped packets (Public Profile, Policy)",Registry,,HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\Logging,LogDroppedPackets,,,,0,1,=,Medium +10543,"Windows Firewall","Log successful connections (Public Profile, Policy)",Registry,,HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\Logging,LogSuccessfulConnections,,,,0,1,=,Low +10600,"Administrative Templates: Control Panel","Personalization: Prevent enabling lock screen camera",Registry,,HKLM:\Software\Policies\Microsoft\Windows\Personalization,NoLockScreenCamera,,,,0,1,=,Low +10601,"Administrative Templates: Control Panel","Personalization: Prevent enabling lock screen slide show",Registry,,HKLM:\Software\Policies\Microsoft\Windows\Personalization,NoLockScreenSlideshow,,,,0,1,=,Low +10620,"MS Security Guide","Apply UAC restrictions to local accounts on network logons",Registry,,HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System,LocalAccountTokenFilterPolicy,,,,,0,=,Medium +10627,"MS Security Guide","Configure RPC packet level privacy setting for incoming connections",Registry,,HKLM:\System\CurrentControlSet\Control\Print,RpcAuthnLevelPrivacyEnabled,,,,,1,=,Medium +10621,"MS Security Guide","Configure SMB v1 client driver",Registry,,HKLM:\SYSTEM\CurrentControlSet\Services\MrxSmb10,Start,,,,1,4,=,Medium +10622,"MS Security Guide","Configure SMB v1 server",Registry,,HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters,SMB1,,,,1,0,=,Medium +10623,"MS Security Guide","Enable Structured Exception Handling Overwrite Protection (SEHOP)",Registry,,"HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager\kernel",DisableExceptionChainValidation,,,,0,0,=,Medium +10624,"MS Security Guide","NetBT NodeType configuration",Registry,,HKLM:\SYSTEM\CurrentControlSet\Services\NetBT\Parameters,NodeType,,,,0,2,=,Medium +10625,"MS Security Guide","WDigest Authentication",Registry,,HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\WDigest,UseLogonCredential,,,,0,0,=,High +10640,"MSS (Legacy)","MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing)",Registry,,HKLM:\System\CurrentControlSet\Services\Tcpip6\Parameters,DisableIPSourceRouting,,,,0,2,=,Medium +10641,"MSS (Legacy)","MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing)",Registry,,HKLM:\System\CurrentControlSet\Services\Tcpip\Parameters,DisableIPSourceRouting,,,,1,2,=,Medium +10642,"MSS (Legacy)","MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes",Registry,,HKLM:\System\CurrentControlSet\Services\Tcpip\Parameters,EnableICMPRedirect,,,,1,0,=,Medium +10643,"MSS (Legacy)","MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers",Registry,,HKLM:\System\CurrentControlSet\Services\Netbt\Parameters,NoNameReleaseOnDemand,,,,0,1,=,Medium +10657,"Administrative Templates: Network","DNS Client: Configure NetBIOS settings",Registry,,"HKLM:\Software\Policies\Microsoft\Windows NT\DNSClient",EnableNetbios,,,,,2,=,Medium +10650,"Administrative Templates: Network","DNS Client: Turn off multicast name resolution (LLMNR)",Registry,,"HKLM:\Software\Policies\Microsoft\Windows NT\DNSClient",EnableMulticast,,,,1,0,=,Medium +10651,"Administrative Templates: Network","Lanman Workstation: Enable insecure guest logons",Registry,,HKLM:\Software\Policies\Microsoft\Windows\LanmanWorkstation,AllowInsecureGuestAuth,,,,1,0,=,Medium +10652,"Administrative Templates: Network","Network Connections: Prohibit use of Internet Connection Sharing on your DNS domain network",Registry,,"HKLM:\Software\Policies\Microsoft\Windows\Network Connections",NC_ShowSharedAccessUI,,,,1,0,=,Medium +10653,"Administrative Templates: Network","Network Provider: Hardened UNC Paths (NETLOGON)",Registry,,HKLM:\Software\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths,\\*\NETLOGON,,,,,"RequireMutualAuthentication=1, RequireIntegrity=1",=,Medium +10654,"Administrative Templates: Network","Network Provider: Hardened UNC Paths (SYSVOL)",Registry,,HKLM:\Software\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths,\\*\SYSVOL,,,,,"RequireMutualAuthentication=1, RequireIntegrity=1",=,Medium +10655,"Administrative Templates: Network","Windows Connection Manager: Prohibit connection to non-domain networks when connected to domain authenticated network",Registry,,HKLM:\Software\Policies\Microsoft\Windows\WcmSvc\GroupPolicy,fBlockNonDomain,,,,0,1,=,Medium +10656,"Administrative Templates: Network","WLAN Settings: Allow Windows to automatically connect to suggested open hotspots, to networks shared by contacts, and to hotspots offering paid services",Registry,,HKLM:\Software\Microsoft\wcmsvc\wifinetworkmanager\config,AutoConnectAllowedOEM,,,,1,0,=,Medium +10660,"Administrative Templates: Printers","Configure Redirection Guard",Registry,,"HKLM:\Software\Policies\Microsoft\Windows NT\Printers",RedirectionGuardPolicy,,,,,1,=,Medium +10661,"Administrative Templates: Printers","Configure RPC connection settings (RpcUseNamedPipeProtocol)",Registry,,"HKLM:\Software\Policies\Microsoft\Windows NT\Printers\RPC",RpcUseNamedPipeProtocol,,,,,0,=,Medium +10662,"Administrative Templates: Printers","Configure RPC connection settings (RpcAuthentication)",Registry,,"HKLM:\Software\Policies\Microsoft\Windows NT\Printers\RPC",RpcAuthentication,,,,,0,=,Medium +10663,"Administrative Templates: Printers","Configure RPC listener settings (RpcProtocols)",Registry,,"HKLM:\Software\Policies\Microsoft\Windows NT\Printers\RPC",RpcProtocols,,,,,5,=,Medium +10664,"Administrative Templates: Printers","Configure RPC listener settings (ForceKerberosForRpc)",Registry,,"HKLM:\Software\Policies\Microsoft\Windows NT\Printers\RPC",ForceKerberosForRpc,,,,,0,=,Medium +10665,"Administrative Templates: Printers","Configure RPC over TCP port",Registry,,"HKLM:\Software\Policies\Microsoft\Windows NT\Printers\RPC",RpcTcpPort,,,,,0,=,Medium +10666,"Administrative Templates: Printers","Limits print driver installation to Administrators",Registry,,"HKLM:\Software\Policies\Microsoft\Windows NT\Printers\PointAndPrint",RestrictDriverInstallationToAdministrators,,,,,1,=,Medium +10667,"Administrative Templates: Printers","Manage processing of Queue-specific files",Registry,,"HKLM:\Software\Policies\Microsoft\Windows NT\Printers",CopyFilesPolicy,,,,,1,=,Medium +10670,"Administrative Templates: System","Credentials Delegation: Encryption Oracle Remediation",Registry,,HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters,AllowEncryptionOracle,,,,0,0,=,Medium +10671,"Administrative Templates: System","Credentials Delegation: Remote host allows delegation of non-exportable credentials",Registry,,HKLM:\Software\Policies\Microsoft\Windows\CredentialsDelegation,AllowProtectedCreds,,,,0,1,=,Medium +10672,"Administrative Templates: System","Device Guard: Turn On Virtualization Based Security (Policy)",Registry,,HKLM:\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard,EnableVirtualizationBasedSecurity,,,,,1,=,Medium +10673,"Administrative Templates: System","Device Guard: Virtualization Based Protection of Code Integrity (Policy)",Registry,,HKLM:\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard,HypervisorEnforcedCodeIntegrity,,,,,1,=,Medium +10674,"Administrative Templates: System","Device Guard: Credential Guard Configuration (Policy)",Registry,,HKLM:\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard,LsaCfgFlags,,,,,1,=,Medium +10698,"Administrative Templates: System","Device Guard: Kernel-mode Hardware-enforced Stack Protection (Policy)",Registry,,HKLM:\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard,ConfigureKernelShadowStacksLaunch,,,,,1,=,Medium +10675,"Administrative Templates: System","Device Guard: Select Platform Security Level (Policy)",Registry,,HKLM:\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard,RequirePlatformSecurityFeatures,,,,,1,=,Medium +10676,"Administrative Templates: System","Device Guard: Secure Launch Configuration (Policy)",Registry,,HKLM:\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard,ConfigureSystemGuardLaunch,,,,0,1,=,Medium +10677,"Administrative Templates: System","Device Guard: Require UEFI Memory Attributes Table (Policy)",Registry,,HKLM:\SOFTWARE\Policies\Microsoft\Windows\DeviceGuard,HVCIMATRequired,,,,,1,=,Medium +10678,"Administrative Templates: System","Device Installation: Device Installation Restrictions: Prevent installation of devices using drivers that match an device setup class (Retroactive)",Registry,,HKLM:\Software\Policies\Microsoft\Windows\DeviceInstall\Restrictions,DenyDeviceClassesRetroactive,,,,0,1,=,Medium +10679,"Administrative Templates: System","Device Installation: Device Installation Restrictions: Prevent installation of devices using drivers that match d48179be-ec20-11d1-b6b8-00c04fa372a7 (SBP-2 drive)",RegistryList,,HKLM:\SOFTWARE\Policies\Microsoft\Windows\DeviceInstall\Restrictions\DenyDeviceClasses,d48179be-ec20-11d1-b6b8-00c04fa372a7,,,,0,d48179be-ec20-11d1-b6b8-00c04fa372a7,=,Medium +10680,"Administrative Templates: System","Early Launch Antimalware: Boot-Start Driver Initialization Policy",Registry,,HKLM:\System\CurrentControlSet\Policies\EarlyLaunch,DriverLoadPolicy,,,,0,3,=,Medium +10681,"Administrative Templates: System","Group Policy: Process even if the Group Policy objects have not changed",Registry,,"HKLM:\Software\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}",NoBackgroundPolicy,,,,1,0,=,Low +10682,"Administrative Templates: System","Group Policy: Do not apply during periodic background processing",Registry,,"HKLM:\Software\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}",NoGPOListChanges,,,,0,0,=,Low +10683,"Administrative Templates: System","Internet Communication Management: Internet Communication settings: Turn off downloading of print drivers over HTTP",Registry,,"HKLM:\Software\Policies\Microsoft\Windows NT\Printers",DisableWebPnPDownload,,,,0,1,=,Medium +10684,"Administrative Templates: System","Internet Communication Management: Internet Communication settings: Turn off Internet download for Web publishing and online ordering wizards",Registry,,HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,NoWebServices,,,,0,1,=,Medium +10685,"Administrative Templates: System","Kernel DMA Protection: Enumeration policy for external devices incompatible with Kernel DMA Protection",Registry,,"HKLM:\SOFTWARE\Policies\Microsoft\Windows\Kernel DMA Protection",DeviceEnumerationPolicy,,,,2,0,=,Medium +10701,"Administrative Templates: System","LAPS: Configure password backup directory",Registry,,HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\LAPS,BackupDirectory,,,,,2,=,Medium +10702,"Administrative Templates: System","LAPS: Enable password backup for DSRM accounts",Registry,,HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\LAPS,ADBackupDSRMPassword,,,,,1,=,Medium +10703,"Administrative Templates: System","LAPS: Enable password encryption",Registry,,HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\LAPS,ADPasswordEncryptionEnabled,,,,,1,=,Medium +10699,"Administrative Templates: System","Local Security Authority: Allow Custom SSPs and APs to be loaded into LSASS",Registry,,HKLM:\Software\Policies\Microsoft\Windows\System,AllowCustomSSPsAPs,,,,,0,=,Medium +10700,"Administrative Templates: System","Local Security Authority: Configures LSASS to run as a protected process",Registry,,HKLM:\System\CurrentControlSet\Control\Lsa,RunAsPPL,,,,,1,=,Medium +10686,"Administrative Templates: System","Logon: Enumerate local users on domain-joined computers",Registry,,HKLM:\Software\Policies\Microsoft\Windows\System,EnumerateLocalUsers,,,,0,0,=,Medium +10687,"Administrative Templates: System","Logon: Turn on convenience PIN sign-in",Registry,,HKLM:\Software\Policies\Microsoft\Windows\System,AllowDomainPINLogon,,,,1,0,=,Medium +10688,"Administrative Templates: System","Sleep Settings: Allow standby states (S1-S3) when sleeping (on battery)",Registry,,HKLM:\Software\Policies\Microsoft\Power\PowerSettings\abfc2519-3608-4c2a-94ea-171b0ed546ab,DCSettingIndex,,,,1,0,=,Medium +10689,"Administrative Templates: System","Sleep Settings: Allow standby states (S1-S3) when sleeping (plugged in)",Registry,,HKLM:\Software\Policies\Microsoft\Power\PowerSettings\abfc2519-3608-4c2a-94ea-171b0ed546ab,ACSettingIndex,,,,1,0,=,Medium +10690,"Administrative Templates: System","Sleep Settings: Require a password when a computer wakes (on battery)",Registry,,HKLM:\Software\Policies\Microsoft\Power\PowerSettings\0e796bdb-100d-47d6-a2d5-f7d2daa51f51,DCSettingIndex,,,,0,1,=,Medium +10691,"Administrative Templates: System","Sleep Settings: Require a password when a computer wakes (plugged in)",Registry,,HKLM:\Software\Policies\Microsoft\Power\PowerSettings\0e796bdb-100d-47d6-a2d5-f7d2daa51f51,ACSettingIndex,,,,0,1,=,Medium +10692,"Administrative Templates: System","Remote Assistance: Configure Solicited Remote Assistance",Registry,,"HKLM:\Software\policies\Microsoft\Windows NT\Terminal Services",fAllowToGetHelp,,,,1,0,=,Medium +10693,"Administrative Templates: System","Remote Assistance: Maximum ticket time (value)",Registry,,"HKLM:\Software\policies\Microsoft\Windows NT\Terminal Services",MaxTicketExpiry,,,,,,=,Medium +10694,"Administrative Templates: System","Remote Assistance: Maximum ticket time (units)",Registry,,"HKLM:\Software\policies\Microsoft\Windows NT\Terminal Services",MaxTicketExpiryUnits,,,,,,=,Medium +10695,"Administrative Templates: System","Remote Assistance: Method for sending email invitations",Registry,,"HKLM:\Software\policies\Microsoft\Windows NT\Terminal Services",fUseMailto,,,,,,=,Medium +10696,"Administrative Templates: System","Remote Assistance: Permit remote control of this computer",Registry,,"HKLM:\Software\policies\Microsoft\Windows NT\Terminal Services",fAllowFullControl,,,,,,=,Medium +10697,"Administrative Templates: System","Remote Procedure Call: Restrict Unauthenticated RPC clients",Registry,,"HKLM:\Software\Policies\Microsoft\Windows NT\Rpc",RestrictRemoteClients,,,,0,1,=,Medium +10750,"Administrative Templates: Windows Components","App Privacy: Let Windows apps activate with voice while the system is locked",Registry,,HKLM:\SOFTWARE\Policies\Microsoft\Windows\AppPrivacy,LetAppsActivateWithVoiceAboveLock,,,,0,2,=,Medium +10751,"Administrative Templates: Windows Components","App runtime: Allow Microsoft accounts to be optional",Registry,,HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System,MSAOptional,,,,0,1,=,Medium +10752,"Administrative Templates: Windows Components","AutoPlay Policies: Disallow Autoplay for non-volume devices",Registry,,HKLM:\Software\Policies\Microsoft\Windows\Explorer,NoAutoplayfornonVolume,,,,0,1,=,Medium +10753,"Administrative Templates: Windows Components","AutoPlay Policies: Set the default behavior for AutoRun",Registry,,HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,NoAutorun,,,,0,1,=,Medium +10754,"Administrative Templates: Windows Components","AutoPlay Policies: Turn off Autoplay",Registry,,HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,NoDriveTypeAutoRun,,,,0,255,=,Medium +10755,"Administrative Templates: Windows Components","Biometrics: Facial Features: Configure enhanced anti-spoofing",Registry,,HKLM:\SOFTWARE\Policies\Microsoft\Biometrics\FacialFeatures,EnhancedAntiSpoofing,,,,,1,=,Medium +10756,"Administrative Templates: Windows Components","BitLocker Drive Encryption: Disable new DMA devices when this computer is locked",Registry,,HKLM:\Software\Policies\Microsoft\FVE,DisableExternalDMAUnderLock,,,,0,1,=,Medium +10757,"Administrative Templates: Windows Components","BitLocker Drive Encryption: Operating System Drives: Allow enhanced PINs for startup",Registry,,HKLM:\Software\Policies\Microsoft\FVE,UseEnhancedPin,,,,0,1,=,Medium +10758,"Administrative Templates: Windows Components","BitLocker Drive Encryption: Removable Data Drives: Deny write access to removable drives not protected by BitLocker",Registry,,HKLM:\System\CurrentControlSet\Policies\Microsoft\FVE,RDVDenyWriteAccess,,,,,1,=,Medium +10759,"Administrative Templates: Windows Components","BitLocker Drive Encryption: Removable Data Drives: Do not allow write access to devices configured in another organization",Registry,,HKLM:\Software\Policies\Microsoft\FVE,RDVDenyCrossOrg,,,,,0,=,Medium +10760,"Administrative Templates: Windows Components","Cloud Content: Turn off Microsoft consumer experiences",Registry,,HKLM:\Software\Policies\Microsoft\Windows\CloudContent,DisableWindowsConsumerFeatures,,,,0,1,=,Medium +10762,"Administrative Templates: Windows Components","Credential User Interface: Enumerate administrator accounts on elevation",Registry,,HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\CredUI,EnumerateAdministrators,,,,1,0,=,Medium +10763,"Administrative Templates: Windows Components","Event Log Service: Application: Specify the maximum log file size (KB)",Registry,,HKLM:\Software\Policies\Microsoft\Windows\EventLog\Application,MaxSize,,,,4096,32768,>=,Medium +10764,"Administrative Templates: Windows Components","Event Log Service: Security: Specify the maximum log file size (KB)",Registry,,HKLM:\Software\Policies\Microsoft\Windows\EventLog\Security,MaxSize,,,,4096,196608,>=,Medium +10765,"Administrative Templates: Windows Components","Event Log Service: System: Specify the maximum log file size (KB)",Registry,,HKLM:\Software\Policies\Microsoft\Windows\EventLog\System,MaxSize,,,,4096,32768,>=,Medium +10766,"Administrative Templates: Windows Components","File Explorer: Configure Windows Defender SmartScreen",Registry,,HKLM:\SOFTWARE\Policies\Microsoft\Windows\System,EnableSmartScreen,,,,1,1,=,Medium +10767,"Administrative Templates: Windows Components","File Explorer: Configure Windows Defender SmartScreen to warn and prevent bypass",Registry,,HKLM:\SOFTWARE\Policies\Microsoft\Windows\System,ShellSmartScreenLevel,,,,Warn,Block,=,Medium +10800,"Internet Explorer","Prevent bypassing SmartScreen Filter warnings",Registry,,"HKLM:\Software\Policies\Microsoft\Internet Explorer\PhishingFilter",PreventOverride,,,,,1,=,Medium +10801,"Internet Explorer","Prevent bypassing SmartScreen Filter warnings about files that are not commonly downloaded from the Internet",Registry,,"HKLM:\Software\Policies\Microsoft\Internet Explorer\PhishingFilter",PreventOverrideAppRepUnknown,,,,,1,=,Medium +10802,"Internet Explorer","Prevent managing SmartScreen Filter",Registry,,"HKLM:\Software\Policies\Microsoft\Internet Explorer\PhishingFilter",EnabledV9,,,,,1,=,Medium +10803,"Internet Explorer","Prevent per-user installation of ActiveX controls",Registry,,"HKLM:\Software\Policies\Microsoft\Internet Explorer\Security\ActiveX",BlockNonAdminActiveXInstall,,,,,1,=,Medium +10804,"Internet Explorer","Security Zones: Do not allow users to add/delete sites",Registry,,"HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings",Security_zones_map_edit,,,,,1,=,Medium +10805,"Internet Explorer","Security Zones: Do not allow users to change policies",Registry,,"HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings",Security_options_edit,,,,,1,=,Medium +10806,"Internet Explorer","Security Zones: Use only machine settings",Registry,,"HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings",Security_HKLM_only,,,,,1,=,Medium +10807,"Internet Explorer","Specify use of ActiveX Installer Service for installation of ActiveX controls",Registry,,HKLM:\Software\Policies\Microsoft\Windows\AxInstaller,OnlyUseAXISForActiveXInstall,,,,,1,=,Medium +10808,"Internet Explorer","Turn off Crash Detection",Registry,,"HKLM:\Software\Policies\Microsoft\Internet Explorer\Restrictions",NoCrashDetection,,,,,1,=,Medium +10809,"Internet Explorer","Turn off the Security Settings Check feature",Registry,,"HKLM:\Software\Policies\Microsoft\Internet Explorer\Security",DisableSecuritySettingsCheck,,,,,0,=,Medium +10810,"Internet Explorer","Internet Control Panel: Prevent ignoring certificate errors",Registry,,"HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings",PreventIgnoreCertErrors,,,,,1,=,Medium +10811,"Internet Explorer","Internet Control Panel: Advanced Page: Allow software to run or install even if the signature is invalid",Registry,,"HKLM:\Software\Policies\Microsoft\Internet Explorer\Download",RunInvalidSignatures,,,,,0,=,Medium +10812,"Internet Explorer","Internet Control Panel: Advanced Page: Check for server certificate revocation",Registry,,"HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings",CertificateRevocation,,,,,1,=,Medium +10813,"Internet Explorer","Internet Control Panel: Advanced Page: Check for signatures on downloaded programs",Registry,,"HKLM:\Software\Policies\Microsoft\Internet Explorer\Download",CheckExeSignatures,,,,,yes,=,Medium +10814,"Internet Explorer","Internet Control Panel: Advanced Page: Do not allow ActiveX controls to run in Protected Mode when Enhanced Protected Mode is enabled",Registry,,"HKLM:\Software\Policies\Microsoft\Internet Explorer\Main",DisableEPMCompat,,,,,1,=,Medium +10815,"Internet Explorer","Internet Control Panel: Advanced Page: Turn off encryption support",Registry,,"HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings",SecureProtocols,,,,,2560,=,Medium +10816,"Internet Explorer","Internet Control Panel: Advanced Page: Turn on 64-bit tab processes when running in Enhanced Protected Mode on 64-bit versions of Windows",Registry,,"HKLM:\Software\Policies\Microsoft\Internet Explorer\Main",Isolation64Bit,,,,,1,=,Medium +10817,"Internet Explorer","Internet Control Panel: Advanced Page: Turn on Enhanced Protected Mode",Registry,,"HKLM:\Software\Policies\Microsoft\Internet Explorer\Main",Isolation,,,,,PMEM,=,Medium +10818,"Internet Explorer","Internet Control Panel: Security Page: Intranet Sites: Include all network paths (UNCs)",Registry,,"HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap",UNCAsIntranet,,,,,0,=,Medium +10819,"Internet Explorer","Internet Control Panel: Security Page: Turn on certificate address mismatch warning",Registry,,"HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings",WarnOnBadCertRecving,,,,,1,=,Medium +10820,"Internet Explorer","Internet Control Panel: Security Page: Internet Zone: Access data sources across domains",Registry,,"HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3",1406,,,,,3,=,Medium +10821,"Internet Explorer","Internet Control Panel: Security Page: Internet Zone: Allow cut, copy or paste operations from the clipboard via script",Registry,,"HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3",1407,,,,,3,=,Medium +10822,"Internet Explorer","Internet Control Panel: Security Page: Internet Zone: Allow drag and drop or copy and paste files",Registry,,"HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3",1802,,,,,3,=,Medium +10823,"Internet Explorer","Internet Control Panel: Security Page: Internet Zone: Allow loading of XAML files",Registry,,"HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3",2402,,,,,3,=,Medium +10824,"Internet Explorer","Internet Control Panel: Security Page: Internet Zone: Allow only approved domains to use ActiveX controls without prompt",Registry,,"HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3",120b,,,,,3,=,Medium +10825,"Internet Explorer","Internet Control Panel: Security Page: Internet Zone: Allow only approved domains to use the TDC ActiveX control",Registry,,"HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3",120c,,,,,3,=,Medium +10826,"Internet Explorer","Internet Control Panel: Security Page: Internet Zone: Allow scripting of Internet Explorer WebBrowser controls",Registry,,"HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3",1206,,,,,3,=,Medium +10827,"Internet Explorer","Internet Control Panel: Security Page: Internet Zone: Allow script-initiated windows without size or position constraints",Registry,,"HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3",2102,,,,,3,=,Medium +10828,"Internet Explorer","Internet Control Panel: Security Page: Internet Zone: Allow scriptlets",Registry,,"HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3",1209,,,,,3,=,Medium +10829,"Internet Explorer","Internet Control Panel: Security Page: Internet Zone: Allow updates to status bar via script",Registry,,"HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3",2103,,,,,3,=,Medium +10830,"Internet Explorer","Internet Control Panel: Security Page: Internet Zone: Allow VBScript to run in Internet Explorer",Registry,,"HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3",140C,,,,,3,=,Medium +10831,"Internet Explorer","Internet Control Panel: Security Page: Internet Zone: Automatic prompting for file downloads",Registry,,"HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3",2200,,,,,3,=,Medium +10832,"Internet Explorer","Internet Control Panel: Security Page: Internet Zone: Don't run antimalware programs against ActiveX controls",Registry,,"HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3",270C,,,,,0,=,Medium +10833,"Internet Explorer","Internet Control Panel: Security Page: Internet Zone: Download signed ActiveX controls",Registry,,"HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3",1001,,,,,3,=,Medium +10834,"Internet Explorer","Internet Control Panel: Security Page: Internet Zone: Download unsigned ActiveX controls",Registry,,"HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3",1004,,,,,3,=,Medium +10835,"Internet Explorer","Internet Control Panel: Security Page: Internet Zone: Enable dragging of content from different domains across windows",Registry,,"HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3",2709,,,,,3,=,Medium +10836,"Internet Explorer","Internet Control Panel: Security Page: Internet Zone: Enable dragging of content from different domains within a window",Registry,,"HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3",2708,,,,,3,=,Medium +10837,"Internet Explorer","Internet Control Panel: Security Page: Internet Zone: Include local path when user is uploading files to a server",Registry,,"HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3",160A,,,,,3,=,Medium +10838,"Internet Explorer","Internet Control Panel: Security Page: Internet Zone: Initialize and script ActiveX controls not marked as safe",Registry,,"HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3",1201,,,,,3,=,Medium +10839,"Internet Explorer","Internet Control Panel: Security Page: Internet Zone: Java permissions",Registry,,"HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3",1C00,,,,,0,=,Medium +10840,"Internet Explorer","Internet Control Panel: Security Page: Internet Zone: Launching applications and files in an IFRAME",Registry,,"HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3",1804,,,,,3,=,Medium +10841,"Internet Explorer","Internet Control Panel: Security Page: Internet Zone: Logon options",Registry,,"HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3",1A00,,,,,65536,=,Medium +10842,"Internet Explorer","Internet Control Panel: Security Page: Internet Zone: Navigate windows and frames across different domains",Registry,,"HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3",1607,,,,,3,=,Medium +10843,"Internet Explorer","Internet Control Panel: Security Page: Internet Zone: Run .NET Framework-reliant components not signed with Authenticode",Registry,,"HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3",2004,,,,,3,=,Medium +10844,"Internet Explorer","Internet Control Panel: Security Page: Internet Zone: Run .NET Framework-reliant components signed with Authenticode",Registry,,"HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3",2001,,,,,3,=,Medium +10845,"Internet Explorer","Internet Control Panel: Security Page: Internet Zone: Show security warning for potentially unsafe files",Registry,,"HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3",1806,,,,,1,=,Medium +10846,"Internet Explorer","Internet Control Panel: Security Page: Internet Zone: Turn on Cross-Site Scripting Filter",Registry,,"HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3",1409,,,,,0,=,Medium +10847,"Internet Explorer","Internet Control Panel: Security Page: Internet Zone: Turn on Protected Mode",Registry,,"HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3",2500,,,,,0,=,Medium +10848,"Internet Explorer","Internet Control Panel: Security Page: Internet Zone: Turn on SmartScreen Filter scan",Registry,,"HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3",2301,,,,,0,=,Medium +10849,"Internet Explorer","Internet Control Panel: Security Page: Internet Zone: Use Pop-up Blocker",Registry,,"HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3",1809,,,,,0,=,Medium +10850,"Internet Explorer","Internet Control Panel: Security Page: Internet Zone: Userdata persistence",Registry,,"HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3",1606,,,,,3,=,Medium +10851,"Internet Explorer","Internet Control Panel: Security Page: Internet Zone: Web sites in less privileged Web content zones can navigate into this zone",Registry,,"HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3",2101,,,,,3,=,Medium +10852,"Internet Explorer","Internet Control Panel: Security Page: Intranet Zone: Don't run antimalware programs against ActiveX controls",Registry,,"HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1",270C,,,,,0,=,Medium +10853,"Internet Explorer","Internet Control Panel: Security Page: Intranet Zone: Initialize and script ActiveX controls not marked as safe",Registry,,"HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1",1201,,,,,3,=,Medium +10854,"Internet Explorer","Internet Control Panel: Security Page: Intranet Zone: Java permissions",Registry,,"HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1",1C00,,,,,65536,=,Medium +10855,"Internet Explorer","Internet Control Panel: Security Page: Local Machine Zone: Don't run antimalware programs against ActiveX controls",Registry,,"HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0",270C,,,,,0,=,Medium +10856,"Internet Explorer","Internet Control Panel: Security Page: Local Machine Zone: Java permissions",Registry,,"HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0",1C00,,,,,0,=,Medium +10857,"Internet Explorer","Internet Control Panel: Security Page: Locked-Down Internet Zone: Turn on SmartScreen Filter scan",Registry,,"HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3",2301,,,,,0,=,Medium +10858,"Internet Explorer","Internet Control Panel: Security Page: Locked-Down Intranet Zone: Java permissions",Registry,,"HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1",1C00,,,,,0,=,Medium +10859,"Internet Explorer","Internet Control Panel: Security Page: Locked-Down Local Machine Zone: Java permissions",Registry,,"HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0",1C00,,,,,0,=,Medium +10860,"Internet Explorer","Internet Control Panel: Security Page: Locked-Down Restricted Sites Zone: Java permissions",Registry,,"HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4",1C00,,,,,0,=,Medium +10861,"Internet Explorer","Internet Control Panel: Security Page: Locked-Down Restricted Sites Zone: Turn on SmartScreen Filter scan",Registry,,"HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4",2301,,,,,0,=,Medium +10862,"Internet Explorer","Internet Control Panel: Security Page: Locked-Down Trusted Sites Zone: Java permissions",Registry,,"HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2",1C00,,,,,0,=,Medium +10863,"Internet Explorer","Internet Control Panel: Security Page: Restricted Sites Zone: Access data sources across domains",Registry,,"HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4",1406,,,,,3,=,Medium +10864,"Internet Explorer","Internet Control Panel: Security Page: Restricted Sites Zone: Allow active scripting",Registry,,"HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4",1400,,,,,3,=,Medium +10865,"Internet Explorer","Internet Control Panel: Security Page: Restricted Sites Zone: Allow binary and script behaviors",Registry,,"HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4",2000,,,,,3,=,Medium +10866,"Internet Explorer","Internet Control Panel: Security Page: Restricted Sites Zone: Allow cut, copy or paste operations from the clipboard via script",Registry,,"HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4",1407,,,,,3,=,Medium +10867,"Internet Explorer","Internet Control Panel: Security Page: Restricted Sites Zone: Allow drag and drop or copy and paste files",Registry,,"HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4",1802,,,,,3,=,Medium +10868,"Internet Explorer","Internet Control Panel: Security Page: Restricted Sites Zone: Allow file downloads",Registry,,"HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4",1803,,,,,3,=,Medium +10869,"Internet Explorer","Internet Control Panel: Security Page: Restricted Sites Zone: Allow loading of XAML files",Registry,,"HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4",2402,,,,,3,=,Medium +10870,"Internet Explorer","Internet Control Panel: Security Page: Restricted Sites Zone: Allow META REFRESH",Registry,,"HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4",1608,,,,,3,=,Medium +10871,"Internet Explorer","Internet Control Panel: Security Page: Restricted Sites Zone: Allow only approved domains to use ActiveX controls without prompt",Registry,,"HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4",120b,,,,,3,=,Medium +10872,"Internet Explorer","Internet Control Panel: Security Page: Restricted Sites Zone: Allow only approved domains to use the TDC ActiveX control",Registry,,"HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4",120c,,,,,3,=,Medium +10873,"Internet Explorer","Internet Control Panel: Security Page: Restricted Sites Zone: Allow scripting of Internet Explorer WebBrowser controls",Registry,,"HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4",1206,,,,,3,=,Medium +10874,"Internet Explorer","Internet Control Panel: Security Page: Restricted Sites Zone: Allow script-initiated windows without size or position constraints",Registry,,"HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4",2102,,,,,3,=,Medium +10875,"Internet Explorer","Internet Control Panel: Security Page: Restricted Sites Zone: Allow scriptlets",Registry,,"HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4",1209,,,,,3,=,Medium +10876,"Internet Explorer","Internet Control Panel: Security Page: Restricted Sites Zone: Allow updates to status bar via script",Registry,,"HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4",2103,,,,,3,=,Medium +10877,"Internet Explorer","Internet Control Panel: Security Page: Restricted Sites Zone: Allow VBScript to run in Internet Explorer",Registry,,"HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4",140C,,,,,3,=,Medium +10878,"Internet Explorer","Internet Control Panel: Security Page: Restricted Sites Zone: Automatic prompting for file downloads",Registry,,"HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4",2200,,,,,3,=,Medium +10879,"Internet Explorer","Internet Control Panel: Security Page: Restricted Sites Zone: Don't run antimalware programs against ActiveX controls",Registry,,"HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4",270C,,,,,0,=,Medium +10880,"Internet Explorer","Internet Control Panel: Security Page: Restricted Sites Zone: Download signed ActiveX controls",Registry,,"HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4",1001,,,,,3,=,Medium +10881,"Internet Explorer","Internet Control Panel: Security Page: Restricted Sites Zone: Download unsigned ActiveX controls",Registry,,"HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4",1004,,,,,3,=,Medium +10882,"Internet Explorer","Internet Control Panel: Security Page: Restricted Sites Zone: Enable dragging of content from different domains across windows",Registry,,"HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4",2709,,,,,3,=,Medium +10883,"Internet Explorer","Internet Control Panel: Security Page: Restricted Sites Zone: Enable dragging of content from different domains within a window",Registry,,"HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4",2708,,,,,3,=,Medium +10884,"Internet Explorer","Internet Control Panel: Security Page: Restricted Sites Zone: Include local path when user is uploading files to a server",Registry,,"HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4",160A,,,,,3,=,Medium +10885,"Internet Explorer","Internet Control Panel: Security Page: Restricted Sites Zone: Initialize and script ActiveX controls not marked as safe",Registry,,"HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4",1201,,,,,3,=,Medium +10886,"Internet Explorer","Internet Control Panel: Security Page: Restricted Sites Zone: Java permissions",Registry,,"HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4",1C00,,,,,0,=,Medium +10887,"Internet Explorer","Internet Control Panel: Security Page: Restricted Sites Zone: Launching applications and files in an IFRAME",Registry,,"HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4",1804,,,,,3,=,Medium +10888,"Internet Explorer","Internet Control Panel: Security Page: Restricted Sites Zone: Logon options",Registry,,"HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4",1A00,,,,,196608,=,Medium +10889,"Internet Explorer","Internet Control Panel: Security Page: Restricted Sites Zone: Navigate windows and frames across different domains",Registry,,"HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4",1607,,,,,3,=,Medium +10890,"Internet Explorer","Internet Control Panel: Security Page: Restricted Sites Zone: Run .NET Framework-reliant components not signed with Authenticode",Registry,,"HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4",2004,,,,,3,=,Medium +10891,"Internet Explorer","Internet Control Panel: Security Page: Restricted Sites Zone: Run .NET Framework-reliant components signed with Authenticode",Registry,,"HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4",2001,,,,,3,=,Medium +10892,"Internet Explorer","Internet Control Panel: Security Page: Restricted Sites Zone: Run ActiveX controls and plugins",Registry,,"HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4",1200,,,,,3,=,Medium +10893,"Internet Explorer","Internet Control Panel: Security Page: Restricted Sites Zone: Script ActiveX controls marked safe for scripting",Registry,,"HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4",1405,,,,,3,=,Medium +10894,"Internet Explorer","Internet Control Panel: Security Page: Restricted Sites Zone: Scripting of Java applets",Registry,,"HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4",1402,,,,,3,=,Medium +10895,"Internet Explorer","Internet Control Panel: Security Page: Restricted Sites Zone: Show security warning for potentially unsafe files",Registry,,"HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4",1806,,,,,3,=,Medium +10896,"Internet Explorer","Internet Control Panel: Security Page: Restricted Sites Zone: Turn on Cross-Site Scripting Filter",Registry,,"HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4",1409,,,,,0,=,Medium +10897,"Internet Explorer","Internet Control Panel: Security Page: Restricted Sites Zone: Turn on Protected Mode",Registry,,"HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4",2500,,,,,0,=,Medium +10898,"Internet Explorer","Internet Control Panel: Security Page: Restricted Sites Zone: Turn on SmartScreen Filter scan",Registry,,"HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4",2301,,,,,0,=,Medium +10899,"Internet Explorer","Internet Control Panel: Security Page: Restricted Sites Zone: Use Pop-up Blocker",Registry,,"HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4",1809,,,,,0,=,Medium +10900,"Internet Explorer","Internet Control Panel: Security Page: Restricted Sites Zone: Userdata persistence",Registry,,"HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4",1606,,,,,3,=,Medium +10901,"Internet Explorer","Internet Control Panel: Security Page: Restricted Sites Zone: Web sites in less privileged Web content zones can navigate into this zone",Registry,,"HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4",2101,,,,,3,=,Medium +10902,"Internet Explorer","Internet Control Panel: Security Page: Trusted Sites Zone: Don't run antimalware programs against ActiveX controls",Registry,,"HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2",270C,,,,,0,=,Medium +10903,"Internet Explorer","Internet Control Panel: Security Page: Trusted Sites Zone: Initialize and script ActiveX controls not marked as safe",Registry,,"HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2",1201,,,,,3,=,Medium +10904,"Internet Explorer","Internet Control Panel: Security Page: Trusted Sites Zone: Java permissions",Registry,,"HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2",1C00,,,,,65536,=,Medium +10905,"Internet Explorer","Security Features: Allow fallback to SSL 3.0 (Internet Explorer)",Registry,,"HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings",EnableSSL3Fallback,,,,,0,=,Medium +10906,"Internet Explorer","Security Features: Add-on Management: Remove 'Run this time' button for outdated ActiveX controls in Internet Explorer",Registry,,HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\Ext,RunThisTimeEnabled,,,,,0,=,Medium +10907,"Internet Explorer","Security Features: Add-on Management: Turn off blocking of outdated ActiveX controls for Internet Explorer",Registry,,HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\Ext,VersionCheckEnabled,,,,,1,=,Medium +10908,"Internet Explorer","Security Features: Consistent Mime Handling: Internet Explorer Processes iexplore.exe",Registry,,"HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING",iexplore.exe,,,,,1,=,Medium +10909,"Internet Explorer","Security Features: Consistent Mime Handling: Internet Explorer Processes explorer.exe",Registry,,"HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING",explorer.exe,,,,,1,=,Medium +10910,"Internet Explorer","Security Features: Consistent Mime Handling: Internet Explorer Processes (Reserved)",Registry,,"HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING",(Reserved),,,,,1,=,Medium +10911,"Internet Explorer","Security Features: Mime Sniffing Safety Feature: Internet Explorer Processes iexplore.exe",Registry,,"HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING",iexplore.exe,,,,,1,=,Medium +10912,"Internet Explorer","Security Features: Mime Sniffing Safety Feature: Internet Explorer Processes explore.exe",Registry,,"HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING",explorer.exe,,,,,1,=,Medium +10913,"Internet Explorer","Security Features: Mime Sniffing Safety Feature: Internet Explorer Processes (Reserved)",Registry,,"HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING",(Reserved),,,,,1,=,Medium +10914,"Internet Explorer","Security Features: MK Protocol Security Restriction: Internet Explorer Processes iexplore.exe",Registry,,"HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL",iexplore.exe,,,,,1,=,Medium +10915,"Internet Explorer","Security Features: MK Protocol Security Restriction: Internet Explorer Processes explorer.exe",Registry,,"HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL",explorer.exe,,,,,1,=,Medium +10916,"Internet Explorer","Security Features: MK Protocol Security Restriction: Internet Explorer Processes (Reserved)",Registry,,"HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL",(Reserved),,,,,1,=,Medium +10917,"Internet Explorer","Security Features: Notification bar: Internet Explorer Processes iexplore.exe",Registry,,"HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND",iexplore.exe,,,,,1,=,Medium +10918,"Internet Explorer","Security Features: Notification bar: Internet Explorer Processes explorer.exe",Registry,,"HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND",explorer.exe,,,,,1,=,Medium +10919,"Internet Explorer","Security Features: Notification bar: Internet Explorer Processes (Reserved)",Registry,,"HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND",(Reserved),,,,,1,=,Medium +10920,"Internet Explorer","Security Features: Protection From Zone Elevation: Internet Explorer Processes iexplore.exe",Registry,,"HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION",iexplore.exe,,,,,1,=,Medium +10921,"Internet Explorer","Security Features: Protection From Zone Elevation: Internet Explorer Processes explorer.exe",Registry,,"HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION",explorer.exe,,,,,1,=,Medium +10922,"Internet Explorer","Security Features: Protection From Zone Elevation: Internet Explorer Processes (Reserved)",Registry,,"HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION",(Reserved),,,,,1,=,Medium +10923,"Internet Explorer","Security Features: Restrict ActiveX Install: Internet Explorer Processes iexplore.exe",Registry,,"HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL",iexplore.exe,,,,,1,=,Medium +10924,"Internet Explorer","Security Features: Restrict ActiveX Install: Internet Explorer Processes explorer.exe",Registry,,"HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL",explorer.exe,,,,,1,=,Medium +10925,"Internet Explorer","Security Features: Restrict ActiveX Install: Internet Explorer Processes (Reserved)",Registry,,"HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL",(Reserved),,,,,1,=,Medium +10926,"Internet Explorer","Security Features: Restrict File Download: Internet Explorer Processes iexplore.exe",Registry,,"HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD",iexplore.exe,,,,,1,=,Medium +10927,"Internet Explorer","Security Features: Restrict File Download: Internet Explorer Processes explorer.exe",Registry,,"HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD",explorer.exe,,,,,1,=,Medium +10928,"Internet Explorer","Security Features: Restrict File Download: Internet Explorer Processes (Reserved)",Registry,,"HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD",(Reserved),,,,,1,=,Medium +10929,"Internet Explorer","Security Features: Scripted Window Security Restrictions: Internet Explorer Processes iexplore.exe",Registry,,"HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS",iexplore.exe,,,,,1,=,Medium +10930,"Internet Explorer","Security Features: Scripted Window Security Restrictions: Internet Explorer Processes explorer.exe",Registry,,"HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS",explorer.exe,,,,,1,=,Medium +10931,"Internet Explorer","Security Features: Scripted Window Security Restrictions: Internet Explorer Processes (Reserved)",Registry,,"HKLM:\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS",(Reserved),,,,,1,=,Medium +10972,"Microsoft Defender Antivirus","Configure detection for potentially unwanted applications",Registry,,"HKLM:\Software\Policies\Microsoft\Windows Defender",PUAProtection,,,,0,1,>=,Medium +11058,"Microsoft Defender Antivirus","Configure local administrator merge behavior for lists",Registry,,"HKLM:\Software\Policies\Microsoft\Windows Defender",DisableLocalAdminMerge,,,,,0,=,Medium +11059,"Microsoft Defender Antivirus","Control whether or not exclusions are visible to Local Admins",Registry,,"HKLM:\Software\Policies\Microsoft\Windows Defender",HideExclusionsFromLocalAdmins,,,,,1,=,Medium +11061,"Microsoft Defender Antivirus","Turn off routine remediation",Registry,,"HKLM:\Software\Policies\Microsoft\Windows Defender",DisableRoutinelyTakingAction,,,,,0,=,Medium +10998,"Microsoft Defender Antivirus","MAPS: Configure the 'Block at First Sight' feature",Registry,,"HKLM:\Software\Policies\Microsoft\Windows Defender\Spynet",DisableBlockAtFirstSeen,,,,,0,>=,Medium +10973,"Microsoft Defender Antivirus","MAPS: Join Microsoft MAPS",Registry,,"HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet",SpynetReporting,,,,0,2,=,Medium +10974,"Microsoft Defender Antivirus","MAPS: Send file samples when further analysis is required",Registry,,"HKLM:\Software\Policies\Microsoft\Windows Defender\Spynet",SubmitSamplesConsent,,,,,3,=,Medium +10977,"Microsoft Defender Exploit Guard","Attack Surface Reduction rules",Registry,,"HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR",ExploitGuard_ASR_Rules,,,,0,1,=,Medium +10978,"Microsoft Defender Exploit Guard","ASR: Block executable content from email client and webmail (Policy)",Registry,,"HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\rules",be9ba2d9-53ea-4cdc-84e5-9b1eeee46550,,,,0,1,=,Medium +11028,"Microsoft Defender Exploit Guard","ASR: Block executable content from email client and webmail",MpPreferenceAsr,be9ba2d9-53ea-4cdc-84e5-9b1eeee46550,,,,,,0,1,=,Medium +10979,"Microsoft Defender Exploit Guard","ASR: Block all Office applications from creating child processes (Policy)",Registry,,"HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\rules",d4f940ab-401b-4efc-aadc-ad5f3c50688a,,,,0,1,=,Medium +11029,"Microsoft Defender Exploit Guard","ASR: Block all Office applications from creating child processes",MpPreferenceAsr,d4f940ab-401b-4efc-aadc-ad5f3c50688a,,,,,,0,1,=,Medium +10980,"Microsoft Defender Exploit Guard","ASR: Block Office applications from creating executable content (Policy)",Registry,,"HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\rules",3b576869-a4ec-4529-8536-b80a7769e899,,,,0,1,=,Medium +11030,"Microsoft Defender Exploit Guard","ASR: Block Office applications from creating executable content",MpPreferenceAsr,3b576869-a4ec-4529-8536-b80a7769e899,,,,,,0,1,=,Medium +10981,"Microsoft Defender Exploit Guard","ASR: Block Office applications from injecting code into other processes (Policy)",Registry,,"HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\rules",75668c1f-73b5-4cf0-bb93-3ecf5cb7cc84,,,,0,1,=,Medium +11016,"Microsoft Defender Exploit Guard","ASR: Block Office applications from injecting code into other processes",MpPreferenceAsr,75668c1f-73b5-4cf0-bb93-3ecf5cb7cc84,,,,,,0,1,=,Medium +10982,"Microsoft Defender Exploit Guard","ASR: Block JavaScript or VBScript from launching downloaded executable content (Policy)",Registry,,"HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\rules",d3e037e1-3eb8-44c8-a917-57927947596d,,,,0,1,=,Medium +11017,"Microsoft Defender Exploit Guard","ASR: Block JavaScript or VBScript from launching downloaded executable content",MpPreferenceAsr,d3e037e1-3eb8-44c8-a917-57927947596d,,,,,,0,1,=,Medium +10983,"Microsoft Defender Exploit Guard","ASR: Block execution of potentially obfuscated scripts (Policy)",Registry,,"HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\rules",5beb7efe-fd9a-4556-801d-275e5ffc04cc,,,,0,1,=,Medium +11018,"Microsoft Defender Exploit Guard","ASR: Block execution of potentially obfuscated scripts",MpPreferenceAsr,5beb7efe-fd9a-4556-801d-275e5ffc04cc,,,,,,0,1,=,Medium +10984,"Microsoft Defender Exploit Guard","ASR: Block Win32 API calls from Office macros (Policy)",Registry,,"HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\rules",92e97fa1-2edf-4476-bdd6-9dd0b4dddc7b,,,,0,1,=,Medium +11019,"Microsoft Defender Exploit Guard","ASR: Block Win32 API calls from Office macros",MpPreferenceAsr,92e97fa1-2edf-4476-bdd6-9dd0b4dddc7b,,,,,,0,1,=,Medium +10986,"Microsoft Defender Exploit Guard","ASR: Use advanced protection against ransomware (Policy)",Registry,,"HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\rules",c1db55ab-c21a-4637-bb3f-a12568109d35,,,,0,1,=,Medium +11021,"Microsoft Defender Exploit Guard","ASR: Use advanced protection against ransomware",MpPreferenceAsr,c1db55ab-c21a-4637-bb3f-a12568109d35,,,,,,0,1,=,Medium +10987,"Microsoft Defender Exploit Guard","ASR: Block credential stealing from the Windows local security authority subsystem (lsass.exe) (Policy)",Registry,,"HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\rules",9e6c4e1f-7d60-472f-ba1a-a39ef669e4b2,,,,0,1,=,Medium +11022,"Microsoft Defender Exploit Guard","ASR: Block credential stealing from the Windows local security authority subsystem (lsass.exe)",MpPreferenceAsr,9e6c4e1f-7d60-472f-ba1a-a39ef669e4b2,,,,,,0,1,=,Medium +10989,"Microsoft Defender Exploit Guard","ASR: Block untrusted and unsigned processes that run from USB (Policy)",Registry,,"HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\rules",b2b3f03d-6a65-4f7b-a9c7-1c7ef74a9ba4,,,,0,1,=,Medium +11024,"Microsoft Defender Exploit Guard","ASR: Block untrusted and unsigned processes that run from USB",MpPreferenceAsr,b2b3f03d-6a65-4f7b-a9c7-1c7ef74a9ba4,,,,,,0,1,=,Medium +10990,"Microsoft Defender Exploit Guard","ASR: Block Office communication application from creating child processes (Policy)",Registry,,"HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\rules",26190899-1602-49e8-8b27-eb1d0a1ce869,,,,0,1,=,Medium +11025,"Microsoft Defender Exploit Guard","ASR: Block Office communication application from creating child processes",MpPreferenceAsr,26190899-1602-49e8-8b27-eb1d0a1ce869,,,,,,0,1,=,Medium +10991,"Microsoft Defender Exploit Guard","ASR: Block Adobe Reader from creating child processes (Policy)",Registry,,"HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\rules",7674ba52-37eb-4a4f-a9a1-f0f9a1619a2c,,,,0,1,=,Medium +11026,"Microsoft Defender Exploit Guard","ASR: Block Adobe Reader from creating child processes",MpPreferenceAsr,7674ba52-37eb-4a4f-a9a1-f0f9a1619a2c,,,,,,0,1,=,Medium +10992,"Microsoft Defender Exploit Guard","ASR: Block persistence through WMI event subscription (Policy)",Registry,,"HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\rules",e6db77e5-3df2-4cf1-b95a-636979351e5b,,,,0,1,=,Medium +11027,"Microsoft Defender Exploit Guard","ASR: Block persistence through WMI event subscription",MpPreferenceAsr,e6db77e5-3df2-4cf1-b95a-636979351e5b,,,,,,0,1,=,Medium +11032,"Microsoft Defender Exploit Guard","ASR: Block abuse of exploited vulnerable signed drivers (Policy)",Registry,,"HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\rules",56a863a9-875e-4185-98a7-b882c64b5ce5,,,,0,1,=,Medium +11033,"Microsoft Defender Exploit Guard","ASR: Block abuse of exploited vulnerable signed drivers",MpPreferenceAsr,56a863a9-875e-4185-98a7-b882c64b5ce5,,,,,,0,1,=,Medium +10993,"Microsoft Defender Exploit Guard","Network Protection: Prevent users and apps from accessing dangerous websites",Registry,,"HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Network Protection",EnableNetworkProtection,,,,,1,=,Medium +11062,"Microsoft Defender Antivirus","MpEngine: Configure extended cloud check",Registry,,"HKLM:\Software\Policies\Microsoft\Windows Defender\MpEngine",MpBafsExtendedTimeout,,,,,50,=,Medium +11063,"Microsoft Defender Antivirus","MpEngine: Enable file hash computation feature",Registry,,"HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender\MpEngine",EnableFileHashComputation,,,,,1,=,Medium +10999,"Microsoft Defender Antivirus","MpEngine: Select cloud protection level",Registry,,"HKLM:\Software\Policies\Microsoft\Windows Defender\MpEngine",MpCloudBlockLevel,,,,,2,>=,Medium +11064,"Microsoft Defender Antivirus","Real-time Protection: Configure monitoring for incoming and outgoing file and program activity",Registry,,"HKLM:\Software\Policies\Microsoft\Windows Defender\Real-Time Protection",MpCloudBlockLevel,,,,,0,=|0,Medium +11065,"Microsoft Defender Antivirus","Real-time Protection: Monitor file and program activity on your computer",Registry,,"HKLM:\Software\Policies\Microsoft\Windows Defender\Real-Time Protection",RealtimeScanDirection,,,,,0,=,Medium +11013,"Microsoft Defender Antivirus","Real-time Protection: Scan all downloaded files and attachments",Registry,,"HKLM:\Software\Policies\Microsoft\Windows Defender\Real-Time Protection",DisableIOAVProtection,,,,0,0,=,Medium +11014,"Microsoft Defender Antivirus","Real-time Protection: Turn off real-time protection",Registry,,"HKLM:\Software\Policies\Microsoft\Windows Defender\Real-Time Protection",DisableRealtimeMonitoring,,,,0,0,=,Medium +11015,"Microsoft Defender Antivirus","Real-time Protection: Turn on behavior monitoring (Policy)",Registry,,"HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection",DisableBehaviorMonitoring,,,,0,0,=,Medium +11067,"Microsoft Defender Antivirus","Real-time Protection: Turn on process scanning whenever real-time protection is enabled",Registry,,"HKLM:\Software\Policies\Microsoft\Windows Defender\Real-Time Protection",DisableScanOnRealtimeEnable,,,,,0,=,Medium +11031,"Microsoft Defender Antivirus","Real-time Protection: Turn on script scanning",Registry,,"HKLM:\Software\Policies\Microsoft\Windows Defender\Real-Time Protection",DisableScriptScanning,,,,0,0,=,Medium +11066,"Microsoft Defender Antivirus","Scan: Scan packed executables",Registry,,"HKLM:\Software\Policies\Microsoft\Windows Defender\Scan",DisablePackedExeScanning,,,,,0,=,Medium +10976,"Microsoft Defender Antivirus","Scan: Scan removable drives",Registry,,"HKLM:\Software\Policies\Microsoft\Windows Defender\Scan",DisableRemovableDriveScanning,,,,1,0,=,Medium +10960,"Administrative Templates: Windows Components","Remote Desktop Connection Client: Do not allow passwords to be saved",Registry,,"HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services",DisablePasswordSaving,,,,0,1,=,Medium +10961,"Administrative Templates: Windows Components","Remote Desktop Session Host: Device and Resource Redirection: Do not allow drive redirection",Registry,,"HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services",fDisableCdm,,,,0,1,=,Medium +10962,"Administrative Templates: Windows Components","Remote Desktop Session Host: Security: Always prompt for password upon connection",Registry,,"HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services",fPromptForPassword,,,,0,1,=,Medium +10963,"Administrative Templates: Windows Components","Remote Desktop Session Host: Security: Require secure RPC communication",Registry,,"HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services",fEncryptRPCTraffic,,,,0,1,=,Medium +10964,"Administrative Templates: Windows Components","Remote Desktop Session Host: Security: Set client connection encryption level",Registry,,"HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services",MinEncryptionLevel,,,,0,3,=,Medium +10970,"Administrative Templates: Windows Components","RSS Feeds: Prevent downloading of enclosures",Registry,,"HKLM:\Software\Policies\Microsoft\Internet Explorer\Feeds",DisableEnclosureDownload,,,,0,1,=,Medium +10971,"Administrative Templates: Windows Components","Search: Allow indexing of encrypted files",Registry,,"HKLM:\SOFTWARE\Policies\Microsoft\Windows\Windows Search",AllowIndexingEncryptedStoresOrItems,,,,1,0,=,Medium +11040,"Administrative Templates: Windows Components","Windows Defender SmartScreen: Enhanced Phishing Protection",Registry,,HKLM:\Software\Policies\Microsoft\Windows\WTDS\Components,NotifyMalicious,,,,,1,=,Medium +11041,"Administrative Templates: Windows Components","Windows Defender SmartScreen: Notify Password Reuse",Registry,,HKLM:\Software\Policies\Microsoft\Windows\WTDS\Components,NotifyPasswordReuse,,,,,1,=,Medium +11042,"Administrative Templates: Windows Components","Windows Defender SmartScreen: Notify Unsafe App",Registry,,HKLM:\Software\Policies\Microsoft\Windows\WTDS\Components,NotifyUnsafeApp,,,,,1,=,Medium +11043,"Administrative Templates: Windows Components","Windows Defender SmartScreen: Service Enabled",Registry,,HKLM:\Software\Policies\Microsoft\Windows\WTDS\Components,ServiceEnabled,,,,,1,=,Medium +10951,"Administrative Templates: Windows Components","File Explorer: Configure Windows Defender SmartScreen",Registry,,HKLM:\SOFTWARE\Policies\Microsoft\Windows\System,EnableSmartScreen,,,,1,1,=,Medium +10954,"Administrative Templates: Windows Components","File Explorer: Configure Windows Defender SmartScreen to warn and prevent bypass",Registry,,HKLM:\SOFTWARE\Policies\Microsoft\Windows\System,ShellSmartScreenLevel,,,,Warn,Block,=,Medium +10952,"Microsoft Edge","Configure Windows Defender SmartScreen",Registry,,HKLM:\Software\Policies\Microsoft\MicrosoftEdge\PhishingFilter,EnabledV9,,,,,1,=,Medium +10953,"Microsoft Edge","Prevent bypassing Microsoft Defender SmartScreen prompts for sites",Registry,,HKLM:\Software\Policies\Microsoft\MicrosoftEdge\PhishingFilter,PreventOverride,,,,,1,=,Medium +11000,"Administrative Templates: Windows Components","Windows Game Recording and Broadcasting: Enables or disables Windows Game Recording and Broadcasting",Registry,,HKLM:\Software\Policies\Microsoft\Windows\GameDVR,AllowGameDVR,,,,1,0,=,Low +11001,"Administrative Templates: Windows Components","Windows Ink Workspace: Allow Windows Ink Workspace",Registry,,HKLM:\Software\Policies\Microsoft\WindowsInkWorkspace,AllowWindowsInkWorkspace,,,,1,1,=,Low +11002,"Administrative Templates: Windows Components","Windows Installer: Allow user control over installs",Registry,,HKLM:\Software\Policies\Microsoft\Windows\Installer,EnableUserControl,,,,1,0,=,Medium +11003,"Administrative Templates: Windows Components","Windows Installer: Always install with elevated privileges",Registry,,HKLM:\Software\Policies\Microsoft\Windows\Installer,AlwaysInstallElevated,,,,0,0,=,Medium +11034,"Administrative Templates: Windows Components","Windows Logon Options: Enable MPR notifications for the system",Registry,,HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System,EnableMPR,,,,,0,=,Medium +11004,"Administrative Templates: Windows Components","Windows Logon Options: Sign-in and lock last interactive user automatically after a restart",Registry,,HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System,DisableAutomaticRestartSignOn,,,,0,1,=,Medium +11005,PowerShell,"Turn on PowerShell Script Block Logging",Registry,,HKLM:\Software\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging,EnableScriptBlockLogging,,,,0,1,=,Medium +11006,PowerShell,"Turn on PowerShell Script Block Logging (Invocation)",Registry,,HKLM:\Software\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging,EnableScriptBlockInvocationLogging,,,,0,0,=,Low +11007,"Administrative Templates: Windows Components","WinRM Client: Allow Basic authentication",Registry,,HKLM:\Software\Policies\Microsoft\Windows\WinRM\Client,AllowBasic,,,,1,0,=,Medium +11008,"Administrative Templates: Windows Components","WinRM Client: Allow unencrypted traffic",Registry,,HKLM:\Software\Policies\Microsoft\Windows\WinRM\Client,AllowUnencryptedTraffic,,,,1,0,=,Medium +11009,"Administrative Templates: Windows Components","WinRM Client: Disallow Digest authentication",Registry,,HKLM:\Software\Policies\Microsoft\Windows\WinRM\Client,AllowDigest,,,,1,0,=,Medium +11010,"Administrative Templates: Windows Components","WinRM Service: Allow Basic authentication",Registry,,HKLM:\Software\Policies\Microsoft\Windows\WinRM\Service,AllowBasic,,,,1,0,=,Medium +11011,"Administrative Templates: Windows Components","WinRM Service: Allow unencrypted traffic",Registry,,HKLM:\Software\Policies\Microsoft\Windows\WinRM\Service,AllowUnencryptedTraffic,,,,1,0,=,Medium +11012,"Administrative Templates: Windows Components","WinRM Service: Disallow WinRM from storing RunAs credentials",Registry,,HKLM:\Software\Policies\Microsoft\Windows\WinRM\Service,DisableRunAs,,,,0,1,=,Medium +11060,"Scheduled Task","XblGameSave Standby Task",ScheduledTask,XblGameSaveTask,,,,,,Ready,Disabled,=,Medium +11050,"System Services","Xbox Accessory Management Service (XboxGipSvc)",Registry,,HKLM:\SYSTEM\CurrentControlSet\Services\XboxGipSvc,Start,,,,3,4,=,Medium +11051,"System Services","Xbox Accessory Management Service (XboxGipSvc) (Service Startup type)",service,XboxGipSvc,,,,,,Manual,Disabled,=,Medium +11052,"System Services","Xbox Live Auth Manager (XblAuthManager)",Registry,,HKLM:\SYSTEM\CurrentControlSet\Services\XblAuthManager,Start,,,,3,4,=,Medium +11053,"System Services","Xbox Live Auth Manager (XblAuthManager) (Service Startup type)",service,XblAuthManager,,,,,,Manual,Disabled,=,Medium +11054,"System Services","Xbox Live Game Save (XblGameSave)",Registry,,HKLM:\SYSTEM\CurrentControlSet\Services\XblGameSave,Start,,,,3,4,=,Medium +11055,"System Services","Xbox Live Game Save (XblGameSave) (Service Startup type)",service,XblGameSave,,,,,,Manual,Disabled,=,Medium +11056,"System Services","Xbox Live Networking Service (XboxNetApiSvc)",Registry,,HKLM:\SYSTEM\CurrentControlSet\Services\XboxNetApiSvc,Start,,,,3,4,=,Medium +11057,"System Services","Xbox Live Networking Service (XboxNetApiSvc) (Service Startup type)",service,XboxNetApiSvc,,,,,,Manual,Disabled,=,Medium diff --git a/lists/finding_list_msft_security_baseline_windows_11_23h2_user.csv b/lists/finding_list_msft_security_baseline_windows_11_23h2_user.csv new file mode 100644 index 0000000..0d9d0a9 --- /dev/null +++ b/lists/finding_list_msft_security_baseline_windows_11_23h2_user.csv @@ -0,0 +1,6 @@ +ID,Category,Name,Method,MethodArgument,RegistryPath,RegistryItem,ClassName,Namespace,Property,DefaultValue,RecommendedValue,Operator,Severity +10000,"Administrative Templates: Start Menu and Taskbar","Notifications: Turn off toast notifications on the lock screen",Registry,,HKCU:\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\PushNotifications,NoToastApplicationNotificationOnLockScreen,,,,0,1,=,Medium +10001,"Administrative Templates: Windows Components","Cloud Content: Do not suggest third-party content in Windows spotlight",Registry,,HKCU:\Software\Policies\Microsoft\Windows\CloudContent,DisableThirdPartySuggestions,,,,0,1,=,Medium +10002,"Internet Explorer","Turn on the auto-complete feature for user names and passwords on forms (Main)",Registry,,"HKCU:\Software\Policies\Microsoft\Internet Explorer\Main","FormSuggest Passwords",,,,,no,=,Medium +10003,"Internet Explorer","Turn on the auto-complete feature for user names and passwords on forms (Control Panel)",Registry,,"HKCU:\Software\Policies\Microsoft\Internet Explorer\Control Panel","FormSuggest Passwords",,,,,1,=,Medium +10004,"Internet Explorer","Turn on the auto-complete feature for user names and passwords on forms (Ask)",Registry,,"HKCU:\Software\Policies\Microsoft\Internet Explorer\Main","FormSuggest PW Ask",,,,,no,=,Medium