Condividi tramite


Impostazioni della baseline di sicurezza

Di seguito sono riportati i nomi delle impostazioni dei criteri di sicurezza, i percorsi dei criteri e le impostazioni usate in Microsoft Managed Desktop.

PUAProtection

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/Defender/PUAProtection
  • Impostazione: 1

SetDisablePauseUXAccess

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/Update/SetDisablePauseUXAccess
  • Impostazione: 1

SvchostProcessMitigation

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/ServiceControlManager/SvchostProcessMitigation
  • Impostazione: <Enabled/>

LetAppsActivateWithVoice

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/Privacy/LetAppsActivateWithVoice
  • Impostazione: 2

ConfigureTelemetryOptinChangeNotification

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/System/ConfigureTelemetryOptinChangeNotification
  • Impostazione: 0

ConfigureTelemetryOptInSettingsUX

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/System/ConfigureTelemetryOptInSettingsUX
  • Impostazione: 0

DisableDeviceDelete

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/System/DisableDeviceDelete
  • Impostazione: 0

AllowMicrosoftAccountsToBeOptional

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/AppRuntime/AllowMicrosoftAccountsToBeOptional
  • Impostazione: <Enabled/>

DisallowAutoplayForNonVolumeDevices

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/Autoplay/DisallowAutoplayForNonVolumeDevices
  • Impostazione: <Enabled/>

SetDefaultAutoRunBehavior

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/Autoplay/SetDefaultAutoRunBehavior
  • Impostazione: <Enabled/><Data id=""""NoAutorun_Dropdown"""" value=""""1""""/>

TurnOffAutoPlay

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/Autoplay/TurnOffAutoPlay
  • Impostazione: <Enabled/><Data id=""""Autorun_Box"""" value=""""255""""/>

HardenedUNCPaths

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/Connectivity/HardenedUNCPaths
  • Impostazione: "<Enabled/><Data id=""Pol_HardenedPaths"" value=""\\*\SYSVOL&#xF000;RequireMutualAuthentication=1,RequireIntegrity=1&#xF000;\\*\NETLOGON&#xF000;RequireMutualAuthentication=1,RequireIntegrity=1""/>"

DisableDownloadingOfPrintDriversOverHTTP

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/Connectivity/DisableDownloadingOfPrintDriversOverHTTP
  • Impostazione: <Enabled/>

DisableInternetDownloadForWebPublishingAndOnlineOrderingWizards

  • Percorso dei criteri:./Device/Vendor/MSFT/Policy/Config/Connectivity/DisableInternetDownloadForWebPublishingAndOnlineOrderingWizards
  • Impostazione: <Enabled/>

DiablePrintingOverHTTP

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/Connectivity/DiablePrintingOverHTTP
  • Impostazione: <Disabled/>

AllowPINLogon

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/CredentialProviders/AllowPINLogon
  • Impostazione: <Disabled/>

RemoteHostAllowsDelegationOfNonExportableCredentials

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/CredentialsDelegation/RemoteHostAllowsDelegationOfNonExportableCredentials
  • Impostazione: <Enabled/>

EnumerateAdministrators

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/CredentialsUI/EnumerateAdministrators
  • Impostazione: <Disabled/>

PreventInstallationOfMatchingDeviceSetupClasses

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/DeviceInstallation/PreventInstallationOfMatchingDeviceSetupClasses
  • Impostazione: <Enabled/><Data id=""""DeviceInstall_Classes_Deny_List"""" value=""""1&#xF000;{d48179be-ec20-11d1-b6b8-00c04fa372a7}""""/><Data id=""""DeviceInstall_Classes_Deny_Retroactive"""" value=""""true""""/>

PreventLockScreenSlideShow

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/DeviceLock/PreventLockScreenSlideShow
  • Impostazione: <Enabled/>

PreventEnablingLockScreenCamera

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/DeviceLock/PreventEnablingLockScreenCamera
  • Impostazione: <Enabled/>

SpecifyMaximumFileSizeApplicationLog

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/EventLogService/SpecifyMaximumFileSizeApplicationLog
  • Impostazione: <Enabled/><Data id=""""Channel_LogMaxSize"""" value=""""32768""""/>

SpecifyMaximumFileSizeSecurityLog

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/EventLogService/SpecifyMaximumFileSizeSecurityLog
  • Impostazione: <Enabled/><Data id=""""Channel_LogMaxSize"""" value=""""196608""""/>

SpecifyMaximumFileSizeSystemLog

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/EventLogService/SpecifyMaximumFileSizeSystemLog
  • Impostazione: <Enabled/><Data id=""""Channel_LogMaxSize"""" value=""""32768""""/>

TurnOffDataExecutionPreventionForExplorer

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/FileExplorer/TurnOffDataExecutionPreventionForExplorer
  • Impostazione:<Disabled/>

TurnOffHeapTerminationOnCorruption

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/FileExplorer/TurnOffHeapTerminationOnCorruption
  • Impostazione: <Disabled/>

DoNotAllowUsersToAddSites

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/DoNotAllowUsersToAddSites
  • Impostazione: <Enabled/>

DoNotAllowUsersToChangePolicies

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/DoNotAllowUsersToChangePolicies
  • Impostazione: <Enabled/>

DisableEncryptionSupport

  • Percorso dei criteri:./Device/Vendor/MSFT/Policy/Config/InternetExplorer/DisableEncryptionSupport
  • Impostazione: <Enabled/><Data id=""""Advanced_WinInetProtocolOptions"""" value=""""2688""""/>

AllowEnhancedProtectedMode

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/AllowEnhancedProtectedMode
  • Impostazione: <Enabled/>

IncludeAllNetworkPaths

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/IncludeAllNetworkPaths
  • Impostazione: <Disabled/>

InternetZoneAllowAccessToDataSources

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/InternetZoneAllowAccessToDataSources
  • Impostazione: <Enabled/><Data id=""""IZ_Partname1406"""" value=""""3""""/>

RestrictedSitesZoneAllowAccessToDataSources

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneAllowAccessToDataSources
  • Impostazione: <Enabled/><Data id=""""IZ_Partname1406"""" value=""""3""""/>

InternetZoneAllowScriptlets

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/InternetZoneAllowScriptlets
  • Impostazione: <Enabled/><Data id=""""IZ_Partname1209"""" value=""""3""""/>

RestrictedSitesZoneAllowScriptlets

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneAllowScriptlets
  • Impostazione: <Enabled/><Data id=""""IZ_Partname1209"""" value=""""3""""/>

InternetZoneAllowAutomaticPromptingForFileDownloads

  • Percorso dei criteri: './Device/Vendor/MSFT/Policy/Config/InternetExplorer/InternetZoneAllowAutomaticPromptingForFileDownloads
  • Impostazione: <Enabled/><Data id=""""IZ_Partname2200"""" value=""""3""""/>

RestrictedSitesZoneAllowAutomaticPromptingForFileDownloads

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneAllowAutomaticPromptingForFileDownloads
  • Impostazione: <Enabled/><Data id=""""IZ_Partname2200"""" value=""""3""""/>

InternetZoneInitializeAndScriptActiveXControls

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/InternetZoneInitializeAndScriptActiveXControls
  • Impostazione: <Enabled/><Data id=""""IZ_Partname1201"""" value=""""3""""/>

IntranetZoneInitializeAndScriptActiveXControls

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/IntranetZoneInitializeAndScriptActiveXControls
  • Impostazione: <Enabled/><Data id=""""IZ_Partname1201"""" value=""""3""""/>

TrustedSitesZoneInitializeAndScriptActiveXControls

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/TrustedSitesZoneInitializeAndScriptActiveXControls
  • Impostazione: <Enabled/><Data id=""""IZ_Partname1201"""" value=""""3""""/>

RestrictedSitesZoneInitializeAndScriptActiveXControls

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneInitializeAndScriptActiveXControls
  • Impostazione: <Enabled/><Data id=""""IZ_Partname1201"""" value=""""3""""/>

InternetZoneNavigateWindowsAndFrames

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/InternetZoneNavigateWindowsAndFrames
  • Impostazione: <Enabled/><Data ID=""""IZ_Partname1607""" value=""""3""""/>

RestrictedSitesZoneNavigateWindowsAndFrames

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneNavigateWindowsAndFrames
  • Impostazione: <Enabled/><Data id=""""IZ_Partname1607"""" value=""""3""""/>

InternetZoneAllowNETFrameworkReliantComponents'

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/InternetZoneAllowNETFrameworkReliantComponents
  • Impostazione: <Enabled/><Data id=""""IZ_Partname2004"""" value=""""3""""/>

RestrictedSitesZoneAllowNETFrameworkReliantComponents

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneAllowNETFrameworkReliantComponents
  • Impostazione: <Enabled/><Data id=""""IZ_Partname2004"""" value=""""3""""/>

InternetZoneAllowSmartScreenIE

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/InternetZoneAllowSmartScreenIE
  • Impostazione: <Enabled/><Data id=""""IZ_Partname2301"""" value=""""0""""/>

LockedDownInternetZoneAllowSmartScreenIE

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/LockedDownInternetZoneAllowSmartScreenIE
  • Impostazione: <Enabled/><Data id=""""IZ_Partname2301"""" value=""""0""""/>

RestrictedSitesZoneAllowSmartScreenIE

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneAllowSmartScreenIE
  • Impostazione: <Enabled/><Data id=""""IZ_Partname2301"""" value=""""0""""/>

LockedDownRestrictedSitesZoneAllowSmartScreenIE

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/LockedDownRestrictedSitesZoneAllowSmartScreenIE
  • Impostazione: <Enabled/><Data id=""""IZ_Partname2301"""" value=""""0""""/>

InternetZoneAllowUserDataPersistence

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/InternetZoneAllowUserDataPersistence
  • Impostazione: <Enabled/><Data id=""""IZ_Partname1606"""" value=""""3""""/>

RestrictedSitesZoneAllowUserDataPersistence

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneAllowUserDataPersistence
  • Impostazione: <Enabled/><Data id=""""IZ_Partname1606"""" value=""""3""""/>

InternetZoneAllowLessPrivilegedSites

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/InternetZoneAllowLessPrivilegedSites
  • Impostazione: <Enabled/><Data id=""""IZ_Partname2101"""" value=""""3""""/>

RestrictedSitesZoneAllowLessPrivilegedSites

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneAllowLessPrivilegedSites
  • Impostazione: <Enabled/><Data id=""""IZ_Partname2101"""" value=""""3""""/>

DoNotBlockOutdatedActiveXControls

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/DoNotBlockOutdatedActiveXControls
  • Impostazione: <Disabled/>

DisableEnclosureDownloading

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/DisableEnclosureDownloading
  • Impostazione: <Enabled/>

DisableBypassOfSmartScreenWarnings

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/DisableBypassOfSmartScreenWarnings
  • Impostazione: <Enabled/>

DisableBypassOfSmartScreenWarningsAboutUncommonFiles

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/DisableBypassOfSmartScreenWarningsAboutUncommonFiles
  • Impostazione: <Enabled/>

RestrictedSitesZoneAllowActiveScripting

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneAllowActiveScripting
  • Impostazione: <Enabled/><Data id=""""IZ_Partname1400"""" value=""""3""""/>

RestrictedSitesZoneAllowBinaryAndScriptBehaviors

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneAllowBinaryAndScriptBehaviors
  • Impostazione: <Enabled/><Data id=""""IZ_Partname2000"""" value=""""3""""/>

InternetZoneAllowCopyPasteViaScript

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/InternetZoneAllowCopyPasteViaScript
  • Impostazione: <Enabled/><Data id=""""IZ_Partname1407"""" value=""""3""""/>

RestrictedSitesZoneAllowCopyPasteViaScript

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneAllowCopyPasteViaScript
  • Impostazione: <Enabled/><Data id=""""IZ_Partname1407"""" value=""""3""""/>

InternetZoneAllowDragAndDropCopyAndPasteFiles

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/InternetZoneAllowDragAndDropCopyAndPasteFiles
  • Impostazione: <Enabled/><Data id=""""IZ_Partname1802"""" value=""""3""""/>

RestrictedSitesZoneAllowDragAndDropCopyAndPasteFiles

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneAllowDragAndDropCopyAndPasteFiles
  • Impostazione: <Enabled/><Data id=""""IZ_Partname1802"""" value=""""3""""/>

AllowFallbackToSSL3

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/AllowFallbackToSSL3
  • Impostazione: <Enabled/><Data id=""""Advanced_EnableSSL3FallbackOptions"""" value=""""0""""/>

RestrictedSitesZoneAllowFileDownloads

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneAllowFileDownloads
  • Impostazione: <Enabled/><Data id=""""IZ_Partname1803"""" value=""""3""""/>

InternetZoneAllowLoadingOfXAMLFiles

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/InternetZoneAllowLoadingOfXAMLFiles
  • Impostazione: <Enabled/><Data id=""""IZ_Partname2402"""" value=""""3""""/>

RestrictedSitesZoneAllowLoadingOfXAMLFiles

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneAllowLoadingOfXAMLFiles
  • Impostazione: <Enabled/><Data id=""""IZ_Partname2402"""" value=""""3""""/>

RestrictedSitesZoneAllowMETAREFRESH

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneAllowMETAREFRESH
  • Impostazione: <Enabled/><Data id=""""IZ_Partname1608"""" value=""""3""""/>

InternetZoneAllowOnlyApprovedDomainsToUseActiveXControls

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/InternetZoneAllowOnlyApprovedDomainsToUseActiveXControls
  • Impostazione: <Enabled/><Data id=""""IZ_Partname120b"""" value=""""3""""/>

RestrictedSitesZoneAllowOnlyApprovedDomainsToUseActiveXControls

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneAllowOnlyApprovedDomainsToUseActiveXControls
  • Impostazione:<Enabled/><Data id=""""IZ_Partname120b"""" value=""""3""""/>

InternetZoneAllowOnlyApprovedDomainsToUseTDCActiveXControl

  • Percorso dei criteri:./Device/Vendor/MSFT/Policy/Config/InternetExplorer/InternetZoneAllowOnlyApprovedDomainsToUseTDCActiveXControl
  • Impostazione: <Enabled/><Data id=""""IZ_Partname120c"""" value=""""3""""/>

RestrictedSitesZoneAllowOnlyApprovedDomainsToUseTDCActiveXControl

  • Percorso dei criteri:./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneAllowOnlyApprovedDomainsToUseTDCActiveXControl
  • Impostazione: <Enabled/><Data id=""""IZ_Partname120c"""" value=""""3""""/>

InternetZoneAllowScriptingOfInternetExplorerWebBrowserControls

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/InternetZoneAllowScriptingOfInternetExplorerWebBrowserControls
  • Impostazione: <Enabled/><Data id=""""IZ_Partname1206"""" value=""""3""""/>

RestrictedSitesZoneAllowScriptingOfInternetExplorerWebBrowserControls'

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneAllowScriptingOfInternetExplorerWebBrowserControls
  • Impostazione: <Enabled/><Data id=""""IZ_Partname1206"""" value=""""3""""/>

InternetZoneAllowScriptInitiatedWindows

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/InternetZoneAllowScriptInitiatedWindows
  • Impostazione: <Enabled/><Data id=""""IZ_Partname2102"""" value=""""3""""/>

RestrictedSitesZoneAllowScriptInitiatedWindows

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneAllowScriptInitiatedWindows
  • Impostazione: <Enabled/><Data id=""""IZ_Partname2102"""" value=""""3""""/>

AllowSoftwareWhenSignatureIsInvalid

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/AllowSoftwareWhenSignatureIsInvalid
  • Impostazione: <Disabled/>

InternetZoneAllowUpdatesToStatusBarViaScript

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/InternetZoneAllowUpdatesToStatusBarViaScript
  • Impostazione: <Enabled/><Data id=""""IZ_Partname2103"""" value=""""3""""/>

RestrictedSitesZoneAllowUpdatesToStatusBarViaScript

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneAllowUpdatesToStatusBarViaScript
  • Impostazione: <Enabled/><Data id=""""IZ_Partname2103"""" value=""""3""""/>

CheckServerCertificateRevocation

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/CheckServerCertificateRevocation
  • Impostazione: <Enabled/>

CheckSignaturesOnDownloadedPrograms

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/CheckSignaturesOnDownloadedPrograms
  • Impostazione: <Enabled/>

DoNotAllowActiveXControlsInProtectedMode

  • Percorso dei criteri:./Device/Vendor/MSFT/Policy/Config/InternetExplorer/DoNotAllowActiveXControlsInProtectedMode
  • Impostazione: <Enabled/>

InternetZoneDoNotRunAntimalwareAgainstActiveXControls

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/InternetZoneDoNotRunAntimalwareAgainstActiveXControls
  • Impostazione: <Enabled/><Data id=""""IZ_Partname270C"""" value=""""0""""/>

IntranetZoneDoNotRunAntimalwareAgainstActiveXControls

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/IntranetZoneDoNotRunAntimalwareAgainstActiveXControls
  • Impostazione: <Enabled/><Data id=""""IZ_Partname270C"""" value=""""0""""/>

LocalMachineZoneDoNotRunAntimalwareAgainstActiveXControls

  • Percorso dei criteri:./Device/Vendor/MSFT/Policy/Config/InternetExplorer/LocalMachineZoneDoNotRunAntimalwareAgainstActiveXControls
  • Impostazione: <Enabled/><Data id=""""IZ_Partname270C"""" value=""""0""""/>

RestrictedSitesZoneDoNotRunAntimalwareAgainstActiveXControls

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneDoNotRunAntimalwareAgainstActiveXControls
  • Impostazione: <Enabled/><Data id=""""IZ_Partname270C"""" value=""""0""""/>

TrustedSitesZoneDoNotRunAntimalwareAgainstActiveXControls

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/TrustedSitesZoneDoNotRunAntimalwareAgainstActiveXControls
  • Impostazione <Enabled/><Data id=""""IZ_Partname270C"""" value=""""0""""/>

PreventManagingSmartScreenFilter

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/PreventManagingSmartScreenFilter
  • Impostazione: <Enabled/><Data id=""""IE9SafetyFilterOptions"""" value=""""1""""/>

InternetZoneDownloadSignedActiveXControls

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/InternetZoneDownloadSignedActiveXControls
  • Impostazione: <Enabled/><Data id=""""IZ_Partname1001"""" value=""""3""""/>

RestrictedSitesZoneDownloadSignedActiveXControls

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneDownloadSignedActiveXControls
  • Impostazione: <Enabled/><Data id=""""IZ_Partname1001"""" value=""""3""""/>

InternetZoneDownloadUnsignedActiveXControls

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/InternetZoneDownloadUnsignedActiveXControls
  • Impostazione: <Enabled/><Data id=""""IZ_Partname1004"""" value=""""3""""/>

RestrictedSitesZoneDownloadUnsignedActiveXControls

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneDownloadUnsignedActiveXControls
  • Impostazione: <Enabled/><Data id=""""IZ_Partname1004"""" value=""""3""""/>

InternetZoneEnableDraggingOfContentFromDifferentDomainsAcrossWindows

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/InternetZoneEnableDraggingOfContentFromDifferentDomainsAcrossWindows
  • Impostazione: <Enabled/><Data id=""""IZ_Partname2709"""" value=""""3""""/>

RestrictedSitesZoneEnableDraggingOfContentFromDifferentDomainsAcrossWindows

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneEnableDraggingOfContentFromDifferentDomainsAcrossWindows
  • Impostazione: <Enabled/><Data id=""""IZ_Partname2709"""" value=""""3""""/>

InternetZoneEnableDraggingOfContentFromDifferentDomainsWithinWindows

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/InternetZoneEnableDraggingOfContentFromDifferentDomainsWithinWindows
  • Impostazione <Enabled/><Data id=""""IZ_Partname2708"""" value=""""3""""/>

RestrictedSitesZoneEnableDraggingOfContentFromDifferentDomainsWithinWindows

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneEnableDraggingOfContentFromDifferentDomainsWithinWindows
  • Impostazione: <Enabled/><Data id=""""IZ_Partname2708"""" value=""""3""""/>

InternetZoneIncludeLocalPathWhenUploadingFilesToServer

  • Percorso dei criteri:./Device/Vendor/MSFT/Policy/Config/InternetExplorer/InternetZoneIncludeLocalPathWhenUploadingFilesToServer
  • Impostazione: <Enabled/><Data id=""""IZ_Partname160A"""" value=""""3""""/>

RestrictedSitesZoneIncludeLocalPathWhenUploadingFilesToServer

  • Percorso dei criteri:./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneIncludeLocalPathWhenUploadingFilesToServer
  • Impostazione: <Enabled/><Data id=""""IZ_Partname160A"""" value=""""3""""/>

ConsistentMimeHandlingInternetExplorerProcesses

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/ConsistentMimeHandlingInternetExplorerProcesses
  • Impostazione: <Enabled/>

MimeSniffingSafetyFeatureInternetExplorerProcesses

  • Percorso dei criteri:./Device/Vendor/MSFT/Policy/Config/InternetExplorer/MimeSniffingSafetyFeatureInternetExplorerProcesses
  • Impostazione: <Enabled/>

MKProtocolSecurityRestrictionInternetExplorerProcesses

  • Percorso dei criteri:./Device/Vendor/MSFT/Policy/Config/InternetExplorer/MKProtocolSecurityRestrictionInternetExplorerProcesses
  • Impostazione: <Enabled/>

NotificationBarInternetExplorerProcesses

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/NotificationBarInternetExplorerProcesses
  • Impostazione: <Enabled/>

ProtectionFromZoneElevationInternetExplorerProcesses

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/ProtectionFromZoneElevationInternetExplorerProcesses
  • Impostazione: <Enabled/>

RestrictActiveXInstallInternetExplorerProcesses

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictActiveXInstallInternetExplorerProcesses
  • Impostazione: <Enabled/>

RestrictFileDownloadInternetExplorerProcesses

  • Percorso dei criteri:./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictFileDownloadInternetExplorerProcesses
  • Impostazione: <Enabled/>

ScriptedWindowSecurityRestrictionsInternetExplorerProcesses

  • Percorso dei criteri:./Device/Vendor/MSFT/Policy/Config/InternetExplorer/ScriptedWindowSecurityRestrictionsInternetExplorerProcesses
  • Impostazione: <Enabled/>

InternetZoneJavaPermissions

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/InternetZoneJavaPermissions
  • Impostazione: <Enabled/><Data id=""""IZ_Partname1C00"""" value=""""0""""/>

IntranetZoneJavaPermissions

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/IntranetZoneJavaPermissions
  • Impostazione: <Enabled/><Data id=""""IZ_Partname1C00"""" value=""""65536""""/>

LocalMachineZoneJavaPermissions

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/LocalMachineZoneJavaPermissions
  • Impostazione: <Enabled/><Data id=""""IZ_Partname1C00"""" value=""""0""""/>

LockedDownLocalMachineZoneJavaPermissions

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/LockedDownLocalMachineZoneJavaPermissions
  • Impostazione: <Enabled/><Data id=""""IZ_Partname1C00"""" value=""""0""""/>

LockedDownRestrictedSitesZoneJavaPermissions

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/LockedDownRestrictedSitesZoneJavaPermissions
  • Impostazione: <Enabled/><Data id=""""IZ_Partname1C00"""" value=""""0""""/>

LockedDownTrustedSitesZoneJavaPermissions

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/LockedDownTrustedSitesZoneJavaPermissions
  • Impostazione: <Enabled/><Data id=""""IZ_Partname1C00"""" value=""""0""""/>

RestrictedSitesZoneJavaPermissions

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneJavaPermissions
  • Impostazione: <Enabled/><Data id=""""IZ_Partname1C00"""" value=""""0""""/>

TrustedSitesZoneJavaPermissions

  • Percorso dei criteri:./Device/Vendor/MSFT/Policy/Config/InternetExplorer/TrustedSitesZoneJavaPermissions
  • Impostazione: <Enabled/><Data id=""""IZ_Partname1C00"""" value=""""65536""""/>

InternetZoneLaunchingApplicationsAndFilesInIFRAME

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/InternetZoneLaunchingApplicationsAndFilesInIFRAME
  • Impostazione: <Enabled/><Data id=""""IZ_Partname1804"""" value=""""3""""/>

RestrictedSitesZoneLaunchingApplicationsAndFilesInIFRAME

  • Percorso dei criteri:./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneLaunchingApplicationsAndFilesInIFRAME
  • Impostazione: <Enabled/><Data id=""""IZ_Partname1804"""" value=""""3""""/>

InternetZoneLogonOptions

  • Percorso dei criteri:./Device/Vendor/MSFT/Policy/Config/InternetExplorer/InternetZoneLogonOptions
  • Impostazione: <Enabled/><Data id=""""IZ_Partname1A00"""" value=""""65536""""/>

RestrictedSitesZoneLogonOptions

  • Percorso dei criteri:./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneLogonOptions
  • Impostazione: <Enabled/><Data id=""""IZ_Partname1A00"""" value=""""196608""""/>

DisableIgnoringCertificateErrors

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/DisableIgnoringCertificateErrors
  • Impostazione: <Enabled/>

PreventPerUserInstallationOfActiveXControls

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/PreventPerUserInstallationOfActiveXControls
  • Impostazione: <Enabled/>

RemoveRunThisTimeButtonForOutdatedActiveXControls

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RemoveRunThisTimeButtonForOutdatedActiveXControls
  • Impostazione: <Enabled/>

InternetZoneRunNETFrameworkReliantComponentsSignedWithAuthenticode

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/InternetZoneRunNETFrameworkReliantComponentsSignedWithAuthenticode
  • Impostazione: <Enabled/><Data id=""""IZ_Partname2001"""" value=""""3""""/> |

RestrictedSitesZoneRunNETFrameworkReliantComponentsSignedWithAuthenticode

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneRunNETFrameworkReliantComponentsSignedWithAuthenticode
  • Impostazione: <Enabled/><Data id=""""IZ_Partname2001"""" value=""""3""""/>

RestrictedSitesZoneRunActiveXControlsAndPlugins

  • Percorso dei criteri:./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneRunActiveXControlsAndPlugins
  • Impostazione: <Enabled/><Data id=""""IZ_Partname1200"""" value=""""3""""/>

RestrictedSitesZoneScriptActiveXControlsMarkedSafeForScripting

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneScriptActiveXControlsMarkedSafeForScripting
  • Impostazione: <Enabled/><Data id=""""IZ_Partname1405"""" value=""""3""""/>

RestrictedSitesZoneScriptingOfJavaApplets

  • Percorso dei criteri:./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneScriptingOfJavaApplets
  • Impostazione: <Enabled/><Data id=""""IZ_Partname1402"""" value=""""3""""/>

SecurityZonesUseOnlyMachineSettings

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/SecurityZonesUseOnlyMachineSettings
  • Impostazione: <Enabled/>

InternetZoneShowSecurityWarningForPotentiallyUnsafeFiles

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/InternetZoneShowSecurityWarningForPotentiallyUnsafeFiles
  • Impostazione: <Enabled/><Data id=""""IZ_Partname1806"""" value=""""1""""/>

RestrictedSitesZoneShowSecurityWarningForPotentiallyUnsafeFiles

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneShowSecurityWarningForPotentiallyUnsafeFiles
  • Impostazione: <Enabled/><Data id=""""IZ_Partname1806"""" value=""""3""""/>

SpecifyUseOfActiveXInstallerService

  • Percorso dei criteri:./Device/Vendor/MSFT/Policy/Config/InternetExplorer/SpecifyUseOfActiveXInstallerService
  • Impostazione: <Enabled/>

DisableCrashDetection

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/DisableCrashDetection
  • Impostazione: <Enabled/>

DisableSecuritySettingsCheck

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/DisableSecuritySettingsCheck
  • Impostazione: <Disabled/>

DisableProcessesInEnhancedProtectedMode

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/DisableProcessesInEnhancedProtectedMode
  • Impostazione: <Enabled/>

AllowCertificateAddressMismatchWarning

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/AllowCertificateAddressMismatchWarning
  • Impostazione: <Enabled/>

InternetZoneEnableCrossSiteScriptingFilter

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/InternetZoneEnableCrossSiteScriptingFilter
  • Impostazione: <Enabled/><Data id=""""IZ_Partname1409"""" value=""""0""""/>

RestrictedSitesZoneEnableCrossSiteScriptingFilter

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneEnableCrossSiteScriptingFilter
  • Impostazione: <Enabled/><Data id=""""IZ_Partname1409"""" value=""""0""""/>

InternetZoneEnableProtectedMode

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/InternetZoneEnableProtectedMode
  • Impostazione" <Enabled/><Data id=""""IZ_Partname2500"""" value=""""0""""/>

RestrictedSitesZoneTurnOnProtectedMode

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneTurnOnProtectedMode
  • Impostazione: <Enabled/><Data id=""""IZ_Partname2500"""" value=""""0""""/>

InternetZoneUsePopupBlocker

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/InternetZoneUsePopupBlocker
  • Impostazione: <Enabled/><Data id=""""IZ_Partname1809"""" value=""""0""""/>

RestrictedSitesZoneUsePopupBlocker

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneUsePopupBlocker
  • Impostazione: <Enabled/><Data id=""""IZ_Partname1809"""" value=""""0""""/>

InternetZoneAllowVBScriptToRunInInternetExplorer

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/InternetZoneAllowVBScriptToRunInInternetExplorer
  • Impostazione: <Enabled/><Data id=""""IZ_Partname140C"""" value=""""3""""/>

LockedDownIntranetJavaPermissions

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/LockedDownIntranetJavaPermissions
  • Impostazione: <Enabled/><Data id=""""IZ_Partname1C00"""" value=""""0""""/>

RestrictedSitesZoneAllowVBScriptToRunInInternetExplorer

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneAllowVBScriptToRunInInternetExplorer
  • Impostazione: <Enabled/><Data id=""""IZ_Partname140C"""" value=""""3""""/>

ApplyUACRestrictionsToLocalAccountsOnNetworkLogon

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/MSSecurityGuide/ApplyUACRestrictionsToLocalAccountsOnNetworkLogon
  • Impostazione: <Enabled/>

ConfigureSMBV1Server

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/MSSecurityGuide/ConfigureSMBV1Server
  • Impostazione: <Disabled/>

ConfigureSMBV1ClientDriver

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/MSSecurityGuide/ConfigureSMBV1ClientDriver
  • Impostazione: <Enabled/><Data id=""""Pol_SecGuide_SMB1ClientDriver"""" value=""""4""""/>

EnableStructuredExceptionHandlingOverwriteProtection

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/MSSecurityGuide/EnableStructuredExceptionHandlingOverwriteProtection
  • Impostazione: <Enabled/>

WDigestAuthentication

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/MSSecurityGuide/WDigestAuthentication
  • Impostazione: <Disabled/>

TurnOnWindowsDefenderProtectionAgainstPotentiallyUnwantedApplications

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/MSSecurityGuide/TurnOnWindowsDefenderProtectionAgainstPotentiallyUnwantedApplications
  • Impostazione: <Enabled/>

IPv6SourceRoutingProtectionLevel

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/MSSLegacy/IPv6SourceRoutingProtectionLevel
  • Impostazione: <Enabled/><Data id=""""DisableIPSourceRoutingIPv6"""" value=""""2""""/>

IPSourceRoutingProtectionLevel

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/MSSLegacy/IPSourceRoutingProtectionLevel
  • Impostazione: <Enabled/><Data id=""""DisableIPSourceRouting"""" value=""""2""""/>

AllowICMPRedirectsToOverrideOSPFGeneratedRoutes

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/MSSLegacy/AllowICMPRedirectsToOverrideOSPFGeneratedRoutes
  • Impostazione: <Disabled/>

AllowTheComputerToIgnoreNetBIOSNameReleaseRequestsExceptFromWINSServers

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/MSSLegacy/AllowTheComputerToIgnoreNetBIOSNameReleaseRequestsExceptFromWINSServers
  • Impostazione: <Enabled/>

AllowStandbyWhenSleepingPluggedIn

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/Power/AllowStandbyWhenSleepingPluggedIn
  • Impostazione: <Disabled/>

RequirePasswordWhenComputerWakesOnBattery

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/Power/RequirePasswordWhenComputerWakesOnBattery
  • Impostazione: <Enabled/>

RequirePasswordWhenComputerWakesPluggedIn

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/Power/RequirePasswordWhenComputerWakesPluggedIn
  • Impostazione: <Enabled/>

AllowStandbyStatesWhenSleepingOnBattery

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/Power/AllowStandbyStatesWhenSleepingOnBattery
  • Impostazione: <Disabled/>

SolicitedRemoteAssistance

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/RemoteAssistance/SolicitedRemoteAssistance
  • Impostazione: <Disabled/>

DoNotAllowPasswordSaving

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/RemoteDesktopServices/DoNotAllowPasswordSaving
  • Impostazione: <Enabled/>

DoNotAllowDriveRedirection

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/RemoteDesktopServices/DoNotAllowDriveRedirection
  • Impostazione: <Enabled/>

PromptForPasswordUponConnection

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/RemoteDesktopServices/PromptForPasswordUponConnection
  • Impostazione: <Enabled/>

RequireSecureRPCCommunication

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/RemoteDesktopServices/RequireSecureRPCCommunication
  • Impostazione: <Enabled/>

ClientConnectionEncryptionLevel

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/RemoteDesktopServices/ClientConnectionEncryptionLevel
  • Impostazione: <Enabled/><Data id=""""TS_ENCRYPTION_LEVEL"""" value=""""3""""/>

AllowBasicAuthentication_Client

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/RemoteManagement/AllowBasicAuthentication_Client
  • Impostazione: <Disabled/>

AllowBasicAuthentication_Service

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/RemoteManagement/AllowBasicAuthentication_Service
  • Impostazione: <Disabled/>

AllowUnencryptedTraffic_Client

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/RemoteManagement/AllowUnencryptedTraffic_Client
  • Impostazione: <Disabled/>

AllowUnencryptedTraffic_Service

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/RemoteManagement/AllowUnencryptedTraffic_Service
  • Impostazione: <Disabled/>

DisallowDigestAuthentication

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/RemoteManagement/DisallowDigestAuthentication
  • Impostazione: <Enabled/>

DisallowStoringOfRunAsCredentials

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/RemoteManagement/DisallowStoringOfRunAsCredentials
  • Impostazione: <Enabled/>

RestrictUnauthenticatedRPCClients

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/RemoteProcedureCall/RestrictUnauthenticatedRPCClients
  • Impostazione: <Enabled/><Data id=""""RpcRestrictRemoteClientsList"""" value=""""1""""/> |

BootStartDriverInitialization

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/System/BootStartDriverInitialization
  • Impostazione: <Enabled/><Data id=""""SelectDriverLoadPolicy"""" value=""""3""""/>

ProhitConnectionToNonDomainNetworksWhenConnectedToDomainAuthenticatedNetwork

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/WindowsConnectionManager/ProhitConnectionToNonDomainNetworksWhenConnectedToDomainAuthenticatedNetwork
  • Impostazione: <Enabled/>

EnumerateLocalUsersOnDomainJoinedComputers

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/WindowsLogon/EnumerateLocalUsersOnDomainJoinedComputers
  • Impostazione: <Disabled/>

AllowAutomaticRestartSignOn

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/WindowsLogon/AllowAutomaticRestartSignOn
  • Impostazione: <Disabled/>

TurnOnPowerShellScriptBlockLogging

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/WindowsPowerShell/TurnOnPowerShellScriptBlockLogging
  • Impostazione: <Enabled/><Data id=""""EnableScriptBlockInvocationLogging"""" value=""""true""""/>

AllowAutoComplete

  • Percorso dei criteri: ./User/Vendor/MSFT/Policy/Config/InternetExplorer/AllowAutoComplete
  • Impostazione: <Disabled/>

AllowGameDVR

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/ApplicationManagement/AllowGameDVR
  • Impostazione: 0

MSIAlwaysInstallWithElevatedPrivileges

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/ApplicationManagement/MSIAlwaysInstallWithElevatedPrivileges
  • Impostazione: 0

MSIAllowUserControlOverInstall

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/ApplicationManagement/MSIAllowUserControlOverInstall
  • Impostazione: 0

AllowPasswordManager

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/Browser/AllowPasswordManager
  • Impostazione: 0

AllowSmartScreen

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/Browser/AllowSmartScreen
  • Impostazione: 1

PreventSmartScreenPromptOverride

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/Browser/PreventSmartScreenPromptOverride
  • Impostazione: 1

PreventSmartScreenPromptOverrideForFiles

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/Browser/PreventSmartScreenPromptOverrideForFiles
  • Impostazione: 1

AllowBehaviorMonitoring

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/Defender/AllowBehaviorMonitoring
  • Impostazione: 1

AllowCloudProtection

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/Defender/AllowCloudProtection
  • Impostazione: 1

AllowEmailScanning

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/Defender/AllowEmailScanning
  • Impostazione: 1

AllowFullScanRemovableDriveScanning

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/Defender/AllowFullScanRemovableDriveScanning
  • Impostazione: 1

EnableNetworkProtection

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/Defender/EnableNetworkProtection
  • Impostazione 1

SubmitSamplesConsent

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/Defender/SubmitSamplesConsent
  • Impostazione: 1

DisallowExploitProtectionOverride

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/WindowsDefenderSecurityCenter/DisallowExploitProtectionOverride
  • Impostazione: 1

EnableVirtualizationBasedSecurity

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/DeviceGuard/EnableVirtualizationBasedSecurity
  • Impostazione: 1

RequirePlatformSecurityFeatures

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/DeviceGuard/RequirePlatformSecurityFeatures
  • Impostazione: 3

LsaCfgFlags

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/DeviceGuard/LsaCfgFlags
  • Impostazione: 1

AllowThirdPartySuggestionsInWindowsSpotlight

  • Percorso dei criteri: ./User/Vendor/MSFT/Policy/Config/Experience/AllowThirdPartySuggestionsInWindowsSpotlight
  • Impostazione: 0

AllowWindowsConsumerFeatures

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/Experience/AllowWindowsConsumerFeatures
  • Impostazione: 1

EnableInsecureGuestLogons

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/LanmanWorkstation/EnableInsecureGuestLogons
  • Impostazione: 0

AllowIndexingEncryptedStoresOrItems

Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/Search/AllowIndexingEncryptedStoresOrItems Impostazione: 0

EnableSmartScreenInShell

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/SmartScreen/EnableSmartScreenInShell
  • Impostazione: 1

PreventOverrideForFilesInShell

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/SmartScreen/PreventOverrideForFilesInShell
  • Impostazione: 1

AllowAutoConnectToWiFiSenseHotspots

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/Wifi/AllowAutoConnectToWiFiSenseHotspots
  • Impostazione: 0

AllowInternetSharing

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/Wifi/AllowInternetSharing
  • Impostazione: 0

AllowWindowsInkWorkspace

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/WindowsInkWorkspace/AllowWindowsInkWorkspace
  • Impostazione: 1

InteractiveLogon_SmartCardRemovalBehavior

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/LocalPoliciesSecurityOptions/InteractiveLogon_SmartCardRemovalBehavior
  • Impostazione: 1

NetworkAccess_RestrictClientsAllowedToMakeRemoteCallsToSAM

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/LocalPoliciesSecurityOptions/NetworkAccess_RestrictClientsAllowedToMakeRemoteCallsToSAM
  • Impostazione: O:BAG:BAD:(A;;RC;;;BA)

Accounts_LimitLocalAccountUseOfBlankPasswordsToConsoleLogonOnly

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/LocalPoliciesSecurityOptions/Accounts_LimitLocalAccountUseOfBlankPasswordsToConsoleLogonOnly
  • Impostazione: 1

InteractiveLogon_MachineInactivityLimit

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/LocalPoliciesSecurityOptions/InteractiveLogon_MachineInactivityLimit
  • Impostazione: 900

MicrosoftNetworkClient_SendUnencryptedPasswordToThirdPartySMBServers

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/LocalPoliciesSecurityOptions/MicrosoftNetworkClient_SendUnencryptedPasswordToThirdPartySMBServers
  • Impostazione: 0

MicrosoftNetworkServer_DigitallySignCommunicationsAlways

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/LocalPoliciesSecurityOptions/MicrosoftNetworkServer_DigitallySignCommunicationsAlways
  • Impostazione: 1

NetworkAccess_DoNotAllowAnonymousEnumerationOfSAMAccounts

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/LocalPoliciesSecurityOptions/NetworkAccess_DoNotAllowAnonymousEnumerationOfSAMAccounts
  • Impostazione: 1

NetworkAccess_DoNotAllowAnonymousEnumerationOfSamAccountsAndShares'

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/LocalPoliciesSecurityOptions/NetworkAccess_DoNotAllowAnonymousEnumerationOfSamAccountsAndShares
  • Impostazione: 1

NetworkAccess_RestrictAnonymousAccessToNamedPipesAndShares

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/LocalPoliciesSecurityOptions/NetworkAccess_RestrictAnonymousAccessToNamedPipesAndShares
  • Impostazione: 1

NetworkSecurity_DoNotStoreLANManagerHashValueOnNextPasswordChange

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/LocalPoliciesSecurityOptions/NetworkSecurity_DoNotStoreLANManagerHashValueOnNextPasswordChange
  • Impostazione: 1

NetworkSecurity_LANManagerAuthenticationLevel

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/LocalPoliciesSecurityOptions/NetworkSecurity_LANManagerAuthenticationLevel
  • Impostazione: 5

NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedServers

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/LocalPoliciesSecurityOptions/NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedServers
  • Impostazione: 537395200

UserAccountControl_UseAdminApprovalMode

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/LocalPoliciesSecurityOptions/UserAccountControl_UseAdminApprovalMode
  • Impostazione: 1

UserAccountControl_BehaviorOfTheElevationPromptForAdministrators

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/LocalPoliciesSecurityOptions/UserAccountControl_BehaviorOfTheElevationPromptForAdministrators
  • Impostazione: 2

UserAccountControl_BehaviorOfTheElevationPromptForStandardUsers

  • Percorso dei criteri:./Device/Vendor/MSFT/Policy/Config/LocalPoliciesSecurityOptions/UserAccountControl_BehaviorOfTheElevationPromptForStandardUsers
  • Impostazione: 3

UserAccountControl_OnlyElevateUIAccessApplicationsThatAreInstalledInSecureLocations

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/LocalPoliciesSecurityOptions/UserAccountControl_OnlyElevateUIAccessApplicationsThatAreInstalledInSecureLocations
  • Impostazione: 1

UserAccountControl_RunAllAdministratorsInAdminApprovalMode

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/LocalPoliciesSecurityOptions/UserAccountControl_RunAllAdministratorsInAdminApprovalMode
  • Impostazione: 1

UserAccountControl_VirtualizeFileAndRegistryWriteFailuresToPerUserLocations

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/LocalPoliciesSecurityOptions/UserAccountControl_VirtualizeFileAndRegistryWriteFailuresToPerUserLocations
  • Impostazione: 1

UserAccountControl_DetectApplicationInstallationsAndPromptForElevation

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/LocalPoliciesSecurityOptions/UserAccountControl_DetectApplicationInstallationsAndPromptForElevation
  • Impostazione: 1

MinimumPasswordAge

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/DeviceLock/MinimumPasswordAge
  • Impostazione: 1

BackupFilesAndDirectories

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/UserRights/BackupFilesAndDirectories
  • Impostazione: *S-1-5-32-544

CreatePageFile

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/UserRights/CreatePageFile
  • Impostazione: *S-1-5-32-544
  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/UserRights/CreateSymbolicLinks
  • Impostazione: *S-1-5-32-544

DebugProgrammi

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/UserRights/DebugPrograms
  • Impostazione: *S-1-5-32-544

DenyLocalLogOn

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/UserRights/DenyLocalLogOn
  • Impostazione: *S-1-5-32-546

RemoteShutdown

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/UserRights/RemoteShutdown
  • Impostazione: *S-1-5-32-544

LoadUnloadDeviceDrivers

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/UserRights/LoadUnloadDeviceDrivers
  • Impostazione: *S-1-5-32-544

ManageAuditingAndSecurityLog

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/UserRights/ManageAuditingAndSecurityLog
  • Impostazione: *S-1-5-32-544

ModifyFirmwareEnvironment'

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/UserRights/ModifyFirmwareEnvironment
  • Impostazione: *S-1-5-32-544

GestisciVolume

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/UserRights/ManageVolume
  • Impostazione: *S-1-5-32-544

ProfileSingleProcess

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/UserRights/ProfileSingleProcess
  • Impostazione: *S-1-5-32-544

RestoreFilesAndDirectories

  • Percorso dei criteri:./Device/Vendor/MSFT/Policy/Config/UserRights/RestoreFilesAndDirectories
  • Impostazione: *S-1-5-32-544

TakeOwnership

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/UserRights/TakeOwnership
  • Impostazione: *S-1-5-32-544

AllowToasts

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/AboveLock/AllowToasts
  • Impostazione: 0

AllowDirectMemoryAccess'

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/DataProtection/AllowDirectMemoryAccess
  • Impostazione: 0

AttackSurfaceReductionRules

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/Defender/AttackSurfaceReductionRules
  • Impostazione:
    • 75668c1f-73b5-4cf0-bb93-3ecf5cb7cc84=2|3b576869-a4ec-4529-8536-b80a7769e899=2|
    • d4f940ab-401b-4efc-aadc-ad5f3c50688a=2|92E97FA1-2EDF-4476-BDD6-9DD0B4DDDC7B=2|
    • 5beb7efe-fd9a-4556-801d-275e5ffc04cc=2|d3e037e1-3eb8-44c8-a917-57927947596d=2|
    • be9ba2d9-53ea-4cdc-84e5-9b1eeee46550=2|9e6c4e1f-7d60-472f-ba1a-a39ef669e4b2=2|
    • b2b3f03d-6a65-4f7b-a9c7-1c7ef74a9ba4=2|7674ba52-37eb-4a4f-a9a1-f0f9a1619a2c=2|

FacialFeaturesUseEnhancedAntiSpoofing

  • Percorso dei criteri: ./Device/Vendor/MSFT/PassportForWork/Biometrics/FacialFeaturesUseEnhancedAntiSpoofing
  • Impostazione: TRUE

EnableFirewall

  • Percorso dei criteri: ./Device/Vendor/MSFT/Firewall/MdmStore/DomainProfile/EnableFirewall
  • Impostazione: TRUE

DefaultInboundAction

  • Percorso dei criteri: ./Device/Vendor/MSFT/Firewall/MdmStore/DomainProfile/DefaultInboundAction
  • Impostazione: 1

DefaultOutboundAction

  • Percorso dei criteri: ./Device/Vendor/MSFT/Firewall/MdmStore/DomainProfile/DefaultOutboundAction
  • Impostazione: 0

DisableInboundNotifications

  • Percorso dei criteri: ./Device/Vendor/MSFT/Firewall/MdmStore/DomainProfile/DisableInboundNotifications
  • Impostazione: TRUE

EnableFirewall (profilo privato)

  • Percorso dei criteri: ./Device/Vendor/MSFT/Firewall/MdmStore/PrivateProfile/EnableFirewall
  • Impostazione: TRUE

DefaultInboundAction (profilo privato)

  • Percorso dei criteri: ./Device/Vendor/MSFT/Firewall/MdmStore/PrivateProfile/DefaultInboundAction
  • Impostazione: 1

DefaultOutboundAction (profilo privato)

  • Percorso dei criteri: ./Device/Vendor/MSFT/Firewall/MdmStore/PrivateProfile/DefaultOutboundAction
  • Impostazione: 0

DisableInboundNotifications (profilo privato)

  • Percorso dei criteri: ./Device/Vendor/MSFT/Firewall/MdmStore/PrivateProfile/DisableInboundNotifications
  • Impostazione: TRUE

EnableFirewall (profilo pubblico)

  • Percorso dei criteri: ./Device/Vendor/MSFT/Firewall/MdmStore/PublicProfile/EnableFirewall
  • Impostazione: TRUE

DefaultInboundAction (profilo pubblico)

  • Percorso dei criteri: ./Device/Vendor/MSFT/Firewall/MdmStore/PublicProfile/DefaultInboundAction
  • Impostazione: 1

DefaultOutboundAction (profilo pubblico)

  • Percorso dei criteri: ./Device/Vendor/MSFT/Firewall/MdmStore/PublicProfile/DefaultOutboundAction
  • Impostazione: 0

DisableInboundNotifications (profilo pubblico)

  • Percorso dei criteri: ./Device/Vendor/MSFT/Firewall/MdmStore/PublicProfile/DisableInboundNotifications
  • Impostazione: TRUE

AllowLocalPolicyMerge

  • Percorso dei criteri: ./Device/Vendor/MSFT/Firewall/MdmStore/PublicProfile/AllowLocalPolicyMerge
  • Impostazione: FALSE

AllowLocalIpsecPolicyMerge

  • Percorso dei criteri: ./Device/Vendor/MSFT/Firewall/MdmStore/PublicProfile/AllowLocalIpsecPolicyMerge
  • Impostazione: FALSE

ExploitProtectionSettings

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/ExploitGuard/ExploitProtectionSettings
  • Impostazione:
<?xml version=""""1.0"""" encoding=""""UTF-8""""?><MitigationPolicy><AppConfig Executable=""""ONEDRIVE.EXE""""><DEP Enable=""""true"""" EmulateAtlThunks=""""false"""" /><ASLR Enable=""""true"""" ForceRelocateImages=""""true"""" /><ImageLoad BlockRemoteImageLoads=""""true"""" /><Payload EnableExportAddressFilter=""""false"""" EnableExportAddressFilterPlus=""""false"""" EnableImportAddressFilter=""""false"""" EnableRopStackPivot=""""true"""" EnableRopCallerCheck=""""true"""" EnableRopSimExec=""""true"""" /></AppConfig><AppConfig Executable=""""firefox.exe""""><DEP Enable=""""true"""" EmulateAtlThunks=""""false"""" /><ASLR ForceRelocateImages=""""true"""" RequireInfo=""""false"""" BottomUp=""""true"""" HighEntropy=""""false"""" /></AppConfig><AppConfig Executable=""""fltldr.exe""""><DEP Enable=""""true"""" EmulateAtlThunks=""""false"""" /><ImageLoad BlockRemoteImageLoads=""""true"""" /><ChildProcess DisallowChildProcessCreation=""""true"""" /><Payload EnableExportAddressFilter=""""true"""" EnableExportAddressFilterPlus=""""true"""" EnableImportAddressFilter=""""true"""" EnableRopStackPivot=""""true"""" EnableRopCallerCheck=""""true"""" EnableRopSimExec=""""true"""" /></AppConfig><AppConfig Executable=""""GROOVE.EXE""""><DEP Enable=""""true"""" EmulateAtlThunks=""""false"""" /><ASLR Enable=""""true"""" ForceRelocateImages=""""true"""" /><ImageLoad BlockRemoteImageLoads=""""true"""" /><Payload EnableExportAddressFilter=""""true"""" EnableExportAddressFilterPlus=""""true"""" EnableImportAddressFilter=""""true"""" EnableRopStackPivot=""""true"""" EnableRopCallerCheck=""""true"""" EnableRopSimExec=""""true"""" /><ChildProcess DisallowChildProcessCreation=""""true"""" /></AppConfig><AppConfig Executable=""""Acrobat.exe""""><DEP Enable=""""true"""" EmulateAtlThunks=""""false"""" /><ASLR ForceRelocateImages=""""true"""" RequireInfo=""""false"""" BottomUp=""""true"""" HighEntropy=""""false"""" /><Payload EnableExportAddressFilter=""""true"""" EnableExportAddressFilterPlus=""""true"""" EnableImportAddressFilter=""""true"""" EnableRopStackPivot=""""true"""" EnableRopCallerCheck=""""true"""" EnableRopSimExec=""""true"""" /></AppConfig><AppConfig Executable=""""AcroRd32.exe""""><DEP Enable=""""true"""" EmulateAtlThunks=""""false"""" /><ASLR ForceRelocateImages=""""true"""" RequireInfo=""""false"""" BottomUp=""""true"""" HighEntropy=""""false"""" /><Payload EnableExportAddressFilter=""""true"""" EnableExportAddressFilterPlus=""""true"""" EnableImportAddressFilter=""""true"""" EnableRopStackPivot=""""true"""" EnableRopCallerCheck=""""true"""" EnableRopSimExec=""""true"""" /></AppConfig><AppConfig Executable=""""chrome.exe""""><DEP Enable=""""true"""" EmulateAtlThunks=""""false"""" /></AppConfig><AppConfig Executable=""""EXCEL.EXE""""><DEP Enable=""""true"""" EmulateAtlThunks=""""false"""" /><ASLR Enable=""""true"""" ForceRelocateImages=""""true"""" /><Payload EnableExportAddressFilter=""""false"""" EnableExportAddressFilterPlus=""""false"""" EnableImportAddressFilter=""""false"""" EnableRopStackPivot=""""true"""" EnableRopCallerCheck=""""true"""" EnableRopSimExec=""""true"""" /></AppConfig><AppConfig Executable=""""iexplore.exe""""><DEP Enable=""""true"""" EmulateAtlThunks=""""false"""" /><ASLR ForceRelocateImages=""""true"""" RequireInfo=""""false"""" BottomUp=""""true"""" HighEntropy=""""false"""" /><Payload EnableExportAddressFilter=""""true"""" EnableExportAddressFilterPlus=""""true"""" EnableImportAddressFilter=""""true"""" EnableRopStackPivot=""""true"""" EnableRopCallerCheck=""""true"""" EnableRopSimExec=""""true"""" /></AppConfig><AppConfig Executable=""""INFOPATH.EXE""""><DEP Enable=""""true"""" EmulateAtlThunks=""""false"""" /><ASLR Enable=""""true"""" ForceRelocateImages=""""true"""" /><Payload EnableExportAddressFilter=""""true"""" EnableExportAddressFilterPlus=""""true"""" EnableImportAddressFilter=""""true"""" EnableRopStackPivot=""""true"""" EnableRopCallerCheck=""""true"""" EnableRopSimExec=""""true"""" /></AppConfig><AppConfig Executable=""""java.exe""""><DEP Enable=""""true"""" EmulateAtlThunks=""""false"""" /><Payload EnableExportAddressFilter=""""true"""" EnableExportAddressFilterPlus=""""true"""" EnableImportAddressFilter=""""true"""" EnableRopStackPivot=""""true"""" EnableRopCallerCheck=""""true"""" EnableRopSimExec=""""true"""" /></AppConfig><AppConfig Executable=""""javaw.exe""""><DEP Enable=""""true"""" EmulateAtlThunks=""""false"""" /><Payload EnableExportAddressFilter=""""true"""" EnableExportAddressFilterPlus=""""true"""" EnableImportAddressFilter=""""true"""" EnableRopStackPivot=""""true"""" EnableRopCallerCheck=""""true"""" EnableRopSimExec=""""true"""" /></AppConfig><AppConfig Executable=""""javaws.exe""""><DEP Enable=""""true"""" EmulateAtlThunks=""""false"""" /><Payload EnableExportAddressFilter=""""true"""" EnableExportAddressFilterPlus=""""true"""" EnableImportAddressFilter=""""true"""" EnableRopStackPivot=""""true"""" EnableRopCallerCheck=""""true"""" EnableRopSimExec=""""true"""" /></AppConfig><AppConfig Executable=""""LYNC.EXE""""><DEP Enable=""""true"""" EmulateAtlThunks=""""false"""" /><ASLR Enable=""""true"""" ForceRelocateImages=""""true"""" /><Payload EnableExportAddressFilter=""""true"""" EnableExportAddressFilterPlus=""""true"""" EnableImportAddressFilter=""""true"""" EnableRopStackPivot=""""true"""" EnableRopCallerCheck=""""true"""" EnableRopSimExec=""""true"""" /></AppConfig><AppConfig Executable=""""MSACCESS.EXE""""><DEP Enable=""""true"""" EmulateAtlThunks=""""false"""" /><ASLR Enable=""""true"""" ForceRelocateImages=""""true"""" /><Payload EnableExportAddressFilter=""""false"""" EnableExportAddressFilterPlus=""""false"""" EnableImportAddressFilter=""""false"""" EnableRopStackPivot=""""true"""" EnableRopCallerCheck=""""true"""" EnableRopSimExec=""""true"""" /></AppConfig><AppConfig Executable=""""MSPUB.EXE""""><DEP Enable=""""true"""" EmulateAtlThunks=""""false"""" /><ASLR Enable=""""true"""" ForceRelocateImages=""""true"""" /><Payload EnableExportAddressFilter=""""true"""" EnableExportAddressFilterPlus=""""true"""" EnableImportAddressFilter=""""true"""" EnableRopStackPivot=""""true"""" EnableRopCallerCheck=""""true"""" EnableRopSimExec=""""true"""" /></AppConfig><AppConfig Executable=""""OIS.EXE""""><DEP Enable=""""true"""" EmulateAtlThunks=""""false"""" /><Payload EnableExportAddressFilter=""""false"""" EnableExportAddressFilterPlus=""""false"""" EnableImportAddressFilter=""""false"""" EnableRopStackPivot=""""true"""" EnableRopCallerCheck=""""true"""" EnableRopSimExec=""""true"""" /></AppConfig><AppConfig Executable=""""OUTLOOK.EXE""""><DEP Enable=""""true"""" EmulateAtlThunks=""""false"""" /><ASLR Enable=""""true"""" ForceRelocateImages=""""true"""" /><Payload EnableExportAddressFilter=""""false"""" EnableExportAddressFilterPlus=""""false"""" EnableImportAddressFilter=""""false"""" EnableRopStackPivot=""""true"""" EnableRopCallerCheck=""""true"""" EnableRopSimExec=""""true"""" /></AppConfig><AppConfig Executable=""""plugin-container.exe""""><DEP Enable=""""true"""" EmulateAtlThunks=""""false"""" /><Payload EnableExportAddressFilter=""""true"""" EnableExportAddressFilterPlus=""""true"""" EnableImportAddressFilter=""""true"""" EnableRopStackPivot=""""true"""" EnableRopCallerCheck=""""true"""" EnableRopSimExec=""""true"""" /></AppConfig><AppConfig Executable=""""POWERPNT.EXE""""><DEP Enable=""""true"""" EmulateAtlThunks=""""false"""" /><ASLR Enable=""""true"""" ForceRelocateImages=""""true"""" /><Payload EnableExportAddressFilter=""""false"""" EnableExportAddressFilterPlus=""""false"""" EnableImportAddressFilter=""""false"""" EnableRopStackPivot=""""true"""" EnableRopCallerCheck=""""true"""" EnableRopSimExec=""""true"""" /></AppConfig><AppConfig Executable=""""PPTVIEW.EXE""""><DEP Enable=""""true"""" EmulateAtlThunks=""""false"""" /><ASLR Enable=""""true"""" ForceRelocateImages=""""true"""" /><Payload EnableExportAddressFilter=""""true"""" EnableExportAddressFilterPlus=""""true"""" EnableImportAddressFilter=""""true"""" EnableRopStackPivot=""""true"""" EnableRopCallerCheck=""""true"""" EnableRopSimExec=""""true"""" /></AppConfig><AppConfig Executable=""""VISIO.EXE""""><DEP Enable=""""true"""" EmulateAtlThunks=""""false"""" /><ASLR Enable=""""true"""" ForceRelocateImages=""""true"""" /><Payload EnableExportAddressFilter=""""false"""" EnableExportAddressFilterPlus=""""false"""" EnableImportAddressFilter=""""false"""" EnableRopStackPivot=""""true"""" EnableRopCallerCheck=""""true"""" EnableRopSimExec=""""true"""" /></AppConfig><AppConfig Executable=""""VPREVIEW.EXE""""><DEP Enable=""""true"""" EmulateAtlThunks=""""false"""" /><ASLR Enable=""""true"""" ForceRelocateImages=""""true"""" /><Payload EnableExportAddressFilter=""""true"""" EnableExportAddressFilterPlus=""""true"""" EnableImportAddressFilter=""""true"""" EnableRopStackPivot=""""true"""" EnableRopCallerCheck=""""true"""" EnableRopSimExec=""""true"""" /></AppConfig><AppConfig Executable=""""WINWORD.EXE""""><DEP Enable=""""true"""" EmulateAtlThunks=""""false"""" /><ASLR Enable=""""true"""" ForceRelocateImages=""""true"""" /><Payload EnableExportAddressFilter=""""false"""" EnableExportAddressFilterPlus=""""false"""" EnableImportAddressFilter=""""false"""" EnableRopStackPivot=""""true"""" EnableRopCallerCheck=""""true"""" EnableRopSimExec=""""true"""" /></AppConfig><AppConfig Executable=""""wmplayer.exe""""><DEP Enable=""""true"""" EmulateAtlThunks=""""false"""" /><Payload EnableExportAddressFilter=""""false"""" EnableExportAddressFilterPlus=""""false"""" EnableImportAddressFilter=""""false"""" EnableRopStackPivot=""""true"""" EnableRopCallerCheck=""""true"""" EnableRopSimExec=""""true"""" /></AppConfig><AppConfig Executable=""""wordpad.exe""""><DEP Enable=""""true"""" EmulateAtlThunks=""""false"""" /><Payload EnableExportAddressFilter=""""true"""" EnableExportAddressFilterPlus=""""true"""" EnableImportAddressFilter=""""true"""" EnableRopStackPivot=""""true"""" EnableRopCallerCheck=""""true"""" EnableRopSimExec=""""true"""" /></AppConfig></MitigationPolicy>

BlockPicturePassword

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/CredentialProviders/BlockPicturePassword
  • Impostazione: <Enabled/>

DontDisplayNetworkSelectionUI

  • Percorso dei criteri: .Device/Vendor/MSFT/Policy/Config/WindowsLogon/DontDisplayNetworkSelectionUI
  • Impostazione: <Disabled/>

CloudExtendedTimeout

  • Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/Defender/CloudExtendedTimeout
  • Impostazione: 10