Impostazioni della baseline di sicurezza
Di seguito sono riportati i nomi delle impostazioni dei criteri di sicurezza, i percorsi dei criteri e le impostazioni usate in Microsoft Managed Desktop.
PUAProtection
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/Defender/PUAProtection
- Impostazione:
1
SetDisablePauseUXAccess
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/Update/SetDisablePauseUXAccess
- Impostazione:
1
SvchostProcessMitigation
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/ServiceControlManager/SvchostProcessMitigation
- Impostazione:
<Enabled/>
LetAppsActivateWithVoice
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/Privacy/LetAppsActivateWithVoice
- Impostazione:
2
ConfigureTelemetryOptinChangeNotification
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/System/ConfigureTelemetryOptinChangeNotification
- Impostazione:
0
ConfigureTelemetryOptInSettingsUX
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/System/ConfigureTelemetryOptInSettingsUX
- Impostazione:
0
DisableDeviceDelete
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/System/DisableDeviceDelete
- Impostazione:
0
AllowMicrosoftAccountsToBeOptional
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/AppRuntime/AllowMicrosoftAccountsToBeOptional
- Impostazione:
<Enabled/>
DisallowAutoplayForNonVolumeDevices
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/Autoplay/DisallowAutoplayForNonVolumeDevices
- Impostazione:
<Enabled/>
SetDefaultAutoRunBehavior
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/Autoplay/SetDefaultAutoRunBehavior
- Impostazione:
<Enabled/><Data id=""""NoAutorun_Dropdown"""" value=""""1""""/>
TurnOffAutoPlay
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/Autoplay/TurnOffAutoPlay
- Impostazione:
<Enabled/><Data id=""""Autorun_Box"""" value=""""255""""/>
HardenedUNCPaths
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/Connectivity/HardenedUNCPaths
- Impostazione:
"<Enabled/><Data id=""Pol_HardenedPaths"" value=""\\*\SYSVOLRequireMutualAuthentication=1,RequireIntegrity=1\\*\NETLOGONRequireMutualAuthentication=1,RequireIntegrity=1""/>"
DisableDownloadingOfPrintDriversOverHTTP
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/Connectivity/DisableDownloadingOfPrintDriversOverHTTP
- Impostazione:
<Enabled/>
DisableInternetDownloadForWebPublishingAndOnlineOrderingWizards
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/Connectivity/DisableInternetDownloadForWebPublishingAndOnlineOrderingWizards
- Impostazione:
<Enabled/>
DiablePrintingOverHTTP
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/Connectivity/DiablePrintingOverHTTP
- Impostazione:
<Disabled/>
AllowPINLogon
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/CredentialProviders/AllowPINLogon
- Impostazione:
<Disabled/>
RemoteHostAllowsDelegationOfNonExportableCredentials
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/CredentialsDelegation/RemoteHostAllowsDelegationOfNonExportableCredentials
- Impostazione:
<Enabled/>
EnumerateAdministrators
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/CredentialsUI/EnumerateAdministrators
- Impostazione:
<Disabled/>
PreventInstallationOfMatchingDeviceSetupClasses
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/DeviceInstallation/PreventInstallationOfMatchingDeviceSetupClasses
- Impostazione:
<Enabled/><Data id=""""DeviceInstall_Classes_Deny_List"""" value=""""1{d48179be-ec20-11d1-b6b8-00c04fa372a7}""""/><Data id=""""DeviceInstall_Classes_Deny_Retroactive"""" value=""""true""""/>
PreventLockScreenSlideShow
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/DeviceLock/PreventLockScreenSlideShow
- Impostazione:
<Enabled/>
PreventEnablingLockScreenCamera
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/DeviceLock/PreventEnablingLockScreenCamera
- Impostazione:
<Enabled/>
SpecifyMaximumFileSizeApplicationLog
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/EventLogService/SpecifyMaximumFileSizeApplicationLog
- Impostazione:
<Enabled/><Data id=""""Channel_LogMaxSize"""" value=""""32768""""/>
SpecifyMaximumFileSizeSecurityLog
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/EventLogService/SpecifyMaximumFileSizeSecurityLog
- Impostazione:
<Enabled/><Data id=""""Channel_LogMaxSize"""" value=""""196608""""/>
SpecifyMaximumFileSizeSystemLog
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/EventLogService/SpecifyMaximumFileSizeSystemLog
- Impostazione:
<Enabled/><Data id=""""Channel_LogMaxSize"""" value=""""32768""""/>
TurnOffDataExecutionPreventionForExplorer
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/FileExplorer/TurnOffDataExecutionPreventionForExplorer
- Impostazione:
<Disabled/>
TurnOffHeapTerminationOnCorruption
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/FileExplorer/TurnOffHeapTerminationOnCorruption
- Impostazione:
<Disabled/>
DoNotAllowUsersToAddSites
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/InternetExplorer/DoNotAllowUsersToAddSites
- Impostazione:
<Enabled/>
DoNotAllowUsersToChangePolicies
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/InternetExplorer/DoNotAllowUsersToChangePolicies
- Impostazione:
<Enabled/>
DisableEncryptionSupport
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/InternetExplorer/DisableEncryptionSupport
- Impostazione:
<Enabled/><Data id=""""Advanced_WinInetProtocolOptions"""" value=""""2688""""/>
AllowEnhancedProtectedMode
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/InternetExplorer/AllowEnhancedProtectedMode
- Impostazione:
<Enabled/>
IncludeAllNetworkPaths
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/InternetExplorer/IncludeAllNetworkPaths
- Impostazione:
<Disabled/>
InternetZoneAllowAccessToDataSources
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/InternetExplorer/InternetZoneAllowAccessToDataSources
- Impostazione:
<Enabled/><Data id=""""IZ_Partname1406"""" value=""""3""""/>
RestrictedSitesZoneAllowAccessToDataSources
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneAllowAccessToDataSources
- Impostazione:
<Enabled/><Data id=""""IZ_Partname1406"""" value=""""3""""/>
InternetZoneAllowScriptlets
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/InternetExplorer/InternetZoneAllowScriptlets
- Impostazione:
<Enabled/><Data id=""""IZ_Partname1209"""" value=""""3""""/>
RestrictedSitesZoneAllowScriptlets
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneAllowScriptlets
- Impostazione:
<Enabled/><Data id=""""IZ_Partname1209"""" value=""""3""""/>
InternetZoneAllowAutomaticPromptingForFileDownloads
- Percorso dei criteri: './Device/Vendor/MSFT/Policy/Config/InternetExplorer/InternetZoneAllowAutomaticPromptingForFileDownloads
- Impostazione:
<Enabled/><Data id=""""IZ_Partname2200"""" value=""""3""""/>
RestrictedSitesZoneAllowAutomaticPromptingForFileDownloads
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneAllowAutomaticPromptingForFileDownloads
- Impostazione:
<Enabled/><Data id=""""IZ_Partname2200"""" value=""""3""""/>
InternetZoneInitializeAndScriptActiveXControls
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/InternetExplorer/InternetZoneInitializeAndScriptActiveXControls
- Impostazione:
<Enabled/><Data id=""""IZ_Partname1201"""" value=""""3""""/>
IntranetZoneInitializeAndScriptActiveXControls
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/InternetExplorer/IntranetZoneInitializeAndScriptActiveXControls
- Impostazione:
<Enabled/><Data id=""""IZ_Partname1201"""" value=""""3""""/>
TrustedSitesZoneInitializeAndScriptActiveXControls
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/InternetExplorer/TrustedSitesZoneInitializeAndScriptActiveXControls
- Impostazione:
<Enabled/><Data id=""""IZ_Partname1201"""" value=""""3""""/>
RestrictedSitesZoneInitializeAndScriptActiveXControls
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneInitializeAndScriptActiveXControls
- Impostazione:
<Enabled/><Data id=""""IZ_Partname1201"""" value=""""3""""/>
InternetZoneNavigateWindowsAndFrames
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/InternetExplorer/InternetZoneNavigateWindowsAndFrames
- Impostazione:
<Enabled/><Data ID=""""IZ_Partname1607""" value=""""3""""/>
RestrictedSitesZoneNavigateWindowsAndFrames
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneNavigateWindowsAndFrames
- Impostazione:
<Enabled/><Data id=""""IZ_Partname1607"""" value=""""3""""/>
InternetZoneAllowNETFrameworkReliantComponents'
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/InternetExplorer/InternetZoneAllowNETFrameworkReliantComponents
- Impostazione:
<Enabled/><Data id=""""IZ_Partname2004"""" value=""""3""""/>
RestrictedSitesZoneAllowNETFrameworkReliantComponents
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneAllowNETFrameworkReliantComponents
- Impostazione:
<Enabled/><Data id=""""IZ_Partname2004"""" value=""""3""""/>
InternetZoneAllowSmartScreenIE
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/InternetExplorer/InternetZoneAllowSmartScreenIE
- Impostazione:
<Enabled/><Data id=""""IZ_Partname2301"""" value=""""0""""/>
LockedDownInternetZoneAllowSmartScreenIE
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/InternetExplorer/LockedDownInternetZoneAllowSmartScreenIE
- Impostazione:
<Enabled/><Data id=""""IZ_Partname2301"""" value=""""0""""/>
RestrictedSitesZoneAllowSmartScreenIE
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneAllowSmartScreenIE
- Impostazione:
<Enabled/><Data id=""""IZ_Partname2301"""" value=""""0""""/>
LockedDownRestrictedSitesZoneAllowSmartScreenIE
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/InternetExplorer/LockedDownRestrictedSitesZoneAllowSmartScreenIE
- Impostazione:
<Enabled/><Data id=""""IZ_Partname2301"""" value=""""0""""/>
InternetZoneAllowUserDataPersistence
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/InternetExplorer/InternetZoneAllowUserDataPersistence
- Impostazione:
<Enabled/><Data id=""""IZ_Partname1606"""" value=""""3""""/>
RestrictedSitesZoneAllowUserDataPersistence
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneAllowUserDataPersistence
- Impostazione:
<Enabled/><Data id=""""IZ_Partname1606"""" value=""""3""""/>
InternetZoneAllowLessPrivilegedSites
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/InternetExplorer/InternetZoneAllowLessPrivilegedSites
- Impostazione:
<Enabled/><Data id=""""IZ_Partname2101"""" value=""""3""""/>
RestrictedSitesZoneAllowLessPrivilegedSites
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneAllowLessPrivilegedSites
- Impostazione:
<Enabled/><Data id=""""IZ_Partname2101"""" value=""""3""""/>
DoNotBlockOutdatedActiveXControls
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/InternetExplorer/DoNotBlockOutdatedActiveXControls
- Impostazione:
<Disabled/>
DisableEnclosureDownloading
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/InternetExplorer/DisableEnclosureDownloading
- Impostazione:
<Enabled/>
DisableBypassOfSmartScreenWarnings
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/InternetExplorer/DisableBypassOfSmartScreenWarnings
- Impostazione:
<Enabled/>
DisableBypassOfSmartScreenWarningsAboutUncommonFiles
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/InternetExplorer/DisableBypassOfSmartScreenWarningsAboutUncommonFiles
- Impostazione:
<Enabled/>
RestrictedSitesZoneAllowActiveScripting
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneAllowActiveScripting
- Impostazione:
<Enabled/><Data id=""""IZ_Partname1400"""" value=""""3""""/>
RestrictedSitesZoneAllowBinaryAndScriptBehaviors
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneAllowBinaryAndScriptBehaviors
- Impostazione:
<Enabled/><Data id=""""IZ_Partname2000"""" value=""""3""""/>
InternetZoneAllowCopyPasteViaScript
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/InternetExplorer/InternetZoneAllowCopyPasteViaScript
- Impostazione:
<Enabled/><Data id=""""IZ_Partname1407"""" value=""""3""""/>
RestrictedSitesZoneAllowCopyPasteViaScript
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneAllowCopyPasteViaScript
- Impostazione:
<Enabled/><Data id=""""IZ_Partname1407"""" value=""""3""""/>
InternetZoneAllowDragAndDropCopyAndPasteFiles
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/InternetExplorer/InternetZoneAllowDragAndDropCopyAndPasteFiles
- Impostazione:
<Enabled/><Data id=""""IZ_Partname1802"""" value=""""3""""/>
RestrictedSitesZoneAllowDragAndDropCopyAndPasteFiles
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneAllowDragAndDropCopyAndPasteFiles
- Impostazione:
<Enabled/><Data id=""""IZ_Partname1802"""" value=""""3""""/>
AllowFallbackToSSL3
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/InternetExplorer/AllowFallbackToSSL3
- Impostazione:
<Enabled/><Data id=""""Advanced_EnableSSL3FallbackOptions"""" value=""""0""""/>
RestrictedSitesZoneAllowFileDownloads
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneAllowFileDownloads
- Impostazione:
<Enabled/><Data id=""""IZ_Partname1803"""" value=""""3""""/>
InternetZoneAllowLoadingOfXAMLFiles
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/InternetExplorer/InternetZoneAllowLoadingOfXAMLFiles
- Impostazione:
<Enabled/><Data id=""""IZ_Partname2402"""" value=""""3""""/>
RestrictedSitesZoneAllowLoadingOfXAMLFiles
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneAllowLoadingOfXAMLFiles
- Impostazione:
<Enabled/><Data id=""""IZ_Partname2402"""" value=""""3""""/>
RestrictedSitesZoneAllowMETAREFRESH
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneAllowMETAREFRESH
- Impostazione:
<Enabled/><Data id=""""IZ_Partname1608"""" value=""""3""""/>
InternetZoneAllowOnlyApprovedDomainsToUseActiveXControls
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/InternetExplorer/InternetZoneAllowOnlyApprovedDomainsToUseActiveXControls
- Impostazione:
<Enabled/><Data id=""""IZ_Partname120b"""" value=""""3""""/>
RestrictedSitesZoneAllowOnlyApprovedDomainsToUseActiveXControls
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneAllowOnlyApprovedDomainsToUseActiveXControls
- Impostazione:
<Enabled/><Data id=""""IZ_Partname120b"""" value=""""3""""/>
InternetZoneAllowOnlyApprovedDomainsToUseTDCActiveXControl
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/InternetExplorer/InternetZoneAllowOnlyApprovedDomainsToUseTDCActiveXControl
- Impostazione:
<Enabled/><Data id=""""IZ_Partname120c"""" value=""""3""""/>
RestrictedSitesZoneAllowOnlyApprovedDomainsToUseTDCActiveXControl
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneAllowOnlyApprovedDomainsToUseTDCActiveXControl
- Impostazione:
<Enabled/><Data id=""""IZ_Partname120c"""" value=""""3""""/>
InternetZoneAllowScriptingOfInternetExplorerWebBrowserControls
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/InternetExplorer/InternetZoneAllowScriptingOfInternetExplorerWebBrowserControls
- Impostazione:
<Enabled/><Data id=""""IZ_Partname1206"""" value=""""3""""/>
RestrictedSitesZoneAllowScriptingOfInternetExplorerWebBrowserControls'
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneAllowScriptingOfInternetExplorerWebBrowserControls
- Impostazione:
<Enabled/><Data id=""""IZ_Partname1206"""" value=""""3""""/>
InternetZoneAllowScriptInitiatedWindows
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/InternetExplorer/InternetZoneAllowScriptInitiatedWindows
- Impostazione:
<Enabled/><Data id=""""IZ_Partname2102"""" value=""""3""""/>
RestrictedSitesZoneAllowScriptInitiatedWindows
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneAllowScriptInitiatedWindows
- Impostazione:
<Enabled/><Data id=""""IZ_Partname2102"""" value=""""3""""/>
AllowSoftwareWhenSignatureIsInvalid
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/InternetExplorer/AllowSoftwareWhenSignatureIsInvalid
- Impostazione:
<Disabled/>
InternetZoneAllowUpdatesToStatusBarViaScript
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/InternetExplorer/InternetZoneAllowUpdatesToStatusBarViaScript
- Impostazione:
<Enabled/><Data id=""""IZ_Partname2103"""" value=""""3""""/>
RestrictedSitesZoneAllowUpdatesToStatusBarViaScript
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneAllowUpdatesToStatusBarViaScript
- Impostazione:
<Enabled/><Data id=""""IZ_Partname2103"""" value=""""3""""/>
CheckServerCertificateRevocation
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/InternetExplorer/CheckServerCertificateRevocation
- Impostazione:
<Enabled/>
CheckSignaturesOnDownloadedPrograms
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/InternetExplorer/CheckSignaturesOnDownloadedPrograms
- Impostazione:
<Enabled/>
DoNotAllowActiveXControlsInProtectedMode
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/InternetExplorer/DoNotAllowActiveXControlsInProtectedMode
- Impostazione:
<Enabled/>
InternetZoneDoNotRunAntimalwareAgainstActiveXControls
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/InternetExplorer/InternetZoneDoNotRunAntimalwareAgainstActiveXControls
- Impostazione:
<Enabled/><Data id=""""IZ_Partname270C"""" value=""""0""""/>
IntranetZoneDoNotRunAntimalwareAgainstActiveXControls
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/InternetExplorer/IntranetZoneDoNotRunAntimalwareAgainstActiveXControls
- Impostazione:
<Enabled/><Data id=""""IZ_Partname270C"""" value=""""0""""/>
LocalMachineZoneDoNotRunAntimalwareAgainstActiveXControls
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/InternetExplorer/LocalMachineZoneDoNotRunAntimalwareAgainstActiveXControls
- Impostazione:
<Enabled/><Data id=""""IZ_Partname270C"""" value=""""0""""/>
RestrictedSitesZoneDoNotRunAntimalwareAgainstActiveXControls
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneDoNotRunAntimalwareAgainstActiveXControls
- Impostazione:
<Enabled/><Data id=""""IZ_Partname270C"""" value=""""0""""/>
TrustedSitesZoneDoNotRunAntimalwareAgainstActiveXControls
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/InternetExplorer/TrustedSitesZoneDoNotRunAntimalwareAgainstActiveXControls
- Impostazione
<Enabled/><Data id=""""IZ_Partname270C"""" value=""""0""""/>
PreventManagingSmartScreenFilter
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/InternetExplorer/PreventManagingSmartScreenFilter
- Impostazione:
<Enabled/><Data id=""""IE9SafetyFilterOptions"""" value=""""1""""/>
InternetZoneDownloadSignedActiveXControls
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/InternetExplorer/InternetZoneDownloadSignedActiveXControls
- Impostazione:
<Enabled/><Data id=""""IZ_Partname1001"""" value=""""3""""/>
RestrictedSitesZoneDownloadSignedActiveXControls
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneDownloadSignedActiveXControls
- Impostazione:
<Enabled/><Data id=""""IZ_Partname1001"""" value=""""3""""/>
InternetZoneDownloadUnsignedActiveXControls
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/InternetExplorer/InternetZoneDownloadUnsignedActiveXControls
- Impostazione:
<Enabled/><Data id=""""IZ_Partname1004"""" value=""""3""""/>
RestrictedSitesZoneDownloadUnsignedActiveXControls
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneDownloadUnsignedActiveXControls
- Impostazione:
<Enabled/><Data id=""""IZ_Partname1004"""" value=""""3""""/>
InternetZoneEnableDraggingOfContentFromDifferentDomainsAcrossWindows
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/InternetExplorer/InternetZoneEnableDraggingOfContentFromDifferentDomainsAcrossWindows
- Impostazione:
<Enabled/><Data id=""""IZ_Partname2709"""" value=""""3""""/>
RestrictedSitesZoneEnableDraggingOfContentFromDifferentDomainsAcrossWindows
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneEnableDraggingOfContentFromDifferentDomainsAcrossWindows
- Impostazione:
<Enabled/><Data id=""""IZ_Partname2709"""" value=""""3""""/>
InternetZoneEnableDraggingOfContentFromDifferentDomainsWithinWindows
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/InternetExplorer/InternetZoneEnableDraggingOfContentFromDifferentDomainsWithinWindows
- Impostazione
<Enabled/><Data id=""""IZ_Partname2708"""" value=""""3""""/>
RestrictedSitesZoneEnableDraggingOfContentFromDifferentDomainsWithinWindows
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneEnableDraggingOfContentFromDifferentDomainsWithinWindows
- Impostazione:
<Enabled/><Data id=""""IZ_Partname2708"""" value=""""3""""/>
InternetZoneIncludeLocalPathWhenUploadingFilesToServer
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/InternetExplorer/InternetZoneIncludeLocalPathWhenUploadingFilesToServer
- Impostazione:
<Enabled/><Data id=""""IZ_Partname160A"""" value=""""3""""/>
RestrictedSitesZoneIncludeLocalPathWhenUploadingFilesToServer
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneIncludeLocalPathWhenUploadingFilesToServer
- Impostazione:
<Enabled/><Data id=""""IZ_Partname160A"""" value=""""3""""/>
ConsistentMimeHandlingInternetExplorerProcesses
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/InternetExplorer/ConsistentMimeHandlingInternetExplorerProcesses
- Impostazione:
<Enabled/>
MimeSniffingSafetyFeatureInternetExplorerProcesses
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/InternetExplorer/MimeSniffingSafetyFeatureInternetExplorerProcesses
- Impostazione:
<Enabled/>
MKProtocolSecurityRestrictionInternetExplorerProcesses
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/InternetExplorer/MKProtocolSecurityRestrictionInternetExplorerProcesses
- Impostazione:
<Enabled/>
NotificationBarInternetExplorerProcesses
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/InternetExplorer/NotificationBarInternetExplorerProcesses
- Impostazione:
<Enabled/>
ProtectionFromZoneElevationInternetExplorerProcesses
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/InternetExplorer/ProtectionFromZoneElevationInternetExplorerProcesses
- Impostazione:
<Enabled/>
RestrictActiveXInstallInternetExplorerProcesses
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictActiveXInstallInternetExplorerProcesses
- Impostazione:
<Enabled/>
RestrictFileDownloadInternetExplorerProcesses
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictFileDownloadInternetExplorerProcesses
- Impostazione:
<Enabled/>
ScriptedWindowSecurityRestrictionsInternetExplorerProcesses
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/InternetExplorer/ScriptedWindowSecurityRestrictionsInternetExplorerProcesses
- Impostazione:
<Enabled/>
InternetZoneJavaPermissions
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/InternetExplorer/InternetZoneJavaPermissions
- Impostazione:
<Enabled/><Data id=""""IZ_Partname1C00"""" value=""""0""""/>
IntranetZoneJavaPermissions
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/InternetExplorer/IntranetZoneJavaPermissions
- Impostazione:
<Enabled/><Data id=""""IZ_Partname1C00"""" value=""""65536""""/>
LocalMachineZoneJavaPermissions
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/InternetExplorer/LocalMachineZoneJavaPermissions
- Impostazione:
<Enabled/><Data id=""""IZ_Partname1C00"""" value=""""0""""/>
LockedDownLocalMachineZoneJavaPermissions
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/InternetExplorer/LockedDownLocalMachineZoneJavaPermissions
- Impostazione:
<Enabled/><Data id=""""IZ_Partname1C00"""" value=""""0""""/>
LockedDownRestrictedSitesZoneJavaPermissions
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/InternetExplorer/LockedDownRestrictedSitesZoneJavaPermissions
- Impostazione:
<Enabled/><Data id=""""IZ_Partname1C00"""" value=""""0""""/>
LockedDownTrustedSitesZoneJavaPermissions
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/InternetExplorer/LockedDownTrustedSitesZoneJavaPermissions
- Impostazione:
<Enabled/><Data id=""""IZ_Partname1C00"""" value=""""0""""/>
RestrictedSitesZoneJavaPermissions
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneJavaPermissions
- Impostazione:
<Enabled/><Data id=""""IZ_Partname1C00"""" value=""""0""""/>
TrustedSitesZoneJavaPermissions
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/InternetExplorer/TrustedSitesZoneJavaPermissions
- Impostazione:
<Enabled/><Data id=""""IZ_Partname1C00"""" value=""""65536""""/>
InternetZoneLaunchingApplicationsAndFilesInIFRAME
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/InternetExplorer/InternetZoneLaunchingApplicationsAndFilesInIFRAME
- Impostazione:
<Enabled/><Data id=""""IZ_Partname1804"""" value=""""3""""/>
RestrictedSitesZoneLaunchingApplicationsAndFilesInIFRAME
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneLaunchingApplicationsAndFilesInIFRAME
- Impostazione:
<Enabled/><Data id=""""IZ_Partname1804"""" value=""""3""""/>
InternetZoneLogonOptions
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/InternetExplorer/InternetZoneLogonOptions
- Impostazione:
<Enabled/><Data id=""""IZ_Partname1A00"""" value=""""65536""""/>
RestrictedSitesZoneLogonOptions
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneLogonOptions
- Impostazione:
<Enabled/><Data id=""""IZ_Partname1A00"""" value=""""196608""""/>
DisableIgnoringCertificateErrors
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/InternetExplorer/DisableIgnoringCertificateErrors
- Impostazione:
<Enabled/>
PreventPerUserInstallationOfActiveXControls
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/InternetExplorer/PreventPerUserInstallationOfActiveXControls
- Impostazione:
<Enabled/>
RemoveRunThisTimeButtonForOutdatedActiveXControls
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RemoveRunThisTimeButtonForOutdatedActiveXControls
- Impostazione:
<Enabled/>
InternetZoneRunNETFrameworkReliantComponentsSignedWithAuthenticode
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/InternetExplorer/InternetZoneRunNETFrameworkReliantComponentsSignedWithAuthenticode
- Impostazione:
<Enabled/><Data id=""""IZ_Partname2001"""" value=""""3""""/>
|
RestrictedSitesZoneRunNETFrameworkReliantComponentsSignedWithAuthenticode
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneRunNETFrameworkReliantComponentsSignedWithAuthenticode
- Impostazione:
<Enabled/><Data id=""""IZ_Partname2001"""" value=""""3""""/>
RestrictedSitesZoneRunActiveXControlsAndPlugins
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneRunActiveXControlsAndPlugins
- Impostazione:
<Enabled/><Data id=""""IZ_Partname1200"""" value=""""3""""/>
RestrictedSitesZoneScriptActiveXControlsMarkedSafeForScripting
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneScriptActiveXControlsMarkedSafeForScripting
- Impostazione:
<Enabled/><Data id=""""IZ_Partname1405"""" value=""""3""""/>
RestrictedSitesZoneScriptingOfJavaApplets
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneScriptingOfJavaApplets
- Impostazione:
<Enabled/><Data id=""""IZ_Partname1402"""" value=""""3""""/>
SecurityZonesUseOnlyMachineSettings
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/InternetExplorer/SecurityZonesUseOnlyMachineSettings
- Impostazione:
<Enabled/>
InternetZoneShowSecurityWarningForPotentiallyUnsafeFiles
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/InternetExplorer/InternetZoneShowSecurityWarningForPotentiallyUnsafeFiles
- Impostazione:
<Enabled/><Data id=""""IZ_Partname1806"""" value=""""1""""/>
RestrictedSitesZoneShowSecurityWarningForPotentiallyUnsafeFiles
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneShowSecurityWarningForPotentiallyUnsafeFiles
- Impostazione:
<Enabled/><Data id=""""IZ_Partname1806"""" value=""""3""""/>
SpecifyUseOfActiveXInstallerService
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/InternetExplorer/SpecifyUseOfActiveXInstallerService
- Impostazione:
<Enabled/>
DisableCrashDetection
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/InternetExplorer/DisableCrashDetection
- Impostazione:
<Enabled/>
DisableSecuritySettingsCheck
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/InternetExplorer/DisableSecuritySettingsCheck
- Impostazione:
<Disabled/>
DisableProcessesInEnhancedProtectedMode
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/InternetExplorer/DisableProcessesInEnhancedProtectedMode
- Impostazione:
<Enabled/>
AllowCertificateAddressMismatchWarning
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/InternetExplorer/AllowCertificateAddressMismatchWarning
- Impostazione:
<Enabled/>
InternetZoneEnableCrossSiteScriptingFilter
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/InternetExplorer/InternetZoneEnableCrossSiteScriptingFilter
- Impostazione:
<Enabled/><Data id=""""IZ_Partname1409"""" value=""""0""""/>
RestrictedSitesZoneEnableCrossSiteScriptingFilter
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneEnableCrossSiteScriptingFilter
- Impostazione:
<Enabled/><Data id=""""IZ_Partname1409"""" value=""""0""""/>
InternetZoneEnableProtectedMode
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/InternetExplorer/InternetZoneEnableProtectedMode
- Impostazione"
<Enabled/><Data id=""""IZ_Partname2500"""" value=""""0""""/>
RestrictedSitesZoneTurnOnProtectedMode
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneTurnOnProtectedMode
- Impostazione:
<Enabled/><Data id=""""IZ_Partname2500"""" value=""""0""""/>
InternetZoneUsePopupBlocker
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/InternetExplorer/InternetZoneUsePopupBlocker
- Impostazione:
<Enabled/><Data id=""""IZ_Partname1809"""" value=""""0""""/>
RestrictedSitesZoneUsePopupBlocker
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneUsePopupBlocker
- Impostazione:
<Enabled/><Data id=""""IZ_Partname1809"""" value=""""0""""/>
InternetZoneAllowVBScriptToRunInInternetExplorer
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/InternetExplorer/InternetZoneAllowVBScriptToRunInInternetExplorer
- Impostazione:
<Enabled/><Data id=""""IZ_Partname140C"""" value=""""3""""/>
LockedDownIntranetJavaPermissions
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/InternetExplorer/LockedDownIntranetJavaPermissions
- Impostazione:
<Enabled/><Data id=""""IZ_Partname1C00"""" value=""""0""""/>
RestrictedSitesZoneAllowVBScriptToRunInInternetExplorer
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneAllowVBScriptToRunInInternetExplorer
- Impostazione:
<Enabled/><Data id=""""IZ_Partname140C"""" value=""""3""""/>
ApplyUACRestrictionsToLocalAccountsOnNetworkLogon
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/MSSecurityGuide/ApplyUACRestrictionsToLocalAccountsOnNetworkLogon
- Impostazione:
<Enabled/>
ConfigureSMBV1Server
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/MSSecurityGuide/ConfigureSMBV1Server
- Impostazione:
<Disabled/>
ConfigureSMBV1ClientDriver
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/MSSecurityGuide/ConfigureSMBV1ClientDriver
- Impostazione:
<Enabled/><Data id=""""Pol_SecGuide_SMB1ClientDriver"""" value=""""4""""/>
EnableStructuredExceptionHandlingOverwriteProtection
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/MSSecurityGuide/EnableStructuredExceptionHandlingOverwriteProtection
- Impostazione:
<Enabled/>
WDigestAuthentication
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/MSSecurityGuide/WDigestAuthentication
- Impostazione:
<Disabled/>
TurnOnWindowsDefenderProtectionAgainstPotentiallyUnwantedApplications
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/MSSecurityGuide/TurnOnWindowsDefenderProtectionAgainstPotentiallyUnwantedApplications
- Impostazione:
<Enabled/>
IPv6SourceRoutingProtectionLevel
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/MSSLegacy/IPv6SourceRoutingProtectionLevel
- Impostazione:
<Enabled/><Data id=""""DisableIPSourceRoutingIPv6"""" value=""""2""""/>
IPSourceRoutingProtectionLevel
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/MSSLegacy/IPSourceRoutingProtectionLevel
- Impostazione:
<Enabled/><Data id=""""DisableIPSourceRouting"""" value=""""2""""/>
AllowICMPRedirectsToOverrideOSPFGeneratedRoutes
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/MSSLegacy/AllowICMPRedirectsToOverrideOSPFGeneratedRoutes
- Impostazione:
<Disabled/>
AllowTheComputerToIgnoreNetBIOSNameReleaseRequestsExceptFromWINSServers
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/MSSLegacy/AllowTheComputerToIgnoreNetBIOSNameReleaseRequestsExceptFromWINSServers
- Impostazione:
<Enabled/>
AllowStandbyWhenSleepingPluggedIn
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/Power/AllowStandbyWhenSleepingPluggedIn
- Impostazione:
<Disabled/>
RequirePasswordWhenComputerWakesOnBattery
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/Power/RequirePasswordWhenComputerWakesOnBattery
- Impostazione:
<Enabled/>
RequirePasswordWhenComputerWakesPluggedIn
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/Power/RequirePasswordWhenComputerWakesPluggedIn
- Impostazione:
<Enabled/>
AllowStandbyStatesWhenSleepingOnBattery
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/Power/AllowStandbyStatesWhenSleepingOnBattery
- Impostazione:
<Disabled/>
SolicitedRemoteAssistance
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/RemoteAssistance/SolicitedRemoteAssistance
- Impostazione:
<Disabled/>
DoNotAllowPasswordSaving
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/RemoteDesktopServices/DoNotAllowPasswordSaving
- Impostazione:
<Enabled/>
DoNotAllowDriveRedirection
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/RemoteDesktopServices/DoNotAllowDriveRedirection
- Impostazione:
<Enabled/>
PromptForPasswordUponConnection
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/RemoteDesktopServices/PromptForPasswordUponConnection
- Impostazione:
<Enabled/>
RequireSecureRPCCommunication
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/RemoteDesktopServices/RequireSecureRPCCommunication
- Impostazione:
<Enabled/>
ClientConnectionEncryptionLevel
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/RemoteDesktopServices/ClientConnectionEncryptionLevel
- Impostazione:
<Enabled/><Data id=""""TS_ENCRYPTION_LEVEL"""" value=""""3""""/>
AllowBasicAuthentication_Client
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/RemoteManagement/AllowBasicAuthentication_Client
- Impostazione:
<Disabled/>
AllowBasicAuthentication_Service
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/RemoteManagement/AllowBasicAuthentication_Service
- Impostazione:
<Disabled/>
AllowUnencryptedTraffic_Client
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/RemoteManagement/AllowUnencryptedTraffic_Client
- Impostazione:
<Disabled/>
AllowUnencryptedTraffic_Service
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/RemoteManagement/AllowUnencryptedTraffic_Service
- Impostazione:
<Disabled/>
DisallowDigestAuthentication
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/RemoteManagement/DisallowDigestAuthentication
- Impostazione:
<Enabled/>
DisallowStoringOfRunAsCredentials
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/RemoteManagement/DisallowStoringOfRunAsCredentials
- Impostazione:
<Enabled/>
RestrictUnauthenticatedRPCClients
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/RemoteProcedureCall/RestrictUnauthenticatedRPCClients
- Impostazione:
<Enabled/><Data id=""""RpcRestrictRemoteClientsList"""" value=""""1""""/>
|
BootStartDriverInitialization
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/System/BootStartDriverInitialization
- Impostazione:
<Enabled/><Data id=""""SelectDriverLoadPolicy"""" value=""""3""""/>
ProhitConnectionToNonDomainNetworksWhenConnectedToDomainAuthenticatedNetwork
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/WindowsConnectionManager/ProhitConnectionToNonDomainNetworksWhenConnectedToDomainAuthenticatedNetwork
- Impostazione:
<Enabled/>
EnumerateLocalUsersOnDomainJoinedComputers
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/WindowsLogon/EnumerateLocalUsersOnDomainJoinedComputers
- Impostazione:
<Disabled/>
AllowAutomaticRestartSignOn
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/WindowsLogon/AllowAutomaticRestartSignOn
- Impostazione:
<Disabled/>
TurnOnPowerShellScriptBlockLogging
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/WindowsPowerShell/TurnOnPowerShellScriptBlockLogging
- Impostazione:
<Enabled/><Data id=""""EnableScriptBlockInvocationLogging"""" value=""""true""""/>
AllowAutoComplete
- Percorso dei criteri:
./User/Vendor/MSFT/Policy/Config/InternetExplorer/AllowAutoComplete
- Impostazione:
<Disabled/>
AllowGameDVR
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/ApplicationManagement/AllowGameDVR
- Impostazione:
0
MSIAlwaysInstallWithElevatedPrivileges
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/ApplicationManagement/MSIAlwaysInstallWithElevatedPrivileges
- Impostazione:
0
MSIAllowUserControlOverInstall
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/ApplicationManagement/MSIAllowUserControlOverInstall
- Impostazione:
0
AllowPasswordManager
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/Browser/AllowPasswordManager
- Impostazione:
0
AllowSmartScreen
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/Browser/AllowSmartScreen
- Impostazione:
1
PreventSmartScreenPromptOverride
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/Browser/PreventSmartScreenPromptOverride
- Impostazione:
1
PreventSmartScreenPromptOverrideForFiles
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/Browser/PreventSmartScreenPromptOverrideForFiles
- Impostazione:
1
AllowBehaviorMonitoring
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/Defender/AllowBehaviorMonitoring
- Impostazione:
1
AllowCloudProtection
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/Defender/AllowCloudProtection
- Impostazione:
1
AllowEmailScanning
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/Defender/AllowEmailScanning
- Impostazione:
1
AllowFullScanRemovableDriveScanning
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/Defender/AllowFullScanRemovableDriveScanning
- Impostazione:
1
EnableNetworkProtection
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/Defender/EnableNetworkProtection
- Impostazione
1
SubmitSamplesConsent
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/Defender/SubmitSamplesConsent
- Impostazione:
1
DisallowExploitProtectionOverride
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/WindowsDefenderSecurityCenter/DisallowExploitProtectionOverride
- Impostazione:
1
EnableVirtualizationBasedSecurity
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/DeviceGuard/EnableVirtualizationBasedSecurity
- Impostazione:
1
RequirePlatformSecurityFeatures
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/DeviceGuard/RequirePlatformSecurityFeatures
- Impostazione:
3
LsaCfgFlags
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/DeviceGuard/LsaCfgFlags
- Impostazione:
1
AllowThirdPartySuggestionsInWindowsSpotlight
- Percorso dei criteri:
./User/Vendor/MSFT/Policy/Config/Experience/AllowThirdPartySuggestionsInWindowsSpotlight
- Impostazione:
0
AllowWindowsConsumerFeatures
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/Experience/AllowWindowsConsumerFeatures
- Impostazione:
1
EnableInsecureGuestLogons
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/LanmanWorkstation/EnableInsecureGuestLogons
- Impostazione:
0
AllowIndexingEncryptedStoresOrItems
Percorso dei criteri: ./Device/Vendor/MSFT/Policy/Config/Search/AllowIndexingEncryptedStoresOrItems
Impostazione: 0
EnableSmartScreenInShell
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/SmartScreen/EnableSmartScreenInShell
- Impostazione:
1
PreventOverrideForFilesInShell
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/SmartScreen/PreventOverrideForFilesInShell
- Impostazione:
1
AllowAutoConnectToWiFiSenseHotspots
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/Wifi/AllowAutoConnectToWiFiSenseHotspots
- Impostazione:
0
AllowInternetSharing
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/Wifi/AllowInternetSharing
- Impostazione:
0
AllowWindowsInkWorkspace
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/WindowsInkWorkspace/AllowWindowsInkWorkspace
- Impostazione:
1
InteractiveLogon_SmartCardRemovalBehavior
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/LocalPoliciesSecurityOptions/InteractiveLogon_SmartCardRemovalBehavior
- Impostazione:
1
NetworkAccess_RestrictClientsAllowedToMakeRemoteCallsToSAM
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/LocalPoliciesSecurityOptions/NetworkAccess_RestrictClientsAllowedToMakeRemoteCallsToSAM
- Impostazione:
O:BAG:BAD:(A;;RC;;;BA)
Accounts_LimitLocalAccountUseOfBlankPasswordsToConsoleLogonOnly
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/LocalPoliciesSecurityOptions/Accounts_LimitLocalAccountUseOfBlankPasswordsToConsoleLogonOnly
- Impostazione:
1
InteractiveLogon_MachineInactivityLimit
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/LocalPoliciesSecurityOptions/InteractiveLogon_MachineInactivityLimit
- Impostazione:
900
MicrosoftNetworkClient_SendUnencryptedPasswordToThirdPartySMBServers
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/LocalPoliciesSecurityOptions/MicrosoftNetworkClient_SendUnencryptedPasswordToThirdPartySMBServers
- Impostazione:
0
MicrosoftNetworkServer_DigitallySignCommunicationsAlways
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/LocalPoliciesSecurityOptions/MicrosoftNetworkServer_DigitallySignCommunicationsAlways
- Impostazione:
1
NetworkAccess_DoNotAllowAnonymousEnumerationOfSAMAccounts
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/LocalPoliciesSecurityOptions/NetworkAccess_DoNotAllowAnonymousEnumerationOfSAMAccounts
- Impostazione:
1
NetworkAccess_DoNotAllowAnonymousEnumerationOfSamAccountsAndShares'
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/LocalPoliciesSecurityOptions/NetworkAccess_DoNotAllowAnonymousEnumerationOfSamAccountsAndShares
- Impostazione:
1
NetworkAccess_RestrictAnonymousAccessToNamedPipesAndShares
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/LocalPoliciesSecurityOptions/NetworkAccess_RestrictAnonymousAccessToNamedPipesAndShares
- Impostazione:
1
NetworkSecurity_DoNotStoreLANManagerHashValueOnNextPasswordChange
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/LocalPoliciesSecurityOptions/NetworkSecurity_DoNotStoreLANManagerHashValueOnNextPasswordChange
- Impostazione:
1
NetworkSecurity_LANManagerAuthenticationLevel
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/LocalPoliciesSecurityOptions/NetworkSecurity_LANManagerAuthenticationLevel
- Impostazione:
5
NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedServers
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/LocalPoliciesSecurityOptions/NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedServers
- Impostazione:
537395200
UserAccountControl_UseAdminApprovalMode
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/LocalPoliciesSecurityOptions/UserAccountControl_UseAdminApprovalMode
- Impostazione:
1
UserAccountControl_BehaviorOfTheElevationPromptForAdministrators
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/LocalPoliciesSecurityOptions/UserAccountControl_BehaviorOfTheElevationPromptForAdministrators
- Impostazione:
2
UserAccountControl_BehaviorOfTheElevationPromptForStandardUsers
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/LocalPoliciesSecurityOptions/UserAccountControl_BehaviorOfTheElevationPromptForStandardUsers
- Impostazione:
3
UserAccountControl_OnlyElevateUIAccessApplicationsThatAreInstalledInSecureLocations
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/LocalPoliciesSecurityOptions/UserAccountControl_OnlyElevateUIAccessApplicationsThatAreInstalledInSecureLocations
- Impostazione:
1
UserAccountControl_RunAllAdministratorsInAdminApprovalMode
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/LocalPoliciesSecurityOptions/UserAccountControl_RunAllAdministratorsInAdminApprovalMode
- Impostazione:
1
UserAccountControl_VirtualizeFileAndRegistryWriteFailuresToPerUserLocations
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/LocalPoliciesSecurityOptions/UserAccountControl_VirtualizeFileAndRegistryWriteFailuresToPerUserLocations
- Impostazione:
1
UserAccountControl_DetectApplicationInstallationsAndPromptForElevation
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/LocalPoliciesSecurityOptions/UserAccountControl_DetectApplicationInstallationsAndPromptForElevation
- Impostazione:
1
MinimumPasswordAge
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/DeviceLock/MinimumPasswordAge
- Impostazione:
1
BackupFilesAndDirectories
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/UserRights/BackupFilesAndDirectories
- Impostazione:
*S-1-5-32-544
CreatePageFile
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/UserRights/CreatePageFile
- Impostazione:
*S-1-5-32-544
CreateSymbolicLinks
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/UserRights/CreateSymbolicLinks
- Impostazione:
*S-1-5-32-544
DebugProgrammi
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/UserRights/DebugPrograms
- Impostazione:
*S-1-5-32-544
DenyLocalLogOn
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/UserRights/DenyLocalLogOn
- Impostazione:
*S-1-5-32-546
RemoteShutdown
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/UserRights/RemoteShutdown
- Impostazione:
*S-1-5-32-544
LoadUnloadDeviceDrivers
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/UserRights/LoadUnloadDeviceDrivers
- Impostazione:
*S-1-5-32-544
ManageAuditingAndSecurityLog
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/UserRights/ManageAuditingAndSecurityLog
- Impostazione:
*S-1-5-32-544
ModifyFirmwareEnvironment'
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/UserRights/ModifyFirmwareEnvironment
- Impostazione:
*S-1-5-32-544
GestisciVolume
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/UserRights/ManageVolume
- Impostazione:
*S-1-5-32-544
ProfileSingleProcess
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/UserRights/ProfileSingleProcess
- Impostazione:
*S-1-5-32-544
RestoreFilesAndDirectories
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/UserRights/RestoreFilesAndDirectories
- Impostazione:
*S-1-5-32-544
TakeOwnership
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/UserRights/TakeOwnership
- Impostazione:
*S-1-5-32-544
AllowToasts
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/AboveLock/AllowToasts
- Impostazione:
0
AllowDirectMemoryAccess'
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/DataProtection/AllowDirectMemoryAccess
- Impostazione:
0
AttackSurfaceReductionRules
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/Defender/AttackSurfaceReductionRules
- Impostazione:
75668c1f-73b5-4cf0-bb93-3ecf5cb7cc84=2|3b576869-a4ec-4529-8536-b80a7769e899=2|
d4f940ab-401b-4efc-aadc-ad5f3c50688a=2|92E97FA1-2EDF-4476-BDD6-9DD0B4DDDC7B=2|
5beb7efe-fd9a-4556-801d-275e5ffc04cc=2|d3e037e1-3eb8-44c8-a917-57927947596d=2|
be9ba2d9-53ea-4cdc-84e5-9b1eeee46550=2|9e6c4e1f-7d60-472f-ba1a-a39ef669e4b2=2|
b2b3f03d-6a65-4f7b-a9c7-1c7ef74a9ba4=2|7674ba52-37eb-4a4f-a9a1-f0f9a1619a2c=2|
FacialFeaturesUseEnhancedAntiSpoofing
- Percorso dei criteri:
./Device/Vendor/MSFT/PassportForWork/Biometrics/FacialFeaturesUseEnhancedAntiSpoofing
- Impostazione:
TRUE
EnableFirewall
- Percorso dei criteri:
./Device/Vendor/MSFT/Firewall/MdmStore/DomainProfile/EnableFirewall
- Impostazione:
TRUE
DefaultInboundAction
- Percorso dei criteri:
./Device/Vendor/MSFT/Firewall/MdmStore/DomainProfile/DefaultInboundAction
- Impostazione:
1
DefaultOutboundAction
- Percorso dei criteri:
./Device/Vendor/MSFT/Firewall/MdmStore/DomainProfile/DefaultOutboundAction
- Impostazione:
0
DisableInboundNotifications
- Percorso dei criteri:
./Device/Vendor/MSFT/Firewall/MdmStore/DomainProfile/DisableInboundNotifications
- Impostazione:
TRUE
EnableFirewall (profilo privato)
- Percorso dei criteri:
./Device/Vendor/MSFT/Firewall/MdmStore/PrivateProfile/EnableFirewall
- Impostazione:
TRUE
DefaultInboundAction (profilo privato)
- Percorso dei criteri:
./Device/Vendor/MSFT/Firewall/MdmStore/PrivateProfile/DefaultInboundAction
- Impostazione:
1
DefaultOutboundAction (profilo privato)
- Percorso dei criteri:
./Device/Vendor/MSFT/Firewall/MdmStore/PrivateProfile/DefaultOutboundAction
- Impostazione:
0
DisableInboundNotifications (profilo privato)
- Percorso dei criteri:
./Device/Vendor/MSFT/Firewall/MdmStore/PrivateProfile/DisableInboundNotifications
- Impostazione:
TRUE
EnableFirewall (profilo pubblico)
- Percorso dei criteri:
./Device/Vendor/MSFT/Firewall/MdmStore/PublicProfile/EnableFirewall
- Impostazione:
TRUE
DefaultInboundAction (profilo pubblico)
- Percorso dei criteri:
./Device/Vendor/MSFT/Firewall/MdmStore/PublicProfile/DefaultInboundAction
- Impostazione:
1
DefaultOutboundAction (profilo pubblico)
- Percorso dei criteri:
./Device/Vendor/MSFT/Firewall/MdmStore/PublicProfile/DefaultOutboundAction
- Impostazione:
0
DisableInboundNotifications (profilo pubblico)
- Percorso dei criteri:
./Device/Vendor/MSFT/Firewall/MdmStore/PublicProfile/DisableInboundNotifications
- Impostazione:
TRUE
AllowLocalPolicyMerge
- Percorso dei criteri:
./Device/Vendor/MSFT/Firewall/MdmStore/PublicProfile/AllowLocalPolicyMerge
- Impostazione:
FALSE
AllowLocalIpsecPolicyMerge
- Percorso dei criteri:
./Device/Vendor/MSFT/Firewall/MdmStore/PublicProfile/AllowLocalIpsecPolicyMerge
- Impostazione:
FALSE
ExploitProtectionSettings
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/ExploitGuard/ExploitProtectionSettings
- Impostazione:
<?xml version=""""1.0"""" encoding=""""UTF-8""""?><MitigationPolicy><AppConfig Executable=""""ONEDRIVE.EXE""""><DEP Enable=""""true"""" EmulateAtlThunks=""""false"""" /><ASLR Enable=""""true"""" ForceRelocateImages=""""true"""" /><ImageLoad BlockRemoteImageLoads=""""true"""" /><Payload EnableExportAddressFilter=""""false"""" EnableExportAddressFilterPlus=""""false"""" EnableImportAddressFilter=""""false"""" EnableRopStackPivot=""""true"""" EnableRopCallerCheck=""""true"""" EnableRopSimExec=""""true"""" /></AppConfig><AppConfig Executable=""""firefox.exe""""><DEP Enable=""""true"""" EmulateAtlThunks=""""false"""" /><ASLR ForceRelocateImages=""""true"""" RequireInfo=""""false"""" BottomUp=""""true"""" HighEntropy=""""false"""" /></AppConfig><AppConfig Executable=""""fltldr.exe""""><DEP Enable=""""true"""" EmulateAtlThunks=""""false"""" /><ImageLoad BlockRemoteImageLoads=""""true"""" /><ChildProcess DisallowChildProcessCreation=""""true"""" /><Payload EnableExportAddressFilter=""""true"""" EnableExportAddressFilterPlus=""""true"""" EnableImportAddressFilter=""""true"""" EnableRopStackPivot=""""true"""" EnableRopCallerCheck=""""true"""" EnableRopSimExec=""""true"""" /></AppConfig><AppConfig Executable=""""GROOVE.EXE""""><DEP Enable=""""true"""" EmulateAtlThunks=""""false"""" /><ASLR Enable=""""true"""" ForceRelocateImages=""""true"""" /><ImageLoad BlockRemoteImageLoads=""""true"""" /><Payload EnableExportAddressFilter=""""true"""" EnableExportAddressFilterPlus=""""true"""" EnableImportAddressFilter=""""true"""" EnableRopStackPivot=""""true"""" EnableRopCallerCheck=""""true"""" EnableRopSimExec=""""true"""" /><ChildProcess DisallowChildProcessCreation=""""true"""" /></AppConfig><AppConfig Executable=""""Acrobat.exe""""><DEP Enable=""""true"""" EmulateAtlThunks=""""false"""" /><ASLR ForceRelocateImages=""""true"""" RequireInfo=""""false"""" BottomUp=""""true"""" HighEntropy=""""false"""" /><Payload EnableExportAddressFilter=""""true"""" EnableExportAddressFilterPlus=""""true"""" EnableImportAddressFilter=""""true"""" EnableRopStackPivot=""""true"""" EnableRopCallerCheck=""""true"""" EnableRopSimExec=""""true"""" /></AppConfig><AppConfig Executable=""""AcroRd32.exe""""><DEP Enable=""""true"""" EmulateAtlThunks=""""false"""" /><ASLR ForceRelocateImages=""""true"""" RequireInfo=""""false"""" BottomUp=""""true"""" HighEntropy=""""false"""" /><Payload EnableExportAddressFilter=""""true"""" EnableExportAddressFilterPlus=""""true"""" EnableImportAddressFilter=""""true"""" EnableRopStackPivot=""""true"""" EnableRopCallerCheck=""""true"""" EnableRopSimExec=""""true"""" /></AppConfig><AppConfig Executable=""""chrome.exe""""><DEP Enable=""""true"""" EmulateAtlThunks=""""false"""" /></AppConfig><AppConfig Executable=""""EXCEL.EXE""""><DEP Enable=""""true"""" EmulateAtlThunks=""""false"""" /><ASLR Enable=""""true"""" ForceRelocateImages=""""true"""" /><Payload EnableExportAddressFilter=""""false"""" EnableExportAddressFilterPlus=""""false"""" EnableImportAddressFilter=""""false"""" EnableRopStackPivot=""""true"""" EnableRopCallerCheck=""""true"""" EnableRopSimExec=""""true"""" /></AppConfig><AppConfig Executable=""""iexplore.exe""""><DEP Enable=""""true"""" EmulateAtlThunks=""""false"""" /><ASLR ForceRelocateImages=""""true"""" RequireInfo=""""false"""" BottomUp=""""true"""" HighEntropy=""""false"""" /><Payload EnableExportAddressFilter=""""true"""" EnableExportAddressFilterPlus=""""true"""" EnableImportAddressFilter=""""true"""" EnableRopStackPivot=""""true"""" EnableRopCallerCheck=""""true"""" EnableRopSimExec=""""true"""" /></AppConfig><AppConfig Executable=""""INFOPATH.EXE""""><DEP Enable=""""true"""" EmulateAtlThunks=""""false"""" /><ASLR Enable=""""true"""" ForceRelocateImages=""""true"""" /><Payload EnableExportAddressFilter=""""true"""" EnableExportAddressFilterPlus=""""true"""" EnableImportAddressFilter=""""true"""" EnableRopStackPivot=""""true"""" EnableRopCallerCheck=""""true"""" EnableRopSimExec=""""true"""" /></AppConfig><AppConfig Executable=""""java.exe""""><DEP Enable=""""true"""" EmulateAtlThunks=""""false"""" /><Payload EnableExportAddressFilter=""""true"""" EnableExportAddressFilterPlus=""""true"""" EnableImportAddressFilter=""""true"""" EnableRopStackPivot=""""true"""" EnableRopCallerCheck=""""true"""" EnableRopSimExec=""""true"""" /></AppConfig><AppConfig Executable=""""javaw.exe""""><DEP Enable=""""true"""" EmulateAtlThunks=""""false"""" /><Payload EnableExportAddressFilter=""""true"""" EnableExportAddressFilterPlus=""""true"""" EnableImportAddressFilter=""""true"""" EnableRopStackPivot=""""true"""" EnableRopCallerCheck=""""true"""" EnableRopSimExec=""""true"""" /></AppConfig><AppConfig Executable=""""javaws.exe""""><DEP Enable=""""true"""" EmulateAtlThunks=""""false"""" /><Payload EnableExportAddressFilter=""""true"""" EnableExportAddressFilterPlus=""""true"""" EnableImportAddressFilter=""""true"""" EnableRopStackPivot=""""true"""" EnableRopCallerCheck=""""true"""" EnableRopSimExec=""""true"""" /></AppConfig><AppConfig Executable=""""LYNC.EXE""""><DEP Enable=""""true"""" EmulateAtlThunks=""""false"""" /><ASLR Enable=""""true"""" ForceRelocateImages=""""true"""" /><Payload EnableExportAddressFilter=""""true"""" EnableExportAddressFilterPlus=""""true"""" EnableImportAddressFilter=""""true"""" EnableRopStackPivot=""""true"""" EnableRopCallerCheck=""""true"""" EnableRopSimExec=""""true"""" /></AppConfig><AppConfig Executable=""""MSACCESS.EXE""""><DEP Enable=""""true"""" EmulateAtlThunks=""""false"""" /><ASLR Enable=""""true"""" ForceRelocateImages=""""true"""" /><Payload EnableExportAddressFilter=""""false"""" EnableExportAddressFilterPlus=""""false"""" EnableImportAddressFilter=""""false"""" EnableRopStackPivot=""""true"""" EnableRopCallerCheck=""""true"""" EnableRopSimExec=""""true"""" /></AppConfig><AppConfig Executable=""""MSPUB.EXE""""><DEP Enable=""""true"""" EmulateAtlThunks=""""false"""" /><ASLR Enable=""""true"""" ForceRelocateImages=""""true"""" /><Payload EnableExportAddressFilter=""""true"""" EnableExportAddressFilterPlus=""""true"""" EnableImportAddressFilter=""""true"""" EnableRopStackPivot=""""true"""" EnableRopCallerCheck=""""true"""" EnableRopSimExec=""""true"""" /></AppConfig><AppConfig Executable=""""OIS.EXE""""><DEP Enable=""""true"""" EmulateAtlThunks=""""false"""" /><Payload EnableExportAddressFilter=""""false"""" EnableExportAddressFilterPlus=""""false"""" EnableImportAddressFilter=""""false"""" EnableRopStackPivot=""""true"""" EnableRopCallerCheck=""""true"""" EnableRopSimExec=""""true"""" /></AppConfig><AppConfig Executable=""""OUTLOOK.EXE""""><DEP Enable=""""true"""" EmulateAtlThunks=""""false"""" /><ASLR Enable=""""true"""" ForceRelocateImages=""""true"""" /><Payload EnableExportAddressFilter=""""false"""" EnableExportAddressFilterPlus=""""false"""" EnableImportAddressFilter=""""false"""" EnableRopStackPivot=""""true"""" EnableRopCallerCheck=""""true"""" EnableRopSimExec=""""true"""" /></AppConfig><AppConfig Executable=""""plugin-container.exe""""><DEP Enable=""""true"""" EmulateAtlThunks=""""false"""" /><Payload EnableExportAddressFilter=""""true"""" EnableExportAddressFilterPlus=""""true"""" EnableImportAddressFilter=""""true"""" EnableRopStackPivot=""""true"""" EnableRopCallerCheck=""""true"""" EnableRopSimExec=""""true"""" /></AppConfig><AppConfig Executable=""""POWERPNT.EXE""""><DEP Enable=""""true"""" EmulateAtlThunks=""""false"""" /><ASLR Enable=""""true"""" ForceRelocateImages=""""true"""" /><Payload EnableExportAddressFilter=""""false"""" EnableExportAddressFilterPlus=""""false"""" EnableImportAddressFilter=""""false"""" EnableRopStackPivot=""""true"""" EnableRopCallerCheck=""""true"""" EnableRopSimExec=""""true"""" /></AppConfig><AppConfig Executable=""""PPTVIEW.EXE""""><DEP Enable=""""true"""" EmulateAtlThunks=""""false"""" /><ASLR Enable=""""true"""" ForceRelocateImages=""""true"""" /><Payload EnableExportAddressFilter=""""true"""" EnableExportAddressFilterPlus=""""true"""" EnableImportAddressFilter=""""true"""" EnableRopStackPivot=""""true"""" EnableRopCallerCheck=""""true"""" EnableRopSimExec=""""true"""" /></AppConfig><AppConfig Executable=""""VISIO.EXE""""><DEP Enable=""""true"""" EmulateAtlThunks=""""false"""" /><ASLR Enable=""""true"""" ForceRelocateImages=""""true"""" /><Payload EnableExportAddressFilter=""""false"""" EnableExportAddressFilterPlus=""""false"""" EnableImportAddressFilter=""""false"""" EnableRopStackPivot=""""true"""" EnableRopCallerCheck=""""true"""" EnableRopSimExec=""""true"""" /></AppConfig><AppConfig Executable=""""VPREVIEW.EXE""""><DEP Enable=""""true"""" EmulateAtlThunks=""""false"""" /><ASLR Enable=""""true"""" ForceRelocateImages=""""true"""" /><Payload EnableExportAddressFilter=""""true"""" EnableExportAddressFilterPlus=""""true"""" EnableImportAddressFilter=""""true"""" EnableRopStackPivot=""""true"""" EnableRopCallerCheck=""""true"""" EnableRopSimExec=""""true"""" /></AppConfig><AppConfig Executable=""""WINWORD.EXE""""><DEP Enable=""""true"""" EmulateAtlThunks=""""false"""" /><ASLR Enable=""""true"""" ForceRelocateImages=""""true"""" /><Payload EnableExportAddressFilter=""""false"""" EnableExportAddressFilterPlus=""""false"""" EnableImportAddressFilter=""""false"""" EnableRopStackPivot=""""true"""" EnableRopCallerCheck=""""true"""" EnableRopSimExec=""""true"""" /></AppConfig><AppConfig Executable=""""wmplayer.exe""""><DEP Enable=""""true"""" EmulateAtlThunks=""""false"""" /><Payload EnableExportAddressFilter=""""false"""" EnableExportAddressFilterPlus=""""false"""" EnableImportAddressFilter=""""false"""" EnableRopStackPivot=""""true"""" EnableRopCallerCheck=""""true"""" EnableRopSimExec=""""true"""" /></AppConfig><AppConfig Executable=""""wordpad.exe""""><DEP Enable=""""true"""" EmulateAtlThunks=""""false"""" /><Payload EnableExportAddressFilter=""""true"""" EnableExportAddressFilterPlus=""""true"""" EnableImportAddressFilter=""""true"""" EnableRopStackPivot=""""true"""" EnableRopCallerCheck=""""true"""" EnableRopSimExec=""""true"""" /></AppConfig></MitigationPolicy>
BlockPicturePassword
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/CredentialProviders/BlockPicturePassword
- Impostazione:
<Enabled/>
DontDisplayNetworkSelectionUI
- Percorso dei criteri:
.Device/Vendor/MSFT/Policy/Config/WindowsLogon/DontDisplayNetworkSelectionUI
- Impostazione:
<Disabled/>
CloudExtendedTimeout
- Percorso dei criteri:
./Device/Vendor/MSFT/Policy/Config/Defender/CloudExtendedTimeout
- Impostazione:
10