HP Survivable Branch Communication zl Module powered by Microsoft Lync Planning and Design Guide 2011-02
2-46
Design Considerations
Planning Security
Table 2-22. Settings that Must Not be Implemented
Setting’s Registry Path or Policy Path Windows 7 USGCB
Recommended Setting
Services Disable SQL Browser
Services Disable SQL Writer
HKLM\Software\Microsoft\Windows\CurrentVersion\Po
licies\Explorer!DisableLocalMachineRunOnce
Enabled
HKLM\Software\Microsoft\Windows\CurrentVersion\Po
licies\Explorer!NoAutorun
Enabled: Do not execute any
autorun commands
HKLM\Software\Policies\Microsoft\Windows
NT\Rpc!EnableAuthEpResolution
1
HKLM\Software\Policies\Microsoft\Windows
NT\Rpc!RestrictRemoteClients
1
HKLM\Software\Policies\Microsoft\Windows\DeviceIn
stall\Settings!AllowRemoteRPC
0
HKLM\Software\Policies\Microsoft\WindowsFirewall\D
omainProfile!DisableUnicastResponsesToMulticastBro
adcast; set in
HKLM\SYSTEM\CurrentControlSet\services\SharedAcc
ess\Parameters\FirewallPolicy\DomainProfile!DisableU
nicastResponsesToMulticastBroadcast
0
Computer Configuration\Windows Settings\Security
Settings\Local Policies\Security Options
Accounts: Administrator
account status = Disabled
Computer Configuration\Windows Settings\Security
Settings\Local Policies\User Rights Assignment
Access this computer from
the network =
Administrators, Backup
Operators
Computer Configuration\Windows Settings\Security
Settings\Local Policies\User Rights Assignment
Impersonate a client after
authentication =
Administrators, SERVICE,
Local Service, and Network
Service
Computer Configuration\Windows Settings\Security
Settings\Local Policies\User Rights Assignment
Replace a process level
token = Network Service,
Local Service
The remaining settings have a related registry path but are generally configured in this
local security policy: Computer Configuration\Windows Settings\Security Settings\Local
Policies\Security Options.
In addition to the registry setting, the left column also displays the related parameter in
this policy.