SBM powered by Microsoft Lync Administrator's Guide 2010-11
B-13
HP SBM Security Hardening
USGCB Recommendations That Must Not Be Implemented
The remaining settings have a related registry path but are generally configured in this local
security policy: Computer Configuration\Windows Settings\Security Settings\Local
Policies\Security Options.
In addition to the registry setting, the left column also displays the related parameter in this
policy.
HKLM\Software\Microsoft\Windows\CurrentVersion\
Policies\System\LegalNoticeCaption
Policy setting:
Interactive logon: Message title for users attempting to logon
WARNING
HKLM\Software\Microsoft\Windows\CurrentVersion\
Policies\System\LegalNoticeText
Policy setting:
Interactive logon: Message text for users attempting to logon
This system is for the use of
authorized users only.
Individuals using this
computer system without
authority or in excess of their
authority are subject to having
all their activities on this
system monitored and
recorded by system
personnel. Anyone using this
system expressly consents to
such monitoring and is
advised that if such monitoring
reveals possible evidence of
criminal activity system
personal may provide the
evidence of such monitoring to
law enforcement officials.
HKLM\System\CurrentControlSet\Control\Lsa\Disable
DomainCreds
Policy setting:
Network access: Do not allow storage of passwords and
credentials for network authentication
Enabled
HKLM\System\CurrentControlSet\Control\Lsa\FIPS
AlgorithmPolicy
Policy setting:
System cryptography: Use FIPS compliant algorithms for
encryption, hashing, and signing
Enabled
HKLM\System\CurrentControlSet\Control\Lsa\SCENo
ApplyLegacyAuditPolicy
Policy setting:
Audit: Force audit policy subcategory settings (Windows
Vista or later) to override audit policy category settings
Enabled