SBM powered by Microsoft Lync™ Administrator's Guide 2011-11
B-13
HP SBM Security Hardening
USGCB Recommendations That Must Not Be Implemented
Computer Configuration\Windows Settings\Security
Settings\Local Policies\User Rights Assignment
Impersonate a client after
authentication =
Administrators, SERVICE,
Local Service, and Network
Service
Computer Configuration\Windows Settings\Security
Settings\Local Policies\User Rights Assignment
Replace a process level token
= Network Service, Local
Service
The remaining settings have a related registry path but are generally configured in this local
security policy: Computer Configuration\Windows Settings\Security Settings\Local
Policies\Security Options.
In addition to the registry setting, the left column also displays the related parameter in this
policy.
HKLM\Software\Microsoft\Windows\CurrentVersion\
Policies\System\LegalNoticeCaption
Policy setting:
Interactive logon: Message title for users attempting to logon
WARNING
HKLM\Software\Microsoft\Windows\CurrentVersion\
Policies\System\LegalNoticeText
Policy setting:
Interactive logon: Message text for users attempting to logon
This system is for the use of
authorized users only.
Individuals using this
computer system without
authority or in excess of their
authority are subject to having
all their activities on this
system monitored and
recorded by system
personnel. Anyone using this
system expressly consents to
such monitoring and is
advised that if such monitoring
reveals possible evidence of
criminal activity system
personal may provide the
evidence of such monitoring to
law enforcement officials.
HKLM\System\CurrentControlSet\Control\Lsa\Disable
DomainCreds
Policy setting:
Network access: Do not allow storage of passwords and
credentials for network authentication
Enabled
HKLM\System\CurrentControlSet\Control\Lsa\FIPS
AlgorithmPolicy
Policy setting:
System cryptography: Use FIPS compliant algorithms for
encryption, hashing, and signing
Enabled