SBM powered by Microsoft Lync™ Administrator's Guide 2011-11
B-14
HP SBM Security Hardening
USGCB Recommendations That Must Not Be Implemented
Table B-4 displays settings that might cause problems if they are implemented.
You should carefully consider whether to implement these policies or not.
Table B-4. Settings that Might Cause Issues
HKLM\System\CurrentControlSet\Control\Lsa\SCENo
ApplyLegacyAuditPolicy
Policy setting:
Audit: Force audit policy subcategory settings (Windows
Vista or later) to override audit policy category settings
Enabled
HKLM\System\CurrentControlSet\Services\LanMan
Server\Parameters\SMBServerNameHardeningLevel
Policy setting:
Microsoft network server: Server SPN target name
validation level
Accept if provided by client
Setting’s Registry Path or Policy Path Windows 7 USGCB
Recommended
Setting
Possible Issue
Policy Path:
Computer Configuration\Windows
Settings\Security Settings\Local
Policies\User Rights Assignment
Profile system
performance =
Administrators,NT
SERVICE\WdiService
Host
A known Windows
issue causes the
WdiServiceHost to be
written incorrectly.
Refer to: http://
support.microsoft.co
m/kb/2000705.
Policy Path:
Computer Configuration\Windows
Settings\Security Settings\Local
Policies\Security Options
Registry Path:
HKLM\Software\Microsoft\Windows\
CurrentVersion\Policies\System\Shutdown
WithoutLogon
Shutdown: Allow
system to be shut
down without having
to log on = Enabled
This setting affects
how you initiate a soft
shutdown of the SBM
using its front panel
power button:
• When this setting
is disabled, you
must tap the
module power
button two or three
times and then
wait about one
minute.
• When this setting
is enabled, you
can simply tap the
power button once
and wait about one
minute.