Belarc Advisor Security Benchmark Summary

The license associated with the Belarc Advisor product allows for free personal use only. Use on computers in a corporate, educational, military or government installation is prohibited. See the license agreement for details. The information on this page was created locally on your computer by the Belarc Advisor. Your computer profile was not sent to a web server.

About Belarc

System Management Products

Back to Profile Summary

Click any benchmark setting at right for documentation.


Security Benchmark Score Details
Computer Name:	WD500G-f-MaryHP (in MYGROUP) — WD-500G.from,MaryHP
Profile Date:	Saturday, February 23, 2019 1:07:49 PM
Advisor Version:	8.4
Windows Logon:	Tom

Click here for Belarc's security products, for large and small companies.


Score:	0.63 of 10 (more on this score...)	= Pass = Fail
Benchmark:	USGCB - Windows 7, Version 1.0.1.0	= Pass = Fail



Account Lockout Policy Settings			Section Score: 0.63 of 0.63
	1.	Account Lockout Duration (CCE-9308)
	2.	Account Lockout Threshold (CCE-9136)
	3.	Reset Account Lockout Counter After (CCE-9400)

Password Policy Settings			Section Score: 0.00 of 0.63
	1.	Enforce Password History (CCE-8912)
	2.	Maximum Password Age (CCE-9193)
	3.	Minimum Password Age (CCE-9330)
	4.	Minimum Password Length (CCE-9357)
	5.	Password Complexity (CCE-9370)
	6.	Reversible Password Encryption (CCE-9260)

User Rights Assignments			Section Score: 0.00 of 0.63
	1.	Access This Computer From The Network (CCE-9253)
	2.	Act As Part Of The Operating System (CCE-9407)
	3.	Adjust Memory Quotas For A Process (CCE-9068)
	4.	Log On Locally (CCE-9345)
	5.	Log On Through Terminal Services (CCE-9107)
	6.	Back Up Files and Directories (CCE-9389)
	7.	Bypass Traverse Checking (CCE-8414)
	8.	Change the System Time (CCE-8612)
	9.	Change the time zone (CCE-8423)
	10.	Create A Pagefile (CCE-9185)
	11.	Create A Token Object (CCE-9215)
	12.	Create Global Objects (CCE-8431)
	13.	Create Permanent Shared Objects (CCE-9254)
	14.	Create symbolic links (CCE-8460)
	15.	Debug Programs (CCE-8583)
	16.	Deny Access To This Computer From The Network (CCE-9244)
	17.	Deny Logon As A Batch Job (CCE-9212)
	18.	Deny Logon As A Service (CCE-9098)
	19.	Deny Logon Locally (CCE-9239)
	20.	Deny Logon Through Remote Desktop Services (CCE-9274)
	21.	Force Shutdown From A Remote System (CCE-9336)
	22.	Generate Security Audits (CCE-9226)
	23.	Impersonate a Client After Authentication (CCE-8467)
	24.	Increase a Process Working Set (CCE-9048)
	25.	Increase Scheduling Priority (CCE-8999)
	26.	Load And Unload Device Drivers (CCE-9135)
	27.	Lock Pages In Memory (CCE-9289)
	28.	Log On As A Batch Job (CCE-9320)
	29.	Log On As A Service (CCE-9461)
	30.	Manage Auditing And Security Log (CCE-9223)
	31.	Modify an object label (CCE-9149)
	32.	Modify Firmware Environment Values (CCE-9417)
	33.	Perform Volume Maintenance Tasks (CCE-8475)
	34.	Profile Single Process (CCE-9388)
	35.	Profile System Performance (CCE-9419)
	36.	Remove Computer From Docking Station (CCE-9326)
	37.	Replace A Process Level Token (CCE-8732)
	38.	Restore Files And Directories (CCE-9124)
	39.	Shut Down The System (CCE-9014)
	40.	Take Ownership Of Files Or Other Objects" (CCE-9309)

Security Options Settings			Section Score: 0.00 of 0.63
	1.	Accounts: Administrator account status (CCE-9199)
	2.	Accounts: Guest account status (CCE-8714)
	3.	Accounts: Limit local account use to blank passwords to console logon only (CCE-9418)
	4.	Accounts: Rename administrator account (CCE-8484)
	5.	Accounts: Rename guest account (CCE-9229)
	6.	Audit: Audit the access of global system objects (CCE-9150)
	7.	Audit: Audit the use of Backup and Restore privilege (CCE-8789)
	8.	Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings (CCE-9432)
	9.	Devices: Prevent users from installing printer drivers (CCE-9026)
	10.	Devices: Restrict CD-ROM access to locally logged-on user only" (CCE-9304)
	11.	Devices: Restrict floppy access to locally logged-on user only (CCE-9440)
	12.	Domain member: Digitally encrypt or sign secure channel data (always) (CCE-8974)
	13.	Domain member: Digitally encrypt secure channel data (when possible) (CCE-9251)
	14.	Domain member: Digitally sign secure channel data (when possible) (CCE-9375)
	15.	Domain member: Disable machine account password changes (CCE-9295)
	16.	Domain member: Maximum machine account password age (CCE-9123)
	17.	Domain member: Require strong (Windows 2000 or later) session key (CCE-9387)
	18.	Interactive logon: Do not display last user name (CCE-9449)
	19.	Interactive logon: Do not require CTRL+ALT+DEL (CCE-9317)
	20.	Interactive logon: Message text for users attempting to log on (CCE-8973)
	21.	Interactive logon: Message title for users attempting to log on (CCE-8740)
	22.	Interactive logon: Number of previous logons to cache (in case domain controller is not available) (CCE-8487)
	23.	Interactive logon: Prompt user to change password before expiration (CCE-9307)
	24.	Interactive logon: Require Domain Controller authentication to unlock workstation (CCE-8818)
	25.	Interactive logon: Smart card removal behavior (CCE-9067)
	26.	Microsoft network client: Digitally sign communications (always) (CCE-9327)
	27.	Microsoft network client: Digitally sign communications (if server agrees) (CCE-9344)
	28.	Microsoft network client: Send unencrypted password to third-party SMB servers (CCE-9265)
	29.	Microsoft network server: Amount of idle time required before suspending session (CCE-9406)
	30.	Microsoft network server: Digitally sign communications (always) (CCE-9040)
	31.	Microsoft network server: Digitally sign communications (if client agrees) (CCE-8825)
	32.	Microsoft network server: Disconnect clients when logon hours expire (CCE-9358)
	33.	Microsoft network server: SPN Target name validation (CCE-8503)
	34.	Network access: Allow anonymous SID-Name translation (CCE-9531)
	35.	Network access: Do not allow anonymous enumeration of SAM accounts (CCE-9249)
	36.	Network access: Do not allow anonymous enumeration of SAM accounts and shares (CCE-9156)
	37.	Network access: Do not allow storage of passwords and credentials for network authentication (CCE-8654)
	38.	Network access: Let Everyone permissions apply to anonymous users (CCE-8936)
	39.	Network access: Named Pipes that can be accessed anonymously - netlogon, lsarpc, samr, browser (CCE-9218)
	40.	Network access: Remotely accessible registry paths (CCE-9121)
	41.	Network access: Remotely accessible registry paths and sub paths (CCE-9386)
	42.	Network access: Restrict anonymous access to Named Pipes and Shares (CCE-9540)
	43.	Network access: Shares that can be accessed anonymously (CCE-9196)
	44.	Network access: Sharing and security model for local accounts (CCE-9503)
	45.	Network security: Allow Local System to use computer identity for NTLM (CCE-9096)
	46.	Network security: Allow LocalSystem NULL session fallback (CCE-8804)
	47.	Network Security: Allow PKU2U authentication requests to this computer to use online identities (CCE-9770)
	48.	Network Security: Configure encryption types allowed for Kerberos (CCE-9532)
	49.	Network security: Do not store LAN Manager hash value on next password changes (CCE-8937)
	50.	Network security: Force logoff when logon hours expire (CCE-9704)
	51.	Network security: LAN Manager Authentication Level (CCE-8806)
	52.	Network security: LDAP client signing requirements (CCE-9768)
	53.	Network security: Minimum session security for NTLM SSP based (including secure RPC) clients (CCE-9534)
	54.	Network security: Minimum session security for NTLM SSP based (including secure RPC) servers (CCE-9736)
	55.	Recovery Console: Allow Automatic Administrative Logon (CCE-8807)
	56.	Recovery Console: Allow Floppy Copy and Access to All Drives and All Folders (CCE-8945)
	57.	Shutdown: Allow System to be Shut Down Without Having to Log On (CCE-9707)
	58.	Shutdown: Clear Virtual Memory Pagefile (CCE-9222)
	59.	System Cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing (CCE-9266)
	60.	System objects: Require case insensitivity for non-Windows subsystems (CCE-9319)
	61.	System objects: Strengthen default permissions of internal system objects (CCE-9191)
	62.	User Account Control: Admin Approval Mode for the Built-in Administrator account (CCE-8811)
	63.	User Account Control: Allow UIAccess application to prompt for elevation without using the secure desktop (CCE-9301)
	64.	User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode (CCE-8958)
	65.	User Account Control: Behavior of the elevation prompt for standard users (CCE-8813)
	66.	User Account Control: Detect application installations and prompt for elevation (CCE-9616)
	67.	User Account Control: Only elevate executables that are signed and validated (CCE-9021)
	68.	User Account Control: Only elevate UIAccess applications that are installed in secure locations (CCE-9801)
	69.	User Account Control: Run all administrators in Admin Approval Mode (CCE-9189)
	70.	User Account Control: Switch to the secure desktop when prompting for elevation (CCE-9395)
	71.	User Account Control: Virtualize file and registry write failures to per-user locations (CCE-8817)
	72.	MSS: (AutoAdminLogon) Enable Automatic Logon (Not Recommended) (CCE-9342)
	73.	MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing) (CCE-9496)
	74.	MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing) (CCE-8655)
	75.	MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes (CCE-8513)
	76.	MSS: (Hidden) Hide computer from the browse list (Not Recommended except for highly secure environments) (CCE-8560)
	77.	MSS: (KeepAliveTime)How often keep-alive packets are sent in milliseconds (CCE-9426)
	78.	MSS: (NoDefaultExempt) Enable NoDefaultExempt for IPSec Filtering (recommended) (CCE-9439)
	79.	MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers (CCE-8562)
	80.	MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure DefaultGateway addresses (could lead to DoS) (CCE-9458)
	81.	MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended) (CCE-9348)
	82.	MSS: (ScreenSaverGracePeriod) The time in seconds before the screen saver grace period expires (0 recommended) (CCE-8591)
	83.	MSS: (TCPMaxDataRetransmissions) How many times unacknowledged data is retransmitted (3 recommended, 5 is default) (CCE-9456)
	84.	MSS: (TcpMaxDataRetransmissions IPv6) How many times unacknowledged data is retransmitted (3 recommended, 5 is default) (CCE-9487)
	85.	MSS: (WarningLevel) Percentage threshold for the security event log at which the system will generate a warning (CCE-9501)

System Services Settings			Section Score: 0.00 of 0.63
	1.	Bluetooth Support Service (CCE-10661)
	2.	Fax Service (CCE-10150)
	3.	HomeGroup Listener (CCE-10543)
	4.	Homegroup Provider (CCE-9910)
	5.	Media Center Extender (CCE-10699)
	6.	Parental Controls Service (CCE-10311)

Audit Policy Settings			Section Score: 0.00 of 0.63
	1.	Application Group Management (CCE-8822)
	2.	Computer Account Management (CCE-9498)
	3.	Distribution Group Management (CCE-9644)
	4.	Other Account Management Events (CCE-9657)
	5.	Security Group Management (CCE-9692)
	6.	User Account Management (CCE-9542)
	7.	DPAPI Activity (CCE-9735)
	8.	Process Creation (CCE-9562)
	9.	Process Termination (CCE-9227)
	10.	RPC Events (CCE-9492)
	11.	Detailed Directory Service Replication (CCE-9628)
	12.	Directory Service Access (CCE-9765)
	13.	Directory Service Changes (CCE-9734)
	14.	Directory Service Replication (CCE-9637)
	15.	Account Lockout (CCE-8853)
	16.	IPsec Extended Mode (CCE-9661)
	17.	IPsec Main Mode (CCE-10939)
	18.	IPsec Quick Mode (CCE-9632)
	19.	Logoff (CCE-8856)
	20.	Logon (CCE-9683)
	21.	Other Logon/Logoff Events (CCE-9622)
	22.	Special Logon (CCE-9763)
	23.	Application Generated (CCE-9816)
	24.	Certification Services (CCE-9460)
	25.	File Share (CCE-9376)
	26.	File System (CCE-9217)
	27.	Filtering Platform Connection (CCE-9728)
	28.	Filtering Platform Packet Drop (CCE-9133)
	29.	Handle Manipulation (CCE-9789)
	30.	Kernel Object (CCE-9803)
	31.	Other Object Access Events (CCE-9455)
	32.	Registry (CCE-9737)
	33.	SAM (CCE-9856)
	34.	Audit Policy Change (CCE-10021)
	35.	Authentication Policy Change (CCE-9976)
	36.	Authorization Policy Change (CCE-9633)
	37.	Filtering Platform Policy Change (CCE-9902)
	38.	MPSSVC Rule-Level Policy Change (CCE-9153)
	39.	Other Policy Change Events (CCE-9596)
	40.	Non Sensitive Privilege Use (CCE-9190)
	41.	Other Privilege Use Events (CCE-9988)
	42.	Sensitive Privilege Use (CCE-9878)
	43.	IPsec Driver (CCE-9925)
	44.	Other System Events (CCE-9586)
	45.	Security State Change (CCE-9850)
	46.	Security System Extension (CCE-9863)
	47.	System Integrity (CCE-9520)

Computer Configuration - Administrative Templates - Network Connections			Section Score: 0.00 of 0.63
	1.	Turn on Mapper I/O (LLTDIO) driver (CCE-9783)
	2.	Turn on Responder (RSPNDR) driver (CCE-10059)
	3.	Turn Off Microsoft Peer-to-Peer Networking Services (CCE-10438)
	4.	Prohibit installation and configuration of Network Bridge on your DNS domain network (CCE-9953)
	5.	Require Domain users to elevate when setting a networks location (CCE-10359)
	6.	Route all traffic through the internal network (CCE-10509)
	7.	_6to4 State (CCE-10266)
	8.	ISATAP State (CCE-10130)
	9.	Teredo State (CCE-10011)
	10.	IP HTTPS (CCE-10764)
	11.	Configuration of Wireless Settings Using Windows Connect Now (CCE-9879)
	12.	Prohibit Access of the Windows Connect Now Wizards (CCE-10778)
	13.	Extend point and print connection to search Windows update and use alternate connection if needed (CCE-10782)

Computer Configuration - Administrative Templates - System Settings			Section Score: 0.00 of 0.63
	1.	Allow remote access to the PnP interface (CCE-10769)
	2.	Do not send a Windows Error Report when a generic driver is installed on a device (CCE-9901)
	3.	Prevent creation of a system restore point during device activity that would normally promp creation of a restore point. (CCE-10553)
	4.	Prevent device metadata retrieval from the internet (CCE-10165)
	5.	Specify search order for device driver source locations (CCE-9919)
	6.	Registry Policy (CCE-9361)
	7.	Turn off downloading of print drivers over HTTP (CCE-9195)
	8.	Turn off event views (Events.asp) links (CCE-9819)
	9.	Turn off handwriting personalization data sharing (CCE-10645)
	10.	Turn off handwriting recognition error reporting (CCE-10645)
	11.	Turn off Internet connection wizard if URL connection is referring to Microsoft.com (CCE-10649)
	12.	Turn off Internet download for Web publishing and online ordering wizards (CCE-9674)
	13.	Turn off Internet file association service (CCE-10795)
	14.	Turn off printing over HTTP (CCE-10061)
	15.	Turn off registration if URL connection is referring to Microsoft.com (CCE-10160)
	16.	Turn off Search Companion content file updates (CCE-10140)
	17.	Turn off the Order Prints picture task (CCE-9823)
	18.	Turn off the Publish to Web task for files and folders (CCE-9643)
	19.	Turn off the Windows Messenger Customer Experience Improvement Program (CCE-9559)
	20.	Turn Off Windows Error Reporting (CCE-10441)
	21.	Always Use Classic Logon (CCE-10591)
	22.	Do not process the run once list (CCE-10154)
	23.	Require a Password when a Computer Wakes (On Battery) (CCE-9829)
	24.	Require a Password when a Computer Wakes (Plugged) (CCE-9670)
	25.	Offer Remote Assistance (CCE-9960)
	26.	Solicited Remote Assistance (CCE-9506)
	27.	Turn on session logging (CCE-10344)
	27.	Restrictions for Unauthenticated RPC clients (CCE-9396)
	29.	RPC Endpoint Mapper Client Authentication (CCE-10181)

Computer Configuration - Administrative Templates - System - Troubleshooting and Diagnostics			Section Score: 0.00 of 0.63
	1.	Microsoft support diagnostic tool: turn on msdt interactive communication with support provider (CCE-9842)
	2.	Troubleshooting: allow user to access online troubleshooting content on Microsoft server from the troubleshooting control panel (CCE-10606)
	3.	Enable or disable perftrack (CCE-10219)

Computer Configuration - Administrative Templates - Windows Components			Section Score: 0.00 of 0.63
	1.	Confidure Windows NTP client (CCE-10500)
	2.	Turn off program inventory (CCE-10787)
	3.	Default behavior for autorun (CCE-10527)
	4.	Turn off Autoplay (CCE-9528)
	5.	Turn off autoplay for non volume devices (CCE-10655)
	6.	Enumerate administrator accounts on elevation (CCE-9938)
	7.	Do not allow digital locker to run (CCE-10759)
	8.	Override the More Gadgets Lnk (CCE-9857)
	9.	Disable unpacking and installation of gadgets that are not digitally signed (CCE-10811)
	10.	Turn Off User Installed Windows Sidebar Gidgets (CCE-10586)
	11.	Maximum Application Log Size (CCE-9603)
	12.	Maximum Security Log Size (CCE-9967)
	13.	Maximum Setup Log Size (CCE-10714)
	14.	Maximum Setup Log Size (CCE-10156)
	15.	Turn Off Downloading of Game Information (CCE-10828)
	16.	Turn off game updates (CCE-10850)
	17.	Prevent the computer from joining a Homegroup (CCE-10183)
	18.	Disable remote desktop sharing (CCE-10763)
	19.	Do not allow passwords to be saved (CCE-10090)
	20.	Allow users to connect remotely using Remote Desktop Services (CCE-9985)
	21.	Always prompt client for password upon connection (CCE-10103)
	22.	Set client connection encryption level (CCE-9764)
	23.	Set a time limit for active but idle Terminal Services sessions (CCE-10608)
	24.	Set a time limit for disconnected sessions (CCE-9858)
	25.	Do not delete temp folders upon exit (CCE-10856)
	26.	Do not use temporary folders per session (CCE-9864)
	27.	Turn off downloading of enclosures (CCE-10730)
	28.	Allow indexing of encrypted files (CCE-10496)
	29.	Enable indexing uncached Exchange folders (CCE-9866)
	30.	Prevent Windows anytime upgrade from running (CCE-10137)
	31.	Configure Microsoft SpyNet Reporting (CCE-9868)
	32.	Disable Logging (CCE-10157)
	33.	Disable Windows Error Reporting (CCE-9914)
	34.	Display Error Notification (CCE-10709)
	35.	Do Not Send Additional Data (CCE-10824)
	36.	Turn off data execution prevention for explorer (CCE-9918)
	37.	Turn off Heap termination on corruption (CCE-9874)
	38.	Turn off shell protocol protected mode (CCE-10623)
	39.	Disable IE security prompt for Windows Installer scripts (CCE-9875)
	40.	Enable user control over installs (CCE-9876)
	41.	Prohibit non-administrators from applying vendor signed updates (CCE-9888)
	42.	Report Logon Server Not Available During User logon (CCE-9907)
	43.	Turn off the communities features (CCE-11252)
	44.	windows_mail_application_manual_launch_permitted_var (CCE-10882)
	45.	Prevent Windows Media DRM Internet Access (CCE-9908)
	46.	Do Not Show First Use Dialog Boxes (CCE-10692)
	47.	Prevent Automatic Updates (CCE-10602)
	48.	Configure automatic updates (CCE-9403)
	49.	Reschedule automatic updates scheduled installation (CCE-10205)
	50.	No auto restart with logged on users for scheduled automatic updates installations (CCE-9672)
	51.	Do not display 'Install updates and shut down option' in shut down windows dialog box (CCE-9464)
	52.	Games are not installed
	53.	Internet Information Services
	54.	Simple TCPIP Services
	55.	Telnet Client
	56.	Telnet Server
	57.	TFTP Client
	58.	Windows Media Center

Security Patches			Section Score: 0.00 of 0.63
	1.	Security Patches Up-To-Date

Windows Firewall Inbound Rules			Section Score: 0.00 of 0.63
	1.	Core Networking - Dynamic Host Configuration Protocol (DHCP-In) (CCE-14986)
	2.	Core Networking - Dynamic Host Configuration Protocol (DHCPV6-In) (CCE-14854)

Windows Firewall with Advanced Security - Domain Profile			Section Score: 0.00 of 0.63
	1.	Log Dropped Packets (CCE-10502)
	2.	Logged Successful Connections (CCE-10268)
	3.	Name (CCE-10022)
	4.	Size Limit (CCE-9747)
	5.	Display a Notification (CCE-9774)
	6.	Apply Local Connection Security Rules (CCE-9329)
	7.	Apply Local Firewall Rules (CCE-9686)
	8.	Allow Unicast Response (CCE-9069)
	9.	Firewall state (CCE-9465)
	10.	Inbound Connections (CCE-9620)
	11.	Outbound Connections (CCE-9509)

Windows Firewall with Advanced Security - Private Profile			Section Score: 0.00 of 0.63
	1.	Log Dropped Packets (CCE-10215)
	2.	Logged Successful Connections (CCE-10611)
	3.	Name (CCE-10386)
	4.	Size Limit (CCE-10250)
	5.	Display a Notification (CCE-8884)
	6.	Apply Local Connection Security Rules (CCE-9712)
	7.	Apply Local Firewall Rules (CCE-9663)
	8.	Allow Unicast Response (CCE-9522)
	9.	Firewall state (CCE-9739)
	10.	Inbound Connections (CCE-9694)
	11.	Outbound Connections (CCE-8870)

Windows Firewall with Advanced Security - Public Profile			Section Score: 0.00 of 0.63
	1.	Log Dropped Packets (CCE-9749)
	2.	Logged Successful Connections (CCE-9753)
	3.	Name (CCE-9926)
	4.	Size Limit (CCE-10373)
	5.	Display a Notification (CCE-9742)
	6.	Apply Local Connection Security Rules (CCE-9817)
	7.	Apply Local Firewall Rules (CCE-9786)
	8.	Allow Unicast Response (CCE-9773)
	9.	Firewall state (CCE-9593)
	10.	Inbound Connections (CCE-9007)
	11.	Outbound Connections (CCE-9588)

Internet Explorer 8 - Local Computer Policy			Section Score: 0.00 of 0.63
	1.	Disable Configuring History - Local Computer (CCE-10387)
	2.	Disable Changing Automatic Configuration Settings - Local Computer (CCE-10638)
	3.	Do Not Allow Users to enable or Disable Add-Ons - Local Computer (CCE-10235)
	4.	Make proxy settings per-machine (rather than per-user) - Local Computer (CCE-9870)
	5.	Prevent participation in the Customer Experience Improvement Programs - Local Computer (CCE-10522)
	6.	Prevent performance of First Run Customize settings - Local Computer (CCE-10641)
	7.	Security Zones: Do Not Allow Users to Add/Delete Sites - Local Computer (CCE-10394)
	8.	Security Zones: Do Not Allow Users to Change Policies - Local Computer (CCE-10037)
	9.	Security Zones: Use Only Machine Settings - Local Computer (CCE-10096)
	10.	Turn Off Crash Detection - Local Computer (CCE-10594)
	11.	Turn Off Managing SmartScreen Filter - Local Computer (CCE-9973)
	12.	Turn Off the Security Settings Check Feature - Local Computer (CCE-10607)
	13.	Include updated Web site lists from Microsoft - Local Computer (CCE-10603)
	14.	Configure Delete Browsing History on exit - Local Computer (CCE-10590)
	15.	Prevent Deleting Web sites that the User has Visited - Local Computer (CCE-10110)
	16.	Turn off InPrivate Browsing - Local Computer (CCE-9885)
	17.	Allow Active Content from CDs to Run on User Machine - Local Computer (CCE-10293)
	18.	Allow Software to Run or Install Even if the Signature is Invalid - Local Computer (CCE-10052)
	19.	Allow Third-Party Browser Extensions - Local Computer (CCE-9905)
	20.	Automatically Check for Internet Explorer Updates - Local Computer (CCE-10581)
	21.	Check for Server Certificate Revocation - Local Computer (CCE-10074)
	22.	Check for signatures on downloaded programs - Local Computer - variable (CCE-10055)
	23.	Intranet Sites: Include all network paths (UNCs) - Local Computer (CCE-9660)
	24.	Access Data Sources Across Domains - Internet Zone - Local Computer (CCE-10380)
	25.	Allow cut, copy or paste operations from the clipboard via script - Internet Zone - Local Computer (CCE-10002)
	26.	Allow drag and drop or copy and paste files - Internet Zone - Local Computer (CCE-10033)
	27.	Allow Font Downloads - Internet Zone - Local Computer (CCE-10403)
	28.	Allow installation of desktop items - Internet Zone - Local Computer (CCE-9790)
	29.	Allow scripting of Internet Explorer web browser control - Internet Zone - Local Computer (CCE-9779)
	30.	Allow script-initiated windows without size or position constraints - Internet Zone - Local Computer (CCE-9882)
	31.	Allow Scriptlets - Internet Zone - Local Computer (CCE-10685)
	32.	Allow status bar updates via script - Internet Zone - Local Computer (CCE-9750)
	33.	Automatic prompting for file downloads - Internet Zone - Local Computer (CCE-10389)
	34.	Download signed ActiveX controls - Internet Zone - Local Computer (CCE-9917)
	35.	Download unsigned ActiveX controls - Internet Zone - Local Computer (CCE-10433)
	36.	Include local directory path when uploading files to a server - Internet Zone - Local Computer (CCE-10646)
	37.	Initialize and script ActiveX controls not marked as safe - Internet Zone - Local Computer (CCE-10561)
	38.	Java permissions - Internet Zone - Local Computer (CCE-10182)
	39.	Launching applications and files in an IFRAME - Internet Zone - Local Computer (CCE-9821)
	40.	Launching programs and unsafe files - Internet Zone - Local Computer (CCE-10650)
	41.	Logon Options - Internet Zone - Local Computer (CCE-10472)
	42.	Loose XAML files - Internet Zone - Local Computer (CCE-10672)
	43.	Navigate windows and frames across different domains - Internet Zone - Local Computer (CCE-9865)
	44.	Only allow approved domains to use ActiveX controls without prompt - Internet Zone - Local Computer (CCE-9793)
	45.	Open files based on content, not file extension - Internet Zone - Local Computer (CCE-10107)
	46.	Run .NET Framework-reliant components not signed with Authenticode - Internet Zone - Local Computer (CCE-10515)
	47.	Run .NET Framework-reliant components signed with Authenticode - Internet Zone - Local Computer (CCE-10625)
	48.	Software channel permissions - Internet Zone - Local Computer (CCE-10425)
	49.	Turn Off First-Run Opt-In - Internet Zone - Local Computer (CCE-10434)
	50.	Turn on Cross-Site Scripting (XSS) Filter - Internet Zone - Local Computer (CCE-10276)
	51.	Turn On Protected Mode - Internet Zone - Local Computer (CCE-10676)
	52.	Use Pop-up Blocker - Internet Zone - Local Computer (CCE-10486)
	53.	Userdata Persistence - Internet Zone - Local Computer (CCE-10200)
	54.	Web sites in less privileged Web content zones can navigate into this zone - Internet Zone - Local Computer (CCE-10622)
	55.	Java permissions - Intranet Zone - Local Computer (CCE-10566)
	56.	Java permissions - Local Machine Zone - Local Computer (CCE-10319)
	57.	Download Signed ActiveX Controls - Locked Down Internet Zone - Local Computer (CCE-10095)
	58.	Java permissions - Locked Down Internet Zone - Local Computer (CCE-10597)
	59.	Java permissions - Locked Down Intranet Zone - Local Computer (CCE-10342)
	60.	Java permissions - Locked Down Local Machine - Local Computer (CCE-10535)
	61.	Java permissions - Locked Down Restricted Sites Zone - Local Computer (CCE-10275)
	62.	Java permissions - Locked Down Trusted Sites Zone - Local Computer (CCE-10654)
	63.	Access Data Sources Across Domains - Restricted Sites Zone - Local Computer (CCE-10525)
	64.	Allow Active Scripting - Restricted Sites Zone - Local Computer (CCE-10393)
	65.	Allow Binary and Script Behaviors - Restricted Sites Zone - Local Computer (CCE-10547)
	66.	Allow cut, copy or paste operations from the clipboard via script - Restricted SitesZone - Local Computer (CCE-10539)
	67.	Allow drag and drop or copy and paste files - Restricted Sites Zone - Local Computer (CCE-9667)
	68.	Allow File Downloads - Restricted Sites Zone - Local Computer (CCE-10466)
	69.	Allow Font Downloads - Restricted Sites Zone - Local Computer (CCE-9982)
	70.	Allow installation of desktop items - Restricted Sites Zone - Local Computer (CCE-10475)
	71.	Allow scripting of Internet Explorer web browser control - Restricted Sites Zone - Local Computer (CCE-10725)
	72.	Allow META REFRESH - Restricted Sites Zone - Local Computer (CCE-10664)
	73.	Allow script-initiated windows without size or position constraints - Restricted Sites Zone - Local Computer (CCE-9814)
	74.	Allow Scriptlets - Restricted Sites Zone - Local Computer (CCE-10630)
	75.	Allow status bar updates via script - Restricted Sites Zone - Local Computer (CCE-10431)
	76.	Automatic prompting for file downloads - Restricted Sites Zone - Local Computer (CCE-9959)
	77.	Download signed ActiveX controls - Restricted Sites Zone - Local Computer (CCE-10470)
	78.	Download unsigned ActiveX controls - Restricted Sites Zone - Local Computer (CCE-10461)
	79.	Include local directory path when uploading files to a server - Restricted Sites Zone - Local Computer (CCE-9781)
	80.	Initialize and script ActiveX controls not marked as safe - Restricted Sites Zone - Local Computer (CCE-10347)
	81.	Java permissions - Restricted Sites Zone - Local Computer (CCE-10620)
	82.	Launching applications and files in an IFRAME - Restricted Sites Zone - Local Computer (CCE-10360)
	83.	Launching programs and unsafe files - Restricted Sites Zone - Local Computer (CCE-10744)
	84.	Logon Options - Restricted Sites Zone - Local Computer (CCE-10651)
	85.	Loose XAML files - Restricted Sites Zone - Local Computer (CCE-10178)
	86.	Navigate sub-frames across different domains - Restricted Sites Zone - Local Computer (CCE-10642)
	87.	Only allow approved domains to use ActiveX controls without prompt - Restricted Sites Zone - Local Computer (CCE-9832)
	88.	Open files based on content, not file extension - Restricted Sites Zone - Local Computer (CCE-10277)
	89.	Run .NET Framework-reliant components not signed with Authenticode - Restricted Sites Zone - Local Computer (CCE-9898)
	90.	Run .NET Framework-reliant components signed with Authenticode - Restricted Sites Zone - Local Computer (CCE-9673)
	91.	Run ActiveX controls and plugins - Restricted Sites Zone - Local Computer (CCE-9792)
	92.	Script ActiveX controls marked safe for scripting - Restricted Sites Zone - Local Computer (CCE-10554)
	93.	Scripting of Java Applets - Restricted Sites Zone - Local Computer (CCE-10083)
	94.	Software channel permissions - Restricted Sites Zone - Local Computer (CCE-9669)
	95.	Turn Off First-Run Opt-In - Restricted Sites Zone - Local Computer (CCE-10420)
	96.	Turn on Cross-Site Scripting (XSS) Filter - Restricted Sites Zone - Local Computer (CCE-10105)
	97.	Turn On Protected Mode - Restricted Sites Zone - Local Computer (CCE-9945)
	98.	Use Pop-up Blocker - Restricted Sites Zone - Local Computer (CCE-10094)
	99.	Userdata Persistence - Restricted Sites Zone - Local Computer (CCE-9760)
	100.	Web sites in less privileged Web content zones can navigate into this zone - Restricted Sites Zone - Local Computer (CCE-10609)
	101.	Java permissions - Trusted Sites Zone - Local Computer (CCE-10696)
	102.	Turn Off changing the URL to be displayed for checking updates to Internet Explorer and Internet Tools - Local Computer (CCE-10595)
	103.	Turn Off Configuring the Update Check Interval (In Days) - Local Computer (CCE-9776)
	104.	Internet Explorer Processes - Consistent Mime Handling - Local Computer (CCE-10138)
	105.	Internet Explorer Processes - Mime Sniffing Safety Feature - Local Computer (CCE-10635)
	106.	Internet Explorer Processes - MK Protocol Security Restriction - Local Computer (CCE-10265)
	107.	Internet Explorer Processes - Protection From Zone Elevation - Local Computer (CCE-10574)
	108.	Internet Explorer Processes - Restrict ActiveX Install - Local Computer (CCE-10405)
	109.	Internet Explorer Processes - Restrict File Download - Local Computer (CCE-10578)
	110.	Internet Explorer Processes - Scripted Window Security Restrictions - Local Computer (CCE-10604)

Why are security benchmarks important for IT security? Many current threats are not stopped by perimeter security systems such as firewall and anti-virus systems. Setting and monitoring configurations based on consensus benchmarks is a critical step because this is a pro-active way to avoid many successful attacks. The U.S. National Security Agency has found that configuring computers with proper security settings blocks 90% of the existing threats ("Security Benchmarks: A Gold Standard." IA Newsletter, vol. 5 no. 3 Click here to view) To request a copy of our white paper, "Securing the Enterprise", click here.

What is the USGCB Benchmark? The United States Government Configuration Baseline (USGCB) is a US Government OMB-mandated security configuration for Windows 7 and Internet Explorer 8. Developed by DoD, with NIST assistance, the benchmark is the product of DoD consensus. Click here for details.

What are FDCC Benchmarks? The Federal Desktop Core Configuration (FDCC) is a US Government OMB-mandated security configuration for Windows Vista and XP. The Windows Vista FDCC is based on DoD customization of the Microsoft Security Guides for both Windows Vista and Internet Explorer 7.0. Microsoft's Vista Security Guide was produced through a collaborative effort with DISA, NSA, and NIST, reflecting the consensus recommended settings from DISA, NSA, and NIST. The Windows XP FDCC is based on US Air Force customization of the Specialized Security-Limited Functionality (SSLF) recommendations in NIST SP 800-68 and DoD customization of the recommendations in Microsoft's Security Guide for Internet Explorer 7.0. Click here for details.

What is the Security Benchmark Score? The Belarc Advisor has audited the security of your computer using a benchmark appropriate to your operating system. The result is a number between zero and ten that gives a measure of the vulnerability of your system to potential threats. The higher the number the less vulnerable your system.

How can you reduce your security vulnerability? The local group policy editor (accessed by running the gpedit.msc command) can be used to configure security settings for your computer. Windows home editions don't include that editor, but most security settings can also be made with registry entries instead. Warning: Applying these security settings may cause some applications to stop working correctly. Back up your system prior to applying these security templates or apply the templates on a test system first. For domain member computers, the benchmark configurations are available from the benchmark creator's web site as Microsoft Group Policy Object files that can be used with Active Directory. Follow the links above to the web site of your Benchmark's creator.