Toggle navigation
Group Policy Home
Windows Security Baseline
(current)
Search
MSS: (AutoAdminLogon) Enable Automatic Logon (not recommended)
MSS: (AutoAdminLogon) Enable Automatic Logon (not recommended)
Supported on:
At least Windows Vista
Registry Hive
HKEY_LOCAL_MACHINE
Registry Path
Software\Microsoft\Windows NT\CurrentVersion\Winlogon
Value Name
AutoAdminLogon
Value Type
REG_SZ
Enabled Value
1
Disabled Value
0
mss-legacy.admx
Administrative Templates (Computers)
LAPS
Do not allow password expiration time longer than required by policy
Enable local admin password management
Name of administrator account to manage
Password Settings
MSS (Legacy)
MSS: (AutoAdminLogon) Enable Automatic Logon (not recommended)
MSS: (AutoReboot) Allow Windows to automatically restart after a system crash (recommended except for highly secure environments)
MSS: (AutoShareServer) Enable Administrative Shares (recommended except for highly secure environments)
MSS: (AutoShareWks) Enable Administrative Shares (recommended except for highly secure environments)
MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing)
MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing)
MSS: (DisableSavePassword) Prevent the dial-up passsword from being saved (recommended)
MSS: (EnableDeadGWDetect) Allow automatic detection of dead network gateways (could lead to DoS)
MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes
MSS: (Hidden) Hide Computer From the Browse List (not recommended except for highly secure environments)
MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds
MSS: (NoDefaultExempt) Configure IPSec exemptions for various types of network traffic.
MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers
MSS: (NtfsDisable8dot3NameCreation) Enable the computer to stop generating 8.3 style filenames
MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS)
MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended)
MSS: (ScreenSaverGracePeriod) The time in seconds before the screen saver grace period expires (0 recommended)
MSS: (SynAttackProtect) Syn attack protection level (protects against DoS)
MSS: (TcpMaxConnectResponseRetransmissions) SYN-ACK retransmissions when a connection request is not acknowledged
MSS: (TcpMaxDataRetransmissions) How many times unacknowledged data is retransmitted (3 recommended, 5 is default)
MSS: (TcpMaxDataRetransmissions IPv6) How many times unacknowledged data is retransmitted (3 recommended, 5 is default)
MSS: (WarningLevel) Percentage threshold for the security event log at which the system will generate a warning
MS Security Guide
Apply UAC restrictions to local accounts on network logons
Configure SMB v1 client (extra setting needed for pre-Win8.1/2012R2)
Configure SMB v1 client driver
Configure SMB v1 server
Enable Structured Exception Handling Overwrite Protection (SEHOP)
LSA Protection
Lsass.exe audit mode
Remove "Run As Different User" from context menus
Turn on Windows Defender protection against Potentially Unwanted Applications
WDigest Authentication (disabling may require KB2871997)
SCM: Pass the Hash Mitigations
Apply UAC restrictions to local accounts on network logons
LSA Protection
Lsass.exe audit mode
WDigest Authentication (disabling may require KB2871997)
×
Search in Group Policy Administrative Templates