Toggle navigation
Group Policy Home
Microsoft Security Compliance Toolkit
(current)
Search
MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended)
MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended)
Supported on:
At least Windows Vista
Registry Hive
HKEY_LOCAL_MACHINE
Registry Path
SYSTEM\CurrentControlSet\Control\Session Manager
Value Name
SafeDllSearchMode
Value Type
REG_DWORD
Enabled Value
1
Disabled Value
0
mss-legacy.admx
Administrative Templates (Computers)
LAPS
Do not allow password expiration time longer than required by policy
Enable local admin password management
Name of administrator account to manage
Password Settings
MSS (Legacy)
MSS: (AutoAdminLogon) Enable Automatic Logon (not recommended)
MSS: (AutoReboot) Allow Windows to automatically restart after a system crash (recommended except for highly secure environments)
MSS: (AutoShareServer) Enable Administrative Shares (recommended except for highly secure environments)
MSS: (AutoShareWks) Enable Administrative Shares (recommended except for highly secure environments)
MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing)
MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing)
MSS: (DisableSavePassword) Prevent the dial-up passsword from being saved (recommended)
MSS: (EnableDeadGWDetect) Allow automatic detection of dead network gateways (could lead to DoS)
MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes
MSS: (Hidden) Hide Computer From the Browse List (not recommended except for highly secure environments)
MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds
MSS: (NoDefaultExempt) Configure IPSec exemptions for various types of network traffic.
MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers
MSS: (NtfsDisable8dot3NameCreation) Enable the computer to stop generating 8.3 style filenames
MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS)
MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended)
MSS: (ScreenSaverGracePeriod) The time in seconds before the screen saver grace period expires (0 recommended)
MSS: (SynAttackProtect) Syn attack protection level (protects against DoS)
MSS: (TcpMaxConnectResponseRetransmissions) SYN-ACK retransmissions when a connection request is not acknowledged
MSS: (TcpMaxDataRetransmissions) How many times unacknowledged data is retransmitted (3 recommended, 5 is default)
MSS: (TcpMaxDataRetransmissions IPv6) How many times unacknowledged data is retransmitted (3 recommended, 5 is default)
MSS: (WarningLevel) Percentage threshold for the security event log at which the system will generate a warning
MS Security Guide
Apply UAC restrictions to local accounts on network logons
Block Flash activation in Office documents
Configure SMB v1 client (extra setting needed for pre-Win8.1/2012R2)
Configure SMB v1 client driver
Configure SMB v1 server
Enable Structured Exception Handling Overwrite Protection (SEHOP)
Extended Protection for LDAP Authentication (Domain Controllers only)
LSA Protection
Lsass.exe audit mode
Remove "Run As Different User" from context menus
Turn on Windows Defender protection against Potentially Unwanted Applications (DEPRECATED)
WDigest Authentication (disabling may require KB2871997)
SCM: Pass the Hash Mitigations
Apply UAC restrictions to local accounts on network logons
LSA Protection
Lsass.exe audit mode
WDigest Authentication (disabling may require KB2871997)
Wi-Fi Sense
Disable Wi-Fi Sense
×
Search in Group Policy Administrative Templates