Skip to content

Commit

Permalink
Allow remote login for local accounts, clean up empty settings
Browse files Browse the repository at this point in the history
  • Loading branch information
@eemperor
eemperor committed Aug 6, 2024
1 parent 8adf3c9 commit 8fa75d6
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 38 deletions.
18 changes: 0 additions & 18 deletions ash-windows/stig/Windows_2022Server_DC/stig.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -532,15 +532,9 @@
- name: SeCreatePagefilePrivilege
policy_type: secedit
value: '*S-1-5-32-544'
- name: SeCreateTokenPrivilege
policy_type: secedit
value: ''
- name: SeCreateGlobalPrivilege
policy_type: secedit
value: '*S-1-5-32-544,*S-1-5-19,*S-1-5-20,*S-1-5-6'
- name: SeCreatePermanentPrivilege
policy_type: secedit
value: ''
- name: SeCreateSymbolicLinkPrivilege
policy_type: secedit
value: '*S-1-5-32-544'
Expand All @@ -562,9 +556,6 @@
- name: SeLoadDriverPrivilege
policy_type: secedit
value: '*S-1-5-32-544'
- name: SeLockMemoryPrivilege
policy_type: secedit
value: ''
- name: SeSecurityPrivilege
policy_type: secedit
value: '*S-1-5-32-544'
Expand All @@ -586,18 +577,9 @@
- name: SeNetworkLogonRight
policy_type: secedit
value: '*S-1-5-32-544,*S-1-5-11,*S-1-5-9'
- name: SeDenyServiceLogonRight
policy_type: secedit
value: ''
- name: SeEnableDelegationPrivilege
policy_type: secedit
value: '*S-1-5-32-544'
- name: SeTcbPrivilege
policy_type: secedit
value: ''
- name: SeTrustedCredManAccessPrivilege
policy_type: secedit
value: ''
- name: SeMachineAccountPrivilege
policy_type: secedit
value: '*S-1-5-32-544'
Expand Down
22 changes: 2 additions & 20 deletions ash-windows/stig/Windows_2022Server_MS/stig.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -509,7 +509,7 @@
vtype: DWORD
- name: SeDenyNetworkLogonRight
policy_type: secedit
value: '*S-1-5-114,*S-1-5-32-546'
value: '*S-1-5-32-546'
- name: SeDenyBatchLogonRight
policy_type: secedit
value: '*S-1-5-32-546'
Expand All @@ -518,7 +518,7 @@
value: '*S-1-5-32-546'
- name: SeDenyRemoteInteractiveLogonRight
policy_type: secedit
value: '*S-1-5-113,*S-1-5-32-546'
value: '*S-1-5-32-546'
- name: SeInteractiveLogonRight
policy_type: secedit
value: '*S-1-5-32-544'
Expand All @@ -528,15 +528,9 @@
- name: SeCreatePagefilePrivilege
policy_type: secedit
value: '*S-1-5-32-544'
- name: SeCreateTokenPrivilege
policy_type: secedit
value: ''
- name: SeCreateGlobalPrivilege
policy_type: secedit
value: '*S-1-5-6,*S-1-5-20,*S-1-5-19,*S-1-5-32-544'
- name: SeCreatePermanentPrivilege
policy_type: secedit
value: ''
- name: SeCreateSymbolicLinkPrivilege
policy_type: secedit
value: '*S-1-5-32-544'
Expand All @@ -558,9 +552,6 @@
- name: SeLoadDriverPrivilege
policy_type: secedit
value: '*S-1-5-32-544'
- name: SeLockMemoryPrivilege
policy_type: secedit
value: ''
- name: SeSecurityPrivilege
policy_type: secedit
value: '*S-1-5-32-544'
Expand All @@ -582,12 +573,3 @@
- name: SeNetworkLogonRight
policy_type: secedit
value: '*S-1-5-32-544,*S-1-5-11'
- name: SeEnableDelegationPrivilege
policy_type: secedit
value: ''
- name: SeTcbPrivilege
policy_type: secedit
value: ''
- name: SeTrustedCredManAccessPrivilege
policy_type: secedit
value: ''

0 comments on commit 8fa75d6

Please sign in to comment.