Beruflich Dokumente
Kultur Dokumente
IP Adress
Subnet mask
Gateway
Dns server
permissions on registry objects
password-protected screen saver
Domain name
Modify Security Policies
Account Policies
Enforce Password History Enabled:
Maximum Password Age Enabled :
Maximum Password Age Enabled :
Minimum Password Age Enabled:
Passwords Must Meet Complexity Requirements
Store Password Using Reversible Encryption:
Account Lockout Policies
Account Lockout Threshold:
Account Lockout Duration:
Reset Account Lockout Counter After
Local Policies
Audit Policy
Audit account logon events
Audit account management
Audit directory service access
Audit logon events
Audit object access
Audit policy change
Audit privilege use
Audit process tracking
Audit system events
User Rights Assignment
Policy
Access this computer from the network
Act as part of the operating system
Add workstations to domain
Adjust memory quotas for a process
Allow logon through Terminal Services
Back up files and directories
Bypass traverse checking
Change the system time
Create a pagefile
Create a token object
Create global objects
Create permanent shared objects
Debug programs
Deny access to this computer from the network
Deny logon as a batch job
Deny logon as a service
Deny logon locally
Deny logon through Terminal Services
Enable computer and user accounts to be trusted for delegation
Force shutdown from a remote system
Generate security audits
Impersonate a client after authentication
Increase scheduling priority
Load and unload device drivers
Lock pages in memory
Log on as a batch job
Log on as a service
Log on locally
Manage auditing and security log
Modify firmware environment values
Perform volume maintenance tasks
Profile single process
Profile system performance
Remove computer from docking station
Replace a process level token
Restore files and directories
Shut down the system
Synchronize directory service data
Take ownership of files or other objects
Security Options
Accounts: Administrator account status
Accounts: Guest account status
Accounts: Limit local account use of blank passwords to console logon only
Accounts: Rename administrator account
Accounts: Rename guest account
Audit: Audit the access of global system objects
Audit: Audit the use of Backup and Restore privilege
Audit: Shut down system immediately if unable to log security audits
DCOM: Machine Access Restrictions in Security Descriptor Definition Language (SDDL) syntax
DCOM: Machine Launch Restrictions in Security Descriptor Definition Language (SDDL) syntax
Devices: Allow undock without having to log on
Devices: Allowed to format and eject removable media
Devices: Prevent users from installing printer drivers
Devices: Restrict CD-ROM access to locally logged-on user only
Devices: Restrict floppy access to locally logged-on user only
Devices: Unsigned driver installation behavior
Domain controller: Allow server operators to schedule tasks
Domain controller: LDAP server signing requirements
Domain controller: Refuse machine account password changes
Domain member: Digitally encrypt or sign secure channel data (always)
Domain member: Digitally encrypt secure channel data (when possible)
Domain member: Digitally sign secure channel data (when possible)
Domain member: Disable machine account password changes
Domain member: Maximum machine account password age
Domain member: Require strong (Windows 2000 or later) session key
Interactive logon: Display user information when the session is locked
Interactive logon: Do not display last user name
Interactive logon: Do not require CTRL+ALT+DEL
Interactive logon: Message text for users attempting to log on
Interactive logon: Message title for users attempting to log on
Interactive logon: Number of previous logons to cache (in case domain controller is not available)
Interactive logon: Prompt user to change password before expiration
Interactive logon: Require Domain Controller authentication to unlock workstation
Interactive logon: Require smart card
Interactive logon: Smart card removal behavior
Microsoft network client: Digitally sign communications (always)
Microsoft network client: Digitally sign communications (if server agrees)
Microsoft network client: Send unencrypted password to third-party SMB servers
Microsoft network server: Amount of idle time required before suspending session
Microsoft network server: Digitally sign communications (always)
Microsoft network server: Digitally sign communications (if client agrees)
Microsoft network server: Disconnect clients when logon hours expire
Network access: Allow anonymous SID/Name translation
Network access: Do not allow anonymous enumeration of SAM accounts
Network access: Do not allow anonymous enumeration of SAM accounts and shares
Network access: Do not allow storage of credentials or .NET Passports for network authentication
Network access: Let Everyone permissions apply to anonymous users
Network access: Named Pipes that can be accessed anonymously
Network access: Remotely accessible registry paths
Network access: Shares that can be accessed anonymously
Network access: Sharing and security model for local accounts
Network security: Do not store LAN Manager hash value on next password change
Network security: Force logoff when logon hours expire
Network security: LAN Manager authentication level
Network security: LDAP client signing requirements
Network security: Minimum session security for NTLM SSP based (including secure RPC) clients
Network security: Minimum session security for NTLM SSP based (including secure RPC) servers
Recovery console: Allow automatic administrative logon
Recovery console: Allow floppy copy and access to all drives and all folders
Shutdown: Allow system to be shut down without having to log on
Shutdown: Clear virtual memory pagefile
System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing
System objects: Default owner for objects created by members of the Administrators group
System objects: Require case insensitivity for non-Windows subsystems
System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links)
SERVICES
.NET Runtime Optimization Service v2.0.50727_X86
Alerter
Application Layer Gateway Service
Application Management
ASP.NET State Service
Automatic Updates
Background Intelligent Transfer Service
ClipBook
COM+ Event System
COM+ System Application
Computer Browser
Cryptographic Services
DCOM Server Process Launcher
DHCP Client
Distributed Link Tracking Client
Distributed Transaction Coordinator
DNS Client
Error Reporting Service
ESET HTTP Server
ESET Service
Event Log
Extensible Authentication Protocol Service
Fast User Switching Compatibility
Health Key and Certificate Management Service
Help and Support
HTTP SSL
Human Interface Device Access
IMAPI CD-Burning COM Service
Indexing Service
IPSEC Services
Logical Disk Manager
Logical Disk Manager Administrative Service
Messenger
Microsoft Office Diagnostics Service
Microsoft Office Groove Audit Service
MS Software Shadow Copy Provider
Net Logon
NetMeeting Remote Desktop Sharing
Network Access Protection Agent
Network Connections
Network DDE
Network DDE DSDM
Network Location Awareness (NLA)
Network Provisioning Service
NT LM Security Support Provider
Office Source Engine
Performance Logs and Alerts
Plug and Play
Portable Media Serial Number Service
Print Spooler
Protected Storage
QoS RSVP
Remote Access Auto Connection Manager
Remote Access Connection Manager
Remote Desktop Help Session Manager
Remote Procedure Call (RPC)
Remote Procedure Call (RPC) Locator
Remote Registry
Removable Storage
Routing and Remote Access
Secondary Logon
Security Accounts Manager
Security Center
Server
Shell Hardware Detection
Smart Card
SSDP Discovery Service
System Event Notification
System Restore Service
Task Scheduler
TCP/IP NetBIOS Helper
Telephony
Telnet
Terminal Services
Themes
Uninterruptible Power Supply
Universal Plug and Play Device Host
Volume Shadow Copy
WebClient
Windows Audio
Windows Firewall/Internet Connection Sharing (ICS)
Windows Image Acquisition (WIA)
Windows Installer
Windows Management Instrumentation
Windows Management Instrumentation Driver Extensions
Windows Search
Windows Time
Wired AutoConfig
Wireless Zero Configuration
WMI Performance Adapter
Workstation
Status Description
secpol.msc
console logon only
curity audits
or Definition Language (SDDL) syntax
or Definition Language (SDDL) syntax
el data (always)
when possible)
en possible)
) session key
sion is locked
if server agrees)
third-party SMB servers
efore suspending session
f SAM accounts
f SAM accounts and shares
NET Passports for network authentication
ymous users
ows-based programs and components to be viewed in Event Viewer. This service cannot be stopped.
cation Protocol Service
equire assistance in a multiple user environment.
his computer. If this service is stopped, Help and Support Center will be unavailable. If this service is disabled, a
t transfer protocol (HTTPS) for the HTTP service, using the Secure Socket Layer (SSL). If this service is disabled
face Devices (HID), which activates and maintains the use of predefined hot buttons on keyboards, remote cont
g Applications Programming Interface (IMAPI). If this service is stopped, this computer will be unable to record C
cal and remote computers; provides rapid access to files through flexible querying language.
KMP/Oakley (IKE) and the IP security driver.
nd sends disk volume information to Logical Disk Manager Administrative Service for configuration. If this servic
e service only runs for configuration processes and then stops.
ages between clients and servers. This service is not related to Windows Messenger. If this service is stopped, A
pies taken by the Volume Shadow Copy service. If this service is stopped, software-based volume shadow copie
ount logon events for computers in a domain.
mputer remotely by using NetMeeting over a corporate intranet. If this service is stopped, remote desktop shari
ork Access Protection
Connections folder, in which you can view both local area network and remote connections.
Dynamic Data Exchange (DDE) for programs running on the same computer or on different computers. If this se
work shares. If this service is stopped, DDE network shares will be unavailable. If this service is disabled, any se
d location information, and notifies applications when this information changes.
n basis for automatic network provisioning.
RPC) programs that use transports other than named pipes.
repairs and is required for the downloading of Setup updates and Watson error reports.
ote computers based on preconfigured schedule parameters, then writes the data to a log or triggers an alert. If
o hardware changes with little or no user input. Stopping or disabling this service will result in system instabilit
media player connected to this computer. If this service is stopped, protected content might not be down loaded
this service is stopped, Remote Assistance will be unavailable. Before stopping this service, see the Dependenc
cellaneous RPC services.
ngs on this computer. If this service is stopped, the registry can be modified only by users on this computer. If
over the network for this computer. If this service is stopped, these functions will be unavailable. If this service
computer. If this service is stopped, this computer will be unable to read smart cards. If this service is disabled,
ome network.
n, network, and power events. Notifies COM+ Event System subscribers of these events.
ervice, turn off System Restore from the System Restore tab in My Computer->Properties
tomated tasks on this computer. If this service is stopped, these tasks will not be run at their scheduled times. I
tBT) service and NetBIOS name resolution.
ograms that control telephony devices and IP based voice connections on the local computer and, through the L
uter and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based co
ctively to a machine as well as the display of desktops and applications to remote computers. The underpinning
If this service is disabled, any services that explicitly depend on it will fail to start.
ic Updates feature or the Windows Update Web site.
able to share information with remote computers. If this service is disabled, any services that explicitly depend
Model (COM) components. If the service is stopped, SENS will close and will not be able to provide logon and log
based components will not function properly. If this service is disabled, any services that explicitly depend on it
ped, this list will not be updated or maintained. If this service is disabled, any services that explicitly depend on
e, which adds and removes Trusted Root Certification Authority certificates from this computer; and Key Service
s stopped, these transactions will not occur. If this service is disabled, any services that explicitly depend on it w
resolve DNS names and locate Active Directory domain controllers. If this service is disabled, any services that e
e stopped.
service is disabled, any services that explicitly depend on it will fail to start.
his service is disabled, any services that explicitly depend on it will fail to start.
yboards, remote controls, and other multimedia devices. If this service is stopped, hot buttons controlled by thi
be unable to record CDs. If this service is disabled, any services that explicitly depend on it will fail to start.
guration. If this service is stopped, dynamic disk status and configuration information may become out of date.
service is stopped, Alerter messages will not be transmitted. If this service is disabled, any services that explic
olume shadow copies cannot be managed. If this service is disabled, any services that explicitly depend on it w
remote desktop sharing will be unavailable. If this service is disabled, any services that explicitly depend on it w
computers. If this service is stopped, DDE transport and security will be unavailable. If this service is disabled,
ce is disabled, any services that explicitly depend on it will fail to start.
or triggers an alert. If this service is stopped, performance information will not be collected. If this service is disa
lt in system instability.
ht not be down loaded to the device.
on this computer. If this service is disabled, any services that explicitly depend on it will fail to start.
rvice is disabled, any services that explicitly depend on it will fail to start.
ilable. If this service is disabled, any services that explicitly depend on it will fail to start.
s service is disabled, any services that explicitly depend on it will fail to start.
eir scheduled times. If this service is disabled, any services that explicitly depend on it will fail to start.
er and, through the LAN, on servers that are also running the service.
nd Windows-based computers. If this service is stopped, remote user access to programs might be unavailable.
ers. The underpinning of Remote Desktop (including RD for Administrators), Fast User Switching, Remote Assista
unavailable for backup and the backup may fail. If this service is disabled, any services that explicitly depend o
be available. If this service is disabled, any services that explicitly depend on it will fail to start.
his service is disabled, any services that explicitly depend on it will fail to start.
this service is disabled, any services that explicitly depend on it will fail to start.
hat explicitly depend on it will fail to start.
rovide logon and logoff notifications. If this service is disabled, any services that explicitly depend on it will fail
xplicitly depend on it will fail to start.
t explicitly depend on it will fail to start.
uter; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these manage
ons controlled by this service will no longer function. If this service is disabled, any services that explicitly depe
t will fail to start.
become out of date. If this service is disabled, any services that explicitly depend on it will fail to start.
. If this service is disabled, any services that explicitly depend on it will fail to start.
ail to start.
fail to start.
might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
hing, Remote Assistance, and Terminal Server.
. If this service is disabled, any services that explicitly depend on it will fail to start.
xplorer will not be able to display virtual folder views of items, and search in the Explorer will fall back to item-b
will fail to start.
depend on it will fail to start.
opped, these management services will not function properly. If this service is disabled, any services that explic
fail to start.
l fail to start.
will fall back to item-by-item slow search.
y services that explicitly depend on it will fail to start.