;Ejection of removable NTFS media is not restricted to Administrators
;CCE-10637-7:
Computer
Software\Microsoft\Windows NT\CurrentVersion\WinLogon
AllocateDASD
SZ:0

;The system must be configured to prevent the storage of passwords and credentials
;CCE-23358-5:
Computer
System\CurrentControlSet\Control\Lsa
DisableDomainCreds
DWORD:1

;The system must be configured to use FIPS-compliant algorithms for encryption, hashing, and signing
;CCE-23921-0:
Computer
System\CurrentControlSet\Control\Lsa\FIPSAlgorithmPolicy
Enabled
DWORD:1

;Remote Desktop Services must be configured to use session-specific temporary folders
;CCE-24042-4:
Computer
Software\Policies\Microsoft\Windows NT\Terminal Services
PerSessionTempDir
DWORD:1

;Remote Desktop Services must delete temporary folders when a session is terminated
;CCE-24304-8:
Computer
Software\Policies\Microsoft\Windows NT\Terminal Services
DeleteTempDirsOnExit
DWORD:1

;Remote Desktop Services must be configured to set a time limit for disconnected sessions
;'Set time limit for disconnected sessions' is set to 'Enabled' and 'End a disconnected session' is set to '1 minute'
;CCE-24797-3:
Computer
Software\Policies\Microsoft\Windows NT\Terminal Services
MaxDisconnectionTime
DWORD:60000

;Remote Desktop Services must be configured to disconnect an idle session after the specified time period
;'Set time limit for active but idle Remote Desktop Services sessions' is set to 'Enabled'; 'Idle session limit' is set to 15 minutes or less
;CCE-24325-3:
Computer
Software\Policies\Microsoft\Windows NT\Terminal Services
MaxIdleTime
DWORD:900000

;The system must be configured to prevent automatic forwarding of error information
;CCE-25194-2:
Computer
Software\Policies\Microsoft\PCHealth\ErrorReporting
DoReport
DWORD:0

;Windows Media Player must be configured to prevent automatic checking for updates
;CCE-24250-3:
Computer
SOFTWARE\Policies\Microsoft\WindowsMediaPlayer
DisableAutoUpdate
DWORD:1

;The system must be configured to prevent Internet Control Message Protocol (ICMP) redirects from overriding Open Shortest Path First (OSPF) generated routes
;CCE-24977-1:
Computer
System\CurrentControlSet\Services\Tcpip\Parameters
EnableICMPRedirect
DWORD:0

;The system must be configured to disable the Internet Router Discovery Protocol (IRDP)
;CCE-23677-8:
Computer
System\CurrentControlSet\Services\Tcpip\Parameters
PerformRouterDiscovery
DWORD:0

;The system must be configured to limit how often keep-alive packets are sent
;'MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds' is set to '300000 or 5 minutes (recommended)' or less
;CCE-24310-5:
Computer
System\CurrentControlSet\Services\Tcpip\Parameters
KeepAliveTime
DWORD:300000

;The system must be configured to ignore NetBIOS name release requests except from WINS servers
;CCE-23715-6:
Computer
System\CurrentControlSet\Services\Netbt\Parameters
NoNameReleaseOnDemand
DWORD:1

;The system must limit how many times unacknowledged TCP data is retransmitted
;'MSS: (TcpMaxDataRetransmissions) How many times unacknowledged data is retransmitted (3 recommended, 5 is the default)' is set to 3 or less
;CCE-25455-7:
Computer
System\CurrentControlSet\Services\Tcpip\Parameters
TcpMaxDataRetransmissions
DWORD:3

;The Remote Desktop Session Host must require secure RPC communications
;CCE-24788-2:
Computer
Software\Policies\Microsoft\Windows NT\Terminal Services
fEncryptRPCTraffic
DWORD:1

;The system must be configured to hide the computer from the browse list
;Win8.1 only
;CCE-22311-5:
Computer
System\CurrentControlSet\Services\Lanmanserver\Parameters
Hidden
DWORD:1

;IPSec Exemptions must be limited
;'MSS: (NoDefaultExempt) Configure IPSec exemptions for various types of network traffic' is set to'Multicast, broadcast and ISAKMP exempt (best for Windows XP)'
;CCE-24253-7:
Computer
System\CurrentControlSet\Services\IPSEC
NoDefaultExempt
DWORD:1

;Users must be prevented from connecting using Remote Desktop Services
;Win8.1 only
;CCE-21550-9:
Computer
Software\Policies\Microsoft\Windows NT\Terminal Services
fDenyTSConnections
DWORD:1

;Client computers must be required to authenticate for RPC communication
;CCE-25397-1:
Computer
SOFTWARE\Policies\Microsoft\Windows NT\Rpc
EnableAuthEpResolution
DWORD:1

;Windows must be prevented from using Windows Update to search for drivers
;CCE-24071-3:
Computer
SOFTWARE\Policies\Microsoft\Windows\DriverSearching
DontSearchWindowsUpdate
DWORD:1

;Windows Peer-to-Peer networking services must be turned off
;CCE-24398-0:
Computer
SOFTWARE\Policies\Microsoft\Peernet
Disabled
DWORD:1

;Network Bridges must be prohibited in Windows
;CCE-25587-7:
Computer
SOFTWARE\Policies\Microsoft\Windows\Network Connections
NC_AllowNetBridge_NLA
DWORD:0

;Root Certificates must not be updated automatically from the Microsoft site
;CCE-25028-2:
Computer
SOFTWARE\Policies\Microsoft\SystemCertificates\AuthRoot
DisableRootAutoUpdate
DWORD:1

;Event Viewer Events.asp links must be turned off
;CCE-24235-4:
Computer
SOFTWARE\Policies\Microsoft\EventViewer
MicrosoftEventVwrDisableLinks
DWORD:1

;The Internet File Association service must be turned off
;CCE-24899-7:
Computer
SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer
NoInternetOpenWith
DWORD:1

;The Order Prints Online wizard will be turned off
;Win8.1, Win2k8r2
;CCE-11243-3:
Computer
Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
NoOnlinePrintsWizard
DWORD:1

;The classic logon screen must be required for user logons
;CCE-23460-9:
Computer
SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
LogonType
DWORD:0

;File Explorer shell protocol must run in protected mode
;CCE-23923-6:
Computer
SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer
PreXPSP2ShellProtocolBehavior
DWORD:0

;Users must be notified if a web-based program attempts to install software
;CCE-23886-5:
Computer
SOFTWARE\Policies\Microsoft\Windows\Installer
SafeForScripting
DWORD:0

;Users must be prevented from changing installation options
;CCE-23712-3:
Computer
SOFTWARE\Policies\Microsoft\Windows\Installer
EnableUserControl
DWORD:0

;Nonadministrators must be prevented from applying vendor-signed updates
;CCE-23601-8:
Computer
SOFTWARE\Policies\Microsoft\Windows\Installer
DisableLUAPatching
DWORD:1

;Users must not be presented with Privacy and Installation options on first use of Windows Media Player
;CCE-25014-2:
Computer
Software\Policies\Microsoft\WindowsMediaPlayer
GroupPrivacyAcceptance
DWORD:1

;The Mapper I/O network protocol (LLTDIO) driver must be disabled
;CCE-25156-1_1:
Computer
Software\Policies\Microsoft\Windows\LLTD
AllowLLTDIOOnDomain
DWORD:0
;CCE-25156-1_2:
Computer
Software\Policies\Microsoft\Windows\LLTD
AllowLLTDIOOnPublicNet
DWORD:0
;CCE-25156-1_3:
Computer
Software\Policies\Microsoft\Windows\LLTD
EnableLLTDIO
DWORD:0
;CCE-25156-1_4:
Computer
Software\Policies\Microsoft\Windows\LLTD
ProhibitLLTDIOOnPrivateNet
DWORD:0

;The Responder network protocol driver must be disabled
;CCE-23931-9_1:
Computer
Software\Policies\Microsoft\Windows\LLTD
AllowRspndrOnDomain
DWORD:0
;CCE-23931-9_2:
Computer
Software\Policies\Microsoft\Windows\LLTD
AllowRspndrOnPublicNet
DWORD:0
;CCE-23931-9_3:
Computer
Software\Policies\Microsoft\Windows\LLTD
EnableRspndr
DWORD:0
;CCE-23931-9_4:
Computer
Software\Policies\Microsoft\Windows\LLTD
ProhibitRspndrOnPrivateNet
DWORD:0

;The configuration of wireless devices using Windows Connect Now must be disabled
;CCE-23804-8_1:
Computer
Software\Policies\Microsoft\Windows\WCN\Registrars
DisableInBand802DOT11Registrar
DWORD:0
;CCE-23804-8_2:
Computer
Software\Policies\Microsoft\Windows\WCN\Registrars
DisableFlashConfigRegistrar
DWORD:0
;CCE-23804-8_3:
Computer
Software\Policies\Microsoft\Windows\WCN\Registrars
DisableUPnPRegistrar
DWORD:0
;CCE-23804-8_4:
Computer
Software\Policies\Microsoft\Windows\WCN\Registrars
DisableWPDRegistrar
DWORD:0
;CCE-23804-8_5:
Computer
Software\Policies\Microsoft\Windows\WCN\Registrars
EnableRegistrars
DWORD:0

;The Windows Connect Now wizards must be disabled
;CCE-24665-2:
Computer
Software\Policies\Microsoft\Windows\WCN\UI
DisableWcnUi
DWORD:1

;Remote access to the Plug and Play interface must be disabled for device installation
;CCE-24004-4:
Computer
Software\Policies\Microsoft\Windows\DeviceInstall\Settings
AllowRemoteRPC
DWORD:0

;A system restore point must be created when a new device driver is installed
;CCE-23669-5:
Computer
Software\Policies\Microsoft\Windows\DeviceInstall\Settings
DisableSystemRestore
DWORD:0

;An Error Report must not be sent when a generic device driver is installed
;CCE-23275-1:
Computer
Software\Policies\Microsoft\Windows\DeviceInstall\Settings
DisableSendGenericDriverNotFoundToWER
DWORD:1

;Users must not be prompted to search Windows Update for device drivers
;CCE-24804-7:
Computer
Software\Policies\Microsoft\Windows\DriverSearching
DontPromptForWindowsUpdate
DWORD:1

;Errors in handwriting recognition on tablet PCs must not be reported to Microsoft
;CCE-25580-2:
Computer
Software\Policies\Microsoft\Windows\HandwritingErrorReports
PreventHandwritingErrorReports
DWORD:1

;Remote Assistance log files must be generated
;CCE-24603-3:
Computer
Software\Policies\Microsoft\Windows NT\Terminal Services
LoggingEnabled
DWORD:1

;Game explorer information will not be downloaded from Windows Metadata Services
;Win8.1, Win2k8r2
;CCE-11739-0:
Computer
SOFTWARE\Policies\Microsoft\Windows\GameUX
DownloadGameInfo
DWORD:0

;Indexing of mail items in Exchange Folder when Outlook is running in uncached mode must be turned off
;Win8.1 only
;CCE-22350-3:
Computer
SOFTWARE\Policies\Microsoft\Windows\Windows Search
PreventIndexingUncachedExchangeFolders
DWORD:1

;Error Reporting events must be logged in the system event log
;CCE-23937-6:
Computer
Software\Policies\Microsoft\Windows\Windows Error Reporting
LoggingDisabled
DWORD:0

;The system must be configured to allow a local or DOD-wide collector to request additional error reporting diagnostic data to be sent.
;SV-53136r2_rule:
Computer
Software\Policies\Microsoft\Windows\Windows Error Reporting
DontSendAdditionalData
DWORD:0

;Turning off File Explorer heap termination on corruption must be disabled
;CCE-23913-7:
Computer
Software\Policies\Microsoft\Windows\Explorer
NoHeapTerminationOnCorruption
DWORD:0

;Users must be notified if the logon server was inaccessible and cached credentials were used
;CCE-23555-6:
Computer
Software\Microsoft\Windows\CurrentVersion\Policies\System
ReportControllerMissing
DWORD:1

;Windows Media Digital Rights Management (DRM) must be prevented from accessing the Internet
;CCE-24380-8:
Computer
Software\Policies\Microsoft\WMDRM
DisableOnline
DWORD:1

;The Windows Customer Experience Improvement Program must be disabled
;CCE-24082-0:
Computer
Software\Policies\Microsoft\SQMClient\Windows
CEIPEnable
DWORD:0

;IPv6 TCP data retransmissions must be configured to prevent resources from becoming exhausted
;'MSS: (TcpMaxDataRetransmissions IPv6) How many times unacknowledged data is retransmitted (3 recommended, 5 is the default)' is set to '3' or less
;CCE-25202-3:
Computer
System\CurrentControlSet\Services\Tcpip6\Parameters
TcpMaxDataRetransmissions
DWORD:3

;Domain users must be required to elevate when setting a networks location
;CCE-23388-2:
Computer
Software\Policies\Microsoft\Windows\Network Connections
NC_StdDomainUserSetLocation
DWORD:1

;All Direct Access traffic must be routed through the internal network
;CCE-25221-3:
Computer
Software\Policies\Microsoft\Windows\TCPIP\v6Transition
Force_Tunneling
SZ:Enabled

;Windows Update must be prevented from searching for point and print drivers
;CCE-24139-8:
Computer
Software\Policies\Microsoft\Windows NT\Printers
DoNotInstallCompatibleDriverFromWindowsUpdate
DWORD:1

;Device metadata retrieval from the Internet must be prevented
;CCE-24165-3:
Computer
Software\Policies\Microsoft\Windows\Device Metadata
PreventDeviceMetadataFromNetwork
DWORD:1

;Device driver searches using Windows Update must be prevented
;CCE-24777-5:
Computer
Software\Policies\Microsoft\Windows\DriverSearching
SearchOrderConfig
DWORD:0

;Handwriting personalization data sharing with Microsoft must be prevented
;Win8.1 only
;CCE-22057-4:
Computer
Software\Policies\Microsoft\Windows\TabletPC
PreventHandwritingDataSharing
DWORD:1

;Microsoft Support Diagnostic Tool (MSDT) interactive communication with Microsoft must be prevented
;CCE-23633-1:
Computer
Software\Policies\Microsoft\Windows\ScriptedDiagnosticsProvider\Policy
DisableQueryRemoteServer
DWORD:0

;Access to Windows Online Troubleshooting Service (WOTS) must be prevented
;CCE-24776-7:
Computer
Software\Policies\Microsoft\Windows\ScriptedDiagnosticsProvider\Policy
EnableQueryRemoteServer
DWORD:0

;Responsiveness events must be prevented from being aggregated and sent to Microsoft
;CCE-25080-3:
Computer
Software\Policies\Microsoft\Windows\WDI\{9c5a40da-b965-4fc3-8781-88dd50a6299d}
ScenarioExecutionEnabled
DWORD:0

;The Application Compatibility Program Inventory must be prevented from collecting data and sending the information to Microsoft
;CCE-25331-0:
Computer
Software\Policies\Microsoft\Windows\AppCompat
DisableInventory
DWORD:1

;Autoplay must be turned off for non-volume devices
;CCE-24715-5:
Computer
Software\Policies\Microsoft\Windows\Explorer
NoAutoplayfornonVolume
DWORD:1

;Downloading of game update information will be turned off
;Win8.1, Win2k8r2
;CCE-11807-5:
Computer
SOFTWARE\Policies\Microsoft\Windows\GameUX
GameUpdateOptions
DWORD:0

;The system will be prevented from joining a homegroup
;CCE-10691-4:
Computer
SOFTWARE\Policies\Microsoft\Windows\Homegroup
DisableHomeGroup
DWORD:1

;The default autorun behavior must be configured to prevent autorun commands
;CCE-25487-0:
Computer
Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
NoAutorun
DWORD:1

;The 6to4 IPv6 transition technology must be disabled
;CCE-24732-0:
Computer
Software\Policies\Microsoft\Windows\TCPIP\v6Transition
6to4_State
SZ:Disabled

;The IP-HTTPS IPv6 transition technology must be disabled
;CCE-25651-1_1:
Computer
Software\Policies\Microsoft\Windows\TCPIP\v6Transition\IPHTTPS\IPHTTPSInterface
IPHTTPS_ClientUrl
SZ:about:blank
;CCE-25651-1_2:
Computer
Software\Policies\Microsoft\Windows\TCPIP\v6Transition\IPHTTPS\IPHTTPSInterface
IPHTTPS_ClientState
DWORD:3

;The ISATAP IPv6 transition technology must be disabled
;CCE-25249-4:
Computer
Software\Policies\Microsoft\Windows\TCPIP\v6Transition
ISATAP_State
SZ:Disabled

;The Teredo IPv6 transition technology must be disabled
;CCE-25571-1:
Computer
Software\Policies\Microsoft\Windows\TCPIP\v6Transition
Teredo_State
SZ:Disabled

;The Application event log must be configured to a minimum size requirement
;'Specify the maximum log size (KB)' is set at a minimum to 'Enabled:32768'
;Win8.1
;CCE-22632-4:
Computer
Software\Policies\Microsoft\Windows\EventLog\Application
MaxSize
DWORD:32768

;The Security event log must be configured to a minimum size requirement
;'Specify the maximum log size (KB)' is set at a minimum to 'Enabled:32768'
;Win8.1
;CCE-22581-3:
Computer
Software\Policies\Microsoft\Windows\EventLog\Security
MaxSize
DWORD:81920

;The Setup event log must be configured to a minimum size requirement
;'Specify the maximum log size (KB)' is set at a minimum to 'Enabled:32768'
;CCE-21545-9:
Computer
Software\Policies\Microsoft\Windows\EventLog\Setup
MaxSize
DWORD:32768

;The System event log must be configured to a minimum size requirement
;'Specify the maximum log size (KB)' is set at a minimum to 'Enabled:32768'
;Win8.1
;CCE-22528-4:
Computer
Software\Policies\Microsoft\Windows\EventLog\System
MaxSize
DWORD:32768

;Windows must be prevented from sending an error report when a device driver requests additional software during installation
;CCE-24685-0:
Computer
Software\Policies\Microsoft\Windows\DeviceInstall\Settings
DisableSendRequestAdditionalSoftwareToWER
DWORD:1

;Simultaneous connections to the Internet or a Windows domain must be limited
;Win8.1
;CCE-21215-9:
Computer
Software\Policies\Microsoft\Windows\WcmSvc\GroupPolicy
fMinimizeConnections
DWORD:1

;Connections to non-domain networks when connected to a domain authenticated network must be blocked
;Win8.1
;CCE-22893-2:
Computer
Software\Policies\Microsoft\Windows\WcmSvc\GroupPolicy
fBlockNonDomain
DWORD:1

;Users must only be allowed to point and print to machines in their forest
;Win8.1
;CCE-22052-5_1:
Computer
SOFTWARE\Policies\Microsoft\Windows NT\Printers\PointAndPrint
InForest
DWORD:1
;CCE-22052-5_2:
Computer
SOFTWARE\Policies\Microsoft\Windows NT\Printers\PointAndPrint
NoWarningNoElevationOnInstall
DWORD:1
;CCE-22052-5_3:
Computer
SOFTWARE\Policies\Microsoft\Windows NT\Printers\PointAndPrint
UpdatePromptSettings
DWORD:2

;Optional component installation and component repair must be prevented from using Windows Update
;CCE-23727-1:
Computer
Software\Microsoft\Windows\CurrentVersion\Policies\Servicing
UseWindowsUpdate
DWORD:2

;Device driver updates must only search managed servers, not Windows Update.
;CCE-23227-2
Computer
Software\Policies\Microsoft\Windows\DriverSearching
DriverServerSelection
DWORD:1

;Early Launch Antimalware, Boot-Start Driver Initialization Policy must be enabled and configured to only Good and Unknown
;CCE-25320-3:
Computer
System\CurrentControlSet\Policies\EarlyLaunch
DriverLoadPolicy
DWORD:1

;Access to the Windows Store must be turned off
;CCE-24981-3:
Computer
Software\Policies\Microsoft\Windows\Explorer
NoUseStoreOpenWith
DWORD:1

;Copying of user input methods to the system account for sign-in must be prevented
;CCE-24401-2:
Computer
Software\Policies\Microsoft\Control Panel\International
BlockUserInputMethodsForSignIn
DWORD:1

;App notifications on the lock screen must be turned off
;CCE-24092-9:
Computer
Software\Policies\Microsoft\Windows\System
DisableLockScreenAppNotifications
DWORD:1

;The display must turn off after 20 minutes of inactivity when the system is running on battery
;CCE-24879-9:
Computer
Software\Policies\Microsoft\Power\PowerSettings\3C0BC021-C8A8-4E07-A973-6B14CBCB2B7E
DCSettingIndex
DWORD:1200

;The display must turn off after 20 minutes of inactivity when the system is plugged in
;CCE-23492-2:
Computer
Software\Policies\Microsoft\Power\PowerSettings\3C0BC021-C8A8-4E07-A973-6B14CBCB2B7E
ACSettingIndex
DWORD:1200

;Remote assistance must display a warning message when allowing helpdesk personnel to control a system
;Win8.1
;CCE-22462-6_1:
Computer
Software\Policies\Microsoft\Windows NT\Terminal Services
ShareControlMessage
SZ:You are about to allow other personnel to remotely control your system. You must monitor the activity until the session is closed.

;Remote assistance must display a warning message when allowing helpdesk personnel to connect to a system
;Win8.1
;CCE-22462-6_2:
Computer
Software\Policies\Microsoft\Windows NT\Terminal Services
ViewMessage
SZ:You are about to allow other personnel to remotely connect to your system. Sensitive data should not be displayed during this session.

;The detection of compatibility issues for applications and drivers must be turned off
;CCE-24560-5:
Computer
Software\Policies\Microsoft\Windows\AppCompat
DisablePcaUI
DWORD:0

;Trusted app installation must be enabled to allow for signed enterprise line of business apps
;CCE-23960-8:
Computer
Software\Policies\Microsoft\Windows\Appx
AllowAllTrustedApps
DWORD:1

;The use of biometrics must be disabled.
;CCE-24801-3:
Computer
Software\Policies\Microsoft\Biometrics
Enabled
DWORD:0

;The password reveal button must not be displayed
;CCE-23228-0:
Computer
Software\Policies\Microsoft\Windows\CredUI
DisablePasswordReveal
DWORD:1

;The Windows SmartScreen must be turned off
;CCE-23531-7:
Computer
Software\Policies\Microsoft\Windows\System
EnableSmartScreen
DWORD:0

;The location feature must be turned off
;CCE-25343-5:
Computer
Software\Policies\Microsoft\Windows\LocationAndSensors
DisableLocation
DWORD:1

;Basic authentication for RSS feeds over HTTP must be turned off
;CCE-23213-2:
Computer
Software\Policies\Microsoft\Internet Explorer\Feeds
AllowBasicAuthInClear
DWORD:0

;Automatic download of updates from the Windows Store must be turned off
;Win8.1
;CCE-22412-1:
Computer
Software\Policies\Microsoft\WindowsStore\WindowsUpdate
AutoDownload
DWORD:2

;The Windows Store application must be turned off
;Win8.1
;CCE-22288-5:
Computer
Software\Policies\Microsoft\WindowsStore
RemoveWindowsStore
DWORD:1

;Windows must be configured to block application execution if certificate server status is unavailable
;Windows must be configured to check the time stamp servers certificate for revocation
;Windows must be configured to invalidate PKCS #7 version 1 signed objects
;SV-7448r2_rule
;SV-7449r3_rule
;SV-41412r1_rule
USER
Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing
State
DWORD:65536

;Users must be required to enter a password to access private keys stored on the computer
;SV-72049r2_rule
Computer
Software\Policies\Microsoft\Cryptography
ForceKeyProtection
DWORD:2

;The system must be configured to generate error reports
;SV-71721r1_rule
Computer
Software\Policies\Microsoft\Windows\Windows Error Reporting
Disabled
DWORD:0

;The system must be configured to collect multiple error reports of the same event type
;SV-71847r1_rule
Computer
Software\Policies\Microsoft\Windows\Windows Error Reporting
BypassDataThrottling
DWORD:1

;The system must be configured to queue error reports until a local or DOD-wide collector is available
;SV-71921r1_rule
Computer
Software\Policies\Microsoft\Windows\Windows Error Reporting
DisableQueue
DWORD:0

;The system must be configured to add all error reports to the queue
;SV-71931r1_rule
Computer
Software\Policies\Microsoft\Windows\Windows Error Reporting
ForceQueue
DWORD:1

;The system must be configured to attempt to forward queued error reports once a day
;SV-71951r1_rule
Computer
Software\Policies\Microsoft\Windows\Windows Error Reporting
QueuePesterInterval
DWORD:1

;The maximum number of error reports to queue on a system must be configured to 50 or greater
;SV-71941r1_rule
Computer
Software\Policies\Microsoft\Windows\Windows Error Reporting
MaxQueueCount
DWORD:50

;The system must be configured to archive error reports
;SV-71889r1_rule
Computer
Software\Policies\Microsoft\Windows\Windows Error Reporting
DisableArchive
DWORD:0

;The system must be configured to store all data in the error report archive
;SV-71951r1_rule
Computer
Software\Policies\Microsoft\Windows\Windows Error Reporting
ConfigureArchive
DWORD:2

;The maximum number of error reports to archive on a system must be configured to 100 or greater
;SV-71951r1_rule
Computer
Software\Policies\Microsoft\Windows\Windows Error Reporting
MaxArchiveCount
DWORD:100

;The system must be configured to prevent the display of error messages to the user
;SV-71851r1_rule
Computer
Software\Policies\Microsoft\Windows\Windows Error Reporting
DontShowUI
DWORD:1

;The system must be configured to permit the default consent levels of Windows Error Reporting to override any other consent policy setting
;SV-71971r1_rule
Computer
Software\Policies\Microsoft\Windows\Windows Error Reporting\Consent
DefaultOverrideBehavior
DWORD:1

;The system must be configured to automatically consent to send all data requested by a local or DOD-wide error collection site
;SV-71961r1_rule
Computer
Software\Policies\Microsoft\Windows\Windows Error Reporting\Consent
DefaultConsent
DWORD:4

;Autoplay must be disabled for all drives
;SV-52879r2_rule
Computer
Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
NoDriveTypeAutoRun
DWORD:255

;The Windows Installer Always install with elevated privileges option must be disabled
;SV-52954r1_rule
Computer
Software\Policies\Microsoft\Windows\Installer
AlwaysInstallElevated
DWORD:0
