Microsoft Windows Server 2019 STIG

Microsoft Windows Server 2019 Security Technical Implementation Guide

ID Vuln ID Title Cat Status
WN19-SO-000130 V-205631 Windows Server 2019 required legal notice must be configured to display before console logon. Cat II
WN19-MS-000140 V-205907 Windows Server 2019 must be running Credential Guard on domain-joined member servers. Cat I
WN19-DC-000260 V-205793 Windows Server 2019 must be configured to audit DS Access - Directory Service Changes successes. Cat II
WN19-SO-000280 V-205918 Windows Server 2019 must prevent PKU2U authentication using online identities. Cat II
WN19-00-000140 V-205734 Windows Server 2019 permissions for the system drive root directory (usually C:\) must conform to minimum requirements. Cat II
WN19-AU-000180 V-205838 Windows Server 2019 must be configured to audit logoff successes. Cat II
WN19-UR-000030 V-205676 Windows Server 2019 Allow log on locally user right must only be assigned to the Administrators group. Cat II
WN19-SO-000360 V-205842 Windows Server 2019 must be configured to use FIPS-compliant algorithms for encryption, hashing, and signing. Cat II
WN19-AU-000260 V-205771 Windows Server 2019 must be configured to audit Policy Change - Audit Policy Change successes. Cat II
WN19-UC-000010 V-205924 Windows Server 2019 must preserve zone information when saving attachments. Cat II
WN19-CC-000010 V-205686 Windows Server 2019 must prevent the display of slide shows on the lock screen. Cat II
WN19-MS-000090 V-205673 Windows Server 2019 Deny log on as a batch job user right on domain-joined member servers must be configured to prevent access from highly privileged domain accounts and from unauthenticated access on all systems. Cat II
WN19-DC-000220 V-205790 Windows Server 2019 Active Directory RID Manager$ object must be configured with proper audit settings. Cat II
WN19-CC-000030 V-205858 Windows Server 2019 Internet Protocol version 6 (IPv6) source routing must be configured to the highest protection level to prevent IP source routing. Cat III
WN19-EP-000180 V-205894 Windows Server 2019 Exploit Protection mitigations must be configured for MSPUB.EXE. Cat II


Display this benchmark in a printer-friendly format for off-line reference. This display does not include any commands.

Version Changes

If there are multiple versions of this benchmark, Xylok can display the differences between any changes in the checks.