Microsoft Windows Server 2019 STIG

Microsoft Windows Server 2019 Security Technical Implementation Guide

ID Vuln ID Title Cat Status
WN19-SO-000130 V-205631 Windows Server 2019 required legal notice must be configured to display before console logon. Cat II
WN19-MS-000140 V-205907 Windows Server 2019 must be running Credential Guard on domain-joined member servers. Cat I
WN19-DC-000260 V-205793 Windows Server 2019 must be configured to audit DS Access - Directory Service Changes successes. Cat II
WN19-SO-000280 V-205918 Windows Server 2019 must prevent PKU2U authentication using online identities. Cat II
WN19-00-000140 V-205734 Windows Server 2019 permissions for the system drive root directory (usually C:\) must conform to minimum requirements. Cat II
WN19-AU-000180 V-205838 Windows Server 2019 must be configured to audit logoff successes. Cat II
WN19-UR-000030 V-205676 Windows Server 2019 Allow log on locally user right must only be assigned to the Administrators group. Cat II
WN19-SO-000360 V-205842 Windows Server 2019 must be configured to use FIPS-compliant algorithms for encryption, hashing, and signing. Cat II
WN19-AU-000260 V-205771 Windows Server 2019 must be configured to audit Policy Change - Audit Policy Change successes. Cat II
WN19-UC-000010 V-205924 Windows Server 2019 must preserve zone information when saving attachments. Cat II
WN19-CC-000010 V-205686 Windows Server 2019 must prevent the display of slide shows on the lock screen. Cat II
WN19-MS-000090 V-205673 Windows Server 2019 Deny log on as a batch job user right on domain-joined member servers must be configured to prevent access from highly privileged domain accounts and from unauthenticated access on all systems. Cat II
WN19-DC-000220 V-205790 Windows Server 2019 Active Directory RID Manager$ object must be configured with proper audit settings. Cat II
WN19-CC-000030 V-205858 Windows Server 2019 Internet Protocol version 6 (IPv6) source routing must be configured to the highest protection level to prevent IP source routing. Cat III
WN19-EP-000180 V-205894 Windows Server 2019 Exploit Protection mitigations must be configured for MSPUB.EXE. Cat II

Print

Display this benchmark in a printer-friendly format for off-line reference. This display does not include any commands.
Print

Version Changes

If there are multiple versions of this benchmark, Xylok can display the differences between any changes in the checks.
Changes