diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md
index 17137c056b..57fe3483da 100644
--- a/windows/security/threat-protection/TOC.md
+++ b/windows/security/threat-protection/TOC.md
@@ -731,176 +731,180 @@
 
 
 
-### [Security policy settings](security-policy-settings/security-policy-settings.md)
-### [Administer security policy settings](security-policy-settings/administer-security-policy-settings.md)
-#### [Network List Manager policies](security-policy-settings/network-list-manager-policies.md)
-### [Configure security policy settings](security-policy-settings/how-to-configure-security-policy-settings.md)
-### [Security policy settings reference](security-policy-settings/security-policy-settings-reference.md)
-#### [Account Policies](security-policy-settings/account-policies.md)
-##### [Password Policy](security-policy-settings/password-policy.md)
-###### [Enforce password history](security-policy-settings/enforce-password-history.md)
-###### [Maximum password age](security-policy-settings/maximum-password-age.md)
-###### [Minimum password age](security-policy-settings/minimum-password-age.md)
-###### [Minimum password length](security-policy-settings/minimum-password-length.md)
-###### [Password must meet complexity requirements](security-policy-settings/password-must-meet-complexity-requirements.md)
-###### [Store passwords using reversible encryption](security-policy-settings/store-passwords-using-reversible-encryption.md)
-##### [Account Lockout Policy](security-policy-settings/account-lockout-policy.md)
-###### [Account lockout duration](security-policy-settings/account-lockout-duration.md)
-###### [Account lockout threshold](security-policy-settings/account-lockout-threshold.md)
-###### [Reset account lockout counter after](security-policy-settings/reset-account-lockout-counter-after.md)
-##### [Kerberos Policy](security-policy-settings/kerberos-policy.md)
-###### [Enforce user logon restrictions](security-policy-settings/enforce-user-logon-restrictions.md)
-###### [Maximum lifetime for service ticket](security-policy-settings/maximum-lifetime-for-service-ticket.md)
-###### [Maximum lifetime for user ticket](security-policy-settings/maximum-lifetime-for-user-ticket.md)
-###### [Maximum lifetime for user ticket renewal](security-policy-settings/maximum-lifetime-for-user-ticket-renewal.md)
-###### [Maximum tolerance for computer clock synchronization](security-policy-settings/maximum-tolerance-for-computer-clock-synchronization.md)
-#### [Audit Policy](security-policy-settings/audit-policy.md)
-#### [Security Options](security-policy-settings/security-options.md)
-##### [Accounts: Administrator account status](security-policy-settings/accounts-administrator-account-status.md)
-##### [Accounts: Block Microsoft accounts](security-policy-settings/accounts-block-microsoft-accounts.md)
-##### [Accounts: Guest account status](security-policy-settings/accounts-guest-account-status.md)
-##### [Accounts: Limit local account use of blank passwords to console logon only](security-policy-settings/accounts-limit-local-account-use-of-blank-passwords-to-console-logon-only.md)
-##### [Accounts: Rename administrator account](security-policy-settings/accounts-rename-administrator-account.md)
-##### [Accounts: Rename guest account](security-policy-settings/accounts-rename-guest-account.md)
-##### [Audit: Audit the access of global system objects](security-policy-settings/audit-audit-the-access-of-global-system-objects.md)
-##### [Audit: Audit the use of Backup and Restore privilege](security-policy-settings/audit-audit-the-use-of-backup-and-restore-privilege.md)
-##### [Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings](security-policy-settings/audit-force-audit-policy-subcategory-settings-to-override.md)
-##### [Audit: Shut down system immediately if unable to log security audits](security-policy-settings/audit-shut-down-system-immediately-if-unable-to-log-security-audits.md)
-##### [DCOM: Machine Access Restrictions in Security Descriptor Definition Language (SDDL) syntax](security-policy-settings/dcom-machine-access-restrictions-in-security-descriptor-definition-language-sddl-syntax.md)
-##### [DCOM: Machine Launch Restrictions in Security Descriptor Definition Language (SDDL) syntax](security-policy-settings/dcom-machine-launch-restrictions-in-security-descriptor-definition-language-sddl-syntax.md)
-##### [Devices: Allow undock without having to log on](security-policy-settings/devices-allow-undock-without-having-to-log-on.md)
-##### [Devices: Allowed to format and eject removable media](security-policy-settings/devices-allowed-to-format-and-eject-removable-media.md)
-##### [Devices: Prevent users from installing printer drivers](security-policy-settings/devices-prevent-users-from-installing-printer-drivers.md)
-##### [Devices: Restrict CD-ROM access to locally logged-on user only](security-policy-settings/devices-restrict-cd-rom-access-to-locally-logged-on-user-only.md)
-##### [Devices: Restrict floppy access to locally logged-on user only](security-policy-settings/devices-restrict-floppy-access-to-locally-logged-on-user-only.md)
-##### [Domain controller: Allow server operators to schedule tasks](security-policy-settings/domain-controller-allow-server-operators-to-schedule-tasks.md)
-##### [Domain controller: LDAP server signing requirements](security-policy-settings/domain-controller-ldap-server-signing-requirements.md)
-##### [Domain controller: Refuse machine account password changes](security-policy-settings/domain-controller-refuse-machine-account-password-changes.md)
-##### [Domain member: Digitally encrypt or sign secure channel data (always)](security-policy-settings/domain-member-digitally-encrypt-or-sign-secure-channel-data-always.md)
-##### [Domain member: Digitally encrypt secure channel data (when possible)](security-policy-settings/domain-member-digitally-encrypt-secure-channel-data-when-possible.md)
-##### [Domain member: Digitally sign secure channel data (when possible)](security-policy-settings/domain-member-digitally-sign-secure-channel-data-when-possible.md)
-##### [Domain member: Disable machine account password changes](security-policy-settings/domain-member-disable-machine-account-password-changes.md)
-##### [Domain member: Maximum machine account password age](security-policy-settings/domain-member-maximum-machine-account-password-age.md)
-##### [Domain member: Require strong (Windows 2000 or later) session key](security-policy-settings/domain-member-require-strong-windows-2000-or-later-session-key.md)
-##### [Interactive logon: Display user information when the session is locked](security-policy-settings/interactive-logon-display-user-information-when-the-session-is-locked.md)
-##### [Interactive logon: Don't display last signed-in](security-policy-settings/interactive-logon-do-not-display-last-user-name.md)
-##### [Interactive logon: Don't display username at sign-in](security-policy-settings/interactive-logon-dont-display-username-at-sign-in.md)
-##### [Interactive logon: Do not require CTRL+ALT+DEL](security-policy-settings/interactive-logon-do-not-require-ctrl-alt-del.md)
-##### [Interactive logon: Machine account lockout threshold](security-policy-settings/interactive-logon-machine-account-lockout-threshold.md)
-##### [Interactive logon: Machine inactivity limit](security-policy-settings/interactive-logon-machine-inactivity-limit.md)
-##### [Interactive logon: Message text for users attempting to log on](security-policy-settings/interactive-logon-message-text-for-users-attempting-to-log-on.md)
-##### [Interactive logon: Message title for users attempting to log on](security-policy-settings/interactive-logon-message-title-for-users-attempting-to-log-on.md)
-##### [Interactive logon: Number of previous logons to cache (in case domain controller is not available)](security-policy-settings/interactive-logon-number-of-previous-logons-to-cache-in-case-domain-controller-is-not-available.md)
-##### [Interactive logon: Prompt user to change password before expiration](security-policy-settings/interactive-logon-prompt-user-to-change-password-before-expiration.md)
-##### [Interactive logon: Require Domain Controller authentication to unlock workstation](security-policy-settings/interactive-logon-require-domain-controller-authentication-to-unlock-workstation.md)
-##### [Interactive logon: Require smart card](security-policy-settings/interactive-logon-require-smart-card.md)
-##### [Interactive logon: Smart card removal behavior](security-policy-settings/interactive-logon-smart-card-removal-behavior.md)
-##### [Microsoft network client: Digitally sign communications (always)](security-policy-settings/microsoft-network-client-digitally-sign-communications-always.md)
-##### [SMBv1 Microsoft network client: Digitally sign communications (always)](security-policy-settings/smbv1-microsoft-network-client-digitally-sign-communications-always.md)
-##### [SMBv1 Microsoft network client: Digitally sign communications (if server agrees)](security-policy-settings/smbv1-microsoft-network-client-digitally-sign-communications-if-server-agrees.md)
-##### [Microsoft network client: Send unencrypted password to third-party SMB servers](security-policy-settings/microsoft-network-client-send-unencrypted-password-to-third-party-smb-servers.md)
-##### [Microsoft network server: Amount of idle time required before suspending session](security-policy-settings/microsoft-network-server-amount-of-idle-time-required-before-suspending-session.md)
-##### [Microsoft network server: Attempt S4U2Self to obtain claim information](security-policy-settings/microsoft-network-server-attempt-s4u2self-to-obtain-claim-information.md)
-##### [Microsoft network server: Digitally sign communications (always)](security-policy-settings/microsoft-network-server-digitally-sign-communications-always.md)
-##### [SMBv1 Microsoft network server: Digitally sign communications (always)](security-policy-settings/smbv1-microsoft-network-server-digitally-sign-communications-always.md)
-##### [SMBv1 Microsoft network server: Digitally sign communications (if client agrees)](security-policy-settings/smbv1-microsoft-network-server-digitally-sign-communications-if-client-agrees.md)
-##### [Microsoft network server: Disconnect clients when logon hours expire](security-policy-settings/microsoft-network-server-disconnect-clients-when-logon-hours-expire.md)
-##### [Microsoft network server: Server SPN target name validation level](security-policy-settings/microsoft-network-server-server-spn-target-name-validation-level.md)
-##### [Network access: Allow anonymous SID/Name translation](security-policy-settings/network-access-allow-anonymous-sidname-translation.md)
-##### [Network access: Do not allow anonymous enumeration of SAM accounts](security-policy-settings/network-access-do-not-allow-anonymous-enumeration-of-sam-accounts.md)
-##### [Network access: Do not allow anonymous enumeration of SAM accounts and shares](security-policy-settings/network-access-do-not-allow-anonymous-enumeration-of-sam-accounts-and-shares.md)
-##### [Network access: Do not allow storage of passwords and credentials for network authentication](security-policy-settings/network-access-do-not-allow-storage-of-passwords-and-credentials-for-network-authentication.md)
-##### [Network access: Let Everyone permissions apply to anonymous users](security-policy-settings/network-access-let-everyone-permissions-apply-to-anonymous-users.md)
-##### [Network access: Named Pipes that can be accessed anonymously](security-policy-settings/network-access-named-pipes-that-can-be-accessed-anonymously.md)
-##### [Network access: Remotely accessible registry paths](security-policy-settings/network-access-remotely-accessible-registry-paths.md)
-##### [Network access: Remotely accessible registry paths and subpaths](security-policy-settings/network-access-remotely-accessible-registry-paths-and-subpaths.md)
-##### [Network access: Restrict anonymous access to Named Pipes and Shares](security-policy-settings/network-access-restrict-anonymous-access-to-named-pipes-and-shares.md)
-#####  [Network access: Restrict clients allowed to make remote calls to SAM](security-policy-settings/network-access-restrict-clients-allowed-to-make-remote-sam-calls.md)
-##### [Network access: Shares that can be accessed anonymously](security-policy-settings/network-access-shares-that-can-be-accessed-anonymously.md)
-##### [Network access: Sharing and security model for local accounts](security-policy-settings/network-access-sharing-and-security-model-for-local-accounts.md)
-##### [Network security: Allow Local System to use computer identity for NTLM](security-policy-settings/network-security-allow-local-system-to-use-computer-identity-for-ntlm.md)
-##### [Network security: Allow LocalSystem NULL session fallback](security-policy-settings/network-security-allow-localsystem-null-session-fallback.md)
-##### [Network security: Allow PKU2U authentication requests to this computer to use online identities](security-policy-settings/network-security-allow-pku2u-authentication-requests-to-this-computer-to-use-online-identities.md)
-##### [Network security: Configure encryption types allowed for Kerberos Win7 only](security-policy-settings/network-security-configure-encryption-types-allowed-for-kerberos.md)
-##### [Network security: Do not store LAN Manager hash value on next password change](security-policy-settings/network-security-do-not-store-lan-manager-hash-value-on-next-password-change.md)
-##### [Network security: Force logoff when logon hours expire](security-policy-settings/network-security-force-logoff-when-logon-hours-expire.md)
-##### [Network security: LAN Manager authentication level](security-policy-settings/network-security-lan-manager-authentication-level.md)
-##### [Network security: LDAP client signing requirements](security-policy-settings/network-security-ldap-client-signing-requirements.md)
-##### [Network security: Minimum session security for NTLM SSP based (including secure RPC) clients](security-policy-settings/network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-clients.md)
-##### [Network security: Minimum session security for NTLM SSP based (including secure RPC) servers](security-policy-settings/network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-servers.md)
-##### [Network security: Restrict NTLM: Add remote server exceptions for NTLM authentication](security-policy-settings/network-security-restrict-ntlm-add-remote-server-exceptions-for-ntlm-authentication.md)
-##### [Network security: Restrict NTLM: Add server exceptions in this domain](security-policy-settings/network-security-restrict-ntlm-add-server-exceptions-in-this-domain.md)
-##### [Network security: Restrict NTLM: Audit incoming NTLM traffic](security-policy-settings/network-security-restrict-ntlm-audit-incoming-ntlm-traffic.md)
-##### [Network security: Restrict NTLM: Audit NTLM authentication in this domain](security-policy-settings/network-security-restrict-ntlm-audit-ntlm-authentication-in-this-domain.md)
-##### [Network security: Restrict NTLM: Incoming NTLM traffic](security-policy-settings/network-security-restrict-ntlm-incoming-ntlm-traffic.md)
-##### [Network security: Restrict NTLM: NTLM authentication in this domain](security-policy-settings/network-security-restrict-ntlm-ntlm-authentication-in-this-domain.md)
-##### [Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers](security-policy-settings/network-security-restrict-ntlm-outgoing-ntlm-traffic-to-remote-servers.md)
-##### [Recovery console: Allow automatic administrative logon](security-policy-settings/recovery-console-allow-automatic-administrative-logon.md)
-##### [Recovery console: Allow floppy copy and access to all drives and folders](security-policy-settings/recovery-console-allow-floppy-copy-and-access-to-all-drives-and-folders.md)
-##### [Shutdown: Allow system to be shut down without having to log on](security-policy-settings/shutdown-allow-system-to-be-shut-down-without-having-to-log-on.md)
-##### [Shutdown: Clear virtual memory pagefile](security-policy-settings/shutdown-clear-virtual-memory-pagefile.md)
-##### [System cryptography: Force strong key protection for user keys stored on the computer](security-policy-settings/system-cryptography-force-strong-key-protection-for-user-keys-stored-on-the-computer.md)
-##### [System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing](security-policy-settings/system-cryptography-use-fips-compliant-algorithms-for-encryption-hashing-and-signing.md)
-##### [System objects: Require case insensitivity for non-Windows subsystems](security-policy-settings/system-objects-require-case-insensitivity-for-non-windows-subsystems.md)
-##### [System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links)](security-policy-settings/system-objects-strengthen-default-permissions-of-internal-system-objects.md)
-##### [System settings: Optional subsystems](security-policy-settings/system-settings-optional-subsystems.md)
-##### [System settings: Use certificate rules on Windows executables for Software Restriction Policies](security-policy-settings/system-settings-use-certificate-rules-on-windows-executables-for-software-restriction-policies.md)
-##### [User Account Control: Admin Approval Mode for the Built-in Administrator account](security-policy-settings/user-account-control-admin-approval-mode-for-the-built-in-administrator-account.md)
-##### [User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop](security-policy-settings/user-account-control-allow-uiaccess-applications-to-prompt-for-elevation-without-using-the-secure-desktop.md)
-##### [User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode](security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-administrators-in-admin-approval-mode.md)
-##### [User Account Control: Behavior of the elevation prompt for standard users](security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-standard-users.md)
-##### [User Account Control: Detect application installations and prompt for elevation](security-policy-settings/user-account-control-detect-application-installations-and-prompt-for-elevation.md)
-##### [User Account Control: Only elevate executables that are signed and validated](security-policy-settings/user-account-control-only-elevate-executables-that-are-signed-and-validated.md)
-##### [User Account Control: Only elevate UIAccess applications that are installed in secure locations](security-policy-settings/user-account-control-only-elevate-uiaccess-applications-that-are-installed-in-secure-locations.md)
-##### [User Account Control: Run all administrators in Admin Approval Mode](security-policy-settings/user-account-control-run-all-administrators-in-admin-approval-mode.md)
-##### [User Account Control: Switch to the secure desktop when prompting for elevation](security-policy-settings/user-account-control-switch-to-the-secure-desktop-when-prompting-for-elevation.md)
-##### [User Account Control: Virtualize file and registry write failures to per-user locations](security-policy-settings/user-account-control-virtualize-file-and-registry-write-failures-to-per-user-locations.md)
-#### [Advanced security audit policy settings](security-policy-settings/secpol-advanced-security-audit-policy-settings.md)
-#### [User Rights Assignment](security-policy-settings/user-rights-assignment.md)
-##### [Access Credential Manager as a trusted caller](security-policy-settings/access-credential-manager-as-a-trusted-caller.md)
-##### [Access this computer from the network](security-policy-settings/access-this-computer-from-the-network.md)
-##### [Act as part of the operating system](security-policy-settings/act-as-part-of-the-operating-system.md)
-##### [Add workstations to domain](security-policy-settings/add-workstations-to-domain.md)
-##### [Adjust memory quotas for a process](security-policy-settings/adjust-memory-quotas-for-a-process.md)
-##### [Allow log on locally](security-policy-settings/allow-log-on-locally.md)
-##### [Allow log on through Remote Desktop Services](security-policy-settings/allow-log-on-through-remote-desktop-services.md)
-##### [Back up files and directories](security-policy-settings/back-up-files-and-directories.md)
-##### [Bypass traverse checking](security-policy-settings/bypass-traverse-checking.md)
-##### [Change the system time](security-policy-settings/change-the-system-time.md)
-##### [Change the time zone](security-policy-settings/change-the-time-zone.md)
-##### [Create a pagefile](security-policy-settings/create-a-pagefile.md)
-##### [Create a token object](security-policy-settings/create-a-token-object.md)
-##### [Create global objects](security-policy-settings/create-global-objects.md)
-##### [Create permanent shared objects](security-policy-settings/create-permanent-shared-objects.md)
-##### [Create symbolic links](security-policy-settings/create-symbolic-links.md)
-##### [Debug programs](security-policy-settings/debug-programs.md)
-##### [Deny access to this computer from the network](security-policy-settings/deny-access-to-this-computer-from-the-network.md)
-##### [Deny log on as a batch job](security-policy-settings/deny-log-on-as-a-batch-job.md)
-##### [Deny log on as a service](security-policy-settings/deny-log-on-as-a-service.md)
-##### [Deny log on locally](security-policy-settings/deny-log-on-locally.md)
-##### [Deny log on through Remote Desktop Services](security-policy-settings/deny-log-on-through-remote-desktop-services.md)
-##### [Enable computer and user accounts to be trusted for delegation](security-policy-settings/enable-computer-and-user-accounts-to-be-trusted-for-delegation.md)
-##### [Force shutdown from a remote system](security-policy-settings/force-shutdown-from-a-remote-system.md)
-##### [Generate security audits](security-policy-settings/generate-security-audits.md)
-##### [Impersonate a client after authentication](security-policy-settings/impersonate-a-client-after-authentication.md)
-##### [Increase a process working set](security-policy-settings/increase-a-process-working-set.md)
-##### [Increase scheduling priority](security-policy-settings/increase-scheduling-priority.md)
-##### [Load and unload device drivers](security-policy-settings/load-and-unload-device-drivers.md)
-##### [Lock pages in memory](security-policy-settings/lock-pages-in-memory.md)
-##### [Log on as a batch job](security-policy-settings/log-on-as-a-batch-job.md)
-##### [Log on as a service](security-policy-settings/log-on-as-a-service.md)
-##### [Manage auditing and security log](security-policy-settings/manage-auditing-and-security-log.md)
-##### [Modify an object label](security-policy-settings/modify-an-object-label.md)
-##### [Modify firmware environment values](security-policy-settings/modify-firmware-environment-values.md)
-##### [Perform volume maintenance tasks](security-policy-settings/perform-volume-maintenance-tasks.md)
-##### [Profile single process](security-policy-settings/profile-single-process.md)
-##### [Profile system performance](security-policy-settings/profile-system-performance.md)
-##### [Remove computer from docking station](security-policy-settings/remove-computer-from-docking-station.md)
-##### [Replace a process level token](security-policy-settings/replace-a-process-level-token.md)
-##### [Restore files and directories](security-policy-settings/restore-files-and-directories.md)
-##### [Shut down the system](security-policy-settings/shut-down-the-system.md)
-##### [Synchronize directory service data](security-policy-settings/synchronize-directory-service-data.md)
-##### [Take ownership of files or other objects](security-policy-settings/take-ownership-of-files-or-other-objects.md)
+#### [Security policy settings](security-policy-settings/security-policy-settings.md)
+#### [Administer security policy settings](security-policy-settings/administer-security-policy-settings.md)
+##### [Network List Manager policies](security-policy-settings/network-list-manager-policies.md)
+#### [Configure security policy settings](security-policy-settings/how-to-configure-security-policy-settings.md)
+#### [Security policy settings reference](security-policy-settings/security-policy-settings-reference.md)
+##### [Account Policies](security-policy-settings/account-policies.md)
+###### [Password Policy](security-policy-settings/password-policy.md)
+####### [Enforce password history](security-policy-settings/enforce-password-history.md)
+####### [Maximum password age](security-policy-settings/maximum-password-age.md)
+####### [Minimum password age](security-policy-settings/minimum-password-age.md)
+####### [Minimum password length](security-policy-settings/minimum-password-length.md)
+####### [Password must meet complexity requirements](security-policy-settings/password-must-meet-complexity-requirements.md)
+####### [Store passwords using reversible encryption](security-policy-settings/store-passwords-using-reversible-encryption.md)
+###### [Account Lockout Policy](security-policy-settings/account-lockout-policy.md)
+####### [Account lockout duration](security-policy-settings/account-lockout-duration.md)
+####### [Account lockout threshold](security-policy-settings/account-lockout-threshold.md)
+####### [Reset account lockout counter after](security-policy-settings/reset-account-lockout-counter-after.md)
+###### [Kerberos Policy](security-policy-settings/kerberos-policy.md)
+####### [Enforce user logon restrictions](security-policy-settings/enforce-user-logon-restrictions.md)
+####### [Maximum lifetime for service ticket](security-policy-settings/maximum-lifetime-for-service-ticket.md)
+####### [Maximum lifetime for user ticket](security-policy-settings/maximum-lifetime-for-user-ticket.md)
+####### [Maximum lifetime for user ticket renewal](security-policy-settings/maximum-lifetime-for-user-ticket-renewal.md)
+####### [Maximum tolerance for computer clock synchronization](security-policy-settings/maximum-tolerance-for-computer-clock-synchronization.md)
+##### [Audit Policy](security-policy-settings/audit-policy.md)
+##### [Security Options](security-policy-settings/security-options.md)
+###### [Accounts: Administrator account status](security-policy-settings/accounts-administrator-account-status.md)
+###### [Accounts: Block Microsoft accounts](security-policy-settings/accounts-block-microsoft-accounts.md)
+###### [Accounts: Guest account status](security-policy-settings/accounts-guest-account-status.md)
+###### [Accounts: Limit local account use of blank passwords to console logon only](security-policy-settings/accounts-limit-local-account-use-of-blank-passwords-to-console-logon-only.md)
+###### [Accounts: Rename administrator account](security-policy-settings/accounts-rename-administrator-account.md)
+###### [Accounts: Rename guest account](security-policy-settings/accounts-rename-guest-account.md)
+###### [Audit: Audit the access of global system objects](security-policy-settings/audit-audit-the-access-of-global-system-objects.md)
+###### [Audit: Audit the use of Backup and Restore privilege](security-policy-settings/audit-audit-the-use-of-backup-and-restore-privilege.md)
+###### [Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings](security-policy-settings/audit-force-audit-policy-subcategory-settings-to-override.md)
+###### [Audit: Shut down system immediately if unable to log security audits](security-policy-settings/audit-shut-down-system-immediately-if-unable-to-log-security-audits.md)
+###### [DCOM: Machine Access Restrictions in Security Descriptor Definition Language (SDDL) syntax](security-policy-settings/dcom-machine-access-restrictions-in-security-descriptor-definition-language-sddl-syntax.md)
+###### [DCOM: Machine Launch Restrictions in Security Descriptor Definition Language (SDDL) syntax](security-policy-settings/dcom-machine-launch-restrictions-in-security-descriptor-definition-language-sddl-syntax.md)
+###### [Devices: Allow undock without having to log on](security-policy-settings/devices-allow-undock-without-having-to-log-on.md)
+###### [Devices: Allowed to format and eject removable media](security-policy-settings/devices-allowed-to-format-and-eject-removable-media.md)
+###### [Devices: Prevent users from installing printer drivers](security-policy-settings/devices-prevent-users-from-installing-printer-drivers.md)
+###### [Devices: Restrict CD-ROM access to locally logged-on user only](security-policy-settings/devices-restrict-cd-rom-access-to-locally-logged-on-user-only.md)
+###### [Devices: Restrict floppy access to locally logged-on user only](security-policy-settings/devices-restrict-floppy-access-to-locally-logged-on-user-only.md)
+###### [Domain controller: Allow server operators to schedule tasks](security-policy-settings/domain-controller-allow-server-operators-to-schedule-tasks.md)
+###### [Domain controller: LDAP server signing requirements](security-policy-settings/domain-controller-ldap-server-signing-requirements.md)
+###### [Domain controller: Refuse machine account password changes](security-policy-settings/domain-controller-refuse-machine-account-password-changes.md)
+###### [Domain member: Digitally encrypt or sign secure channel data (always)](security-policy-settings/domain-member-digitally-encrypt-or-sign-secure-channel-data-always.md)
+###### [Domain member: Digitally encrypt secure channel data (when possible)](security-policy-settings/domain-member-digitally-encrypt-secure-channel-data-when-possible.md)
+###### [Domain member: Digitally sign secure channel data (when possible)](security-policy-settings/domain-member-digitally-sign-secure-channel-data-when-possible.md)
+###### [Domain member: Disable machine account password changes](security-policy-settings/domain-member-disable-machine-account-password-changes.md)
+###### [Domain member: Maximum machine account password age](security-policy-settings/domain-member-maximum-machine-account-password-age.md)
+###### [Domain member: Require strong (Windows 2000 or later) session key](security-policy-settings/domain-member-require-strong-windows-2000-or-later-session-key.md)
+###### [Interactive logon: Display user information when the session is locked](security-policy-settings/interactive-logon-display-user-information-when-the-session-is-locked.md)
+###### [Interactive logon: Don't display last signed-in](security-policy-settings/interactive-logon-do-not-display-last-user-name.md)
+###### [Interactive logon: Don't display username at sign-in](security-policy-settings/interactive-logon-dont-display-username-at-sign-in.md)
+###### [Interactive logon: Do not require CTRL+ALT+DEL](security-policy-settings/interactive-logon-do-not-require-ctrl-alt-del.md)
+###### [Interactive logon: Machine account lockout threshold](security-policy-settings/interactive-logon-machine-account-lockout-threshold.md)
+###### [Interactive logon: Machine inactivity limit](security-policy-settings/interactive-logon-machine-inactivity-limit.md)
+###### [Interactive logon: Message text for users attempting to log on](security-policy-settings/interactive-logon-message-text-for-users-attempting-to-log-on.md)
+###### [Interactive logon: Message title for users attempting to log on](security-policy-settings/interactive-logon-message-title-for-users-attempting-to-log-on.md)
+###### [Interactive logon: Number of previous logons to cache (in case domain controller is not available)](security-policy-settings/interactive-logon-number-of-previous-logons-to-cache-in-case-domain-controller-is-not-available.md)
+###### [Interactive logon: Prompt user to change password before expiration](security-policy-settings/interactive-logon-prompt-user-to-change-password-before-expiration.md)
+###### [Interactive logon: Require Domain Controller authentication to unlock workstation](security-policy-settings/interactive-logon-require-domain-controller-authentication-to-unlock-workstation.md)
+###### [Interactive logon: Require smart card](security-policy-settings/interactive-logon-require-smart-card.md)
+###### [Interactive logon: Smart card removal behavior](security-policy-settings/interactive-logon-smart-card-removal-behavior.md)
+###### [Microsoft network client: Digitally sign communications (always)](security-policy-settings/microsoft-network-client-digitally-sign-communications-always.md)
+###### [SMBv1 Microsoft network client: Digitally sign communications (always)](security-policy-settings/smbv1-microsoft-network-client-digitally-sign-communications-always.md)
+###### [SMBv1 Microsoft network client: Digitally sign communications (if server agrees)](security-policy-settings/smbv1-microsoft-network-client-digitally-sign-communications-if-server-agrees.md)
+###### [Microsoft network client: Send unencrypted password to third-party SMB servers](security-policy-settings/microsoft-network-client-send-unencrypted-password-to-third-party-smb-servers.md)
+###### [Microsoft network server: Amount of idle time required before suspending session](security-policy-settings/microsoft-network-server-amount-of-idle-time-required-before-suspending-session.md)
+###### [Microsoft network server: Attempt S4U2Self to obtain claim information](security-policy-settings/microsoft-network-server-attempt-s4u2self-to-obtain-claim-information.md)
+###### [Microsoft network server: Digitally sign communications (always)](security-policy-settings/microsoft-network-server-digitally-sign-communications-always.md)
+###### [SMBv1 Microsoft network server: Digitally sign communications (always)](security-policy-settings/smbv1-microsoft-network-server-digitally-sign-communications-always.md)
+###### [SMBv1 Microsoft network server: Digitally sign communications (if client agrees)](security-policy-settings/smbv1-microsoft-network-server-digitally-sign-communications-if-client-agrees.md)
+###### [Microsoft network server: Disconnect clients when logon hours expire](security-policy-settings/microsoft-network-server-disconnect-clients-when-logon-hours-expire.md)
+###### [Microsoft network server: Server SPN target name validation level](security-policy-settings/microsoft-network-server-server-spn-target-name-validation-level.md)
+###### [Network access: Allow anonymous SID/Name translation](security-policy-settings/network-access-allow-anonymous-sidname-translation.md)
+###### [Network access: Do not allow anonymous enumeration of SAM accounts](security-policy-settings/network-access-do-not-allow-anonymous-enumeration-of-sam-accounts.md)
+###### [Network access: Do not allow anonymous enumeration of SAM accounts and shares](security-policy-settings/network-access-do-not-allow-anonymous-enumeration-of-sam-accounts-and-shares.md)
+###### [Network access: Do not allow storage of passwords and credentials for network authentication](security-policy-settings/network-access-do-not-allow-storage-of-passwords-and-credentials-for-network-authentication.md)
+###### [Network access: Let Everyone permissions apply to anonymous users](security-policy-settings/network-access-let-everyone-permissions-apply-to-anonymous-users.md)
+###### [Network access: Named Pipes that can be accessed anonymously](security-policy-settings/network-access-named-pipes-that-can-be-accessed-anonymously.md)
+###### [Network access: Remotely accessible registry paths](security-policy-settings/network-access-remotely-accessible-registry-paths.md)
+###### [Network access: Remotely accessible registry paths and subpaths](security-policy-settings/network-access-remotely-accessible-registry-paths-and-subpaths.md)
+###### [Network access: Restrict anonymous access to Named Pipes and Shares](security-policy-settings/network-access-restrict-anonymous-access-to-named-pipes-and-shares.md)
+######  [Network access: Restrict clients allowed to make remote calls to SAM](security-policy-settings/network-access-restrict-clients-allowed-to-make-remote-sam-calls.md)
+###### [Network access: Shares that can be accessed anonymously](security-policy-settings/network-access-shares-that-can-be-accessed-anonymously.md)
+###### [Network access: Sharing and security model for local accounts](security-policy-settings/network-access-sharing-and-security-model-for-local-accounts.md)
+###### [Network security: Allow Local System to use computer identity for NTLM](security-policy-settings/network-security-allow-local-system-to-use-computer-identity-for-ntlm.md)
+###### [Network security: Allow LocalSystem NULL session fallback](security-policy-settings/network-security-allow-localsystem-null-session-fallback.md)
+###### [Network security: Allow PKU2U authentication requests to this computer to use online identities](security-policy-settings/network-security-allow-pku2u-authentication-requests-to-this-computer-to-use-online-identities.md)
+###### [Network security: Configure encryption types allowed for Kerberos Win7 only](security-policy-settings/network-security-configure-encryption-types-allowed-for-kerberos.md)
+###### [Network security: Do not store LAN Manager hash value on next password change](security-policy-settings/network-security-do-not-store-lan-manager-hash-value-on-next-password-change.md)
+###### [Network security: Force logoff when logon hours expire](security-policy-settings/network-security-force-logoff-when-logon-hours-expire.md)
+###### [Network security: LAN Manager authentication level](security-policy-settings/network-security-lan-manager-authentication-level.md)
+###### [Network security: LDAP client signing requirements](security-policy-settings/network-security-ldap-client-signing-requirements.md)
+###### [Network security: Minimum session security for NTLM SSP based (including secure RPC) clients](security-policy-settings/network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-clients.md)
+###### [Network security: Minimum session security for NTLM SSP based (including secure RPC) servers](security-policy-settings/network-security-minimum-session-security-for-ntlm-ssp-based-including-secure-rpc-servers.md)
+###### [Network security: Restrict NTLM: Add remote server exceptions for NTLM authentication](security-policy-settings/network-security-restrict-ntlm-add-remote-server-exceptions-for-ntlm-authentication.md)
+###### [Network security: Restrict NTLM: Add server exceptions in this domain](security-policy-settings/network-security-restrict-ntlm-add-server-exceptions-in-this-domain.md)
+###### [Network security: Restrict NTLM: Audit incoming NTLM traffic](security-policy-settings/network-security-restrict-ntlm-audit-incoming-ntlm-traffic.md)
+###### [Network security: Restrict NTLM: Audit NTLM authentication in this domain](security-policy-settings/network-security-restrict-ntlm-audit-ntlm-authentication-in-this-domain.md)
+###### [Network security: Restrict NTLM: Incoming NTLM traffic](security-policy-settings/network-security-restrict-ntlm-incoming-ntlm-traffic.md)
+###### [Network security: Restrict NTLM: NTLM authentication in this domain](security-policy-settings/network-security-restrict-ntlm-ntlm-authentication-in-this-domain.md)
+###### [Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers](security-policy-settings/network-security-restrict-ntlm-outgoing-ntlm-traffic-to-remote-servers.md)
+###### [Recovery console: Allow automatic administrative logon](security-policy-settings/recovery-console-allow-automatic-administrative-logon.md)
+###### [Recovery console: Allow floppy copy and access to all drives and folders](security-policy-settings/recovery-console-allow-floppy-copy-and-access-to-all-drives-and-folders.md)
+###### [Shutdown: Allow system to be shut down without having to log on](security-policy-settings/shutdown-allow-system-to-be-shut-down-without-having-to-log-on.md)
+###### [Shutdown: Clear virtual memory pagefile](security-policy-settings/shutdown-clear-virtual-memory-pagefile.md)
+###### [System cryptography: Force strong key protection for user keys stored on the computer](security-policy-settings/system-cryptography-force-strong-key-protection-for-user-keys-stored-on-the-computer.md)
+###### [System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing](security-policy-settings/system-cryptography-use-fips-compliant-algorithms-for-encryption-hashing-and-signing.md)
+###### [System objects: Require case insensitivity for non-Windows subsystems](security-policy-settings/system-objects-require-case-insensitivity-for-non-windows-subsystems.md)
+###### [System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links)](security-policy-settings/system-objects-strengthen-default-permissions-of-internal-system-objects.md)
+###### [System settings: Optional subsystems](security-policy-settings/system-settings-optional-subsystems.md)
+###### [System settings: Use certificate rules on Windows executables for Software Restriction Policies](security-policy-settings/system-settings-use-certificate-rules-on-windows-executables-for-software-restriction-policies.md)
+###### [User Account Control: Admin Approval Mode for the Built-in Administrator account](security-policy-settings/user-account-control-admin-approval-mode-for-the-built-in-administrator-account.md)
+###### [User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop](security-policy-settings/user-account-control-allow-uiaccess-applications-to-prompt-for-elevation-without-using-the-secure-desktop.md)
+###### [User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode](security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-administrators-in-admin-approval-mode.md)
+###### [User Account Control: Behavior of the elevation prompt for standard users](security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-standard-users.md)
+###### [User Account Control: Detect application installations and prompt for elevation](security-policy-settings/user-account-control-detect-application-installations-and-prompt-for-elevation.md)
+###### [User Account Control: Only elevate executables that are signed and validated](security-policy-settings/user-account-control-only-elevate-executables-that-are-signed-and-validated.md)
+###### [User Account Control: Only elevate UIAccess applications that are installed in secure locations](security-policy-settings/user-account-control-only-elevate-uiaccess-applications-that-are-installed-in-secure-locations.md)
+###### [User Account Control: Run all administrators in Admin Approval Mode](security-policy-settings/user-account-control-run-all-administrators-in-admin-approval-mode.md)
+###### [User Account Control: Switch to the secure desktop when prompting for elevation](security-policy-settings/user-account-control-switch-to-the-secure-desktop-when-prompting-for-elevation.md)
+###### [User Account Control: Virtualize file and registry write failures to per-user locations](security-policy-settings/user-account-control-virtualize-file-and-registry-write-failures-to-per-user-locations.md)
+##### [Advanced security audit policy settings](security-policy-settings/secpol-advanced-security-audit-policy-settings.md)
+##### [User Rights Assignment](security-policy-settings/user-rights-assignment.md)
+###### [Access Credential Manager as a trusted caller](security-policy-settings/access-credential-manager-as-a-trusted-caller.md)
+###### [Access this computer from the network](security-policy-settings/access-this-computer-from-the-network.md)
+###### [Act as part of the operating system](security-policy-settings/act-as-part-of-the-operating-system.md)
+###### [Add workstations to domain](security-policy-settings/add-workstations-to-domain.md)
+###### [Adjust memory quotas for a process](security-policy-settings/adjust-memory-quotas-for-a-process.md)
+###### [Allow log on locally](security-policy-settings/allow-log-on-locally.md)
+###### [Allow log on through Remote Desktop Services](security-policy-settings/allow-log-on-through-remote-desktop-services.md)
+###### [Back up files and directories](security-policy-settings/back-up-files-and-directories.md)
+###### [Bypass traverse checking](security-policy-settings/bypass-traverse-checking.md)
+###### [Change the system time](security-policy-settings/change-the-system-time.md)
+###### [Change the time zone](security-policy-settings/change-the-time-zone.md)
+###### [Create a pagefile](security-policy-settings/create-a-pagefile.md)
+###### [Create a token object](security-policy-settings/create-a-token-object.md)
+###### [Create global objects](security-policy-settings/create-global-objects.md)
+###### [Create permanent shared objects](security-policy-settings/create-permanent-shared-objects.md)
+###### [Create symbolic links](security-policy-settings/create-symbolic-links.md)
+###### [Debug programs](security-policy-settings/debug-programs.md)
+###### [Deny access to this computer from the network](security-policy-settings/deny-access-to-this-computer-from-the-network.md)
+###### [Deny log on as a batch job](security-policy-settings/deny-log-on-as-a-batch-job.md)
+###### [Deny log on as a service](security-policy-settings/deny-log-on-as-a-service.md)
+###### [Deny log on locally](security-policy-settings/deny-log-on-locally.md)
+###### [Deny log on through Remote Desktop Services](security-policy-settings/deny-log-on-through-remote-desktop-services.md)
+###### [Enable computer and user accounts to be trusted for delegation](security-policy-settings/enable-computer-and-user-accounts-to-be-trusted-for-delegation.md)
+###### [Force shutdown from a remote system](security-policy-settings/force-shutdown-from-a-remote-system.md)
+###### [Generate security audits](security-policy-settings/generate-security-audits.md)
+###### [Impersonate a client after authentication](security-policy-settings/impersonate-a-client-after-authentication.md)
+###### [Increase a process working set](security-policy-settings/increase-a-process-working-set.md)
+###### [Increase scheduling priority](security-policy-settings/increase-scheduling-priority.md)
+###### [Load and unload device drivers](security-policy-settings/load-and-unload-device-drivers.md)
+###### [Lock pages in memory](security-policy-settings/lock-pages-in-memory.md)
+###### [Log on as a batch job](security-policy-settings/log-on-as-a-batch-job.md)
+###### [Log on as a service](security-policy-settings/log-on-as-a-service.md)
+###### [Manage auditing and security log](security-policy-settings/manage-auditing-and-security-log.md)
+###### [Modify an object label](security-policy-settings/modify-an-object-label.md)
+###### [Modify firmware environment values](security-policy-settings/modify-firmware-environment-values.md)
+###### [Perform volume maintenance tasks](security-policy-settings/perform-volume-maintenance-tasks.md)
+###### [Profile single process](security-policy-settings/profile-single-process.md)
+###### [Profile system performance](security-policy-settings/profile-system-performance.md)
+###### [Remove computer from docking station](security-policy-settings/remove-computer-from-docking-station.md)
+###### [Replace a process level token](security-policy-settings/replace-a-process-level-token.md)
+###### [Restore files and directories](security-policy-settings/restore-files-and-directories.md)
+###### [Shut down the system](security-policy-settings/shut-down-the-system.md)
+###### [Synchronize directory service data](security-policy-settings/synchronize-directory-service-data.md)
+###### [Take ownership of files or other objects](security-policy-settings/take-ownership-of-files-or-other-objects.md)
+
+
+
+
 
 
 ### [Windows security baselines](windows-security-baselines.md)