mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-06-19 04:13:41 +00:00
Merge branch 'master' of https://github.com/MicrosoftDocs/windows-docs-pr into whfb-cloudtrust
This commit is contained in:
Matthew Palko
@ -34,6 +34,7 @@ Internet Explorer 11 gives you some new Group Policy settings to help you manage
|
|||||||
| Always send Do Not Track header | Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page | At least Internet Explorer 10 | This policy setting allows you to configure how IE sends the Do Not Track (DNT) header.<p>If you enable this policy setting, IE sends a `DNT:1` header with all HTTP and HTTPS requests. The `DNT:1` header signals to the servers not to track the user.<p>**In Internet Explorer 9 and 10:**<br>If you disable this policy setting, IE only sends the Do Not Track header if a Tracking Protection List is enabled or inPrivate Browsing mode is used.<p>**In at least IE11:**<br>If you disable this policy setting, IE only sends the Do Not Track header if inPrivate Browsing mode is used.<p>If you don't configure the policy setting, users can select the **Always send Do Not Track header** option on the **Advanced\* tab of the \*\*Internet Options** dialog box. By selecting this option, IE sends a `DNT:1` header with all HTTP and HTTPS requests; unless the user grants a site-specific exception, in which case IE sends a `DNT:0` header. By default, this option is enabled. |
|
| Always send Do Not Track header | Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page | At least Internet Explorer 10 | This policy setting allows you to configure how IE sends the Do Not Track (DNT) header.<p>If you enable this policy setting, IE sends a `DNT:1` header with all HTTP and HTTPS requests. The `DNT:1` header signals to the servers not to track the user.<p>**In Internet Explorer 9 and 10:**<br>If you disable this policy setting, IE only sends the Do Not Track header if a Tracking Protection List is enabled or inPrivate Browsing mode is used.<p>**In at least IE11:**<br>If you disable this policy setting, IE only sends the Do Not Track header if inPrivate Browsing mode is used.<p>If you don't configure the policy setting, users can select the **Always send Do Not Track header** option on the **Advanced\* tab of the \*\*Internet Options** dialog box. By selecting this option, IE sends a `DNT:1` header with all HTTP and HTTPS requests; unless the user grants a site-specific exception, in which case IE sends a `DNT:0` header. By default, this option is enabled. |
|
||||||
| Don't run antimalware programs against ActiveX controls<br>(Internet, Restricted Zones) | <ul><li>Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone</li><li>Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone</li><li>Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone</li><li>Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone</li></ul> | IE11 on Windows 10 | This policy setting determines whether IE runs antimalware programs against ActiveX controls, to check if they're safe to load on pages.<p>If you enable this policy setting, IE won't check with your antimalware program to see if it's safe to create an instance of the ActiveX control.<p>If you disable this policy setting, IE always checks with your antimalware program to see if it's safe to create an instance of the ActiveX control.<p>If you don't configure this policy setting, IE always checks with your antimalware program to see if it's safe to create an instance of the ActiveX control. Users can turn this behavior on or off, using the Internet Explorer's **Security** settings. |
|
| Don't run antimalware programs against ActiveX controls<br>(Internet, Restricted Zones) | <ul><li>Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone</li><li>Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone</li><li>Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone</li><li>Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone</li></ul> | IE11 on Windows 10 | This policy setting determines whether IE runs antimalware programs against ActiveX controls, to check if they're safe to load on pages.<p>If you enable this policy setting, IE won't check with your antimalware program to see if it's safe to create an instance of the ActiveX control.<p>If you disable this policy setting, IE always checks with your antimalware program to see if it's safe to create an instance of the ActiveX control.<p>If you don't configure this policy setting, IE always checks with your antimalware program to see if it's safe to create an instance of the ActiveX control. Users can turn this behavior on or off, using the Internet Explorer's **Security** settings. |
|
||||||
| Don't run antimalware programs against ActiveX controls<br>(Intranet, Trusted, Local Machine Zones) | <ul><li>Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone</li><li>Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone</li><li>Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone</li><li>Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone</li><li>Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone</li><li>Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone</li></ul> | IE11 on Windows 10 | This policy setting determines whether IE runs antimalware programs against ActiveX controls, to check if they're safe to load on pages.<p>If you enable this policy setting, IE won't check with your antimalware program to see if it's safe to create an instance of the ActiveX control.<p>If you disable this policy setting, IE always checks with your antimalware program to see if it's safe to create an instance of the ActiveX control.<p>If you don't configure this policy setting, IE won't check with your antimalware program to see if it's safe to create an instance of the ActiveX control. Users can turn this behavior on or off, using Internet Explorer's **Security** settings. |
|
| Don't run antimalware programs against ActiveX controls<br>(Intranet, Trusted, Local Machine Zones) | <ul><li>Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone</li><li>Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone</li><li>Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone</li><li>Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone</li><li>Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone</li><li>Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone</li></ul> | IE11 on Windows 10 | This policy setting determines whether IE runs antimalware programs against ActiveX controls, to check if they're safe to load on pages.<p>If you enable this policy setting, IE won't check with your antimalware program to see if it's safe to create an instance of the ActiveX control.<p>If you disable this policy setting, IE always checks with your antimalware program to see if it's safe to create an instance of the ActiveX control.<p>If you don't configure this policy setting, IE won't check with your antimalware program to see if it's safe to create an instance of the ActiveX control. Users can turn this behavior on or off, using Internet Explorer's **Security** settings. |
|
||||||
|
| Hide Internet Explorer 11 Application Retirement Notification | Administrative Templates\Windows Components\Internet Explorer | Internet Explorer 11 on Windows 10 20H2 & newer | This policy setting allows you to prevent the notification bar that informs users of Internet Explorer 11’s retirement from showing up. <br>If you disable or don’t configure this setting, the notification will be shown. |
|
||||||
| Hide the button (next to the New Tab button) that opens Microsoft Edge | User Configuration\Administrative Templates\Windows Components/Internet Explorer\Internet Settings\Advanced Settings\Browsing\ | IE11 on Windows 10, version 1703 | This policy setting lets you decide whether employees can see the open Microsoft Edge button, which appears next to the New Tab button.<p>If you enable this policy setting, the button to open Microsoft Edge from Internet Explorer will be hidden.<p>If you disable this policy setting, the button to open Microsoft Edge from Internet Explorer appears.<p>If you don't configure this policy setting, the button to open Microsoft Edge from Internet Explorer can be configured by your employees. |
|
| Hide the button (next to the New Tab button) that opens Microsoft Edge | User Configuration\Administrative Templates\Windows Components/Internet Explorer\Internet Settings\Advanced Settings\Browsing\ | IE11 on Windows 10, version 1703 | This policy setting lets you decide whether employees can see the open Microsoft Edge button, which appears next to the New Tab button.<p>If you enable this policy setting, the button to open Microsoft Edge from Internet Explorer will be hidden.<p>If you disable this policy setting, the button to open Microsoft Edge from Internet Explorer appears.<p>If you don't configure this policy setting, the button to open Microsoft Edge from Internet Explorer can be configured by your employees. |
|
||||||
| Let users turn on and use Enterprise Mode from the **Tools** menu | Administrative Templates\Windows Components\Internet Explorer | IE11 on Windows 10 | This policy setting lets you decide whether users can turn on Enterprise Mode for websites with compatibility issues. Optionally, this policy also lets you specify where to get reports (through post messages) about the websites for which users turn on Enterprise Mode using the **Tools** menu.<p>If you enable this policy setting, users can see and use the **Enterprise Mode** option from the **Tools** menu. If you enable this setting, but don’t specify a report location, Enterprise Mode will still be available to your users, but you won’t get any reports.<p>If you disable or don’t configure this policy setting, the menu option won’t appear and users won’t be able to turn on Enterprise Mode locally. |
|
| Let users turn on and use Enterprise Mode from the **Tools** menu | Administrative Templates\Windows Components\Internet Explorer | IE11 on Windows 10 | This policy setting lets you decide whether users can turn on Enterprise Mode for websites with compatibility issues. Optionally, this policy also lets you specify where to get reports (through post messages) about the websites for which users turn on Enterprise Mode using the **Tools** menu.<p>If you enable this policy setting, users can see and use the **Enterprise Mode** option from the **Tools** menu. If you enable this setting, but don’t specify a report location, Enterprise Mode will still be available to your users, but you won’t get any reports.<p>If you disable or don’t configure this policy setting, the menu option won’t appear and users won’t be able to turn on Enterprise Mode locally. |
|
||||||
| Limit Site Discovery output by Domain | Administrative Templates\Windows Components\Internet Explorer | At least Internet Explorer 8 | This policy setting allows you to control which domains are included in the discovery function of the Internet Explorer Site Discovery Toolkit.<p>If you enable this policy setting, the Internet Explorer Site Discovery Toolkit collects data from all sites in your specified domains, configured by adding one domain per line to the included text box.<p>If you disable or don’t configure this setting, the Internet Explorer Site Discovery Toolkit collects data from all sites in all domains.<p>**Note:**<br>You can use this setting in conjunction with the other settings that control the Internet Explorer Site Discovery Toolkit. |
|
| Limit Site Discovery output by Domain | Administrative Templates\Windows Components\Internet Explorer | At least Internet Explorer 8 | This policy setting allows you to control which domains are included in the discovery function of the Internet Explorer Site Discovery Toolkit.<p>If you enable this policy setting, the Internet Explorer Site Discovery Toolkit collects data from all sites in your specified domains, configured by adding one domain per line to the included text box.<p>If you disable or don’t configure this setting, the Internet Explorer Site Discovery Toolkit collects data from all sites in all domains.<p>**Note:**<br>You can use this setting in conjunction with the other settings that control the Internet Explorer Site Discovery Toolkit. |
|
||||||
|
|||||||
@ -7,7 +7,7 @@ ms.mktglfcycl: deploy
|
|||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
ms.localizationpriority: none
|
ms.localizationpriority: none
|
||||||
author: dansimp
|
author: dansimp
|
||||||
ms.date: 09/07/2021
|
ms.date: 01/24/2022
|
||||||
ms.reviewer:
|
ms.reviewer:
|
||||||
manager: dansimp
|
manager: dansimp
|
||||||
ms.author: dansimp
|
ms.author: dansimp
|
||||||
@ -25,7 +25,8 @@ ms.technology: windows-sec
|
|||||||
|
|
||||||
This event generates every time a new process starts.
|
This event generates every time a new process starts.
|
||||||
|
|
||||||
> **Note** For recommendations, see [Security Monitoring Recommendations](#security-monitoring-recommendations) for this event.
|
> [Note]
|
||||||
|
> For recommendations, see [Security Monitoring Recommendations](#security-monitoring-recommendations) for this event.
|
||||||
|
|
||||||
<br clear="all">
|
<br clear="all">
|
||||||
|
|
||||||
@ -96,7 +97,8 @@ This event generates every time a new process starts.
|
|||||||
|
|
||||||
- **Security ID** \[Type = SID\]**:** SID of account that requested the "create process" operation. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
|
- **Security ID** \[Type = SID\]**:** SID of account that requested the "create process" operation. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
|
||||||
|
|
||||||
> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](/windows/access-protection/access-control/security-identifiers).
|
> [Note]
|
||||||
|
> A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](/windows/access-protection/access-control/security-identifiers).
|
||||||
|
|
||||||
- **Account Name** \[Type = UnicodeString\]**:** the name of the account that requested the "create process" operation.
|
- **Account Name** \[Type = UnicodeString\]**:** the name of the account that requested the "create process" operation.
|
||||||
|
|
||||||
@ -116,11 +118,13 @@ This event generates every time a new process starts.
|
|||||||
|
|
||||||
**Target Subject** \[Version 2\]**:**
|
**Target Subject** \[Version 2\]**:**
|
||||||
|
|
||||||
> **Note** This event includes the principal of the process creator, but this is not always sufficient if the target context is different from the creator context. In that situation, the subject specified in the process termination event does not match the subject in the process creation event even though both events refer to the same process ID. Therefore, in addition to including the creator of the process, we will also include the target principal when the creator and target do not share the same logon.
|
> [Note]
|
||||||
|
> This event includes the principal of the process creator, but this is not always sufficient if the target context is different from the creator context. In that situation, the subject specified in the process termination event does not match the subject in the process creation event even though both events refer to the same process ID. Therefore, in addition to including the creator of the process, we will also include the target principal when the creator and target do not share the same logon.
|
||||||
|
|
||||||
- **Security ID** \[Type = SID\] \[Version 2\]**:** SID of target account. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
|
- **Security ID** \[Type = SID\] \[Version 2\]**:** SID of target account. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
|
||||||
|
|
||||||
> **Note** A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](/windows/access-protection/access-control/security-identifiers).
|
> [Note]
|
||||||
|
> A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](/windows/access-protection/access-control/security-identifiers).
|
||||||
|
|
||||||
- **Account Name** \[Type = UnicodeString\] \[Version 2\]**:** the name of the target account.
|
- **Account Name** \[Type = UnicodeString\] \[Version 2\]**:** the name of the target account.
|
||||||
|
|
||||||
|
|||||||
@ -11,8 +11,8 @@ manager: dansimp
|
|||||||
audience: ITPro
|
audience: ITPro
|
||||||
ms.collection: M365-security-compliance
|
ms.collection: M365-security-compliance
|
||||||
ms.topic: conceptual
|
ms.topic: conceptual
|
||||||
ms.date: 11/26/2018
|
ms.date: 01/24/2022
|
||||||
ms.reviewer:
|
ms.reviewer: rmunck
|
||||||
ms.technology: windows-sec
|
ms.technology: windows-sec
|
||||||
---
|
---
|
||||||
|
|
||||||
@ -30,27 +30,26 @@ The Security Compliance Toolkit consists of:
|
|||||||
- Windows 11 security baseline
|
- Windows 11 security baseline
|
||||||
|
|
||||||
- Windows 10 security baselines
|
- Windows 10 security baselines
|
||||||
- Windows 10 Version 1909 (November 2019 Update)
|
- Windows 10 Version 21H2
|
||||||
- Windows 10 Version 1903 (April 2019 Update)
|
- Windows 10 Version 21H1
|
||||||
- Windows 10 Version 1809 (October 2018 Update)
|
- Windows 10 Version 20H2
|
||||||
- Windows 10 Version 1803 (April 2018 Update)
|
- Windows 10 Version 1909
|
||||||
- Windows 10 Version 1709 (Fall Creators Update)
|
- Windows 10 Version 1809
|
||||||
- Windows 10 Version 1703 (Creators Update)
|
- Windows 10 Version 1607
|
||||||
- Windows 10 Version 1607 (Anniversary Update)
|
|
||||||
- Windows 10 Version 1511 (November Update)
|
|
||||||
- Windows 10 Version 1507
|
- Windows 10 Version 1507
|
||||||
|
|
||||||
- Windows Server security baselines
|
- Windows Server security baselines
|
||||||
|
- Windows Server 2022
|
||||||
- Windows Server 2019
|
- Windows Server 2019
|
||||||
- Windows Server 2016
|
- Windows Server 2016
|
||||||
- Windows Server 2012 R2
|
- Windows Server 2012 R2
|
||||||
|
|
||||||
- Microsoft Office security baseline
|
- Microsoft Office security baseline
|
||||||
- Office 365 Pro Plus
|
- Microsoft 365 Apps for Enterprise Version 2112
|
||||||
- Office 2016
|
- Office 2016
|
||||||
|
|
||||||
- Microsoft Edge security baseline
|
- Microsoft Edge security baseline
|
||||||
- Edge Browser Version 93
|
- Edge Browser Version 97
|
||||||
|
|
||||||
- Tools
|
- Tools
|
||||||
- Policy Analyzer tool
|
- Policy Analyzer tool
|
||||||
|
|||||||
Reference in New Issue
Block a user