安全基线设置

项目
05/02/2023

下面是安全策略设置名称、策略路径以及Microsoft托管桌面中使用的设置。

PUAProtection

策略路径： ./Device/Vendor/MSFT/Policy/Config/Defender/PUAProtection
设置： 1

SetDisablePauseUXAccess

策略路径： ./Device/Vendor/MSFT/Policy/Config/Update/SetDisablePauseUXAccess
设置： 1

SvchostProcessMitigation

策略路径： ./Device/Vendor/MSFT/Policy/Config/ServiceControlManager/SvchostProcessMitigation
设置： <Enabled/>

LetAppsActivateWithVoice

策略路径： ./Device/Vendor/MSFT/Policy/Config/Privacy/LetAppsActivateWithVoice
设置： 2

ConfigureTelemetryOptinChangeNotification

策略路径： ./Device/Vendor/MSFT/Policy/Config/System/ConfigureTelemetryOptinChangeNotification
设置： 0

ConfigureTelemetryOptInSettingsUX

策略路径： ./Device/Vendor/MSFT/Policy/Config/System/ConfigureTelemetryOptInSettingsUX
设置： 0

DisableDeviceDelete

策略路径： ./Device/Vendor/MSFT/Policy/Config/System/DisableDeviceDelete
设置： 0

AllowMicrosoftAccountsToBeOptional

策略路径： ./Device/Vendor/MSFT/Policy/Config/AppRuntime/AllowMicrosoftAccountsToBeOptional
设置： <Enabled/>

DisallowAutoplayForNonVolumeDevices

策略路径： ./Device/Vendor/MSFT/Policy/Config/Autoplay/DisallowAutoplayForNonVolumeDevices
设置： <Enabled/>

SetDefaultAutoRunBehavior

策略路径： ./Device/Vendor/MSFT/Policy/Config/Autoplay/SetDefaultAutoRunBehavior
设置： <Enabled/><Data id=""""NoAutorun_Dropdown"""" value=""""1""""/>

TurnOffAutoPlay

策略路径： ./Device/Vendor/MSFT/Policy/Config/Autoplay/TurnOffAutoPlay
设置： <Enabled/><Data id=""""Autorun_Box"""" value=""""255""""/>

HardenedUNCPaths

策略路径： ./Device/Vendor/MSFT/Policy/Config/Connectivity/HardenedUNCPaths
设置： "<Enabled/><Data id=""Pol_HardenedPaths"" value=""\\*\SYSVOLRequireMutualAuthentication=1,RequireIntegrity=1\\*\NETLOGONRequireMutualAuthentication=1,RequireIntegrity=1""/>"

DisableDownloadingOfPrintDriversOverHTTP

策略路径： ./Device/Vendor/MSFT/Policy/Config/Connectivity/DisableDownloadingOfPrintDriversOverHTTP
设置： <Enabled/>

DisableInternetDownloadForWebPublishingAndOnlineOrderingWizards

策略路径：./Device/Vendor/MSFT/Policy/Config/Connectivity/DisableInternetDownloadForWebPublishingAndOnlineOrderingWizards
设置： <Enabled/>

DiablePrintingOverHTTP

策略路径： ./Device/Vendor/MSFT/Policy/Config/Connectivity/DiablePrintingOverHTTP
设置： <Disabled/>

AllowPINLogon

策略路径： ./Device/Vendor/MSFT/Policy/Config/CredentialProviders/AllowPINLogon
设置： <Disabled/>

RemoteHostAllowsDelegationOfNonExportableCredentials

策略路径： ./Device/Vendor/MSFT/Policy/Config/CredentialsDelegation/RemoteHostAllowsDelegationOfNonExportableCredentials
设置： <Enabled/>

EnumerateAdministrators

策略路径： ./Device/Vendor/MSFT/Policy/Config/CredentialsUI/EnumerateAdministrators
设置： <Disabled/>

PreventInstallationOfMatchingDeviceSetupClasses

策略路径： ./Device/Vendor/MSFT/Policy/Config/DeviceInstallation/PreventInstallationOfMatchingDeviceSetupClasses
设置： <Enabled/><Data id=""""DeviceInstall_Classes_Deny_List"""" value=""""1{d48179be-ec20-11d1-b6b8-00c04fa372a7}""""/><Data id=""""DeviceInstall_Classes_Deny_Retroactive"""" value=""""true""""/>

PreventLockScreenSlideShow

策略路径： ./Device/Vendor/MSFT/Policy/Config/DeviceLock/PreventLockScreenSlideShow
设置： <Enabled/>

PreventEnablingLockScreenCamera

策略路径： ./Device/Vendor/MSFT/Policy/Config/DeviceLock/PreventEnablingLockScreenCamera
设置： <Enabled/>

SpecifyMaximumFileSizeApplicationLog

策略路径： ./Device/Vendor/MSFT/Policy/Config/EventLogService/SpecifyMaximumFileSizeApplicationLog
设置： <Enabled/><Data id=""""Channel_LogMaxSize"""" value=""""32768""""/>

SpecifyMaximumFileSizeSecurityLog

策略路径： ./Device/Vendor/MSFT/Policy/Config/EventLogService/SpecifyMaximumFileSizeSecurityLog
设置： <Enabled/><Data id=""""Channel_LogMaxSize"""" value=""""196608""""/>

SpecifyMaximumFileSizeSystemLog

策略路径： ./Device/Vendor/MSFT/Policy/Config/EventLogService/SpecifyMaximumFileSizeSystemLog
设置： <Enabled/><Data id=""""Channel_LogMaxSize"""" value=""""32768""""/>

TurnOffDataExecutionPreventionForExplorer

策略路径： ./Device/Vendor/MSFT/Policy/Config/FileExplorer/TurnOffDataExecutionPreventionForExplorer
设置：<Disabled/>

TurnOffHeapTerminationOnCorruption

策略路径： ./Device/Vendor/MSFT/Policy/Config/FileExplorer/TurnOffHeapTerminationOnCorruption
设置： <Disabled/>

DoNotAllowUsersToAddSites

策略路径： ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/DoNotAllowUsersToAddSites
设置： <Enabled/>

DoNotAllowUsersToChangePolicies

策略路径： ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/DoNotAllowUsersToChangePolicies
设置： <Enabled/>

DisableEncryptionSupport

策略路径：./Device/Vendor/MSFT/Policy/Config/InternetExplorer/DisableEncryptionSupport
设置： <Enabled/><Data id=""""Advanced_WinInetProtocolOptions"""" value=""""2688""""/>

AllowEnhancedProtectedMode

策略路径： ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/AllowEnhancedProtectedMode
设置： <Enabled/>

IncludeAllNetworkPaths

策略路径： ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/IncludeAllNetworkPaths
设置： <Disabled/>

InternetZoneAllowAccessToDataSources

策略路径： ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/InternetZoneAllowAccessToDataSources
设置： <Enabled/><Data id=""""IZ_Partname1406"""" value=""""3""""/>

RestrictedSitesZoneAllowAccessToDataSources

策略路径： ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneAllowAccessToDataSources
设置： <Enabled/><Data id=""""IZ_Partname1406"""" value=""""3""""/>

InternetZoneAllowScriptlets

策略路径： ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/InternetZoneAllowScriptlets
设置： <Enabled/><Data id=""""IZ_Partname1209"""" value=""""3""""/>

RestrictedSitesZoneAllowScriptlets

策略路径： ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneAllowScriptlets
设置： <Enabled/><Data id=""""IZ_Partname1209"""" value=""""3""""/>

InternetZoneAllowAutomaticPromptingForFileDownloads

策略路径：'./Device/Vendor/MSFT/Policy/Config/InternetExplorer/InternetZoneAllowAutomaticPromptingForFileDownloads
设置： <Enabled/><Data id=""""IZ_Partname2200"""" value=""""3""""/>

RestrictedSitesZoneAllowAutomaticPromptingForFileDownloads

策略路径： ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneAllowAutomaticPromptingForFileDownloads
设置： <Enabled/><Data id=""""IZ_Partname2200"""" value=""""3""""/>

InternetZoneInitializeAndScriptActiveXControls

策略路径： ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/InternetZoneInitializeAndScriptActiveXControls
设置： <Enabled/><Data id=""""IZ_Partname1201"""" value=""""3""""/>

IntranetZoneInitializeAndScriptActiveXControls

策略路径： ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/IntranetZoneInitializeAndScriptActiveXControls
设置： <Enabled/><Data id=""""IZ_Partname1201"""" value=""""3""""/>

TrustedSitesZoneInitializeAndScriptActiveXControls

策略路径： ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/TrustedSitesZoneInitializeAndScriptActiveXControls
设置： <Enabled/><Data id=""""IZ_Partname1201"""" value=""""3""""/>

RestrictedSitesZoneInitializeAndScriptActiveXControls

策略路径： ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneInitializeAndScriptActiveXControls
设置： <Enabled/><Data id=""""IZ_Partname1201"""" value=""""3""""/>

InternetZoneNavigateWindowsAndFrames

策略路径： ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/InternetZoneNavigateWindowsAndFrames
设置： <Enabled/><Data ID=""""IZ_Partname1607""" value=""""3""""/>

RestrictedSitesZoneNavigateWindowsAndFrames

策略路径： ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneNavigateWindowsAndFrames
设置： <Enabled/><Data id=""""IZ_Partname1607"""" value=""""3""""/>

InternetZoneAllowNETFrameworkReliantComponents'

策略路径： ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/InternetZoneAllowNETFrameworkReliantComponents
设置： <Enabled/><Data id=""""IZ_Partname2004"""" value=""""3""""/>

RestrictedSitesZoneAllowNETFrameworkReliantComponents

策略路径： ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneAllowNETFrameworkReliantComponents
设置： <Enabled/><Data id=""""IZ_Partname2004"""" value=""""3""""/>

InternetZoneAllowSmartScreenIE

策略路径： ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/InternetZoneAllowSmartScreenIE
设置： <Enabled/><Data id=""""IZ_Partname2301"""" value=""""0""""/>

LockedDownInternetZoneAllowSmartScreenIE

策略路径： ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/LockedDownInternetZoneAllowSmartScreenIE
设置： <Enabled/><Data id=""""IZ_Partname2301"""" value=""""0""""/>

RestrictedSitesZoneAllowSmartScreenIE

策略路径： ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneAllowSmartScreenIE
设置： <Enabled/><Data id=""""IZ_Partname2301"""" value=""""0""""/>

LockedDownRestrictedSitesZoneAllowSmartScreenIE

策略路径： ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/LockedDownRestrictedSitesZoneAllowSmartScreenIE
设置： <Enabled/><Data id=""""IZ_Partname2301"""" value=""""0""""/>

InternetZoneAllowUserDataPersistence

策略路径： ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/InternetZoneAllowUserDataPersistence
设置： <Enabled/><Data id=""""IZ_Partname1606"""" value=""""3""""/>

RestrictedSitesZoneAllowUserDataPersistence

策略路径： ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneAllowUserDataPersistence
设置： <Enabled/><Data id=""""IZ_Partname1606"""" value=""""3""""/>

InternetZoneAllowLessPrivilegedSites

策略路径： ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/InternetZoneAllowLessPrivilegedSites
设置： <Enabled/><Data id=""""IZ_Partname2101"""" value=""""3""""/>

RestrictedSitesZoneAllowLessPrivilegedSites

策略路径： ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneAllowLessPrivilegedSites
设置： <Enabled/><Data id=""""IZ_Partname2101"""" value=""""3""""/>

DoNotBlockOutdatedActiveXControls

策略路径： ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/DoNotBlockOutdatedActiveXControls
设置： <Disabled/>

DisableEnclosureDownloading

策略路径： ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/DisableEnclosureDownloading
设置： <Enabled/>

DisableBypassOfSmartScreenWarnings

策略路径： ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/DisableBypassOfSmartScreenWarnings
设置： <Enabled/>

DisableBypassOfSmartScreenWarningsAboutUncommonFiles

策略路径： ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/DisableBypassOfSmartScreenWarningsAboutUncommonFiles
设置： <Enabled/>

RestrictedSitesZoneAllowActiveScripting

策略路径： ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneAllowActiveScripting
设置： <Enabled/><Data id=""""IZ_Partname1400"""" value=""""3""""/>

RestrictedSitesZoneAllowBinaryAndScriptBehaviors

策略路径： ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneAllowBinaryAndScriptBehaviors
设置： <Enabled/><Data id=""""IZ_Partname2000"""" value=""""3""""/>

InternetZoneAllowCopyPasteViaScript

策略路径： ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/InternetZoneAllowCopyPasteViaScript
设置： <Enabled/><Data id=""""IZ_Partname1407"""" value=""""3""""/>

RestrictedSitesZoneAllowCopyPasteViaScript

策略路径： ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneAllowCopyPasteViaScript
设置： <Enabled/><Data id=""""IZ_Partname1407"""" value=""""3""""/>

InternetZoneAllowDragAndDropCopyAndPasteFiles

策略路径： ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/InternetZoneAllowDragAndDropCopyAndPasteFiles
设置： <Enabled/><Data id=""""IZ_Partname1802"""" value=""""3""""/>

RestrictedSitesZoneAllowDragAndDropCopyAndPasteFiles

策略路径： ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneAllowDragAndDropCopyAndPasteFiles
设置： <Enabled/><Data id=""""IZ_Partname1802"""" value=""""3""""/>

AllowFallbackToSSL3

策略路径： ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/AllowFallbackToSSL3
设置： <Enabled/><Data id=""""Advanced_EnableSSL3FallbackOptions"""" value=""""0""""/>

RestrictedSitesZoneAllowFileDownloads

策略路径： ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneAllowFileDownloads
设置： <Enabled/><Data id=""""IZ_Partname1803"""" value=""""3""""/>

InternetZoneAllowLoadingOfXAMLFiles

策略路径： ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/InternetZoneAllowLoadingOfXAMLFiles
设置： <Enabled/><Data id=""""IZ_Partname2402"""" value=""""3""""/>

RestrictedSitesZoneAllowLoadingOfXAMLFiles

策略路径： ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneAllowLoadingOfXAMLFiles
设置： <Enabled/><Data id=""""IZ_Partname2402"""" value=""""3""""/>

RestrictedSitesZoneAllowMETAREFRESH

策略路径： ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneAllowMETAREFRESH
设置： <Enabled/><Data id=""""IZ_Partname1608"""" value=""""3""""/>

InternetZoneAllowOnlyApprovedDomainsToUseActiveXControls

策略路径： ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/InternetZoneAllowOnlyApprovedDomainsToUseActiveXControls
设置： <Enabled/><Data id=""""IZ_Partname120b"""" value=""""3""""/>

RestrictedSitesZoneAllowOnlyApprovedDomainsToUseActiveXControls

策略路径： ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneAllowOnlyApprovedDomainsToUseActiveXControls
设置：<Enabled/><Data id=""""IZ_Partname120b"""" value=""""3""""/>

InternetZoneAllowOnlyApprovedDomainsToUseTDCActiveXControl

策略路径：./Device/Vendor/MSFT/Policy/Config/InternetExplorer/InternetZoneAllowOnlyApprovedDomainsToUseTDCActiveXControl
设置： <Enabled/><Data id=""""IZ_Partname120c"""" value=""""3""""/>

RestrictedSitesZoneAllowOnlyApprovedDomainsToUseTDCActiveXControl

策略路径：./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneAllowOnlyApprovedDomainsToUseTDCActiveXControl
设置： <Enabled/><Data id=""""IZ_Partname120c"""" value=""""3""""/>

InternetZoneAllowScriptingOfInternetExplorerWebBrowserControls

策略路径： ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/InternetZoneAllowScriptingOfInternetExplorerWebBrowserControls
设置： <Enabled/><Data id=""""IZ_Partname1206"""" value=""""3""""/>

RestrictedSitesZoneAllowScriptingOfInternetExplorerWebBrowserControls'

策略路径： ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneAllowScriptingOfInternetExplorerWebBrowserControls
设置： <Enabled/><Data id=""""IZ_Partname1206"""" value=""""3""""/>

InternetZoneAllowScriptInitiatedWindows

策略路径： ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/InternetZoneAllowScriptInitiatedWindows
设置： <Enabled/><Data id=""""IZ_Partname2102"""" value=""""3""""/>

RestrictedSitesZoneAllowScriptInitiatedWindows

策略路径： ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneAllowScriptInitiatedWindows
设置： <Enabled/><Data id=""""IZ_Partname2102"""" value=""""3""""/>

AllowSoftwareWhenSignatureIsInvalid

策略路径： ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/AllowSoftwareWhenSignatureIsInvalid
设置： <Disabled/>

InternetZoneAllowUpdatesToStatusBarViaScript

策略路径： ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/InternetZoneAllowUpdatesToStatusBarViaScript
设置： <Enabled/><Data id=""""IZ_Partname2103"""" value=""""3""""/>

RestrictedSitesZoneAllowUpdatesToStatusBarViaScript

策略路径： ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneAllowUpdatesToStatusBarViaScript
设置： <Enabled/><Data id=""""IZ_Partname2103"""" value=""""3""""/>

CheckServerCertificateRevocation

策略路径： ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/CheckServerCertificateRevocation
设置： <Enabled/>

CheckSignaturesOnDownloadedPrograms

策略路径： ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/CheckSignaturesOnDownloadedPrograms
设置： <Enabled/>

DoNotAllowActiveXControlsInProtectedMode

策略路径：./Device/Vendor/MSFT/Policy/Config/InternetExplorer/DoNotAllowActiveXControlsInProtectedMode
设置： <Enabled/>

InternetZoneDoNotRunAntimalwareAgainstActiveXControls

策略路径： ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/InternetZoneDoNotRunAntimalwareAgainstActiveXControls
设置： <Enabled/><Data id=""""IZ_Partname270C"""" value=""""0""""/>

IntranetZoneDoNotRunAntimalwareAgainstActiveXControls

策略路径： ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/IntranetZoneDoNotRunAntimalwareAgainstActiveXControls
设置： <Enabled/><Data id=""""IZ_Partname270C"""" value=""""0""""/>

LocalMachineZoneDoNotRunAntimalwareAgainstActiveXControls

策略路径：./Device/Vendor/MSFT/Policy/Config/InternetExplorer/LocalMachineZoneDoNotRunAntimalwareAgainstActiveXControls
设置： <Enabled/><Data id=""""IZ_Partname270C"""" value=""""0""""/>

RestrictedSitesZoneDoNotRunAntimalwareAgainstActiveXControls

策略路径： ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneDoNotRunAntimalwareAgainstActiveXControls
设置： <Enabled/><Data id=""""IZ_Partname270C"""" value=""""0""""/>

TrustedSitesZoneDoNotRunAntimalwareAgainstActiveXControls

策略路径： ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/TrustedSitesZoneDoNotRunAntimalwareAgainstActiveXControls
设置 <Enabled/><Data id=""""IZ_Partname270C"""" value=""""0""""/>

PreventManagingSmartScreenFilter

策略路径： ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/PreventManagingSmartScreenFilter
设置： <Enabled/><Data id=""""IE9SafetyFilterOptions"""" value=""""1""""/>

InternetZoneDownloadSignedActiveXControls

策略路径： ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/InternetZoneDownloadSignedActiveXControls
设置： <Enabled/><Data id=""""IZ_Partname1001"""" value=""""3""""/>

RestrictedSitesZoneDownloadSignedActiveXControls

策略路径： ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneDownloadSignedActiveXControls
设置： <Enabled/><Data id=""""IZ_Partname1001"""" value=""""3""""/>

InternetZoneDownloadUnsignedActiveXControls

策略路径： ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/InternetZoneDownloadUnsignedActiveXControls
设置： <Enabled/><Data id=""""IZ_Partname1004"""" value=""""3""""/>

RestrictedSitesZoneDownloadUnsignedActiveXControls

策略路径： ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneDownloadUnsignedActiveXControls
设置： <Enabled/><Data id=""""IZ_Partname1004"""" value=""""3""""/>

InternetZoneEnableDraggingOfContentFromDifferentDomainsAcrossWindows

策略路径： ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/InternetZoneEnableDraggingOfContentFromDifferentDomainsAcrossWindows
设置： <Enabled/><Data id=""""IZ_Partname2709"""" value=""""3""""/>

RestrictedSitesZoneEnableDraggingOfContentFromDifferentDomainsAcrossWindows

策略路径： ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneEnableDraggingOfContentFromDifferentDomainsAcrossWindows
设置： <Enabled/><Data id=""""IZ_Partname2709"""" value=""""3""""/>

InternetZoneEnableDraggingOfContentFromDifferentDomainsWithinWindows

策略路径： ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/InternetZoneEnableDraggingOfContentFromDifferentDomainsWithinWindows
设置 <Enabled/><Data id=""""IZ_Partname2708"""" value=""""3""""/>

RestrictedSitesZoneEnableDraggingOfContentFromDifferentDomainsWithinWindows

策略路径： ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneEnableDraggingOfContentFromDifferentDomainsWithinWindows
设置： <Enabled/><Data id=""""IZ_Partname2708"""" value=""""3""""/>

InternetZoneIncludeLocalPathWhenUploadingFilesToServer

策略路径：./Device/Vendor/MSFT/Policy/Config/InternetExplorer/InternetZoneIncludeLocalPathWhenUploadingFilesToServer
设置： <Enabled/><Data id=""""IZ_Partname160A"""" value=""""3""""/>

RestrictedSitesZoneIncludeLocalPathWhenUploadingFilesToServer

策略路径：./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneIncludeLocalPathWhenUploadingFilesToServer
设置： <Enabled/><Data id=""""IZ_Partname160A"""" value=""""3""""/>

ConsistentMimeHandlingInternetExplorerProcesses

策略路径： ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/ConsistentMimeHandlingInternetExplorerProcesses
设置： <Enabled/>

MimeSniffingSafetyFeatureInternetExplorerProcesses

策略路径：./Device/Vendor/MSFT/Policy/Config/InternetExplorer/MimeSniffingSafetyFeatureInternetExplorerProcesses
设置： <Enabled/>

MKProtocolSecurityRestrictionInternetExplorerProcesses

策略路径：./Device/Vendor/MSFT/Policy/Config/InternetExplorer/MKProtocolSecurityRestrictionInternetExplorerProcesses
设置： <Enabled/>

NotificationBarInternetExplorerProcesses

策略路径： ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/NotificationBarInternetExplorerProcesses
设置： <Enabled/>

ProtectionFromZoneElevationInternetExplorerProcesses

策略路径： ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/ProtectionFromZoneElevationInternetExplorerProcesses
设置： <Enabled/>

RestrictActiveXInstallInternetExplorerProcesses

策略路径： ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictActiveXInstallInternetExplorerProcesses
设置： <Enabled/>

RestrictFileDownloadInternetExplorerProcesses

策略路径：./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictFileDownloadInternetExplorerProcesses
设置： <Enabled/>

ScriptedWindowSecurityRestrictionsInternetExplorerProcesses

策略路径：./Device/Vendor/MSFT/Policy/Config/InternetExplorer/ScriptedWindowSecurityRestrictionsInternetExplorerProcesses
设置： <Enabled/>

InternetZoneJavaPermissions

策略路径： ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/InternetZoneJavaPermissions
设置： <Enabled/><Data id=""""IZ_Partname1C00"""" value=""""0""""/>

IntranetZoneJavaPermissions

策略路径： ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/IntranetZoneJavaPermissions
设置： <Enabled/><Data id=""""IZ_Partname1C00"""" value=""""65536""""/>

LocalMachineZoneJavaPermissions

策略路径： ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/LocalMachineZoneJavaPermissions
设置： <Enabled/><Data id=""""IZ_Partname1C00"""" value=""""0""""/>

LockedDownLocalMachineZoneJavaPermissions

策略路径： ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/LockedDownLocalMachineZoneJavaPermissions
设置： <Enabled/><Data id=""""IZ_Partname1C00"""" value=""""0""""/>

LockedDownRestrictedSitesZoneJavaPermissions

策略路径： ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/LockedDownRestrictedSitesZoneJavaPermissions
设置： <Enabled/><Data id=""""IZ_Partname1C00"""" value=""""0""""/>

LockedDownTrustedSitesZoneJavaPermissions

策略路径： ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/LockedDownTrustedSitesZoneJavaPermissions
设置： <Enabled/><Data id=""""IZ_Partname1C00"""" value=""""0""""/>

RestrictedSitesZoneJavaPermissions

策略路径： ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneJavaPermissions
设置： <Enabled/><Data id=""""IZ_Partname1C00"""" value=""""0""""/>

TrustedSitesZoneJavaPermissions

策略路径：./Device/Vendor/MSFT/Policy/Config/InternetExplorer/TrustedSitesZoneJavaPermissions
设置： <Enabled/><Data id=""""IZ_Partname1C00"""" value=""""65536""""/>

InternetZoneLaunchingApplicationsAndFilesInIFRAME

策略路径： ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/InternetZoneLaunchingApplicationsAndFilesInIFRAME
设置： <Enabled/><Data id=""""IZ_Partname1804"""" value=""""3""""/>

RestrictedSitesZoneLaunchingApplicationsAndFilesInIFRAME

策略路径：./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneLaunchingApplicationsAndFilesInIFRAME
设置： <Enabled/><Data id=""""IZ_Partname1804"""" value=""""3""""/>

InternetZoneLogonOptions

策略路径：./Device/Vendor/MSFT/Policy/Config/InternetExplorer/InternetZoneLogonOptions
设置： <Enabled/><Data id=""""IZ_Partname1A00"""" value=""""65536""""/>

RestrictedSitesZoneLogonOptions

策略路径：./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneLogonOptions
设置： <Enabled/><Data id=""""IZ_Partname1A00"""" value=""""196608""""/>

DisableIgnoringCertificateErrors

策略路径： ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/DisableIgnoringCertificateErrors
设置： <Enabled/>

PreventPerUserInstallationOfActiveXControls

策略路径： ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/PreventPerUserInstallationOfActiveXControls
设置： <Enabled/>

RemoveRunThisTimeButtonForOutdatedActiveXControls

策略路径： ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RemoveRunThisTimeButtonForOutdatedActiveXControls
设置： <Enabled/>

InternetZoneRunNETFrameworkReliantComponentsSignedWithAuthenticode

策略路径： ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/InternetZoneRunNETFrameworkReliantComponentsSignedWithAuthenticode
设置： <Enabled/><Data id=""""IZ_Partname2001"""" value=""""3""""/> |

RestrictedSitesZoneRunNETFrameworkReliantComponentsSignedWithAuthenticode

策略路径： ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneRunNETFrameworkReliantComponentsSignedWithAuthenticode
设置： <Enabled/><Data id=""""IZ_Partname2001"""" value=""""3""""/>

RestrictedSitesZoneRunActiveXControlsAndPlugins

策略路径：./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneRunActiveXControlsAndPlugins
设置： <Enabled/><Data id=""""IZ_Partname1200"""" value=""""3""""/>

RestrictedSitesZoneScriptActiveXControlsMarkedSafeForScripting

策略路径： ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneScriptActiveXControlsMarkedSafeForScripting
设置： <Enabled/><Data id=""""IZ_Partname1405"""" value=""""3""""/>

RestrictedSitesZoneScriptingOfJavaApplets

策略路径：./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneScriptingOfJavaApplets
设置： <Enabled/><Data id=""""IZ_Partname1402"""" value=""""3""""/>

SecurityZonesUseOnlyMachineSettings

策略路径： ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/SecurityZonesUseOnlyMachineSettings
设置： <Enabled/>

InternetZoneShowSecurityWarningForPotentiallyUnsafeFiles

策略路径： ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/InternetZoneShowSecurityWarningForPotentiallyUnsafeFiles
设置： <Enabled/><Data id=""""IZ_Partname1806"""" value=""""1""""/>

RestrictedSitesZoneShowSecurityWarningForPotentiallyUnsafeFiles

策略路径： ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneShowSecurityWarningForPotentiallyUnsafeFiles
设置： <Enabled/><Data id=""""IZ_Partname1806"""" value=""""3""""/>

SpecifyUseOfActiveXInstallerService

策略路径：./Device/Vendor/MSFT/Policy/Config/InternetExplorer/SpecifyUseOfActiveXInstallerService
设置： <Enabled/>

DisableCrashDetection

策略路径： ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/DisableCrashDetection
设置： <Enabled/>

DisableSecuritySettingsCheck

策略路径： ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/DisableSecuritySettingsCheck
设置： <Disabled/>

DisableProcessesInEnhancedProtectedMode

策略路径： ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/DisableProcessesInEnhancedProtectedMode
设置： <Enabled/>

AllowCertificateAddressMismatchWarning

策略路径： ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/AllowCertificateAddressMismatchWarning
设置： <Enabled/>

InternetZoneEnableCrossSiteScriptingFilter

策略路径： ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/InternetZoneEnableCrossSiteScriptingFilter
设置： <Enabled/><Data id=""""IZ_Partname1409"""" value=""""0""""/>

RestrictedSitesZoneEnableCrossSiteScriptingFilter

策略路径： ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneEnableCrossSiteScriptingFilter
设置： <Enabled/><Data id=""""IZ_Partname1409"""" value=""""0""""/>

InternetZoneEnableProtectedMode

策略路径： ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/InternetZoneEnableProtectedMode
设置” <Enabled/><Data id=""""IZ_Partname2500"""" value=""""0""""/>

RestrictedSitesZoneTurnOnProtectedMode

策略路径： ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneTurnOnProtectedMode
设置： <Enabled/><Data id=""""IZ_Partname2500"""" value=""""0""""/>

InternetZoneUsePopupBlocker

策略路径： ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/InternetZoneUsePopupBlocker
设置： <Enabled/><Data id=""""IZ_Partname1809"""" value=""""0""""/>

RestrictedSitesZoneUsePopupBlocker

策略路径： ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneUsePopupBlocker
设置： <Enabled/><Data id=""""IZ_Partname1809"""" value=""""0""""/>

InternetZoneAllowVBScriptToRunInInternetExplorer

策略路径： ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/InternetZoneAllowVBScriptToRunInInternetExplorer
设置： <Enabled/><Data id=""""IZ_Partname140C"""" value=""""3""""/>

LockedDownIntranetJavaPermissions

策略路径： ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/LockedDownIntranetJavaPermissions
设置： <Enabled/><Data id=""""IZ_Partname1C00"""" value=""""0""""/>

RestrictedSitesZoneAllowVBScriptToRunInInternetExplorer

策略路径： ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/RestrictedSitesZoneAllowVBScriptToRunInInternetExplorer
设置： <Enabled/><Data id=""""IZ_Partname140C"""" value=""""3""""/>

ApplyUACRestrictionsToLocalAccountsOnNetworkLogon

策略路径： ./Device/Vendor/MSFT/Policy/Config/MSSecurityGuide/ApplyUACRestrictionsToLocalAccountsOnNetworkLogon
设置： <Enabled/>

ConfigureSMBV1Server

策略路径： ./Device/Vendor/MSFT/Policy/Config/MSSecurityGuide/ConfigureSMBV1Server
设置： <Disabled/>

ConfigureSMBV1ClientDriver

策略路径： ./Device/Vendor/MSFT/Policy/Config/MSSecurityGuide/ConfigureSMBV1ClientDriver
设置： <Enabled/><Data id=""""Pol_SecGuide_SMB1ClientDriver"""" value=""""4""""/>

EnableStructuredExceptionHandlingOverwriteProtection

策略路径： ./Device/Vendor/MSFT/Policy/Config/MSSecurityGuide/EnableStructuredExceptionHandlingOverwriteProtection
设置： <Enabled/>

WDigestAuthentication

策略路径： ./Device/Vendor/MSFT/Policy/Config/MSSecurityGuide/WDigestAuthentication
设置： <Disabled/>

TurnOnWindowsDefenderProtectionAgainstPotentiallyUnwantedApplications

策略路径： ./Device/Vendor/MSFT/Policy/Config/MSSecurityGuide/TurnOnWindowsDefenderProtectionAgainstPotentiallyUnwantedApplications
设置： <Enabled/>

IPv6SourceRoutingProtectionLevel

策略路径： ./Device/Vendor/MSFT/Policy/Config/MSSLegacy/IPv6SourceRoutingProtectionLevel
设置： <Enabled/><Data id=""""DisableIPSourceRoutingIPv6"""" value=""""2""""/>

IPSourceRoutingProtectionLevel

策略路径： ./Device/Vendor/MSFT/Policy/Config/MSSLegacy/IPSourceRoutingProtectionLevel
设置： <Enabled/><Data id=""""DisableIPSourceRouting"""" value=""""2""""/>

AllowICMPRedirectsToOverrideOSPFGeneratedRoutes

策略路径： ./Device/Vendor/MSFT/Policy/Config/MSSLegacy/AllowICMPRedirectsToOverrideOSPFGeneratedRoutes
设置： <Disabled/>

AllowTheComputerToIgnoreNetBIOSNameReleaseRequestsExceptFromWINSServers

策略路径： ./Device/Vendor/MSFT/Policy/Config/MSSLegacy/AllowTheComputerToIgnoreNetBIOSNameReleaseRequestsExceptFromWINSServers
设置： <Enabled/>

AllowStandbyWhenSleepingPluggedIn

策略路径： ./Device/Vendor/MSFT/Policy/Config/Power/AllowStandbyWhenSleepingPluggedIn
设置： <Disabled/>

RequirePasswordWhenComputerWakesOnBattery

策略路径： ./Device/Vendor/MSFT/Policy/Config/Power/RequirePasswordWhenComputerWakesOnBattery
设置： <Enabled/>

RequirePasswordWhenComputerWakesPluggedIn

策略路径： ./Device/Vendor/MSFT/Policy/Config/Power/RequirePasswordWhenComputerWakesPluggedIn
设置： <Enabled/>

AllowStandbyStatesWhenSleepingOnBattery

策略路径： ./Device/Vendor/MSFT/Policy/Config/Power/AllowStandbyStatesWhenSleepingOnBattery
设置： <Disabled/>

SolicitedRemoteAssistance

策略路径： ./Device/Vendor/MSFT/Policy/Config/RemoteAssistance/SolicitedRemoteAssistance
设置： <Disabled/>

DoNotAllowPasswordSaving

策略路径： ./Device/Vendor/MSFT/Policy/Config/RemoteDesktopServices/DoNotAllowPasswordSaving
设置： <Enabled/>

DoNotAllowDriveRedirection

策略路径： ./Device/Vendor/MSFT/Policy/Config/RemoteDesktopServices/DoNotAllowDriveRedirection
设置： <Enabled/>

PromptForPasswordUponConnection

策略路径： ./Device/Vendor/MSFT/Policy/Config/RemoteDesktopServices/PromptForPasswordUponConnection
设置： <Enabled/>

RequireSecureRPCCommunication

策略路径： ./Device/Vendor/MSFT/Policy/Config/RemoteDesktopServices/RequireSecureRPCCommunication
设置： <Enabled/>

ClientConnectionEncryptionLevel

策略路径： ./Device/Vendor/MSFT/Policy/Config/RemoteDesktopServices/ClientConnectionEncryptionLevel
设置： <Enabled/><Data id=""""TS_ENCRYPTION_LEVEL"""" value=""""3""""/>

AllowBasicAuthentication_Client

策略路径： ./Device/Vendor/MSFT/Policy/Config/RemoteManagement/AllowBasicAuthentication_Client
设置： <Disabled/>

AllowBasicAuthentication_Service

策略路径： ./Device/Vendor/MSFT/Policy/Config/RemoteManagement/AllowBasicAuthentication_Service
设置： <Disabled/>

AllowUnencryptedTraffic_Client

策略路径： ./Device/Vendor/MSFT/Policy/Config/RemoteManagement/AllowUnencryptedTraffic_Client
设置： <Disabled/>

AllowUnencryptedTraffic_Service

策略路径： ./Device/Vendor/MSFT/Policy/Config/RemoteManagement/AllowUnencryptedTraffic_Service
设置： <Disabled/>

DisallowDigestAuthentication

策略路径： ./Device/Vendor/MSFT/Policy/Config/RemoteManagement/DisallowDigestAuthentication
设置： <Enabled/>

DisallowStoringOfRunAsCredentials

策略路径： ./Device/Vendor/MSFT/Policy/Config/RemoteManagement/DisallowStoringOfRunAsCredentials
设置： <Enabled/>

RestrictUnauthenticatedRPCClients

策略路径： ./Device/Vendor/MSFT/Policy/Config/RemoteProcedureCall/RestrictUnauthenticatedRPCClients
设置： <Enabled/><Data id=""""RpcRestrictRemoteClientsList"""" value=""""1""""/> |

BootStartDriverInitialization

策略路径： ./Device/Vendor/MSFT/Policy/Config/System/BootStartDriverInitialization
设置： <Enabled/><Data id=""""SelectDriverLoadPolicy"""" value=""""3""""/>

ProhitConnectionToNonDomainNetworksWhenConnectedToDomainAuthenticatedNetwork

策略路径： ./Device/Vendor/MSFT/Policy/Config/WindowsConnectionManager/ProhitConnectionToNonDomainNetworksWhenConnectedToDomainAuthenticatedNetwork
设置： <Enabled/>

EnumerateLocalUsersOnDomainJoinedComputers

策略路径： ./Device/Vendor/MSFT/Policy/Config/WindowsLogon/EnumerateLocalUsersOnDomainJoinedComputers
设置： <Disabled/>

AllowAutomaticRestartSignOn

策略路径： ./Device/Vendor/MSFT/Policy/Config/WindowsLogon/AllowAutomaticRestartSignOn
设置： <Disabled/>

TurnOnPowerShellScriptBlockLogging

策略路径： ./Device/Vendor/MSFT/Policy/Config/WindowsPowerShell/TurnOnPowerShellScriptBlockLogging
设置： <Enabled/><Data id=""""EnableScriptBlockInvocationLogging"""" value=""""true""""/>

AllowAutoComplete

策略路径： ./User/Vendor/MSFT/Policy/Config/InternetExplorer/AllowAutoComplete
设置： <Disabled/>

AllowGameDVR

策略路径： ./Device/Vendor/MSFT/Policy/Config/ApplicationManagement/AllowGameDVR
设置： 0

MSIAlwaysInstallWithElevatedPrivileges

策略路径： ./Device/Vendor/MSFT/Policy/Config/ApplicationManagement/MSIAlwaysInstallWithElevatedPrivileges
设置： 0

MSIAllowUserControlOverInstall

策略路径： ./Device/Vendor/MSFT/Policy/Config/ApplicationManagement/MSIAllowUserControlOverInstall
设置： 0

AllowPasswordManager

策略路径： ./Device/Vendor/MSFT/Policy/Config/Browser/AllowPasswordManager
设置： 0

AllowSmartScreen

策略路径： ./Device/Vendor/MSFT/Policy/Config/Browser/AllowSmartScreen
设置： 1

PreventSmartScreenPromptOverride

策略路径： ./Device/Vendor/MSFT/Policy/Config/Browser/PreventSmartScreenPromptOverride
设置： 1

PreventSmartScreenPromptOverrideForFiles

策略路径： ./Device/Vendor/MSFT/Policy/Config/Browser/PreventSmartScreenPromptOverrideForFiles
设置： 1

AllowBehaviorMonitoring

策略路径： ./Device/Vendor/MSFT/Policy/Config/Defender/AllowBehaviorMonitoring
设置： 1

AllowCloudProtection

策略路径： ./Device/Vendor/MSFT/Policy/Config/Defender/AllowCloudProtection
设置： 1

AllowEmailScanning

策略路径： ./Device/Vendor/MSFT/Policy/Config/Defender/AllowEmailScanning
设置： 1

AllowFullScanRemovableDriveScanning

策略路径： ./Device/Vendor/MSFT/Policy/Config/Defender/AllowFullScanRemovableDriveScanning
设置： 1

EnableNetworkProtection

策略路径： ./Device/Vendor/MSFT/Policy/Config/Defender/EnableNetworkProtection
设置 1

SubmitSamplesConsent

策略路径： ./Device/Vendor/MSFT/Policy/Config/Defender/SubmitSamplesConsent
设置： 1

DisallowExploitProtectionOverride

策略路径： ./Device/Vendor/MSFT/Policy/Config/WindowsDefenderSecurityCenter/DisallowExploitProtectionOverride
设置： 1

EnableVirtualizationBasedSecurity

策略路径： ./Device/Vendor/MSFT/Policy/Config/DeviceGuard/EnableVirtualizationBasedSecurity
设置： 1

RequirePlatformSecurityFeatures

策略路径： ./Device/Vendor/MSFT/Policy/Config/DeviceGuard/RequirePlatformSecurityFeatures
设置： 3

LsaCfgFlags

策略路径： ./Device/Vendor/MSFT/Policy/Config/DeviceGuard/LsaCfgFlags
设置： 1

AllowThirdPartySuggestionsInWindowsSpotlight

策略路径： ./User/Vendor/MSFT/Policy/Config/Experience/AllowThirdPartySuggestionsInWindowsSpotlight
设置： 0

AllowWindowsConsumerFeatures

策略路径： ./Device/Vendor/MSFT/Policy/Config/Experience/AllowWindowsConsumerFeatures
设置： 1

EnableInsecureGuestLogons

策略路径： ./Device/Vendor/MSFT/Policy/Config/LanmanWorkstation/EnableInsecureGuestLogons
设置： 0

AllowIndexingEncryptedStoresOrItems

策略路径： ./Device/Vendor/MSFT/Policy/Config/Search/AllowIndexingEncryptedStoresOrItems 设置： 0

EnableSmartScreenInShell

策略路径： ./Device/Vendor/MSFT/Policy/Config/SmartScreen/EnableSmartScreenInShell
设置： 1

PreventOverrideForFilesInShell

策略路径： ./Device/Vendor/MSFT/Policy/Config/SmartScreen/PreventOverrideForFilesInShell
设置： 1

AllowAutoConnectToWiFiSenseHotspots

策略路径： ./Device/Vendor/MSFT/Policy/Config/Wifi/AllowAutoConnectToWiFiSenseHotspots
设置： 0

AllowInternetSharing

策略路径： ./Device/Vendor/MSFT/Policy/Config/Wifi/AllowInternetSharing
设置： 0

AllowWindowsInkWorkspace

策略路径： ./Device/Vendor/MSFT/Policy/Config/WindowsInkWorkspace/AllowWindowsInkWorkspace
设置： 1

InteractiveLogon_SmartCardRemovalBehavior

策略路径： ./Device/Vendor/MSFT/Policy/Config/LocalPoliciesSecurityOptions/InteractiveLogon_SmartCardRemovalBehavior
设置： 1

NetworkAccess_RestrictClientsAllowedToMakeRemoteCallsToSAM

策略路径： ./Device/Vendor/MSFT/Policy/Config/LocalPoliciesSecurityOptions/NetworkAccess_RestrictClientsAllowedToMakeRemoteCallsToSAM
设置： O:BAG:BAD:(A;;RC;;;BA)

Accounts_LimitLocalAccountUseOfBlankPasswordsToConsoleLogonOnly

策略路径： ./Device/Vendor/MSFT/Policy/Config/LocalPoliciesSecurityOptions/Accounts_LimitLocalAccountUseOfBlankPasswordsToConsoleLogonOnly
设置： 1

InteractiveLogon_MachineInactivityLimit

策略路径： ./Device/Vendor/MSFT/Policy/Config/LocalPoliciesSecurityOptions/InteractiveLogon_MachineInactivityLimit
设置： 900

MicrosoftNetworkClient_SendUnencryptedPasswordToThirdPartySMBServers

策略路径： ./Device/Vendor/MSFT/Policy/Config/LocalPoliciesSecurityOptions/MicrosoftNetworkClient_SendUnencryptedPasswordToThirdPartySMBServers
设置： 0

MicrosoftNetworkServer_DigitallySignCommunicationsAlways

策略路径： ./Device/Vendor/MSFT/Policy/Config/LocalPoliciesSecurityOptions/MicrosoftNetworkServer_DigitallySignCommunicationsAlways
设置： 1

NetworkAccess_DoNotAllowAnonymousEnumerationOfSAMAccounts

策略路径： ./Device/Vendor/MSFT/Policy/Config/LocalPoliciesSecurityOptions/NetworkAccess_DoNotAllowAnonymousEnumerationOfSAMAccounts
设置： 1

NetworkAccess_DoNotAllowAnonymousEnumerationOfSamAccountsAndShares'

策略路径： ./Device/Vendor/MSFT/Policy/Config/LocalPoliciesSecurityOptions/NetworkAccess_DoNotAllowAnonymousEnumerationOfSamAccountsAndShares
设置： 1

NetworkAccess_RestrictAnonymousAccessToNamedPipesAndShares

策略路径： ./Device/Vendor/MSFT/Policy/Config/LocalPoliciesSecurityOptions/NetworkAccess_RestrictAnonymousAccessToNamedPipesAndShares
设置： 1

NetworkSecurity_DoNotStoreLANManagerHashValueOnNextPasswordChange

策略路径： ./Device/Vendor/MSFT/Policy/Config/LocalPoliciesSecurityOptions/NetworkSecurity_DoNotStoreLANManagerHashValueOnNextPasswordChange
设置： 1

NetworkSecurity_LANManagerAuthenticationLevel

策略路径： ./Device/Vendor/MSFT/Policy/Config/LocalPoliciesSecurityOptions/NetworkSecurity_LANManagerAuthenticationLevel
设置： 5

NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedServers

策略路径： ./Device/Vendor/MSFT/Policy/Config/LocalPoliciesSecurityOptions/NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedServers
设置： 537395200

UserAccountControl_UseAdminApprovalMode

策略路径： ./Device/Vendor/MSFT/Policy/Config/LocalPoliciesSecurityOptions/UserAccountControl_UseAdminApprovalMode
设置： 1

UserAccountControl_BehaviorOfTheElevationPromptForAdministrators

策略路径： ./Device/Vendor/MSFT/Policy/Config/LocalPoliciesSecurityOptions/UserAccountControl_BehaviorOfTheElevationPromptForAdministrators
设置： 2

UserAccountControl_BehaviorOfTheElevationPromptForStandardUsers

策略路径：./Device/Vendor/MSFT/Policy/Config/LocalPoliciesSecurityOptions/UserAccountControl_BehaviorOfTheElevationPromptForStandardUsers
设置： 3

UserAccountControl_OnlyElevateUIAccessApplicationsThatAreInstalledInSecureLocations

策略路径： ./Device/Vendor/MSFT/Policy/Config/LocalPoliciesSecurityOptions/UserAccountControl_OnlyElevateUIAccessApplicationsThatAreInstalledInSecureLocations
设置： 1

UserAccountControl_RunAllAdministratorsInAdminApprovalMode

策略路径： ./Device/Vendor/MSFT/Policy/Config/LocalPoliciesSecurityOptions/UserAccountControl_RunAllAdministratorsInAdminApprovalMode
设置： 1

UserAccountControl_VirtualizeFileAndRegistryWriteFailuresToPerUserLocations

策略路径： ./Device/Vendor/MSFT/Policy/Config/LocalPoliciesSecurityOptions/UserAccountControl_VirtualizeFileAndRegistryWriteFailuresToPerUserLocations
设置： 1

UserAccountControl_DetectApplicationInstallationsAndPromptForElevation

策略路径： ./Device/Vendor/MSFT/Policy/Config/LocalPoliciesSecurityOptions/UserAccountControl_DetectApplicationInstallationsAndPromptForElevation
设置： 1

MinimumPasswordAge

策略路径： ./Device/Vendor/MSFT/Policy/Config/DeviceLock/MinimumPasswordAge
设置： 1

BackupFilesAndDirectories

策略路径： ./Device/Vendor/MSFT/Policy/Config/UserRights/BackupFilesAndDirectories
设置： *S-1-5-32-544

CreatePageFile

策略路径： ./Device/Vendor/MSFT/Policy/Config/UserRights/CreatePageFile
设置： *S-1-5-32-544

CreateSymbolicLinks

策略路径： ./Device/Vendor/MSFT/Policy/Config/UserRights/CreateSymbolicLinks
设置： *S-1-5-32-544

DebugPrograms

策略路径： ./Device/Vendor/MSFT/Policy/Config/UserRights/DebugPrograms
设置： *S-1-5-32-544

DenyLocalLogOn

策略路径： ./Device/Vendor/MSFT/Policy/Config/UserRights/DenyLocalLogOn
设置： *S-1-5-32-546

RemoteShutdown

策略路径： ./Device/Vendor/MSFT/Policy/Config/UserRights/RemoteShutdown
设置： *S-1-5-32-544

LoadUnloadDeviceDrivers

策略路径： ./Device/Vendor/MSFT/Policy/Config/UserRights/LoadUnloadDeviceDrivers
设置： *S-1-5-32-544

ManageAuditingAndSecurityLog

策略路径： ./Device/Vendor/MSFT/Policy/Config/UserRights/ManageAuditingAndSecurityLog
设置： *S-1-5-32-544

ModifyFirmwareEnvironment'

策略路径： ./Device/Vendor/MSFT/Policy/Config/UserRights/ModifyFirmwareEnvironment
设置： *S-1-5-32-544

ManageVolume

策略路径： ./Device/Vendor/MSFT/Policy/Config/UserRights/ManageVolume
设置： *S-1-5-32-544

ProfileSingleProcess

策略路径： ./Device/Vendor/MSFT/Policy/Config/UserRights/ProfileSingleProcess
设置： *S-1-5-32-544

RestoreFilesAndDirectories

策略路径：./Device/Vendor/MSFT/Policy/Config/UserRights/RestoreFilesAndDirectories
设置： *S-1-5-32-544

TakeOwnership

策略路径： ./Device/Vendor/MSFT/Policy/Config/UserRights/TakeOwnership
设置： *S-1-5-32-544

AllowToasts

策略路径： ./Device/Vendor/MSFT/Policy/Config/AboveLock/AllowToasts
设置： 0

AllowDirectMemoryAccess'

策略路径： ./Device/Vendor/MSFT/Policy/Config/DataProtection/AllowDirectMemoryAccess
设置： 0

AttackSurfaceReductionRules

策略路径： ./Device/Vendor/MSFT/Policy/Config/Defender/AttackSurfaceReductionRules
设置：
- 75668c1f-73b5-4cf0-bb93-3ecf5cb7cc84=2|3b576869-a4ec-4529-8536-b80a7769e899=2|
- d4f940ab-401b-4efc-aadc-ad5f3c50688a=2|92E97FA1-2EDF-4476-BDD6-9DD0B4DDDC7B=2|
- 5beb7efe-fd9a-4556-801d-275e5ffc04cc=2|d3e037e1-3eb8-44c8-a917-57927947596d=2|
- be9ba2d9-53ea-4cdc-84e5-9b1eeee46550=2|9e6c4e1f-7d60-472f-ba1a-a39ef669e4b2=2|
- b2b3f03d-6a65-4f7b-a9c7-1c7ef74a9ba4=2|7674ba52-37eb-4a4f-a9a1-f0f9a1619a2c=2|

FacialFeaturesUseEnhancedAntiSpoofing

策略路径： ./Device/Vendor/MSFT/PassportForWork/Biometrics/FacialFeaturesUseEnhancedAntiSpoofing
设置： TRUE

EnableFirewall

策略路径： ./Device/Vendor/MSFT/Firewall/MdmStore/DomainProfile/EnableFirewall
设置： TRUE

DefaultInboundAction

策略路径： ./Device/Vendor/MSFT/Firewall/MdmStore/DomainProfile/DefaultInboundAction
设置： 1

DefaultOutboundAction

策略路径： ./Device/Vendor/MSFT/Firewall/MdmStore/DomainProfile/DefaultOutboundAction
设置： 0

DisableInboundNotifications

策略路径： ./Device/Vendor/MSFT/Firewall/MdmStore/DomainProfile/DisableInboundNotifications
设置： TRUE

EnableFirewall (privae 配置文件)

策略路径： ./Device/Vendor/MSFT/Firewall/MdmStore/PrivateProfile/EnableFirewall
设置： TRUE

DefaultInboundAction (专用配置文件)

策略路径： ./Device/Vendor/MSFT/Firewall/MdmStore/PrivateProfile/DefaultInboundAction
设置： 1

DefaultOutboundAction (专用配置文件)

策略路径： ./Device/Vendor/MSFT/Firewall/MdmStore/PrivateProfile/DefaultOutboundAction
设置： 0

DisableInboundNotifications (专用配置文件)

策略路径： ./Device/Vendor/MSFT/Firewall/MdmStore/PrivateProfile/DisableInboundNotifications
设置： TRUE

EnableFirewall (公共配置文件)

策略路径： ./Device/Vendor/MSFT/Firewall/MdmStore/PublicProfile/EnableFirewall
设置： TRUE

DefaultInboundAction (公共配置文件)

策略路径： ./Device/Vendor/MSFT/Firewall/MdmStore/PublicProfile/DefaultInboundAction
设置： 1

DefaultOutboundAction (公共配置文件)

策略路径： ./Device/Vendor/MSFT/Firewall/MdmStore/PublicProfile/DefaultOutboundAction
设置： 0

DisableInboundNotifications (公共配置文件)

策略路径： ./Device/Vendor/MSFT/Firewall/MdmStore/PublicProfile/DisableInboundNotifications
设置： TRUE

AllowLocalPolicyMerge

策略路径： ./Device/Vendor/MSFT/Firewall/MdmStore/PublicProfile/AllowLocalPolicyMerge
设置： FALSE

AllowLocalIpsecPolicyMerge

策略路径： ./Device/Vendor/MSFT/Firewall/MdmStore/PublicProfile/AllowLocalIpsecPolicyMerge
设置： FALSE

ExploitProtectionSettings

策略路径： ./Device/Vendor/MSFT/Policy/Config/ExploitGuard/ExploitProtectionSettings
设置：

<?xml version=""""1.0"""" encoding=""""UTF-8""""?><MitigationPolicy><AppConfig Executable=""""ONEDRIVE.EXE""""><DEP Enable=""""true"""" EmulateAtlThunks=""""false"""" /><ASLR Enable=""""true"""" ForceRelocateImages=""""true"""" /><ImageLoad BlockRemoteImageLoads=""""true"""" /><Payload EnableExportAddressFilter=""""false"""" EnableExportAddressFilterPlus=""""false"""" EnableImportAddressFilter=""""false"""" EnableRopStackPivot=""""true"""" EnableRopCallerCheck=""""true"""" EnableRopSimExec=""""true"""" /></AppConfig><AppConfig Executable=""""firefox.exe""""><DEP Enable=""""true"""" EmulateAtlThunks=""""false"""" /><ASLR ForceRelocateImages=""""true"""" RequireInfo=""""false"""" BottomUp=""""true"""" HighEntropy=""""false"""" /></AppConfig><AppConfig Executable=""""fltldr.exe""""><DEP Enable=""""true"""" EmulateAtlThunks=""""false"""" /><ImageLoad BlockRemoteImageLoads=""""true"""" /><ChildProcess DisallowChildProcessCreation=""""true"""" /><Payload EnableExportAddressFilter=""""true"""" EnableExportAddressFilterPlus=""""true"""" EnableImportAddressFilter=""""true"""" EnableRopStackPivot=""""true"""" EnableRopCallerCheck=""""true"""" EnableRopSimExec=""""true"""" /></AppConfig><AppConfig Executable=""""GROOVE.EXE""""><DEP Enable=""""true"""" EmulateAtlThunks=""""false"""" /><ASLR Enable=""""true"""" ForceRelocateImages=""""true"""" /><ImageLoad BlockRemoteImageLoads=""""true"""" /><Payload EnableExportAddressFilter=""""true"""" EnableExportAddressFilterPlus=""""true"""" EnableImportAddressFilter=""""true"""" EnableRopStackPivot=""""true"""" EnableRopCallerCheck=""""true"""" EnableRopSimExec=""""true"""" /><ChildProcess DisallowChildProcessCreation=""""true"""" /></AppConfig><AppConfig Executable=""""Acrobat.exe""""><DEP Enable=""""true"""" EmulateAtlThunks=""""false"""" /><ASLR ForceRelocateImages=""""true"""" RequireInfo=""""false"""" BottomUp=""""true"""" HighEntropy=""""false"""" /><Payload EnableExportAddressFilter=""""true"""" EnableExportAddressFilterPlus=""""true"""" EnableImportAddressFilter=""""true"""" EnableRopStackPivot=""""true"""" EnableRopCallerCheck=""""true"""" EnableRopSimExec=""""true"""" /></AppConfig><AppConfig Executable=""""AcroRd32.exe""""><DEP Enable=""""true"""" EmulateAtlThunks=""""false"""" /><ASLR ForceRelocateImages=""""true"""" RequireInfo=""""false"""" BottomUp=""""true"""" HighEntropy=""""false"""" /><Payload EnableExportAddressFilter=""""true"""" EnableExportAddressFilterPlus=""""true"""" EnableImportAddressFilter=""""true"""" EnableRopStackPivot=""""true"""" EnableRopCallerCheck=""""true"""" EnableRopSimExec=""""true"""" /></AppConfig><AppConfig Executable=""""chrome.exe""""><DEP Enable=""""true"""" EmulateAtlThunks=""""false"""" /></AppConfig><AppConfig Executable=""""EXCEL.EXE""""><DEP Enable=""""true"""" EmulateAtlThunks=""""false"""" /><ASLR Enable=""""true"""" ForceRelocateImages=""""true"""" /><Payload EnableExportAddressFilter=""""false"""" EnableExportAddressFilterPlus=""""false"""" EnableImportAddressFilter=""""false"""" EnableRopStackPivot=""""true"""" EnableRopCallerCheck=""""true"""" EnableRopSimExec=""""true"""" /></AppConfig><AppConfig Executable=""""iexplore.exe""""><DEP Enable=""""true"""" EmulateAtlThunks=""""false"""" /><ASLR ForceRelocateImages=""""true"""" RequireInfo=""""false"""" BottomUp=""""true"""" HighEntropy=""""false"""" /><Payload EnableExportAddressFilter=""""true"""" EnableExportAddressFilterPlus=""""true"""" EnableImportAddressFilter=""""true"""" EnableRopStackPivot=""""true"""" EnableRopCallerCheck=""""true"""" EnableRopSimExec=""""true"""" /></AppConfig><AppConfig Executable=""""INFOPATH.EXE""""><DEP Enable=""""true"""" EmulateAtlThunks=""""false"""" /><ASLR Enable=""""true"""" ForceRelocateImages=""""true"""" /><Payload EnableExportAddressFilter=""""true"""" EnableExportAddressFilterPlus=""""true"""" EnableImportAddressFilter=""""true"""" EnableRopStackPivot=""""true"""" EnableRopCallerCheck=""""true"""" EnableRopSimExec=""""true"""" /></AppConfig><AppConfig Executable=""""java.exe""""><DEP Enable=""""true"""" EmulateAtlThunks=""""false"""" /><Payload EnableExportAddressFilter=""""true"""" EnableExportAddressFilterPlus=""""true"""" EnableImportAddressFilter=""""true"""" EnableRopStackPivot=""""true"""" EnableRopCallerCheck=""""true"""" EnableRopSimExec=""""true"""" /></AppConfig><AppConfig Executable=""""javaw.exe""""><DEP Enable=""""true"""" EmulateAtlThunks=""""false"""" /><Payload EnableExportAddressFilter=""""true"""" EnableExportAddressFilterPlus=""""true"""" EnableImportAddressFilter=""""true"""" EnableRopStackPivot=""""true"""" EnableRopCallerCheck=""""true"""" EnableRopSimExec=""""true"""" /></AppConfig><AppConfig Executable=""""javaws.exe""""><DEP Enable=""""true"""" EmulateAtlThunks=""""false"""" /><Payload EnableExportAddressFilter=""""true"""" EnableExportAddressFilterPlus=""""true"""" EnableImportAddressFilter=""""true"""" EnableRopStackPivot=""""true"""" EnableRopCallerCheck=""""true"""" EnableRopSimExec=""""true"""" /></AppConfig><AppConfig Executable=""""LYNC.EXE""""><DEP Enable=""""true"""" EmulateAtlThunks=""""false"""" /><ASLR Enable=""""true"""" ForceRelocateImages=""""true"""" /><Payload EnableExportAddressFilter=""""true"""" EnableExportAddressFilterPlus=""""true"""" EnableImportAddressFilter=""""true"""" EnableRopStackPivot=""""true"""" EnableRopCallerCheck=""""true"""" EnableRopSimExec=""""true"""" /></AppConfig><AppConfig Executable=""""MSACCESS.EXE""""><DEP Enable=""""true"""" EmulateAtlThunks=""""false"""" /><ASLR Enable=""""true"""" ForceRelocateImages=""""true"""" /><Payload EnableExportAddressFilter=""""false"""" EnableExportAddressFilterPlus=""""false"""" EnableImportAddressFilter=""""false"""" EnableRopStackPivot=""""true"""" EnableRopCallerCheck=""""true"""" EnableRopSimExec=""""true"""" /></AppConfig><AppConfig Executable=""""MSPUB.EXE""""><DEP Enable=""""true"""" EmulateAtlThunks=""""false"""" /><ASLR Enable=""""true"""" ForceRelocateImages=""""true"""" /><Payload EnableExportAddressFilter=""""true"""" EnableExportAddressFilterPlus=""""true"""" EnableImportAddressFilter=""""true"""" EnableRopStackPivot=""""true"""" EnableRopCallerCheck=""""true"""" EnableRopSimExec=""""true"""" /></AppConfig><AppConfig Executable=""""OIS.EXE""""><DEP Enable=""""true"""" EmulateAtlThunks=""""false"""" /><Payload EnableExportAddressFilter=""""false"""" EnableExportAddressFilterPlus=""""false"""" EnableImportAddressFilter=""""false"""" EnableRopStackPivot=""""true"""" EnableRopCallerCheck=""""true"""" EnableRopSimExec=""""true"""" /></AppConfig><AppConfig Executable=""""OUTLOOK.EXE""""><DEP Enable=""""true"""" EmulateAtlThunks=""""false"""" /><ASLR Enable=""""true"""" ForceRelocateImages=""""true"""" /><Payload EnableExportAddressFilter=""""false"""" EnableExportAddressFilterPlus=""""false"""" EnableImportAddressFilter=""""false"""" EnableRopStackPivot=""""true"""" EnableRopCallerCheck=""""true"""" EnableRopSimExec=""""true"""" /></AppConfig><AppConfig Executable=""""plugin-container.exe""""><DEP Enable=""""true"""" EmulateAtlThunks=""""false"""" /><Payload EnableExportAddressFilter=""""true"""" EnableExportAddressFilterPlus=""""true"""" EnableImportAddressFilter=""""true"""" EnableRopStackPivot=""""true"""" EnableRopCallerCheck=""""true"""" EnableRopSimExec=""""true"""" /></AppConfig><AppConfig Executable=""""POWERPNT.EXE""""><DEP Enable=""""true"""" EmulateAtlThunks=""""false"""" /><ASLR Enable=""""true"""" ForceRelocateImages=""""true"""" /><Payload EnableExportAddressFilter=""""false"""" EnableExportAddressFilterPlus=""""false"""" EnableImportAddressFilter=""""false"""" EnableRopStackPivot=""""true"""" EnableRopCallerCheck=""""true"""" EnableRopSimExec=""""true"""" /></AppConfig><AppConfig Executable=""""PPTVIEW.EXE""""><DEP Enable=""""true"""" EmulateAtlThunks=""""false"""" /><ASLR Enable=""""true"""" ForceRelocateImages=""""true"""" /><Payload EnableExportAddressFilter=""""true"""" EnableExportAddressFilterPlus=""""true"""" EnableImportAddressFilter=""""true"""" EnableRopStackPivot=""""true"""" EnableRopCallerCheck=""""true"""" EnableRopSimExec=""""true"""" /></AppConfig><AppConfig Executable=""""VISIO.EXE""""><DEP Enable=""""true"""" EmulateAtlThunks=""""false"""" /><ASLR Enable=""""true"""" ForceRelocateImages=""""true"""" /><Payload EnableExportAddressFilter=""""false"""" EnableExportAddressFilterPlus=""""false"""" EnableImportAddressFilter=""""false"""" EnableRopStackPivot=""""true"""" EnableRopCallerCheck=""""true"""" EnableRopSimExec=""""true"""" /></AppConfig><AppConfig Executable=""""VPREVIEW.EXE""""><DEP Enable=""""true"""" EmulateAtlThunks=""""false"""" /><ASLR Enable=""""true"""" ForceRelocateImages=""""true"""" /><Payload EnableExportAddressFilter=""""true"""" EnableExportAddressFilterPlus=""""true"""" EnableImportAddressFilter=""""true"""" EnableRopStackPivot=""""true"""" EnableRopCallerCheck=""""true"""" EnableRopSimExec=""""true"""" /></AppConfig><AppConfig Executable=""""WINWORD.EXE""""><DEP Enable=""""true"""" EmulateAtlThunks=""""false"""" /><ASLR Enable=""""true"""" ForceRelocateImages=""""true"""" /><Payload EnableExportAddressFilter=""""false"""" EnableExportAddressFilterPlus=""""false"""" EnableImportAddressFilter=""""false"""" EnableRopStackPivot=""""true"""" EnableRopCallerCheck=""""true"""" EnableRopSimExec=""""true"""" /></AppConfig><AppConfig Executable=""""wmplayer.exe""""><DEP Enable=""""true"""" EmulateAtlThunks=""""false"""" /><Payload EnableExportAddressFilter=""""false"""" EnableExportAddressFilterPlus=""""false"""" EnableImportAddressFilter=""""false"""" EnableRopStackPivot=""""true"""" EnableRopCallerCheck=""""true"""" EnableRopSimExec=""""true"""" /></AppConfig><AppConfig Executable=""""wordpad.exe""""><DEP Enable=""""true"""" EmulateAtlThunks=""""false"""" /><Payload EnableExportAddressFilter=""""true"""" EnableExportAddressFilterPlus=""""true"""" EnableImportAddressFilter=""""true"""" EnableRopStackPivot=""""true"""" EnableRopCallerCheck=""""true"""" EnableRopSimExec=""""true"""" /></AppConfig></MitigationPolicy>

BlockPicturePassword

策略路径： ./Device/Vendor/MSFT/Policy/Config/CredentialProviders/BlockPicturePassword
设置： <Enabled/>

DontDisplayNetworkSelectionUI

策略路径： .Device/Vendor/MSFT/Policy/Config/WindowsLogon/DontDisplayNetworkSelectionUI
设置： <Disabled/>

CloudExtendedTimeout

策略路径： ./Device/Vendor/MSFT/Policy/Config/Defender/CloudExtendedTimeout
设置： 10

通过

安全基线设置

PUAProtection

SetDisablePauseUXAccess

SvchostProcessMitigation

LetAppsActivateWithVoice

ConfigureTelemetryOptinChangeNotification

ConfigureTelemetryOptInSettingsUX

DisableDeviceDelete

AllowMicrosoftAccountsToBeOptional

DisallowAutoplayForNonVolumeDevices

SetDefaultAutoRunBehavior

TurnOffAutoPlay

HardenedUNCPaths

DisableDownloadingOfPrintDriversOverHTTP

DisableInternetDownloadForWebPublishingAndOnlineOrderingWizards

DiablePrintingOverHTTP

AllowPINLogon

RemoteHostAllowsDelegationOfNonExportableCredentials

EnumerateAdministrators

PreventInstallationOfMatchingDeviceSetupClasses

PreventLockScreenSlideShow

PreventEnablingLockScreenCamera

SpecifyMaximumFileSizeApplicationLog

SpecifyMaximumFileSizeSecurityLog

SpecifyMaximumFileSizeSystemLog

TurnOffDataExecutionPreventionForExplorer

TurnOffHeapTerminationOnCorruption

DoNotAllowUsersToAddSites

DoNotAllowUsersToChangePolicies

DisableEncryptionSupport

AllowEnhancedProtectedMode

IncludeAllNetworkPaths

InternetZoneAllowAccessToDataSources

RestrictedSitesZoneAllowAccessToDataSources

InternetZoneAllowScriptlets

RestrictedSitesZoneAllowScriptlets

InternetZoneAllowAutomaticPromptingForFileDownloads

RestrictedSitesZoneAllowAutomaticPromptingForFileDownloads

InternetZoneInitializeAndScriptActiveXControls

IntranetZoneInitializeAndScriptActiveXControls

TrustedSitesZoneInitializeAndScriptActiveXControls

RestrictedSitesZoneInitializeAndScriptActiveXControls

InternetZoneNavigateWindowsAndFrames

RestrictedSitesZoneNavigateWindowsAndFrames

InternetZoneAllowNETFrameworkReliantComponents'

RestrictedSitesZoneAllowNETFrameworkReliantComponents

InternetZoneAllowSmartScreenIE

LockedDownInternetZoneAllowSmartScreenIE

RestrictedSitesZoneAllowSmartScreenIE

LockedDownRestrictedSitesZoneAllowSmartScreenIE

InternetZoneAllowUserDataPersistence

RestrictedSitesZoneAllowUserDataPersistence

InternetZoneAllowLessPrivilegedSites

RestrictedSitesZoneAllowLessPrivilegedSites

DoNotBlockOutdatedActiveXControls

DisableEnclosureDownloading

DisableBypassOfSmartScreenWarnings

DisableBypassOfSmartScreenWarningsAboutUncommonFiles

RestrictedSitesZoneAllowActiveScripting

RestrictedSitesZoneAllowBinaryAndScriptBehaviors

InternetZoneAllowCopyPasteViaScript

RestrictedSitesZoneAllowCopyPasteViaScript

InternetZoneAllowDragAndDropCopyAndPasteFiles

RestrictedSitesZoneAllowDragAndDropCopyAndPasteFiles

AllowFallbackToSSL3

RestrictedSitesZoneAllowFileDownloads

InternetZoneAllowLoadingOfXAMLFiles

RestrictedSitesZoneAllowLoadingOfXAMLFiles

RestrictedSitesZoneAllowMETAREFRESH

InternetZoneAllowOnlyApprovedDomainsToUseActiveXControls

RestrictedSitesZoneAllowOnlyApprovedDomainsToUseActiveXControls

InternetZoneAllowOnlyApprovedDomainsToUseTDCActiveXControl

RestrictedSitesZoneAllowOnlyApprovedDomainsToUseTDCActiveXControl

InternetZoneAllowScriptingOfInternetExplorerWebBrowserControls

RestrictedSitesZoneAllowScriptingOfInternetExplorerWebBrowserControls'

InternetZoneAllowScriptInitiatedWindows

RestrictedSitesZoneAllowScriptInitiatedWindows

AllowSoftwareWhenSignatureIsInvalid

InternetZoneAllowUpdatesToStatusBarViaScript