Validation Scripts

Accounts: Block Microsoft accounts
Accounts: Limit local account use of blank passwords to console logon only
Accounts: Local Administrator account should be disabled
Accounts: Local Guest account should be disabled
Accounts: Rename Local Administrator and Guest Accounts
Attack Surface: Disable LLMNR
Attack Surface: Disable WinRM (Windows Remote Management)
Auditing: Policy subcategories should be enabled
Auditing: Removable Storage
Autoplay should be disabled for all drives
Autorun: Prevent AutoRun by default
Compliance: BitLocker should be configured in FIPS mode
Data Execution Prevention (DEP) must be configured to at least OptOut
Directory Size: WinSxs\Temp\PendingDeletes
Domain Controller: IPv6 Should be enabled
Domain Controller: Permissions on the Active Directory data files must only allow System and Administrators access
Domain Controller: SYSVOL directory must have proper access control permissions
Domain Member: Digitally encrypt or sign secure channel data (always)
Domain Member: LDAP server signing requirements
Exchange Server Build Version Check (Exchange Updated)
FIPS 140: Security Requirements for Cryptographic Modules
General: AntiVirus Status
General: Windows Activation Status
General: Windows firewall status
Hyper-V: Virtual Disks Folder Free Space Under 2GB
Internet Explorer: Check digital signature of executables
Internet Explorer: Software must be disallowed to run or install with invalid signatures
Local volumes must be formatted with NTFS
Logon: Enable Display Last Logon Info
Logon: Network selection UI must not be displayed
Logon: Require CTRL+ALT+DEL for interactive logons
Microsoft Edge: SmartScreen filter must be enabled
Microsoft Edge: Users must not be allowed to ignore SmartScreen filter warnings for unverified files
Microsoft Office: Check Activation Status
Network Access: Disable SMBv1
Network Access: Do not allow anonymous enumeration of SAM accounts and shares
Network Access: Restrict anonymous access to Named Pipes and Shares
Passwords: Enforce history
Passwords: Maximum Age
Passwords: Minimum length
Passwords: Storing LAN Manager hash
PowerShell: Logging should be enabled
PowerShell: Mitigating risks with Constrained Language mode
PowerShell: v20 should not be installed / enabled
Prevent users from making changes to exploit protection
Printing: Prevent users from installing printer drivers
Privacy: Windows location services should be disabled
Privacy: Windows Telemetry Should Be Disabled
Secure Boot must be enabled
Services: List services containing a space in service path not enclosed in quotes
Solicited Remote Assistance must not be allowed
TLS/SSL Insecure Ciphers (SCHANNEL)
Tracking: The location feature must be turned off
Tracking: Windows Telemetry must not be set to Full
VirtualBox Tools
VMWare Tools
Windows Build Version Check (End Of Life)
Windows Build Version Check (OS Updated)
Windows Installer: Disable "Always install with elevated privileges" option