| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-SW-89108 | 22.19.120.22 | 2026-03-04 | |||
Finding DetailsEvaluate-STIG 1.2510.0 (Scan-Windows10_Checks) found this to be NOT A FINDING on 12/17/2025 ResultHash: AE41F3DF4C82029ED7404BA4BE6A75115B769621 ~~~~~ BitLocker Network Unlock is not in use. Registry Path: HKLM:\SOFTWARE\Policies\Microsoft\FVE Value Name: UseAdvancedStartup Value: 0x00000001 (1) Value: REG_DWORD TPM Startup PIN Configuration: --------------------------- Registry Path: HKLM:\SOFTWARE\Policies\Microsoft\FVE Value Name: UseTPMPIN Value: 0x00000001 (1) [Compliant] Value: REG_DWORD Comments |
|||||
| MONT-SW-89134 | 22.19.120.21 | 2026-03-04 | |||
Finding DetailsEvaluate-STIG 1.2510.0 (Scan-Windows10_Checks) found this to be NOT A FINDING on 12/17/2025 ResultHash: AE41F3DF4C82029ED7404BA4BE6A75115B769621 ~~~~~ BitLocker Network Unlock is not in use. Registry Path: HKLM:\SOFTWARE\Policies\Microsoft\FVE Value Name: UseAdvancedStartup Value: 0x00000001 (1) Value: REG_DWORD TPM Startup PIN Configuration: --------------------------- Registry Path: HKLM:\SOFTWARE\Policies\Microsoft\FVE Value Name: UseTPMPIN Value: 0x00000001 (1) [Compliant] Value: REG_DWORD Comments |
|||||
| MONT-WS-92010 | 164.231.187.45 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-Windows10_Checks) found this to be OPEN on 10/23/2025 ResultHash: A0DEB1E83D788131EFCA0954E181AD87591B969A ~~~~~ BitLocker Network Unlock is not in use. Registry Path: HKLM:\SOFTWARE\Policies\Microsoft\FVE Value Name: UseAdvancedStartup Value: 0x00000001 (1) Value: REG_DWORD TPM Startup PIN Configuration: --------------------------- Registry Path: HKLM:\SOFTWARE\Policies\Microsoft\FVE Value Name: UseTPMPIN Value: 0x00000002 (2) [Expected '1'] Value: REG_DWORD Registry Path: HKLM:\SOFTWARE\Policies\Microsoft\FVE Value Name: UseTPMKeyPIN Value: 0x00000002 (2) [Expected '1'] Value: REG_DWORD Comments |
|||||
| MONT-WS-92040 | 164.231.187.72 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-Windows10_Checks) found this to be OPEN on 10/23/2025 ResultHash: A0DEB1E83D788131EFCA0954E181AD87591B969A ~~~~~ BitLocker Network Unlock is not in use. Registry Path: HKLM:\SOFTWARE\Policies\Microsoft\FVE Value Name: UseAdvancedStartup Value: 0x00000001 (1) Value: REG_DWORD TPM Startup PIN Configuration: --------------------------- Registry Path: HKLM:\SOFTWARE\Policies\Microsoft\FVE Value Name: UseTPMPIN Value: 0x00000002 (2) [Expected '1'] Value: REG_DWORD Registry Path: HKLM:\SOFTWARE\Policies\Microsoft\FVE Value Name: UseTPMKeyPIN Value: 0x00000002 (2) [Expected '1'] Value: REG_DWORD Comments |
|||||
Check Text
If the following registry value does not exist or is not configured as specified, this is a finding. For virtual desktop implementations (VDIs) in which the virtual desktop instance is deleted or refreshed upon logoff, this is NA. For Azure Virtual Desktop (AVD) implementations with no data at rest, this is NA. Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \SOFTWARE\Policies\Microsoft\FVE\ Value Name: UseAdvancedStartup Type: REG_DWORD Value: 0x00000001 (1) If one of the following registry values does not exist or is not configured as specified, this is a finding. Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \SOFTWARE\Policies\Microsoft\FVE\ Value Name: UseTPMPIN Type: REG_DWORD Value: 0x00000001 (1) Value Name: UseTPMKeyPIN Type: REG_DWORD Value: 0x00000001 (1) When BitLocker network unlock is used: Value Name: UseTPMPIN Type: REG_DWORD Value: 0x00000002 (2) Value Name: UseTPMKeyPIN Type: REG_DWORD Value: 0x00000002 (2) BitLocker network unlock may be used in conjunction with a BitLocker PIN. Refer to the article at the link below for information about network unlock. https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock
Fix Text
Configure the policy value for Computer Configuration >> Administrative Templates >> Windows Components >> BitLocker Drive Encryption >> Operating System Drives "Require additional authentication at startup" to "Enabled" with "Configure TPM Startup PIN:" set to "Require startup PIN with TPM" or with "Configure TPM startup key and PIN:" set to "Require startup key and PIN with TPM".
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-SW-89108 | 22.19.120.22 | 2026-03-04 | |||
Finding DetailsNo details recorded. Comments |
|||||
| MONT-SW-89134 | 22.19.120.21 | 2026-03-04 | |||
Finding DetailsNo details recorded. Comments |
|||||
| MONT-WS-92010 | 164.231.187.45 | 2026-01-14 | |||
Finding DetailsNo details recorded. Comments |
|||||
| MONT-WS-92040 | 164.231.187.72 | 2026-01-14 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Determine whether administrative accounts are prevented from using applications that access the Internet, such as web browsers, or with potential Internet sources, such as email, except as necessary for local service administration. The organization must have a policy that prohibits administrative accounts from using applications that access the Internet, such as web browsers, or with potential Internet sources, such as email, except as necessary for local service administration. The policy should define specific exceptions for local service administration. These exceptions may include HTTP(S)-based tools that are used for the administration of the local system, services, or attached devices. Technical measures such as the removal of applications or application whitelisting must be used where feasible to prevent the use of applications that access the Internet. If accounts with administrative privileges are not prevented from using applications that access the Internet or with potential Internet sources, this is a finding.
Fix Text
Establish and enforce a policy that prohibits administrative accounts from using applications that access the Internet, such as web browsers, or with potential Internet sources, such as email. Define specific exceptions for local service administration. These exceptions may include HTTP(S)-based tools that are used for the administration of the local system, services, or attached devices. Implement technical measures where feasible such as removal of applications or use of application whitelisting to restrict the use of applications that can access the Internet.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-SW-89108 | 22.19.120.22 | 2026-03-04 | |||
Finding DetailsEvaluate-STIG 1.2510.0 (Scan-Windows10_Checks) found this to be NOT A FINDING on 12/17/2025 ResultHash: CD1B9B58B26C7C0564EB502A00E7A6FB74E3E282 ~~~~~ All disk(s) encrypted with BitLocker. Mount Point: C: Encryption Method: XtsAes128 Volume Type: OperatingSystem Volume Status: FullyEncrypted Protection Status: Off Lock Status: Unlocked Encryption %: 100 Key Protector: RecoveryPassword, Tpm Comments |
|||||
| MONT-SW-89134 | 22.19.120.21 | 2026-03-04 | |||
Finding DetailsEvaluate-STIG 1.2510.0 (Scan-Windows10_Checks) found this to be NOT A FINDING on 12/17/2025 ResultHash: CD1B9B58B26C7C0564EB502A00E7A6FB74E3E282 ~~~~~ All disk(s) encrypted with BitLocker. Mount Point: C: Encryption Method: XtsAes128 Volume Type: OperatingSystem Volume Status: FullyEncrypted Protection Status: Off Lock Status: Unlocked Encryption %: 100 Key Protector: RecoveryPassword, Tpm Comments |
|||||
| MONT-WS-92010 | 164.231.187.45 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-Windows10_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 374DA62AC80E33993305E73BF38A7CE33E45FF4B ~~~~~ All disk(s) encrypted with BitLocker. Mount Point: C: Encryption Method: XtsAes128 Volume Type: OperatingSystem Volume Status: FullyEncrypted Protection Status: On Lock Status: Unlocked Encryption %: 100 Key Protector: Tpm, RecoveryPassword Comments |
|||||
| MONT-WS-92040 | 164.231.187.72 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-Windows10_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 374DA62AC80E33993305E73BF38A7CE33E45FF4B ~~~~~ All disk(s) encrypted with BitLocker. Mount Point: C: Encryption Method: XtsAes128 Volume Type: OperatingSystem Volume Status: FullyEncrypted Protection Status: On Lock Status: Unlocked Encryption %: 100 Key Protector: Tpm, RecoveryPassword Comments |
|||||
Check Text
Verify all Windows 10 information systems (including SIPRNet) employ BitLocker for full disk encryption. For virtual desktop implementations (VDIs) in which the virtual desktop instance is deleted or refreshed upon logoff, this is NA. For Azure Virtual Desktop (AVD) implementations with no data at rest, this is NA. If full disk encryption using BitLocker is not implemented, this is a finding. Verify BitLocker is turned on for the operating system drive and any fixed data drives. Open "BitLocker Drive Encryption" from the Control Panel. If the operating system drive or any fixed data drives have "Turn on BitLocker", this is a finding. NOTE: An alternate encryption application may be used in lieu of BitLocker providing it is configured for full disk encryption and satisfies the pre-boot authentication requirements (WN10-00-000031 and WN10-00-000032).
Fix Text
Enable full disk encryption on all information systems (including SIPRNet) using BitLocker. BitLocker, included in Windows, can be enabled in the Control Panel under "BitLocker Drive Encryption" as well as other management tools. NOTE: An alternate encryption application may be used in lieu of BitLocker providing it is configured for full disk encryption and satisfies the pre-boot authentication requirements (WN10-00-000031 and WN10-00-000032).
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-SW-89108 | 22.19.120.22 | 2026-03-04 | |||
Finding DetailsEvaluate-STIG 1.2510.0 (Scan-Windows10_Checks) found this to be NOT A FINDING on 12/17/2025 ResultHash: FC6199A9C32FADB82FFBB308E7C19D62F33E6804 ~~~~~ 'Configure minimum PIN length for startup' is Enabled: (Minimum characters set to 6 or greater) Registry Path: HKLM:\SOFTWARE\Policies\Microsoft\FVE Value Name: MinimumPIN Value: 0x00000006 (6) Type: REG_DWORD Comments |
|||||
| MONT-SW-89134 | 22.19.120.21 | 2026-03-04 | |||
Finding DetailsEvaluate-STIG 1.2510.0 (Scan-Windows10_Checks) found this to be NOT A FINDING on 12/17/2025 ResultHash: FC6199A9C32FADB82FFBB308E7C19D62F33E6804 ~~~~~ 'Configure minimum PIN length for startup' is Enabled: (Minimum characters set to 6 or greater) Registry Path: HKLM:\SOFTWARE\Policies\Microsoft\FVE Value Name: MinimumPIN Value: 0x00000006 (6) Type: REG_DWORD Comments |
|||||
| MONT-WS-92010 | 164.231.187.45 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-Windows10_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: FC6199A9C32FADB82FFBB308E7C19D62F33E6804 ~~~~~ 'Configure minimum PIN length for startup' is Enabled: (Minimum characters set to 6 or greater) Registry Path: HKLM:\SOFTWARE\Policies\Microsoft\FVE Value Name: MinimumPIN Value: 0x00000006 (6) Type: REG_DWORD Comments |
|||||
| MONT-WS-92040 | 164.231.187.72 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-Windows10_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: FC6199A9C32FADB82FFBB308E7C19D62F33E6804 ~~~~~ 'Configure minimum PIN length for startup' is Enabled: (Minimum characters set to 6 or greater) Registry Path: HKLM:\SOFTWARE\Policies\Microsoft\FVE Value Name: MinimumPIN Value: 0x00000006 (6) Type: REG_DWORD Comments |
|||||
Check Text
If the following registry value does not exist or is not configured as specified, this is a finding. For virtual desktop implementations (VDIs) in which the virtual desktop instance is deleted or refreshed upon logoff, this is NA. For Azure Virtual Desktop (AVD) implementations with no data at rest, this is NA. Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \SOFTWARE\Policies\Microsoft\FVE\ Value Name: MinimumPIN Type: REG_DWORD Value: 0x00000006 (6) or greater
Fix Text
Configure the policy value for Computer Configuration >> Administrative Templates >> Windows Components >> BitLocker Drive Encryption >> Operating System Drives "Configure minimum PIN length for startup" to "Enabled" with "Minimum characters:" set to "6" or greater.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-SW-89108 | 22.19.120.22 | 2026-03-04 | |||
Finding DetailsEvaluate-STIG 1.2510.0 (Scan-Windows10_Checks) found this to be NOT A FINDING on 12/17/2025 ResultHash: 43A1582C809B264B02D1678B8CB1FFE0AB4890CA ~~~~~ Operating system is 'Windows 10 Enterprise LTSC 2021 21H2' (10.0.19044) Comments |
|||||
| MONT-SW-89134 | 22.19.120.21 | 2026-03-04 | |||
Finding DetailsEvaluate-STIG 1.2510.0 (Scan-Windows10_Checks) found this to be NOT A FINDING on 12/17/2025 ResultHash: 43A1582C809B264B02D1678B8CB1FFE0AB4890CA ~~~~~ Operating system is 'Windows 10 Enterprise LTSC 2021 21H2' (10.0.19044) Comments |
|||||
| MONT-WS-92010 | 164.231.187.45 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-Windows10_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 43A1582C809B264B02D1678B8CB1FFE0AB4890CA ~~~~~ Operating system is 'Windows 10 Enterprise LTSC 2021 21H2' (10.0.19044) Comments |
|||||
| MONT-WS-92040 | 164.231.187.72 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-Windows10_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 43A1582C809B264B02D1678B8CB1FFE0AB4890CA ~~~~~ Operating system is 'Windows 10 Enterprise LTSC 2021 21H2' (10.0.19044) Comments |
|||||
Check Text
Run "winver.exe". If the "About Windows" dialog box does not display a version supported by the vendor, this is a finding.
Fix Text
Upgrade to a supported version of the operating system.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-SW-89108 | 22.19.120.22 | 2026-03-04 | |||
Finding DetailsEvaluate-STIG 1.2510.0 (Scan-Windows10_Checks) found this to be NOT A FINDING on 12/17/2025 ResultHash: 9F637B38FFA9011906DB3132B81BF7C3A5BDC17C ~~~~~ WMI Namespace: ROOT/SecurityCenter2 WMI Class: AntiVirusProduct Display Name: Trellix Endpoint Security Product State: On Comments |
|||||
| MONT-SW-89134 | 22.19.120.21 | 2026-03-04 | |||
Finding DetailsEvaluate-STIG 1.2510.0 (Scan-Windows10_Checks) found this to be NOT A FINDING on 12/17/2025 ResultHash: 9F637B38FFA9011906DB3132B81BF7C3A5BDC17C ~~~~~ WMI Namespace: ROOT/SecurityCenter2 WMI Class: AntiVirusProduct Display Name: Trellix Endpoint Security Product State: On Comments |
|||||
| MONT-WS-92010 | 164.231.187.45 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-Windows10_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 9F637B38FFA9011906DB3132B81BF7C3A5BDC17C ~~~~~ WMI Namespace: ROOT/SecurityCenter2 WMI Class: AntiVirusProduct Display Name: Trellix Endpoint Security Product State: On Comments |
|||||
| MONT-WS-92040 | 164.231.187.72 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-Windows10_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 9F637B38FFA9011906DB3132B81BF7C3A5BDC17C ~~~~~ WMI Namespace: ROOT/SecurityCenter2 WMI Class: AntiVirusProduct Display Name: Trellix Endpoint Security Product State: On Comments |
|||||
Check Text
Verify an antivirus solution is installed on the system and in use. The antivirus solution may be bundled with an approved Endpoint Security Solution. Verify if Windows Defender is in use or enabled: Open "PowerShell". Enter "get-service | where {$_.DisplayName -Like "*Defender*"} | Select Status,DisplayName" Verify third-party antivirus is in use or enabled: Open "PowerShell". Enter "get-service | where {$_.DisplayName -Like "*mcafee*"} | Select Status,DisplayName" Enter "get-service | where {$_.DisplayName -Like "*symantec*"} | Select Status,DisplayName" Enter "get-service | where {$_.DisplayName -Like "*trellix*"} | Select Status,DisplayName" If there is no antivirus solution installed on the system, this is a finding.
Fix Text
If no antivirus software is on the system and in use, install Windows Defender or a third-party antivirus solution.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-SW-89108 | 22.19.120.22 | 2026-03-04 | |||
Finding DetailsEvaluate-STIG 1.2510.0 (Scan-Windows10_Checks) found this to be NOT A FINDING on 12/17/2025 ResultHash: 3902149AE7346482F89E57F8AC8722F42D01C119 ~~~~~ All disk(s) formatted as NTFS. Device ID: C: Drive Type: Local Disk (3) Volume Name: Windows File System: NTFS Comments |
|||||
| MONT-SW-89134 | 22.19.120.21 | 2026-03-04 | |||
Finding DetailsEvaluate-STIG 1.2510.0 (Scan-Windows10_Checks) found this to be NOT A FINDING on 12/17/2025 ResultHash: 3902149AE7346482F89E57F8AC8722F42D01C119 ~~~~~ All disk(s) formatted as NTFS. Device ID: C: Drive Type: Local Disk (3) Volume Name: Windows File System: NTFS Comments |
|||||
| MONT-WS-92010 | 164.231.187.45 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-Windows10_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 3902149AE7346482F89E57F8AC8722F42D01C119 ~~~~~ All disk(s) formatted as NTFS. Device ID: C: Drive Type: Local Disk (3) Volume Name: Windows File System: NTFS Comments |
|||||
| MONT-WS-92040 | 164.231.187.72 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-Windows10_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 3902149AE7346482F89E57F8AC8722F42D01C119 ~~~~~ All disk(s) formatted as NTFS. Device ID: C: Drive Type: Local Disk (3) Volume Name: Windows File System: NTFS Comments |
|||||
Check Text
Run "Computer Management". Navigate to Storage >> Disk Management. If the "File System" column does not indicate "NTFS" for each volume assigned a drive letter, this is a finding. This does not apply to system partitions such the Recovery and EFI System Partition.
Fix Text
Format all local volumes to use NTFS.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-SW-89108 | 22.19.120.22 | 2026-03-04 | |||
Finding DetailsEvaluate-STIG 1.2510.0 (Scan-Windows10_Checks) was unable to determine a Status but found the below configuration on 12/17/2025: ResultHash: 20E099B9F72979B59022E9A2A9ED1BDEE0865FF1 ~~~~~ The following are members of the local Administrators group: ============== Name: MONT-SW-89108\AMPerl.IAAdmin objectClass: User objectSID: S-1-5-21-4163428051-2768110797-3591193048-1018 Name: MONT-SW-89108\dod_admin objectClass: User objectSID: S-1-5-21-4163428051-2768110797-3591193048-1001 Name: MONT-SW-89108\jtbegarek.iaadmin objectClass: User objectSID: S-1-5-21-4163428051-2768110797-3591193048-1024 Name: MONT-SW-89108\Scan.Admin objectClass: User objectSID: S-1-5-21-4163428051-2768110797-3591193048-1016 Name: MONT-SW-89108\tljones.iaadmin objectClass: User objectSID: S-1-5-21-4163428051-2768110797-3591193048-1023 Name: MONT-SW-89108\xAdministrator objectClass: User objectSID: S-1-5-21-4163428051-2768110797-3591193048-500 Comments |
|||||
| MONT-SW-89134 | 22.19.120.21 | 2026-03-04 | |||
Finding DetailsEvaluate-STIG 1.2510.0 (Scan-Windows10_Checks) was unable to determine a Status but found the below configuration on 12/17/2025: ResultHash: 755D0E653E43EF30F999A01A9B8C1F315C41FADD ~~~~~ The following are members of the local Administrators group: ============== Name: MONT-SW-89134\AMPerl.IAAdmin objectClass: User objectSID: S-1-5-21-4004422625-1934610219-1178763574-1021 Name: MONT-SW-89134\dod_admin objectClass: User objectSID: S-1-5-21-4004422625-1934610219-1178763574-1001 Name: MONT-SW-89134\jtbegarek.iaadmin objectClass: User objectSID: S-1-5-21-4004422625-1934610219-1178763574-1026 Name: MONT-SW-89134\scan.admin objectClass: User objectSID: S-1-5-21-4004422625-1934610219-1178763574-1022 Name: MONT-SW-89134\tljones.iaadmin objectClass: User objectSID: S-1-5-21-4004422625-1934610219-1178763574-1024 Name: MONT-SW-89134\xAdministrator objectClass: User objectSID: S-1-5-21-4004422625-1934610219-1178763574-500 Comments |
|||||
| MONT-WS-92010 | 164.231.187.45 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-Windows10_Checks) was unable to determine a Status but found the below configuration on 10/23/2025: ResultHash: 8CF8EB2216BA99A2A79DC17F45300F57F0A47C32 ~~~~~ The following are members of the local Administrators group: ============== Name: MONTFORD-POINT\Workstation Administrator Group objectClass: Group objectSID: S-1-5-21-1360995287-4027491577-3040029667-1110 Name: MONT-WS-92010\dod_admin objectClass: User objectSID: S-1-5-21-2586659569-2484290388-2027984285-1001 Name: MONT-WS-92010\X_Admin objectClass: User objectSID: S-1-5-21-2586659569-2484290388-2027984285-500 Comments |
|||||
| MONT-WS-92040 | 164.231.187.72 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-Windows10_Checks) was unable to determine a Status but found the below configuration on 10/23/2025: ResultHash: 3E830C5BCEA1AA12EC57417D52A215ACB2E2E5E1 ~~~~~ The following are members of the local Administrators group: ============== Name: MONTFORD-POINT\Workstation Administrator Group objectClass: Group objectSID: S-1-5-21-1360995287-4027491577-3040029667-1110 Name: MONT-WS-92040\dod_admin objectClass: User objectSID: S-1-5-21-3703204072-2228436765-3422267048-1001 Name: MONT-WS-92040\X_Admin objectClass: User objectSID: S-1-5-21-3703204072-2228436765-3422267048-500 Comments |
|||||
Check Text
Run "Computer Management". Navigate to System Tools >> Local Users and Groups >> Groups. Review the members of the Administrators group. Only the appropriate administrator groups or accounts responsible for administration of the system may be members of the group. For domain-joined workstations, the Domain Admins group must be replaced by a domain workstation administrator group. Standard user accounts must not be members of the local administrator group. If prohibited accounts are members of the local administrators group, this is a finding. The built-in Administrator account or other required administrative accounts would not be a finding.
Fix Text
Configure the system to include only administrator groups or accounts that are responsible for the system in the local Administrators group. For domain-joined workstations, the Domain Admins group must be replaced by a domain workstation administrator group. Remove any standard user accounts.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-SW-89108 | 22.19.120.22 | 2026-03-04 | |||
Finding DetailsEvaluate-STIG 1.2510.0 (Scan-Windows10_Checks) found this to be NOT A FINDING on 12/17/2025 ResultHash: 9909794486C8A4818F6C510A4F518CE94F2C267A ~~~~~ Feature Name: IIS-WebServerRole State: Disabled Feature Name: IIS-HostableWebCore State: Disabled Comments |
|||||
| MONT-SW-89134 | 22.19.120.21 | 2026-03-04 | |||
Finding DetailsEvaluate-STIG 1.2510.0 (Scan-Windows10_Checks) found this to be NOT A FINDING on 12/17/2025 ResultHash: 9909794486C8A4818F6C510A4F518CE94F2C267A ~~~~~ Feature Name: IIS-WebServerRole State: Disabled Feature Name: IIS-HostableWebCore State: Disabled Comments |
|||||
| MONT-WS-92010 | 164.231.187.45 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-Windows10_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 9909794486C8A4818F6C510A4F518CE94F2C267A ~~~~~ Feature Name: IIS-WebServerRole State: Disabled Feature Name: IIS-HostableWebCore State: Disabled Comments |
|||||
| MONT-WS-92040 | 164.231.187.72 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-Windows10_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 9909794486C8A4818F6C510A4F518CE94F2C267A ~~~~~ Feature Name: IIS-WebServerRole State: Disabled Feature Name: IIS-HostableWebCore State: Disabled Comments |
|||||
Check Text
IIS is not installed by default. Verify it has not been installed on the system. Run "Programs and Features". Select "Turn Windows features on or off". If the entries for "Internet Information Services" or "Internet Information Services Hostable Web Core" are selected, this is a finding. If an application requires IIS or a subset to be installed to function, this needs be documented with the ISSO. In addition, any applicable requirements from the IIS STIG must be addressed.
Fix Text
Uninstall "Internet Information Services" or "Internet Information Services Hostable Web Core" from the system.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-SW-89108 | 22.19.120.22 | 2026-03-04 | |||
Finding DetailsEvaluate-STIG 1.2510.0 (Scan-Windows10_Checks) found this to be NOT APPLICABLE on 12/17/2025 ResultHash: E6502904487C2D388E0134DE9AA5D3378AFB5240 ~~~~~ Windows 10 version is 2009 so this requirement is NA. Comments |
|||||
| MONT-SW-89134 | 22.19.120.21 | 2026-03-04 | |||
Finding DetailsEvaluate-STIG 1.2510.0 (Scan-Windows10_Checks) found this to be NOT APPLICABLE on 12/17/2025 ResultHash: E6502904487C2D388E0134DE9AA5D3378AFB5240 ~~~~~ Windows 10 version is 2009 so this requirement is NA. Comments |
|||||
| MONT-WS-92010 | 164.231.187.45 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-Windows10_Checks) found this to be NOT APPLICABLE on 10/23/2025 ResultHash: E6502904487C2D388E0134DE9AA5D3378AFB5240 ~~~~~ Windows 10 version is 2009 so this requirement is NA. Comments |
|||||
| MONT-WS-92040 | 164.231.187.72 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-Windows10_Checks) found this to be NOT APPLICABLE on 10/23/2025 ResultHash: E6502904487C2D388E0134DE9AA5D3378AFB5240 ~~~~~ Windows 10 version is 2009 so this requirement is NA. Comments |
|||||
Check Text
This is applicable to Windows 10 prior to v1709. Verify SEHOP is turned on. If the following registry value does not exist or is not configured as specified, this is a finding. Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \SYSTEM\CurrentControlSet\Control\Session Manager\kernel\ Value Name: DisableExceptionChainValidation Value Type: REG_DWORD Value: 0x00000000 (0)
Fix Text
Configure the policy value for Computer Configuration >> Administrative Templates >> MS Security Guide >> "Enable Structured Exception Handling Overwrite Protection (SEHOP)" to "Enabled". This policy setting requires the installation of the SecGuide custom templates included with the STIG package. "SecGuide.admx" and "SecGuide.adml" must be copied to the \Windows\PolicyDefinitions and \Windows\PolicyDefinitions\en-US directories respectively.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-SW-89108 | 22.19.120.22 | 2026-03-04 | |||
Finding DetailsEvaluate-STIG 1.2510.0 (Scan-Windows10_Checks) found this to be NOT A FINDING on 12/17/2025 ResultHash: 0C3874C178BF034376FC830F77095A4B14233118 ~~~~~ 'Store passwords using reversible encryption' is Disabled ClearTextPassword: 0 Comments |
|||||
| MONT-SW-89134 | 22.19.120.21 | 2026-03-04 | |||
Finding DetailsEvaluate-STIG 1.2510.0 (Scan-Windows10_Checks) found this to be NOT A FINDING on 12/17/2025 ResultHash: 0C3874C178BF034376FC830F77095A4B14233118 ~~~~~ 'Store passwords using reversible encryption' is Disabled ClearTextPassword: 0 Comments |
|||||
| MONT-WS-92010 | 164.231.187.45 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-Windows10_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 0C3874C178BF034376FC830F77095A4B14233118 ~~~~~ 'Store passwords using reversible encryption' is Disabled ClearTextPassword: 0 Comments |
|||||
| MONT-WS-92040 | 164.231.187.72 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-Windows10_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 0C3874C178BF034376FC830F77095A4B14233118 ~~~~~ 'Store passwords using reversible encryption' is Disabled ClearTextPassword: 0 Comments |
|||||
Check Text
Verify the effective setting in Local Group Policy Editor. Run "gpedit.msc". Navigate to Local Computer Policy >> Computer Configuration >> Windows Settings >> Security Settings >> Account Policies >> Password Policy. If the value for "Store password using reversible encryption" is not set to "Disabled", this is a finding.
Fix Text
Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Account Policies >> Password Policy >> "Store passwords using reversible encryption" to "Disabled".
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-SW-89108 | 22.19.120.22 | 2026-03-04 | |||
Finding DetailsEvaluate-STIG 1.2510.0 (Scan-Windows10_Checks) found this to be NOT APPLICABLE on 12/17/2025 ResultHash: 35876C8966B85EC1E2B626A04F1F3A7173B7D72A ~~~~~ System is a 'Standalone Workstation' so this requirement is NA. Comments |
|||||
| MONT-SW-89134 | 22.19.120.21 | 2026-03-04 | |||
Finding DetailsEvaluate-STIG 1.2510.0 (Scan-Windows10_Checks) found this to be NOT APPLICABLE on 12/17/2025 ResultHash: 35876C8966B85EC1E2B626A04F1F3A7173B7D72A ~~~~~ System is a 'Standalone Workstation' so this requirement is NA. Comments |
|||||
| MONT-WS-92010 | 164.231.187.45 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-Windows10_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 83848C949BBF8A4E2EBDBB4A433926F0E07188E0 ~~~~~ SecurityServicesRunning: 1 Comments |
|||||
| MONT-WS-92040 | 164.231.187.72 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-Windows10_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 83848C949BBF8A4E2EBDBB4A433926F0E07188E0 ~~~~~ SecurityServicesRunning: 1 Comments |
|||||
Check Text
Confirm Credential Guard is running on domain-joined systems. For devices that support Credential Guard, this feature must be enabled. Organizations must take the appropriate action to acquire and implement compatible hardware with Credential Guard enabled. Virtualization based security, including Credential Guard, currently cannot be implemented in virtual desktop implementations (VDIs) due to specific supporting requirements including a TPM, UEFI with Secure Boot, and the capability to run the Hyper-V feature within the virtual desktop. For VDIs where the virtual desktop instance is deleted or refreshed upon logoff, this is Not Applicable. Run "PowerShell" with elevated privileges (run as administrator). Enter the following: "Get-CimInstance -ClassName Win32_DeviceGuard -Namespace root\Microsoft\Windows\DeviceGuard" If "SecurityServicesRunning" does not include a value of "1" (e.g., "{1, 2}"), this is a finding. Alternately: Run "System Information". Under "System Summary", verify the following: If "Virtualization-based Security Services Running" does not list "Credential Guard", this is finding. The policy settings referenced in the Fix section will configure the following registry value. However, due to hardware requirements, the registry value alone does not ensure proper function. Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \SOFTWARE\Policies\Microsoft\Windows\DeviceGuard\ Value Name: LsaCfgFlags Value Type: REG_DWORD Value: 0x00000001 (1) (Enabled with UEFI lock)
Fix Text
Virtualization based security, including Credential Guard, currently cannot be implemented in VDIs due to specific supporting requirements including a TPM, UEFI with Secure Boot, and the capability to run the Hyper-V feature within the virtual desktop. For VDIs where the virtual desktop instance is deleted or refreshed upon logoff, this is Not Applicable. For VDIs with persistent desktops, this may be downgraded to a CAT II only where administrators have specific tokens for the VDI. Administrator accounts on virtual desktops must only be used on systems in the VDI; they may not have administrative privileges on any other systems such as servers and physical workstations. Configure the policy value for Computer Configuration >> Administrative Templates >> System >> Device Guard >> "Turn On Virtualization Based Security" to "Enabled" with "Enabled with UEFI lock" selected for "Credential Guard Configuration:". v1507 LTSB does not include selection options; select "Enable Credential Guard". A Microsoft TechNet article on Credential Guard, including system requirement details, can be found at the following link: https://docs.microsoft.com/en-us/windows/access-protection/credential-guard/credential-guard
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-SW-89108 | 22.19.120.22 | 2026-03-04 | |||
Finding DetailsEvaluate-STIG 1.2510.0 (Scan-Windows10_Checks) found this to be NOT A FINDING on 12/17/2025 ResultHash: 710AE588AB6A9F5E0B92559BED20BF35AFCB73BE ~~~~~ 'Configure Solicited Remote Assistance' is Disabled Registry Path: HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services Value Name: fAllowToGetHelp Value: 0x00000000 (0) Type: REG_DWORD Comments |
|||||
| MONT-SW-89134 | 22.19.120.21 | 2026-03-04 | |||
Finding DetailsEvaluate-STIG 1.2510.0 (Scan-Windows10_Checks) found this to be NOT A FINDING on 12/17/2025 ResultHash: 710AE588AB6A9F5E0B92559BED20BF35AFCB73BE ~~~~~ 'Configure Solicited Remote Assistance' is Disabled Registry Path: HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services Value Name: fAllowToGetHelp Value: 0x00000000 (0) Type: REG_DWORD Comments |
|||||
| MONT-WS-92010 | 164.231.187.45 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-Windows10_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 710AE588AB6A9F5E0B92559BED20BF35AFCB73BE ~~~~~ 'Configure Solicited Remote Assistance' is Disabled Registry Path: HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services Value Name: fAllowToGetHelp Value: 0x00000000 (0) Type: REG_DWORD Comments |
|||||
| MONT-WS-92040 | 164.231.187.72 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-Windows10_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 710AE588AB6A9F5E0B92559BED20BF35AFCB73BE ~~~~~ 'Configure Solicited Remote Assistance' is Disabled Registry Path: HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services Value Name: fAllowToGetHelp Value: 0x00000000 (0) Type: REG_DWORD Comments |
|||||
Check Text
If the following registry value does not exist or is not configured as specified, this is a finding: Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\ Value Name: fAllowToGetHelp Value Type: REG_DWORD Value: 0
Fix Text
Configure the policy value for Computer Configuration >> Administrative Templates >> System >> Remote Assistance >> "Configure Solicited Remote Assistance" to "Disabled".
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-SW-89108 | 22.19.120.22 | 2026-03-04 | |||
Finding DetailsEvaluate-STIG 1.2510.0 (Scan-Windows10_Checks) found this to be NOT A FINDING on 12/17/2025 ResultHash: 429F8E88ADA237E5E5322A9AFBD48B8E33D2C07A ~~~~~ 'Disallow Autoplay for non-volume devices' is Enabled Registry Path: HKLM:\SOFTWARE\Policies\Microsoft\Windows\Explorer Value Name: NoAutoplayfornonVolume Value: 0x00000001 (1) Type: REG_DWORD Comments |
|||||
| MONT-SW-89134 | 22.19.120.21 | 2026-03-04 | |||
Finding DetailsEvaluate-STIG 1.2510.0 (Scan-Windows10_Checks) found this to be NOT A FINDING on 12/17/2025 ResultHash: 429F8E88ADA237E5E5322A9AFBD48B8E33D2C07A ~~~~~ 'Disallow Autoplay for non-volume devices' is Enabled Registry Path: HKLM:\SOFTWARE\Policies\Microsoft\Windows\Explorer Value Name: NoAutoplayfornonVolume Value: 0x00000001 (1) Type: REG_DWORD Comments |
|||||
| MONT-WS-92010 | 164.231.187.45 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-Windows10_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 429F8E88ADA237E5E5322A9AFBD48B8E33D2C07A ~~~~~ 'Disallow Autoplay for non-volume devices' is Enabled Registry Path: HKLM:\SOFTWARE\Policies\Microsoft\Windows\Explorer Value Name: NoAutoplayfornonVolume Value: 0x00000001 (1) Type: REG_DWORD Comments |
|||||
| MONT-WS-92040 | 164.231.187.72 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-Windows10_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 429F8E88ADA237E5E5322A9AFBD48B8E33D2C07A ~~~~~ 'Disallow Autoplay for non-volume devices' is Enabled Registry Path: HKLM:\SOFTWARE\Policies\Microsoft\Windows\Explorer Value Name: NoAutoplayfornonVolume Value: 0x00000001 (1) Type: REG_DWORD Comments |
|||||
Check Text
If the following registry value does not exist or is not configured as specified, this is a finding: Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \SOFTWARE\Policies\Microsoft\Windows\Explorer\ Value Name: NoAutoplayfornonVolume Value Type: REG_DWORD Value: 1
Fix Text
Configure the policy value for Computer Configuration >> Administrative Templates >> Windows Components >> AutoPlay Policies >> "Disallow Autoplay for non-volume devices" to "Enabled".
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-SW-89108 | 22.19.120.22 | 2026-03-04 | |||
Finding DetailsEvaluate-STIG 1.2510.0 (Scan-Windows10_Checks) found this to be NOT A FINDING on 12/17/2025 ResultHash: 01637DF3E70F327F92A796B403FE836B3C86FDF8 ~~~~~ 'Set the default behavior for AutoRun' is Enabled: (Do not execute any autorun commands) Registry Path: HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer Value Name: NoAutorun Value: 0x00000001 (1) Type: REG_DWORD Comments |
|||||
| MONT-SW-89134 | 22.19.120.21 | 2026-03-04 | |||
Finding DetailsEvaluate-STIG 1.2510.0 (Scan-Windows10_Checks) found this to be NOT A FINDING on 12/17/2025 ResultHash: 01637DF3E70F327F92A796B403FE836B3C86FDF8 ~~~~~ 'Set the default behavior for AutoRun' is Enabled: (Do not execute any autorun commands) Registry Path: HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer Value Name: NoAutorun Value: 0x00000001 (1) Type: REG_DWORD Comments |
|||||
| MONT-WS-92010 | 164.231.187.45 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-Windows10_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 01637DF3E70F327F92A796B403FE836B3C86FDF8 ~~~~~ 'Set the default behavior for AutoRun' is Enabled: (Do not execute any autorun commands) Registry Path: HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer Value Name: NoAutorun Value: 0x00000001 (1) Type: REG_DWORD Comments |
|||||
| MONT-WS-92040 | 164.231.187.72 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-Windows10_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 01637DF3E70F327F92A796B403FE836B3C86FDF8 ~~~~~ 'Set the default behavior for AutoRun' is Enabled: (Do not execute any autorun commands) Registry Path: HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer Value Name: NoAutorun Value: 0x00000001 (1) Type: REG_DWORD Comments |
|||||
Check Text
If the following registry value does not exist or is not configured as specified, this is a finding: Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ Value Name: NoAutorun Value Type: REG_DWORD Value: 1
Fix Text
Configure the policy value for Computer Configuration >> Administrative Templates >> Windows Components >> AutoPlay Policies >> "Set the default behavior for AutoRun" to "Enabled:Do not execute any autorun commands".
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-SW-89108 | 22.19.120.22 | 2026-03-04 | |||
Finding DetailsEvaluate-STIG 1.2510.0 (Scan-Windows10_Checks) found this to be NOT A FINDING on 12/17/2025 ResultHash: 13FD2420C2B8D6429B41A57DD6B60EA04E2990AA ~~~~~ 'Turn off AutoPlay' is Enabled: (All Drives) Registry Path: HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer Value Name: NoDriveTypeAutoRun Value: 0x000000ff (255) Type: REG_DWORD Comments |
|||||
| MONT-SW-89134 | 22.19.120.21 | 2026-03-04 | |||
Finding DetailsEvaluate-STIG 1.2510.0 (Scan-Windows10_Checks) found this to be NOT A FINDING on 12/17/2025 ResultHash: 13FD2420C2B8D6429B41A57DD6B60EA04E2990AA ~~~~~ 'Turn off AutoPlay' is Enabled: (All Drives) Registry Path: HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer Value Name: NoDriveTypeAutoRun Value: 0x000000ff (255) Type: REG_DWORD Comments |
|||||
| MONT-WS-92010 | 164.231.187.45 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-Windows10_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 13FD2420C2B8D6429B41A57DD6B60EA04E2990AA ~~~~~ 'Turn off AutoPlay' is Enabled: (All Drives) Registry Path: HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer Value Name: NoDriveTypeAutoRun Value: 0x000000ff (255) Type: REG_DWORD Comments |
|||||
| MONT-WS-92040 | 164.231.187.72 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-Windows10_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 13FD2420C2B8D6429B41A57DD6B60EA04E2990AA ~~~~~ 'Turn off AutoPlay' is Enabled: (All Drives) Registry Path: HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer Value Name: NoDriveTypeAutoRun Value: 0x000000ff (255) Type: REG_DWORD Comments |
|||||
Check Text
If the following registry value does not exist or is not configured as specified, this is a finding: Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ Value Name: NoDriveTypeAutoRun Value Type: REG_DWORD Value: 0x000000ff (255) Note: If the value for NoDriveTypeAutorun is entered manually, it must be entered as "ff" when Hexadecimal is selected, or "255" with Decimal selected. Using the policy value specified in the Fix section will enter it correctly.
Fix Text
Configure the policy value for Computer Configuration >> Administrative Templates >> Windows Components >> AutoPlay Policies >> "Turn off AutoPlay" to "Enabled:All Drives".
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-SW-89108 | 22.19.120.22 | 2026-03-04 | |||
Finding DetailsEvaluate-STIG 1.2510.0 (Scan-Windows10_Checks) found this to be NOT A FINDING on 12/17/2025 ResultHash: 453F878DFDBD58EA0B57A6EFB51F819380F02365 ~~~~~ 'Always install with elevated privileges' is Disabled Registry Path: HKLM:\SOFTWARE\Policies\Microsoft\Windows\Installer Value Name: AlwaysInstallElevated Value: 0x00000000 (0) Type: REG_DWORD Comments |
|||||
| MONT-SW-89134 | 22.19.120.21 | 2026-03-04 | |||
Finding DetailsEvaluate-STIG 1.2510.0 (Scan-Windows10_Checks) found this to be NOT A FINDING on 12/17/2025 ResultHash: 453F878DFDBD58EA0B57A6EFB51F819380F02365 ~~~~~ 'Always install with elevated privileges' is Disabled Registry Path: HKLM:\SOFTWARE\Policies\Microsoft\Windows\Installer Value Name: AlwaysInstallElevated Value: 0x00000000 (0) Type: REG_DWORD Comments |
|||||
| MONT-WS-92010 | 164.231.187.45 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-Windows10_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 453F878DFDBD58EA0B57A6EFB51F819380F02365 ~~~~~ 'Always install with elevated privileges' is Disabled Registry Path: HKLM:\SOFTWARE\Policies\Microsoft\Windows\Installer Value Name: AlwaysInstallElevated Value: 0x00000000 (0) Type: REG_DWORD Comments |
|||||
| MONT-WS-92040 | 164.231.187.72 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-Windows10_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 453F878DFDBD58EA0B57A6EFB51F819380F02365 ~~~~~ 'Always install with elevated privileges' is Disabled Registry Path: HKLM:\SOFTWARE\Policies\Microsoft\Windows\Installer Value Name: AlwaysInstallElevated Value: 0x00000000 (0) Type: REG_DWORD Comments |
|||||
Check Text
If the following registry value does not exist or is not configured as specified, this is a finding: Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \SOFTWARE\Policies\Microsoft\Windows\Installer\ Value Name: AlwaysInstallElevated Value Type: REG_DWORD Value: 0
Fix Text
Configure the policy value for Computer Configuration >> Administrative Templates >> Windows Components >> Windows Installer >> "Always install with elevated privileges" to "Disabled".
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-SW-89108 | 22.19.120.22 | 2026-03-04 | |||
Finding DetailsEvaluate-STIG 1.2510.0 (Scan-Windows10_Checks) found this to be NOT A FINDING on 12/17/2025 ResultHash: 30889CFD34559B587AF9B23229EE47BF3019880E ~~~~~ 'Allow Basic authentication' is Disabled Registry Path: HKLM:\SOFTWARE\Policies\Microsoft\Windows\WinRM\Client Value Name: AllowBasic Value: 0x00000000 (0) Type: REG_DWORD Comments |
|||||
| MONT-SW-89134 | 22.19.120.21 | 2026-03-04 | |||
Finding DetailsEvaluate-STIG 1.2510.0 (Scan-Windows10_Checks) found this to be NOT A FINDING on 12/17/2025 ResultHash: 30889CFD34559B587AF9B23229EE47BF3019880E ~~~~~ 'Allow Basic authentication' is Disabled Registry Path: HKLM:\SOFTWARE\Policies\Microsoft\Windows\WinRM\Client Value Name: AllowBasic Value: 0x00000000 (0) Type: REG_DWORD Comments |
|||||
| MONT-WS-92010 | 164.231.187.45 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-Windows10_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 30889CFD34559B587AF9B23229EE47BF3019880E ~~~~~ 'Allow Basic authentication' is Disabled Registry Path: HKLM:\SOFTWARE\Policies\Microsoft\Windows\WinRM\Client Value Name: AllowBasic Value: 0x00000000 (0) Type: REG_DWORD Comments |
|||||
| MONT-WS-92040 | 164.231.187.72 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-Windows10_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 30889CFD34559B587AF9B23229EE47BF3019880E ~~~~~ 'Allow Basic authentication' is Disabled Registry Path: HKLM:\SOFTWARE\Policies\Microsoft\Windows\WinRM\Client Value Name: AllowBasic Value: 0x00000000 (0) Type: REG_DWORD Comments |
|||||
Check Text
If the following registry value does not exist or is not configured as specified, this is a finding: Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \SOFTWARE\Policies\Microsoft\Windows\WinRM\Client\ Value Name: AllowBasic Value Type: REG_DWORD Value: 0
Fix Text
Configure the policy value for Computer Configuration >> Administrative Templates >> Windows Components >> Windows Remote Management (WinRM) >> WinRM Client >> "Allow Basic authentication" to "Disabled".
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-SW-89108 | 22.19.120.22 | 2026-03-04 | |||
Finding DetailsEvaluate-STIG 1.2510.0 (Scan-Windows10_Checks) found this to be NOT A FINDING on 12/17/2025 ResultHash: 05DABD310D5297F9FE1F997D158377A95C402A44 ~~~~~ 'Allow Basic authentication' is Disabled Registry Path: HKLM:\SOFTWARE\Policies\Microsoft\Windows\WinRM\Service Value Name: AllowBasic Value: 0x00000000 (0) Type: REG_DWORD Comments |
|||||
| MONT-SW-89134 | 22.19.120.21 | 2026-03-04 | |||
Finding DetailsEvaluate-STIG 1.2510.0 (Scan-Windows10_Checks) found this to be NOT A FINDING on 12/17/2025 ResultHash: 05DABD310D5297F9FE1F997D158377A95C402A44 ~~~~~ 'Allow Basic authentication' is Disabled Registry Path: HKLM:\SOFTWARE\Policies\Microsoft\Windows\WinRM\Service Value Name: AllowBasic Value: 0x00000000 (0) Type: REG_DWORD Comments |
|||||
| MONT-WS-92010 | 164.231.187.45 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-Windows10_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 05DABD310D5297F9FE1F997D158377A95C402A44 ~~~~~ 'Allow Basic authentication' is Disabled Registry Path: HKLM:\SOFTWARE\Policies\Microsoft\Windows\WinRM\Service Value Name: AllowBasic Value: 0x00000000 (0) Type: REG_DWORD Comments |
|||||
| MONT-WS-92040 | 164.231.187.72 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-Windows10_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 05DABD310D5297F9FE1F997D158377A95C402A44 ~~~~~ 'Allow Basic authentication' is Disabled Registry Path: HKLM:\SOFTWARE\Policies\Microsoft\Windows\WinRM\Service Value Name: AllowBasic Value: 0x00000000 (0) Type: REG_DWORD Comments |
|||||
Check Text
If the following registry value does not exist or is not configured as specified, this is a finding: Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \SOFTWARE\Policies\Microsoft\Windows\WinRM\Service\ Value Name: AllowBasic Value Type: REG_DWORD Value: 0
Fix Text
Configure the policy value for Computer Configuration >> Administrative Templates >> Windows Components >> Windows Remote Management (WinRM) >> WinRM Service >> "Allow Basic authentication" to "Disabled". Severity Override Guidance: The AO can allow the severity override if they have reviewed the overall protection. This would only be allowed temporarily for implementation as documented and approved. …. Allowing Basic authentication to be used for the sole creation of Office 365 DoD tenants. …. A documented mechanism and or script that can disable Basic authentication once administration completes. …. Use of a Privileged Access Workstation (PAW) and adherence to the Clean Source principle for administration.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-SW-89108 | 22.19.120.22 | 2026-03-04 | |||
Finding DetailsEvaluate-STIG 1.2510.0 (Scan-Windows10_Checks) found this to be NOT A FINDING on 12/17/2025 ResultHash: A51800A7EB71E8DB49CCE183B779719692119D7F ~~~~~ 'Network access: Allow anonymous SID/Name translation' is Disabled LSAAnonymousNameLookup: 0 Comments |
|||||
| MONT-SW-89134 | 22.19.120.21 | 2026-03-04 | |||
Finding DetailsEvaluate-STIG 1.2510.0 (Scan-Windows10_Checks) found this to be NOT A FINDING on 12/17/2025 ResultHash: A51800A7EB71E8DB49CCE183B779719692119D7F ~~~~~ 'Network access: Allow anonymous SID/Name translation' is Disabled LSAAnonymousNameLookup: 0 Comments |
|||||
| MONT-WS-92010 | 164.231.187.45 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-Windows10_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: A51800A7EB71E8DB49CCE183B779719692119D7F ~~~~~ 'Network access: Allow anonymous SID/Name translation' is Disabled LSAAnonymousNameLookup: 0 Comments |
|||||
| MONT-WS-92040 | 164.231.187.72 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-Windows10_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: A51800A7EB71E8DB49CCE183B779719692119D7F ~~~~~ 'Network access: Allow anonymous SID/Name translation' is Disabled LSAAnonymousNameLookup: 0 Comments |
|||||
Check Text
Verify the effective setting in Local Group Policy Editor. Run "gpedit.msc". Navigate to Local Computer Policy >> Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> Security Options. If the value for "Network access: Allow anonymous SID/Name translation" is not set to "Disabled", this is a finding.
Fix Text
Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> Security Options >> "Network access: Allow anonymous SID/Name translation" to "Disabled".
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-SW-89108 | 22.19.120.22 | 2026-03-04 | |||
Finding DetailsEvaluate-STIG 1.2510.0 (Scan-Windows10_Checks) found this to be NOT A FINDING on 12/17/2025 ResultHash: 2870C547CA5060B258B072ED5120B1CF7E989A0E ~~~~~ 'Network access: Do not allow anonymous enumeration of SAM accounts' is Enabled Registry Path: HKLM:\SYSTEM\CurrentControlSet\Control\Lsa Value Name: RestrictAnonymousSAM Value: 0x00000001 (1) Type: REG_DWORD Comments |
|||||
| MONT-SW-89134 | 22.19.120.21 | 2026-03-04 | |||
Finding DetailsEvaluate-STIG 1.2510.0 (Scan-Windows10_Checks) found this to be NOT A FINDING on 12/17/2025 ResultHash: 2870C547CA5060B258B072ED5120B1CF7E989A0E ~~~~~ 'Network access: Do not allow anonymous enumeration of SAM accounts' is Enabled Registry Path: HKLM:\SYSTEM\CurrentControlSet\Control\Lsa Value Name: RestrictAnonymousSAM Value: 0x00000001 (1) Type: REG_DWORD Comments |
|||||
| MONT-WS-92010 | 164.231.187.45 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-Windows10_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 2870C547CA5060B258B072ED5120B1CF7E989A0E ~~~~~ 'Network access: Do not allow anonymous enumeration of SAM accounts' is Enabled Registry Path: HKLM:\SYSTEM\CurrentControlSet\Control\Lsa Value Name: RestrictAnonymousSAM Value: 0x00000001 (1) Type: REG_DWORD Comments |
|||||
| MONT-WS-92040 | 164.231.187.72 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-Windows10_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 2870C547CA5060B258B072ED5120B1CF7E989A0E ~~~~~ 'Network access: Do not allow anonymous enumeration of SAM accounts' is Enabled Registry Path: HKLM:\SYSTEM\CurrentControlSet\Control\Lsa Value Name: RestrictAnonymousSAM Value: 0x00000001 (1) Type: REG_DWORD Comments |
|||||
Check Text
If the following registry value does not exist or is not configured as specified, this is a finding: Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \SYSTEM\CurrentControlSet\Control\Lsa\ Value Name: RestrictAnonymousSAM Value Type: REG_DWORD Value: 1
Fix Text
Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> Security Options >> "Network access: Do not allow anonymous enumeration of SAM accounts" to "Enabled".
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-SW-89108 | 22.19.120.22 | 2026-03-04 | |||
Finding DetailsEvaluate-STIG 1.2510.0 (Scan-Windows10_Checks) found this to be NOT A FINDING on 12/17/2025 ResultHash: 1051CF51ECBB5E3283B3A4B53296BE7627D31DDD ~~~~~ 'Network access: Do not allow anonymous enumeration of SAM accounts and shares' is Enabled Registry Path: HKLM:\SYSTEM\CurrentControlSet\Control\Lsa Value Name: RestrictAnonymous Value: 0x00000001 (1) Type: REG_DWORD Comments |
|||||
| MONT-SW-89134 | 22.19.120.21 | 2026-03-04 | |||
Finding DetailsEvaluate-STIG 1.2510.0 (Scan-Windows10_Checks) found this to be NOT A FINDING on 12/17/2025 ResultHash: 1051CF51ECBB5E3283B3A4B53296BE7627D31DDD ~~~~~ 'Network access: Do not allow anonymous enumeration of SAM accounts and shares' is Enabled Registry Path: HKLM:\SYSTEM\CurrentControlSet\Control\Lsa Value Name: RestrictAnonymous Value: 0x00000001 (1) Type: REG_DWORD Comments |
|||||
| MONT-WS-92010 | 164.231.187.45 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-Windows10_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 1051CF51ECBB5E3283B3A4B53296BE7627D31DDD ~~~~~ 'Network access: Do not allow anonymous enumeration of SAM accounts and shares' is Enabled Registry Path: HKLM:\SYSTEM\CurrentControlSet\Control\Lsa Value Name: RestrictAnonymous Value: 0x00000001 (1) Type: REG_DWORD Comments |
|||||
| MONT-WS-92040 | 164.231.187.72 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-Windows10_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 1051CF51ECBB5E3283B3A4B53296BE7627D31DDD ~~~~~ 'Network access: Do not allow anonymous enumeration of SAM accounts and shares' is Enabled Registry Path: HKLM:\SYSTEM\CurrentControlSet\Control\Lsa Value Name: RestrictAnonymous Value: 0x00000001 (1) Type: REG_DWORD Comments |
|||||
Check Text
If the following registry value does not exist or is not configured as specified, this is a finding: Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \SYSTEM\CurrentControlSet\Control\Lsa\ Value Name: RestrictAnonymous Value Type: REG_DWORD Value: 1
Fix Text
Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> Security Options >> "Network access: Do not allow anonymous enumeration of SAM accounts and shares" to "Enabled".
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-SW-89108 | 22.19.120.22 | 2026-03-04 | |||
Finding DetailsEvaluate-STIG 1.2510.0 (Scan-Windows10_Checks) found this to be NOT A FINDING on 12/17/2025 ResultHash: 19F7DCB438329890D8ED0ADB49701F95E47913B7 ~~~~~ 'Network access: Restrict anonymous access to Named Pipes and Shares' is Enabled Registry Path: HKLM:\SYSTEM\CurrentControlSet\Services\LanManServer\Parameters Value Name: RestrictNullSessAccess Value: 0x00000001 (1) Type: REG_DWORD Comments |
|||||
| MONT-SW-89134 | 22.19.120.21 | 2026-03-04 | |||
Finding DetailsEvaluate-STIG 1.2510.0 (Scan-Windows10_Checks) found this to be NOT A FINDING on 12/17/2025 ResultHash: 19F7DCB438329890D8ED0ADB49701F95E47913B7 ~~~~~ 'Network access: Restrict anonymous access to Named Pipes and Shares' is Enabled Registry Path: HKLM:\SYSTEM\CurrentControlSet\Services\LanManServer\Parameters Value Name: RestrictNullSessAccess Value: 0x00000001 (1) Type: REG_DWORD Comments |
|||||
| MONT-WS-92010 | 164.231.187.45 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-Windows10_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 19F7DCB438329890D8ED0ADB49701F95E47913B7 ~~~~~ 'Network access: Restrict anonymous access to Named Pipes and Shares' is Enabled Registry Path: HKLM:\SYSTEM\CurrentControlSet\Services\LanManServer\Parameters Value Name: RestrictNullSessAccess Value: 0x00000001 (1) Type: REG_DWORD Comments |
|||||
| MONT-WS-92040 | 164.231.187.72 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-Windows10_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 19F7DCB438329890D8ED0ADB49701F95E47913B7 ~~~~~ 'Network access: Restrict anonymous access to Named Pipes and Shares' is Enabled Registry Path: HKLM:\SYSTEM\CurrentControlSet\Services\LanManServer\Parameters Value Name: RestrictNullSessAccess Value: 0x00000001 (1) Type: REG_DWORD Comments |
|||||
Check Text
If the following registry value does not exist or is not configured as specified, this is a finding: Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \SYSTEM\CurrentControlSet\Services\LanManServer\Parameters\ Value Name: RestrictNullSessAccess Value Type: REG_DWORD Value: 1
Fix Text
Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> Security Options >> "Network access: Restrict anonymous access to Named Pipes and Shares" to "Enabled".
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-SW-89108 | 22.19.120.22 | 2026-03-04 | |||
Finding DetailsEvaluate-STIG 1.2510.0 (Scan-Windows10_Checks) found this to be NOT A FINDING on 12/17/2025 ResultHash: CC740FB3C2FC52E2AA528E6AB393D9E2FB79E3B5 ~~~~~ 'Network security: Do not store LAN Manager hash value on next password change' is Enabled Registry Path: HKLM:\SYSTEM\CurrentControlSet\Control\Lsa Value Name: NoLMHash Value: 0x00000001 (1) Type: REG_DWORD Comments |
|||||
| MONT-SW-89134 | 22.19.120.21 | 2026-03-04 | |||
Finding DetailsEvaluate-STIG 1.2510.0 (Scan-Windows10_Checks) found this to be NOT A FINDING on 12/17/2025 ResultHash: CC740FB3C2FC52E2AA528E6AB393D9E2FB79E3B5 ~~~~~ 'Network security: Do not store LAN Manager hash value on next password change' is Enabled Registry Path: HKLM:\SYSTEM\CurrentControlSet\Control\Lsa Value Name: NoLMHash Value: 0x00000001 (1) Type: REG_DWORD Comments |
|||||
| MONT-WS-92010 | 164.231.187.45 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-Windows10_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: CC740FB3C2FC52E2AA528E6AB393D9E2FB79E3B5 ~~~~~ 'Network security: Do not store LAN Manager hash value on next password change' is Enabled Registry Path: HKLM:\SYSTEM\CurrentControlSet\Control\Lsa Value Name: NoLMHash Value: 0x00000001 (1) Type: REG_DWORD Comments |
|||||
| MONT-WS-92040 | 164.231.187.72 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-Windows10_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: CC740FB3C2FC52E2AA528E6AB393D9E2FB79E3B5 ~~~~~ 'Network security: Do not store LAN Manager hash value on next password change' is Enabled Registry Path: HKLM:\SYSTEM\CurrentControlSet\Control\Lsa Value Name: NoLMHash Value: 0x00000001 (1) Type: REG_DWORD Comments |
|||||
Check Text
If the following registry value does not exist or is not configured as specified, this is a finding: Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \SYSTEM\CurrentControlSet\Control\Lsa\ Value Name: NoLMHash Value Type: REG_DWORD Value: 1
Fix Text
Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> Security Options >> "Network security: Do not store LAN Manager hash value on next password change" to "Enabled".
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-SW-89108 | 22.19.120.22 | 2026-03-04 | |||
Finding DetailsEvaluate-STIG 1.2510.0 (Scan-Windows10_Checks) found this to be NOT A FINDING on 12/17/2025 ResultHash: 2DB6BD8F09ADE45E5C4D9B0B24BFDBF70E5F49E5 ~~~~~ 'Network security: LAN Manager authentication level' is Send NTLMv2 response only. Refuse LM & NTLM Registry Path: HKLM:\SYSTEM\CurrentControlSet\Control\Lsa Value Name: LmCompatibilityLevel Value: 0x00000005 (5) Type: REG_DWORD Comments |
|||||
| MONT-SW-89134 | 22.19.120.21 | 2026-03-04 | |||
Finding DetailsEvaluate-STIG 1.2510.0 (Scan-Windows10_Checks) found this to be NOT A FINDING on 12/17/2025 ResultHash: 2DB6BD8F09ADE45E5C4D9B0B24BFDBF70E5F49E5 ~~~~~ 'Network security: LAN Manager authentication level' is Send NTLMv2 response only. Refuse LM & NTLM Registry Path: HKLM:\SYSTEM\CurrentControlSet\Control\Lsa Value Name: LmCompatibilityLevel Value: 0x00000005 (5) Type: REG_DWORD Comments |
|||||
| MONT-WS-92010 | 164.231.187.45 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-Windows10_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 2DB6BD8F09ADE45E5C4D9B0B24BFDBF70E5F49E5 ~~~~~ 'Network security: LAN Manager authentication level' is Send NTLMv2 response only. Refuse LM & NTLM Registry Path: HKLM:\SYSTEM\CurrentControlSet\Control\Lsa Value Name: LmCompatibilityLevel Value: 0x00000005 (5) Type: REG_DWORD Comments |
|||||
| MONT-WS-92040 | 164.231.187.72 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-Windows10_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 2DB6BD8F09ADE45E5C4D9B0B24BFDBF70E5F49E5 ~~~~~ 'Network security: LAN Manager authentication level' is Send NTLMv2 response only. Refuse LM & NTLM Registry Path: HKLM:\SYSTEM\CurrentControlSet\Control\Lsa Value Name: LmCompatibilityLevel Value: 0x00000005 (5) Type: REG_DWORD Comments |
|||||
Check Text
If the following registry value does not exist or is not configured as specified, this is a finding: Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \SYSTEM\CurrentControlSet\Control\Lsa\ Value Name: LmCompatibilityLevel Value Type: REG_DWORD Value: 5
Fix Text
Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> Security Options >> "Network security: LAN Manager authentication level" to "Send NTLMv2 response only. Refuse LM & NTLM".
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-SW-89108 | 22.19.120.22 | 2026-03-04 | |||
Finding DetailsEvaluate-STIG 1.2510.0 (Scan-Windows10_Checks) found this to be NOT A FINDING on 12/17/2025 ResultHash: FE3BC21CE05FC8AF06B5779CBF8444CACC0434C3 ~~~~~ Act as part of the operating system: No objects assigned to this right. Comments |
|||||
| MONT-SW-89134 | 22.19.120.21 | 2026-03-04 | |||
Finding DetailsEvaluate-STIG 1.2510.0 (Scan-Windows10_Checks) found this to be NOT A FINDING on 12/17/2025 ResultHash: FE3BC21CE05FC8AF06B5779CBF8444CACC0434C3 ~~~~~ Act as part of the operating system: No objects assigned to this right. Comments |
|||||
| MONT-WS-92010 | 164.231.187.45 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-Windows10_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: FE3BC21CE05FC8AF06B5779CBF8444CACC0434C3 ~~~~~ Act as part of the operating system: No objects assigned to this right. Comments |
|||||
| MONT-WS-92040 | 164.231.187.72 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-Windows10_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: FE3BC21CE05FC8AF06B5779CBF8444CACC0434C3 ~~~~~ Act as part of the operating system: No objects assigned to this right. Comments |
|||||
Check Text
Verify the effective setting in Local Group Policy Editor. Run "gpedit.msc". Navigate to Local Computer Policy >> Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> User Rights Assignment. If any groups or accounts (to include administrators), are granted the "Act as part of the operating system" user right, this is a finding.
Fix Text
Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> User Rights Assignment >> "Act as part of the operating system" to be defined but containing no entries (blank).
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-SW-89108 | 22.19.120.22 | 2026-03-04 | |||
Finding DetailsEvaluate-STIG 1.2510.0 (Scan-Windows10_Checks) found this to be NOT A FINDING on 12/17/2025 ResultHash: DC364635E02E4550D6A89063BCA91A5342767023 ~~~~~ Create a token object: No objects assigned to this right. Comments |
|||||
| MONT-SW-89134 | 22.19.120.21 | 2026-03-04 | |||
Finding DetailsEvaluate-STIG 1.2510.0 (Scan-Windows10_Checks) found this to be NOT A FINDING on 12/17/2025 ResultHash: DC364635E02E4550D6A89063BCA91A5342767023 ~~~~~ Create a token object: No objects assigned to this right. Comments |
|||||
| MONT-WS-92010 | 164.231.187.45 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-Windows10_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: DC364635E02E4550D6A89063BCA91A5342767023 ~~~~~ Create a token object: No objects assigned to this right. Comments |
|||||
| MONT-WS-92040 | 164.231.187.72 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-Windows10_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: DC364635E02E4550D6A89063BCA91A5342767023 ~~~~~ Create a token object: No objects assigned to this right. Comments |
|||||
Check Text
Verify the effective setting in Local Group Policy Editor. Run "gpedit.msc". Navigate to Local Computer Policy >> Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> User Rights Assignment. If any groups or accounts are granted the "Create a token object" user right, this is a finding.
Fix Text
Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> User Rights Assignment >> "Create a token object" to be defined but containing no entries (blank).
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-SW-89108 | 22.19.120.22 | 2026-03-04 | |||
Finding DetailsEvaluate-STIG 1.2510.0 (Scan-Windows10_Checks) found this to be NOT A FINDING on 12/17/2025 ResultHash: AAF881443B1EF7292F901DB868FAA5B091A864F8 ~~~~~ Debug Programs: BUILTIN\Administrators Comments |
|||||
| MONT-SW-89134 | 22.19.120.21 | 2026-03-04 | |||
Finding DetailsEvaluate-STIG 1.2510.0 (Scan-Windows10_Checks) found this to be NOT A FINDING on 12/17/2025 ResultHash: AAF881443B1EF7292F901DB868FAA5B091A864F8 ~~~~~ Debug Programs: BUILTIN\Administrators Comments |
|||||
| MONT-WS-92010 | 164.231.187.45 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-Windows10_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: AAF881443B1EF7292F901DB868FAA5B091A864F8 ~~~~~ Debug Programs: BUILTIN\Administrators Comments |
|||||
| MONT-WS-92040 | 164.231.187.72 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-Windows10_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: AAF881443B1EF7292F901DB868FAA5B091A864F8 ~~~~~ Debug Programs: BUILTIN\Administrators Comments |
|||||
Check Text
Verify the effective setting in Local Group Policy Editor. Run "gpedit.msc". Navigate to Local Computer Policy >> Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> User Rights Assignment. If any groups or accounts other than the following are granted the "Debug Programs" user right, this is a finding: Administrators
Fix Text
Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> User Rights Assignment >> "Debug programs" to only include the following groups or accounts: Administrators
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-SW-89108 | 22.19.120.22 | 2026-03-04 | |||
Finding DetailsEvaluate-STIG 1.2510.0 (Scan-Windows10_Checks) found this to be OPEN on 12/17/2025 ResultHash: 255E0BDD11AA634945AC3859AB2C801D998EC7B4 ~~~~~ Failed accounts: --------------------- Name: dod_admin SID: S-1-5-21-4163428051-2768110797-3591193048-1001 Enabled: True Password Expires: False Name: jtbegarek.iaadmin SID: S-1-5-21-4163428051-2768110797-3591193048-1024 Enabled: True Password Expires: False Name: Scan.Admin SID: S-1-5-21-4163428051-2768110797-3591193048-1016 Enabled: True Password Expires: False Comments |
|||||
| MONT-SW-89134 | 22.19.120.21 | 2026-03-04 | |||
Finding DetailsEvaluate-STIG 1.2510.0 (Scan-Windows10_Checks) found this to be OPEN on 12/17/2025 ResultHash: A947E0D7F2C22454457CBDE851D5C0765A04775B ~~~~~ Failed accounts: --------------------- Name: dod_admin SID: S-1-5-21-4004422625-1934610219-1178763574-1001 Enabled: True Password Expires: False Name: jtbegarek.iaadmin SID: S-1-5-21-4004422625-1934610219-1178763574-1026 Enabled: True Password Expires: False Name: scan.admin SID: S-1-5-21-4004422625-1934610219-1178763574-1022 Enabled: True Password Expires: False Name: Thomas.L.Jones SID: S-1-5-21-4004422625-1934610219-1178763574-1020 Enabled: True Password Expires: False Comments |
|||||
| MONT-WS-92010 | 164.231.187.45 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-Windows10_Checks) found this to be OPEN on 10/23/2025 ResultHash: 0BE924075B715F960E7887792E08CB5AF764565D ~~~~~ Failed accounts: --------------------- Name: dod_admin SID: S-1-5-21-2586659569-2484290388-2027984285-1001 Enabled: True Password Expires: False Comments |
|||||
| MONT-WS-92040 | 164.231.187.72 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-Windows10_Checks) found this to be OPEN on 10/23/2025 ResultHash: A4E59D05CF6C07665553DADEA818FA5C10C02969 ~~~~~ Failed accounts: --------------------- Name: dod_admin SID: S-1-5-21-3703204072-2228436765-3422267048-1001 Enabled: True Password Expires: False Comments |
|||||
Check Text
Run "Computer Management". Navigate to System Tools >> Local Users and Groups >> Users. Double-click each active account. If "Password never expires" is selected for any account, this is a finding.
Fix Text
Configure all passwords to expire. Run "Computer Management". Navigate to System Tools >> Local Users and Groups >> Users. Double-click each active account. Ensure "Password never expires" is not checked on all active accounts.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-SW-89108 | 22.19.120.22 | 2026-03-04 | |||
Finding DetailsEvaluate-STIG 1.2510.0 (Scan-Windows10_Checks) found this to be OPEN on 12/17/2025 ResultHash: AC0D171FAF15B3E83FED29B6E76237F554D99095 ~~~~~ Enabled local administrator accounts with a password older than 60 days: --------------------------- Account: AMPerl.IAAdmin SID: S-1-5-21-4163428051-2768110797-3591193048-1018 Enabled: True Password Last Set: 06/08/2023 23:58:46 (922 days ago) Account: dod_admin SID: S-1-5-21-4163428051-2768110797-3591193048-1001 Enabled: True Password Last Set: 01/27/2022 19:37:24 (1420 days ago) Account: jtbegarek.iaadmin SID: S-1-5-21-4163428051-2768110797-3591193048-1024 Enabled: True Password Last Set: 08/20/2025 14:40:01 (119 days ago) Account: Scan.Admin SID: S-1-5-21-4163428051-2768110797-3591193048-1016 Enabled: True Password Last Set: 03/05/2024 16:43:42 (652 days ago) Account: tljones.iaadmin SID: S-1-5-21-4163428051-2768110797-3591193048-1023 Enabled: True Password Last Set: 04/17/2025 19:19:53 (244 days ago) LAPS Configuration: --------------------------- Policy Name: Password Settings | Password Complexity Path: HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\LAPS Value Name: PasswordComplexity Value: (NotFound) Value Type: (NotFound) Configured: False [finding] Policy Name: Password Settings | Password Length Path: HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\LAPS Value Name: PasswordLength Value: (NotFound) Value Type: (NotFound) Configured: False [finding] Policy Name: Password Settings | PasswordAge (Days) Path: HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\LAPS Value Name: PasswordAgeDays Value: (NotFound) Value Type: (NotFound) Configured: False [finding] Comments |
|||||
| MONT-SW-89134 | 22.19.120.21 | 2026-03-04 | |||
Finding DetailsEvaluate-STIG 1.2510.0 (Scan-Windows10_Checks) found this to be OPEN on 12/17/2025 ResultHash: A274B6C9BF0D9AD4F7001AD178081F1387B781F3 ~~~~~ Enabled local administrator accounts with a password older than 60 days: --------------------------- Account: AMPerl.IAAdmin SID: S-1-5-21-4004422625-1934610219-1178763574-1021 Enabled: True Password Last Set: 08/13/2023 16:24:18 (857 days ago) Account: dod_admin SID: S-1-5-21-4004422625-1934610219-1178763574-1001 Enabled: True Password Last Set: 01/27/2022 19:37:24 (1420 days ago) Account: jtbegarek.iaadmin SID: S-1-5-21-4004422625-1934610219-1178763574-1026 Enabled: True Password Last Set: 08/20/2025 14:07:02 (119 days ago) Account: scan.admin SID: S-1-5-21-4004422625-1934610219-1178763574-1022 Enabled: True Password Last Set: 03/05/2024 16:39:13 (652 days ago) Account: tljones.iaadmin SID: S-1-5-21-4004422625-1934610219-1178763574-1024 Enabled: True Password Last Set: 08/08/2024 02:24:09 (496 days ago) LAPS Configuration: --------------------------- Policy Name: Password Settings | Password Complexity Path: HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\LAPS Value Name: PasswordComplexity Value: (NotFound) Value Type: (NotFound) Configured: False [finding] Policy Name: Password Settings | Password Length Path: HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\LAPS Value Name: PasswordLength Value: (NotFound) Value Type: (NotFound) Configured: False [finding] Policy Name: Password Settings | PasswordAge (Days) Path: HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\LAPS Value Name: PasswordAgeDays Value: (NotFound) Value Type: (NotFound) Configured: False [finding] Comments |
|||||
| MONT-WS-92010 | 164.231.187.45 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-Windows10_Checks) found this to be OPEN on 10/23/2025 ResultHash: 8A0A1AAA89816304B9C0B250AA84277B68DB7534 ~~~~~ Enabled local administrator accounts with a password older than 60 days: --------------------------- Account: dod_admin SID: S-1-5-21-2586659569-2484290388-2027984285-1001 Enabled: True Password Last Set: 01/27/2022 19:47:48 (1364 days ago) LAPS Configuration: --------------------------- Policy Name: Password Settings | Password Complexity Path: HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\LAPS Value Name: PasswordComplexity Value: (NotFound) Value Type: (NotFound) Configured: False [finding] Policy Name: Password Settings | Password Length Path: HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\LAPS Value Name: PasswordLength Value: (NotFound) Value Type: (NotFound) Configured: False [finding] Policy Name: Password Settings | PasswordAge (Days) Path: HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\LAPS Value Name: PasswordAgeDays Value: (NotFound) Value Type: (NotFound) Configured: False [finding] Comments |
|||||
| MONT-WS-92040 | 164.231.187.72 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-Windows10_Checks) found this to be OPEN on 10/23/2025 ResultHash: C5C559038CF7763753A9CF7C4030B47AAC8FE4CB ~~~~~ Enabled local administrator accounts with a password older than 60 days: --------------------------- Account: dod_admin SID: S-1-5-21-3703204072-2228436765-3422267048-1001 Enabled: True Password Last Set: 01/27/2022 19:47:48 (1364 days ago) LAPS Configuration: --------------------------- Policy Name: Password Settings | Password Complexity Path: HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\LAPS Value Name: PasswordComplexity Value: (NotFound) Value Type: (NotFound) Configured: False [finding] Policy Name: Password Settings | Password Length Path: HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\LAPS Value Name: PasswordLength Value: (NotFound) Value Type: (NotFound) Configured: False [finding] Policy Name: Password Settings | PasswordAge (Days) Path: HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\LAPS Value Name: PasswordAgeDays Value: (NotFound) Value Type: (NotFound) Configured: False [finding] Comments |
|||||
Check Text
If there are no enabled local Administrator accounts, this is Not Applicable. Review the password last set date for the enabled local Administrator account. On the standalone or domain-joined workstation: Open "PowerShell". Enter "Get-LocalUser -Name * | Select-Object *". If the "PasswordLastSet" date is greater than "60" days old for the local Administrator account for administering the computer/domain, this is a finding. Verify LAPS is configured and operational. Navigate to Local Computer Policy >> Computer Configuration >> Administrative Templates >> System >> LAPS >> Password Settings >> Set to enabled. Password Complexity, large letters + small letters + numbers + special, Password Length 14, Password Age 60. If not configured as shown, this is a finding. Verify LAPS Operational logs >> Event Viewer >> Applications and Services Logs >> Microsoft >> Windows >> LAPS >> Operational. Verify LAPS policy process is completing. If it is not, this is a finding.
Fix Text
Change the enabled local Administrator account password at least every 60 days. Windows LAPS must be used to change the built-in Administrator account password. Domain-joined systems can configure this to occur more frequently. LAPS will change the password every 30 days by default. More information is available at: https://techcommunity.microsoft.com/t5/windows-it-pro-blog/by-popular-demand-windows-laps-available-now/ba-p/3788747 https://learn.microsoft.com/en-us/windows-server/identity/laps/laps-overview#windows-laps-supported-platforms-and-azure-ad-laps-preview-status
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-SW-89108 | 22.19.120.22 | 2026-03-04 | |||
Finding DetailsEvaluate-STIG 1.2510.0 (Scan-Windows10_Checks) was unable to determine a Status but found the below configuration on 12/17/2025: ResultHash: 49A095DC33B1A3DFEEB7EEB6886E1344EBACC16B ~~~~~ AppLocker is configured but 'Appx' and/or 'Exe' rules are not enabled. Ensure an application allowlisting solution is in place and configured to a deny-all, permit-by-exception policy. AppLocker rules: --------------------------- Comments |
|||||
| MONT-SW-89134 | 22.19.120.21 | 2026-03-04 | |||
Finding DetailsEvaluate-STIG 1.2510.0 (Scan-Windows10_Checks) was unable to determine a Status but found the below configuration on 12/17/2025: ResultHash: 49A095DC33B1A3DFEEB7EEB6886E1344EBACC16B ~~~~~ AppLocker is configured but 'Appx' and/or 'Exe' rules are not enabled. Ensure an application allowlisting solution is in place and configured to a deny-all, permit-by-exception policy. AppLocker rules: --------------------------- Comments |
|||||
| MONT-WS-92010 | 164.231.187.45 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-Windows10_Checks) was unable to determine a Status but found the below configuration on 10/23/2025: ResultHash: 49A095DC33B1A3DFEEB7EEB6886E1344EBACC16B ~~~~~ AppLocker is configured but 'Appx' and/or 'Exe' rules are not enabled. Ensure an application allowlisting solution is in place and configured to a deny-all, permit-by-exception policy. AppLocker rules: --------------------------- Comments |
|||||
| MONT-WS-92040 | 164.231.187.72 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-Windows10_Checks) was unable to determine a Status but found the below configuration on 10/23/2025: ResultHash: 49A095DC33B1A3DFEEB7EEB6886E1344EBACC16B ~~~~~ AppLocker is configured but 'Appx' and/or 'Exe' rules are not enabled. Ensure an application allowlisting solution is in place and configured to a deny-all, permit-by-exception policy. AppLocker rules: --------------------------- Comments |
|||||
Check Text
Verify the operating system employs a deny-all, permit-by-exception policy to allow the execution of authorized software programs. This must include packaged apps such as the universal apps installed by default on systems. If an application allowlisting program is not in use on the system, this is a finding. Configuration of allowlisting applications will vary by the program. AppLocker is an allowlisting application built into Windows 10 Enterprise. A deny-by-default implementation is initiated by enabling any AppLocker rules within a category, only allowing what is specified by defined rules. If AppLocker is used, perform the following to view the configuration of AppLocker: Run "PowerShell". Execute the following command, substituting [c:\temp\file.xml] with a location and file name appropriate for the system: Get-AppLockerPolicy -Effective -XML > c:\temp\file.xml This will produce an xml file with the effective settings that can be viewed in a browser or opened in a program such as Excel for review. Implementation guidance for AppLocker is available at the following link: https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policies-deployment-guide
Fix Text
Configure an application allowlisting program to employ a deny-all, permit-by-exception policy to allow the execution of authorized software programs. Configuration of allowlisting applications will vary by the program. AppLocker is an allowlisting application built into Windows 10 Enterprise. If AppLocker is used, it is configured through group policy in Computer Configuration >> Windows Settings >> Security Settings >> Application Control Policies >> AppLocker. Implementation guidance for AppLocker is available at the following link: https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policies-deployment-guide
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-SW-89108 | 22.19.120.22 | 2026-03-04 | |||
Finding DetailsEvaluate-STIG 1.2510.0 (Scan-Windows10_Checks) found this to be NOT APPLICABLE on 12/17/2025 ResultHash: 131C51BE43E61BFBB569FDD5F046ADBBCD65A458 ~~~~~ This is a classified system so this requirement is NA. Comments |
|||||
| MONT-SW-89134 | 22.19.120.21 | 2026-03-04 | |||
Finding DetailsEvaluate-STIG 1.2510.0 (Scan-Windows10_Checks) found this to be NOT APPLICABLE on 12/17/2025 ResultHash: 131C51BE43E61BFBB569FDD5F046ADBBCD65A458 ~~~~~ This is a classified system so this requirement is NA. Comments |
|||||
| MONT-WS-92010 | 164.231.187.45 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-Windows10_Checks) found this to be OPEN on 10/23/2025 ResultHash: 40CCA0704784DC82647DD021A5BABBF4C9FBA509 ~~~~~ 'Configure Windows Defender SmartScreen' is NOT Enabled: (Warn and prevent bypass) Registry Path: HKLM:\SOFTWARE\Policies\Microsoft\Windows\System Value Name: EnableSmartScreen Value: 0x00000000 (0) [Expected 1] Type: REG_DWORD Registry Path: HKLM:\SOFTWARE\Policies\Microsoft\Windows\System Value Name: ShellSmartScreenLevel Value: Block Type: REG_SZ Comments |
|||||
| MONT-WS-92040 | 164.231.187.72 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-Windows10_Checks) found this to be OPEN on 10/23/2025 ResultHash: 40CCA0704784DC82647DD021A5BABBF4C9FBA509 ~~~~~ 'Configure Windows Defender SmartScreen' is NOT Enabled: (Warn and prevent bypass) Registry Path: HKLM:\SOFTWARE\Policies\Microsoft\Windows\System Value Name: EnableSmartScreen Value: 0x00000000 (0) [Expected 1] Type: REG_DWORD Registry Path: HKLM:\SOFTWARE\Policies\Microsoft\Windows\System Value Name: ShellSmartScreenLevel Value: Block Type: REG_SZ Comments |
|||||
Check Text
This is applicable to unclassified systems, for other systems this is NA. If the following registry values do not exist or are not configured as specified, this is a finding: Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \SOFTWARE\Policies\Microsoft\Windows\System\ Value Name: EnableSmartScreen Value Type: REG_DWORD Value: 0x00000001 (1) And Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \SOFTWARE\Policies\Microsoft\Windows\System\ Value Name: ShellSmartScreenLevel Value Type: REG_SZ Value: Block v1607 LTSB: Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \SOFTWARE\Policies\Microsoft\Windows\System\ Value Name: EnableSmartScreen Value Type: REG_DWORD Value: 0x00000001 (1) v1507 LTSB: Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \SOFTWARE\Policies\Microsoft\Windows\System\ Value Name: EnableSmartScreen Value Type: REG_DWORD Value: 0x00000002 (2)
Fix Text
Configure the policy value for Computer Configuration >> Administrative Templates >> Windows Components >> File Explorer >> "Configure Windows Defender SmartScreen" to "Enabled" with "Warn and prevent bypass" selected. Windows 10 includes duplicate policies for this setting. It can also be configured under Computer Configuration >> Administrative Templates >> Windows Components >> Windows Defender SmartScreen >> Explorer. v1607 LTSB: Configure the policy value for Computer Configuration >> Administrative Templates >> Windows Components >> File Explorer >> "Configure Windows SmartScreen" to "Enabled". (Selection options are not available.) v1507 LTSB: Configure the policy value for Computer Configuration >> Administrative Templates >> Windows Components >> File Explorer >> "Configure Windows SmartScreen" to "Enabled" with "Require approval from an administrator before running downloaded unknown software" selected.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-SW-89108 | 22.19.120.22 | 2026-03-04 | |||
Finding DetailsEvaluate-STIG 1.2510.0 (Scan-Windows10_Checks) found this to be NOT A FINDING on 12/17/2025 ResultHash: E98EF1C3AADF7AF43B5A4A99EEC37235E343282B ~~~~~ Access this computer from the network: BUILTIN\Administrators BUILTIN\Remote Desktop Users Comments |
|||||
| MONT-SW-89134 | 22.19.120.21 | 2026-03-04 | |||
Finding DetailsEvaluate-STIG 1.2510.0 (Scan-Windows10_Checks) found this to be NOT A FINDING on 12/17/2025 ResultHash: E98EF1C3AADF7AF43B5A4A99EEC37235E343282B ~~~~~ Access this computer from the network: BUILTIN\Administrators BUILTIN\Remote Desktop Users Comments |
|||||
| MONT-WS-92010 | 164.231.187.45 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-Windows10_Checks) found this to be OPEN on 10/23/2025 ResultHash: 961150F7A1487BB48A2013DFE7393D8B57787B43 ~~~~~ Access this computer from the network: BUILTIN\Administrators BUILTIN\Remote Desktop Users MONTFORD-POINT\Domain Users Comments |
|||||
| MONT-WS-92040 | 164.231.187.72 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-Windows10_Checks) found this to be OPEN on 10/23/2025 ResultHash: 961150F7A1487BB48A2013DFE7393D8B57787B43 ~~~~~ Access this computer from the network: BUILTIN\Administrators BUILTIN\Remote Desktop Users MONTFORD-POINT\Domain Users Comments |
|||||
Check Text
Verify the effective setting in Local Group Policy Editor. Run "gpedit.msc". Navigate to Local Computer Policy >> Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> User Rights Assignment. If any groups or accounts other than the following are granted the "Access this computer from the network" user right, this is a finding: Administrators Remote Desktop Users If a domain application account such as for a management tool requires this user right, this would not be a finding. Vendor documentation must support the requirement for having the user right. The requirement must be documented with the ISSO. The application account, managed at the domain level, must meet requirements for application account passwords, such as length and frequency of changes as defined in the Windows server STIGs.
Fix Text
Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> User Rights Assignment >> "Access this computer from the network" to only include the following groups or accounts: Administrators Remote Desktop Users
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-SW-89108 | 22.19.120.22 | 2026-03-04 | |||
Finding DetailsEvaluate-STIG 1.2510.0 (Scan-Windows10_Checks) found this to be NOT A FINDING on 12/17/2025 ResultHash: 8968392459B797835F9CDB0E84E61A2D858F67D2 ~~~~~ Deny access to this computer from the network: BUILTIN\Guests Comments |
|||||
| MONT-SW-89134 | 22.19.120.21 | 2026-03-04 | |||
Finding DetailsEvaluate-STIG 1.2510.0 (Scan-Windows10_Checks) found this to be NOT A FINDING on 12/17/2025 ResultHash: 8968392459B797835F9CDB0E84E61A2D858F67D2 ~~~~~ Deny access to this computer from the network: BUILTIN\Guests Comments |
|||||
| MONT-WS-92010 | 164.231.187.45 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-Windows10_Checks) found this to be OPEN on 10/23/2025 ResultHash: B00433ABC682620256EEA18A128316CDE1BC2030 ~~~~~ Deny access to this computer from the network: BUILTIN\Guests NT AUTHORITY\Local account Comments |
|||||
| MONT-WS-92040 | 164.231.187.72 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-Windows10_Checks) found this to be OPEN on 10/23/2025 ResultHash: B00433ABC682620256EEA18A128316CDE1BC2030 ~~~~~ Deny access to this computer from the network: BUILTIN\Guests NT AUTHORITY\Local account Comments |
|||||
Check Text
Verify the effective setting in Local Group Policy Editor. Run "gpedit.msc". Navigate to Local Computer Policy >> Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> User Rights Assignment. If the following groups or accounts are not defined for the "Deny access to this computer from the network" right, this is a finding: Domain Systems Only: Enterprise Admins group Domain Admins group Local account (see Note below) All Systems: Guests group Privileged Access Workstations (PAWs) dedicated to the management of Active Directory are exempt from denying the Enterprise Admins and Domain Admins groups. (See the Windows Privileged Access Workstation STIG for PAW requirements.) Note: "Local account" is a built-in security group used to assign user rights and permissions to all local accounts.
Fix Text
Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> User Rights Assignment >> "Deny access to this computer from the network" to include the following. Domain Systems Only: Enterprise Admins group Domain Admins group Local account (see Note below) All Systems: Guests group Privileged Access Workstations (PAWs) dedicated to the management of Active Directory are exempt from denying the Enterprise Admins and Domain Admins groups. (See the Windows Privileged Access Workstation STIG for PAW requirements.) Note: "Local account" is a built-in security group used to assign user rights and permissions to all local accounts.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-SW-89108 | 22.19.120.22 | 2026-03-04 | |||
Finding DetailsEvaluate-STIG 1.2510.0 (Scan-Windows10_Checks) found this to be NOT APPLICABLE on 12/17/2025 ResultHash: 35876C8966B85EC1E2B626A04F1F3A7173B7D72A ~~~~~ System is a 'Standalone Workstation' so this requirement is NA. Comments |
|||||
| MONT-SW-89134 | 22.19.120.21 | 2026-03-04 | |||
Finding DetailsEvaluate-STIG 1.2510.0 (Scan-Windows10_Checks) found this to be NOT APPLICABLE on 12/17/2025 ResultHash: 35876C8966B85EC1E2B626A04F1F3A7173B7D72A ~~~~~ System is a 'Standalone Workstation' so this requirement is NA. Comments |
|||||
| MONT-WS-92010 | 164.231.187.45 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-Windows10_Checks) found this to be OPEN on 10/23/2025 ResultHash: 853C0CE81C1C24F05FBE2ADC24FBC18BB9DC2A41 ~~~~~ Deny log on as a service: No objects assigned to this right. Comments |
|||||
| MONT-WS-92040 | 164.231.187.72 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-Windows10_Checks) found this to be OPEN on 10/23/2025 ResultHash: 853C0CE81C1C24F05FBE2ADC24FBC18BB9DC2A41 ~~~~~ Deny log on as a service: No objects assigned to this right. Comments |
|||||
Check Text
This requirement is applicable to domain-joined systems. For standalone or nondomain-joined systems, this is NA. Verify the effective setting in Local Group Policy Editor. Run "gpedit.msc". Navigate to Local Computer Policy >> Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> User Rights Assignment. If the following groups or accounts are not defined for the "Deny log on as a service" right , this is a finding. Domain Systems Only: Enterprise Admins Group Domain Admins Group
Fix Text
This requirement is applicable to domain-joined systems. For standalone or nondomain-joined systems, this is NA. Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> User Rights Assignment >> "Deny log on as a service" to include the following: Domain Systems Only: Enterprise Admins Group Domain Admins Group
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-SW-89108 | 22.19.120.22 | 2026-03-04 | |||
Finding DetailsEvaluate-STIG 1.2510.0 (Scan-Windows10_Checks) found this to be NOT A FINDING on 12/17/2025 ResultHash: D42DF0ECC417CB415089564874B6907BEB79128C ~~~~~ Deny log on locally: BUILTIN\Guests Comments |
|||||
| MONT-SW-89134 | 22.19.120.21 | 2026-03-04 | |||
Finding DetailsEvaluate-STIG 1.2510.0 (Scan-Windows10_Checks) found this to be NOT A FINDING on 12/17/2025 ResultHash: D42DF0ECC417CB415089564874B6907BEB79128C ~~~~~ Deny log on locally: BUILTIN\Guests Comments |
|||||
| MONT-WS-92010 | 164.231.187.45 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-Windows10_Checks) found this to be OPEN on 10/23/2025 ResultHash: D42DF0ECC417CB415089564874B6907BEB79128C ~~~~~ Deny log on locally: BUILTIN\Guests Comments |
|||||
| MONT-WS-92040 | 164.231.187.72 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-Windows10_Checks) found this to be OPEN on 10/23/2025 ResultHash: D42DF0ECC417CB415089564874B6907BEB79128C ~~~~~ Deny log on locally: BUILTIN\Guests Comments |
|||||
Check Text
Verify the effective setting in Local Group Policy Editor. Run "gpedit.msc". Navigate to Local Computer Policy >> Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> User Rights Assignment. If the following groups or accounts are not defined for the "Deny log on locally" right, this is a finding. Domain Systems Only: Enterprise Admins Group Domain Admins Group Privileged Access Workstations (PAWs) dedicated to the management of Active Directory are exempt from denying the Enterprise Admins and Domain Admins groups. (See the Windows Privileged Access Workstation STIG for PAW requirements.) All Systems: Guests Group
Fix Text
Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> User Rights Assignment >> "Deny log on locally" to include the following. Domain Systems Only: Enterprise Admins Group Domain Admins Group Privileged Access Workstations (PAWs) dedicated to the management of Active Directory are exempt from denying the Enterprise Admins and Domain Admins groups. (See the Windows Privileged Access Workstation STIG for PAW requirements.) All Systems: Guests Group
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-SW-89108 | 22.19.120.22 | 2026-03-04 | |||
Finding DetailsEvaluate-STIG 1.2510.0 (Scan-Windows10_Checks) found this to be NOT A FINDING on 12/17/2025 ResultHash: 9710F86B1963CAAA2C9429B687B5B8F0CFCE9509 ~~~~~ Deny log on through Remote Desktop Services: BUILTIN\Guests Comments |
|||||
| MONT-SW-89134 | 22.19.120.21 | 2026-03-04 | |||
Finding DetailsEvaluate-STIG 1.2510.0 (Scan-Windows10_Checks) found this to be NOT A FINDING on 12/17/2025 ResultHash: 9710F86B1963CAAA2C9429B687B5B8F0CFCE9509 ~~~~~ Deny log on through Remote Desktop Services: BUILTIN\Guests Comments |
|||||
| MONT-WS-92010 | 164.231.187.45 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-Windows10_Checks) found this to be OPEN on 10/23/2025 ResultHash: 5957234601D7C7E797928456B308E65804C7D53F ~~~~~ Deny log on through Remote Desktop Services: BUILTIN\Guests NT AUTHORITY\Local account Comments |
|||||
| MONT-WS-92040 | 164.231.187.72 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-Windows10_Checks) found this to be OPEN on 10/23/2025 ResultHash: 5957234601D7C7E797928456B308E65804C7D53F ~~~~~ Deny log on through Remote Desktop Services: BUILTIN\Guests NT AUTHORITY\Local account Comments |
|||||
Check Text
Verify the effective setting in Local Group Policy Editor. Run "gpedit.msc". Navigate to Local Computer Policy >> Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> User Rights Assignment. If the following groups or accounts are not defined for the "Deny log on through Remote Desktop Services" right, this is a finding: If Remote Desktop Services is not used by the organization, the "Everyone" group can replace all of the groups listed below. Domain Systems Only: Enterprise Admins group Domain Admins group Local account (see Note below) All Systems: Guests group Privileged Access Workstations (PAWs) dedicated to the management of Active Directory are exempt from denying the Enterprise Admins and Domain Admins groups. (See the Windows Privileged Access Workstation STIG for PAW requirements.) Note: "Local account" is a built-in security group used to assign user rights and permissions to all local accounts.
Fix Text
Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> User Rights Assignment >> "Deny log on through Remote Desktop Services" to include the following. If Remote Desktop Services is not used by the organization, assign the Everyone group this right to prevent all access. Domain Systems Only: Enterprise Admins group Domain Admins group Local account (see Note below) All Systems: Guests group Privileged Access Workstations (PAWs) dedicated to the management of Active Directory are exempt from denying the Enterprise Admins and Domain Admins groups. (See the Windows Privileged Access Workstation STIG for PAW requirements.) Note: "Local account" is a built-in security group used to assign user rights and permissions to all local accounts.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-SW-89108 | 22.19.120.22 | 2026-03-04 | |||
Finding DetailsEvaluate-STIG 1.2510.0 (Scan-Windows10_Checks) found this to be NOT A FINDING on 12/17/2025 ResultHash: 0AE8978EA0ED5EC0DA9005C2608D05E3ED51FF0C ~~~~~ Process Creation: Success and Failure Comments |
|||||
| MONT-SW-89134 | 22.19.120.21 | 2026-03-04 | |||
Finding DetailsEvaluate-STIG 1.2510.0 (Scan-Windows10_Checks) found this to be NOT A FINDING on 12/17/2025 ResultHash: 0AE8978EA0ED5EC0DA9005C2608D05E3ED51FF0C ~~~~~ Process Creation: Success and Failure Comments |
|||||
| MONT-WS-92010 | 164.231.187.45 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-Windows10_Checks) found this to be OPEN on 10/23/2025 ResultHash: 812B92C97F6B9D7E16F6294B301DF81AC57720AA ~~~~~ Process Creation: Success Comments |
|||||
| MONT-WS-92040 | 164.231.187.72 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-Windows10_Checks) found this to be OPEN on 10/23/2025 ResultHash: 812B92C97F6B9D7E16F6294B301DF81AC57720AA ~~~~~ Process Creation: Success Comments |
|||||
Check Text
Ensure Audit Process Creation auditing has been enabled: Computer Configuration >> Windows Settings >> Security Settings >> Advanced Audit Policy Configuration >>System Audit Policies >> Detailed Tracking >> Audit Process Creation". If "Audit Process Creation" is not set to "Failure", this is a finding.
Fix Text
Go to Computer Configuration >> Windows Settings >> Security Settings >> Advanced Audit Policy Configuration >>System Audit Policies >> Detailed Tracking >> Audit Process Creation is set to "failure".
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-SW-89108 | 22.19.120.22 | 2026-03-04 | |||
Finding DetailsEvaluate-STIG 1.2510.0 (Scan-Windows10_Checks) found this to be NOT A FINDING on 12/17/2025 ResultHash: D106FB820932416BA8165EF9D232122A8ADE4A4B ~~~~~ Microsoft.copilot not found Comments |
|||||
| MONT-SW-89134 | 22.19.120.21 | 2026-03-04 | |||
Finding DetailsEvaluate-STIG 1.2510.0 (Scan-Windows10_Checks) found this to be NOT A FINDING on 12/17/2025 ResultHash: D106FB820932416BA8165EF9D232122A8ADE4A4B ~~~~~ Microsoft.copilot not found Comments |
|||||
| MONT-WS-92010 | 164.231.187.45 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-Windows10_Checks) found this to be OPEN on 10/23/2025 Username: MONTFORD-POINT\D.Admin UserSID: S-1-5-21-1360995287-4027491577-3040029667-1104 ResultHash: F328DBC62269B694F2E1C6B9E5A3E6F8D0405729 ~~~~~ 'Turn off Windows Copilot' is NOT Enabled Registry Path: HKCU:\SOFTWARE\Policies\Microsoft\Windows\WindowsCopilot Value Name: TurnOffWindowsCopilot (Not found) Comments |
|||||
| MONT-WS-92040 | 164.231.187.72 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-Windows10_Checks) found this to be OPEN on 10/23/2025 Username: MONTFORD-POINT\W.Admin UserSID: S-1-5-21-1360995287-4027491577-3040029667-1106 ResultHash: F328DBC62269B694F2E1C6B9E5A3E6F8D0405729 ~~~~~ 'Turn off Windows Copilot' is NOT Enabled Registry Path: HKCU:\SOFTWARE\Policies\Microsoft\Windows\WindowsCopilot Value Name: TurnOffWindowsCopilot (Not found) Comments |
|||||
Check Text
Run the following PowerShell command as an administrator: Get-AppxPackage -AllUsers | Where-Object { $_.Name -like "*Copilot*" } If Microsoft.Copilot displays, this is a finding.
Fix Text
Open PowerShell as an administrator. Run the following command: Get-AppxPackage -AllUsers *CoPilot* | Remove-AppxPackage -AllUsers
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-SW-89108 | 22.19.120.22 | 2026-03-04 | |||
Finding DetailsEvaluate-STIG 1.2510.0 (Scan-Windows10_Checks) found this to be OPEN on 12/17/2025 ResultHash: 986E2AA371EE57C0BE58CB7A9BFDD5C0FC13FA58 ~~~~~ File System: No Auditing Comments |
|||||
| MONT-SW-89134 | 22.19.120.21 | 2026-03-04 | |||
Finding DetailsEvaluate-STIG 1.2510.0 (Scan-Windows10_Checks) found this to be OPEN on 12/17/2025 ResultHash: 986E2AA371EE57C0BE58CB7A9BFDD5C0FC13FA58 ~~~~~ File System: No Auditing Comments |
|||||
Check Text
Verify that Audit File System auditing has been enabled: Computer Configuration >> Windows Settings >> Security Settings >> Advanced Audit Policy Configuration >> System Audit Policies >> Object Access >> Audit File System. If "Audit File System" is not set to "Failure", this is a finding.
Fix Text
Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Advanced Audit Policy Configuration >> System Audit Policies >> Object Access >> "Audit File System" with "Failure" selected.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-SW-89108 | 22.19.120.22 | 2026-03-04 | |||
Finding DetailsEvaluate-STIG 1.2510.0 (Scan-Windows10_Checks) found this to be OPEN on 12/17/2025 ResultHash: 986E2AA371EE57C0BE58CB7A9BFDD5C0FC13FA58 ~~~~~ File System: No Auditing Comments |
|||||
| MONT-SW-89134 | 22.19.120.21 | 2026-03-04 | |||
Finding DetailsEvaluate-STIG 1.2510.0 (Scan-Windows10_Checks) found this to be OPEN on 12/17/2025 ResultHash: 986E2AA371EE57C0BE58CB7A9BFDD5C0FC13FA58 ~~~~~ File System: No Auditing Comments |
|||||
Check Text
Verify that Audit File System auditing has been enabled: Computer Configuration >> Windows Settings >> Security Settings >> Advanced Audit Policy Configuration >> System Audit Policies >> Object Access >> Audit File System. If "Audit File System" is not set to "Success", this is a finding.
Fix Text
Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Advanced Audit Policy Configuration >> System Audit Policies >> Object Access >> "Audit File System" with "Success" selected.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-SW-89108 | 22.19.120.22 | 2026-03-04 | |||
Finding DetailsEvaluate-STIG 1.2510.0 (Scan-Windows10_Checks) found this to be OPEN on 12/17/2025 ResultHash: E3BC58368C7E0501CABAF5E7042609D91BD6A6A9 ~~~~~ Handle Manipulation: No Auditing Comments |
|||||
| MONT-SW-89134 | 22.19.120.21 | 2026-03-04 | |||
Finding DetailsEvaluate-STIG 1.2510.0 (Scan-Windows10_Checks) found this to be OPEN on 12/17/2025 ResultHash: E3BC58368C7E0501CABAF5E7042609D91BD6A6A9 ~~~~~ Handle Manipulation: No Auditing Comments |
|||||
Check Text
Verify that Audit Handle Manipulation auditing has been enabled: Computer Configuration >> Windows Settings >> Security Settings >> Advanced Audit Policy Configuration >> System Audit Policies >> Object Access >> Audit Handle Manipulation. If "Audit Handle Manipulation" is not set to "Failure", this is a finding.
Fix Text
Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Advanced Audit Policy Configuration >> System Audit Policies >> Object Access >> "Audit Handle Manipulation" with "Failure" selected.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-SW-89108 | 22.19.120.22 | 2026-03-04 | |||
Finding DetailsEvaluate-STIG 1.2510.0 (Scan-Windows10_Checks) found this to be OPEN on 12/17/2025 ResultHash: E3BC58368C7E0501CABAF5E7042609D91BD6A6A9 ~~~~~ Handle Manipulation: No Auditing Comments |
|||||
| MONT-SW-89134 | 22.19.120.21 | 2026-03-04 | |||
Finding DetailsEvaluate-STIG 1.2510.0 (Scan-Windows10_Checks) found this to be OPEN on 12/17/2025 ResultHash: E3BC58368C7E0501CABAF5E7042609D91BD6A6A9 ~~~~~ Handle Manipulation: No Auditing Comments |
|||||
Check Text
Verify that Audit Handle Manipulation auditing has been enabled: Computer Configuration >> Windows Settings >> Security Settings >> Advanced Audit Policy Configuration >> System Audit Policies >> Object Access >> Audit Handle Manipulation. If "Audit Handle Manipulation" is not set to "Success", this is a finding.
Fix Text
Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Advanced Audit Policy Configuration >> System Audit Policies >> Object Access >> "Audit Handle Manipulation" with "Success" selected.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-SW-89108 | 22.19.120.22 | 2026-03-04 | |||
Finding DetailsEvaluate-STIG 1.2510.0 (Scan-Windows10_Checks) found this to be OPEN on 12/17/2025 ResultHash: 699C432E6583CB6CD672333388C153C260362A53 ~~~~~ Registry: No Auditing Comments |
|||||
| MONT-SW-89134 | 22.19.120.21 | 2026-03-04 | |||
Finding DetailsEvaluate-STIG 1.2510.0 (Scan-Windows10_Checks) found this to be OPEN on 12/17/2025 ResultHash: 699C432E6583CB6CD672333388C153C260362A53 ~~~~~ Registry: No Auditing Comments |
|||||
Check Text
Verify that Audit Registry auditing has been enabled: Computer Configuration >> Windows Settings >> Security Settings >> Advanced Audit Policy Configuration >> System Audit Policies >> Object Access >> Audit Registry. If "Audit Registry" is not set to "Success", this is a finding.
Fix Text
Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Advanced Audit Policy Configuration >> System Audit Policies >> Object Access >> "Audit Registry" with "Success" selected.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-SW-89108 | 22.19.120.22 | 2026-03-04 | |||
Finding DetailsEvaluate-STIG 1.2510.0 (Scan-Windows10_Checks) found this to be OPEN on 12/17/2025 ResultHash: 699C432E6583CB6CD672333388C153C260362A53 ~~~~~ Registry: No Auditing Comments |
|||||
| MONT-SW-89134 | 22.19.120.21 | 2026-03-04 | |||
Finding DetailsEvaluate-STIG 1.2510.0 (Scan-Windows10_Checks) found this to be OPEN on 12/17/2025 ResultHash: 699C432E6583CB6CD672333388C153C260362A53 ~~~~~ Registry: No Auditing Comments |
|||||
Check Text
Verify that Audit Registry auditing has been enabled: Computer Configuration >> Windows Settings >> Security Settings >> Advanced Audit Policy Configuration >> System Audit Policies >> Object Access >> Audit Registry. If "Audit Registry" is not set to "Failure", this is a finding.
Fix Text
Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Advanced Audit Policy Configuration >> System Audit Policies >> Object Access >> "Audit Registry" with "Failure" selected.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-SW-89108 | 22.19.120.22 | 2026-03-04 | |||
Finding DetailsEvaluate-STIG 1.2510.0 (Scan-Windows10_Checks) was unable to determine a Status but found the below configuration on 12/17/2025: ResultHash: BBAC88C8AB01CF95104CC45D880159B2968EBA9F ~~~~~ Installed NSS Root Certificates: Subject: CN=NSS Root CA 4, OU=Certification Authorities, OU=NSS, O=U.S. Government, C=US Thumbprint: D753369F16C2CF15A9647AAE4F6E2B40E4A28242 NotAfter: 10/11/2041 13:47:15 Subject: CN=NSS Root CA 1, OU=Certification Authorities, OU=NSS, O=U.S. Government, C=US Thumbprint: 4D96A58E74C1D5EC06C018459C3DDE71C0DBEF41 NotAfter: 11/28/2029 22:06:38 Subject: CN=NSS Root CA 2, OU=Certification Authorities, OU=NSS, O=U.S. Government, C=US Thumbprint: 3CEE89598C90AA6F5A3B75FB03E94E111D75B5D9 NotAfter: 10/20/2030 13:29:50 Comments |
|||||
| MONT-SW-89134 | 22.19.120.21 | 2026-03-04 | |||
Finding DetailsEvaluate-STIG 1.2510.0 (Scan-Windows10_Checks) was unable to determine a Status but found the below configuration on 12/17/2025: ResultHash: 393EAA13FC13924073C463182B1C5D260DE26571 ~~~~~ Installed NSS Root Certificates: Subject: CN=NSS Root CA 4, OU=Certification Authorities, OU=NSS, O=U.S. Government, C=US Thumbprint: D753369F16C2CF15A9647AAE4F6E2B40E4A28242 NotAfter: 10/11/2041 13:47:15 Subject: CN=NSS Root CA 5, OU=Certification Authorities, OU=NSS, O=U.S. Government, C=US Thumbprint: 7232A47EB4B80CE23A2A3C3799CCAE0D67B0F143 NotAfter: 09/25/2048 15:12:12 Subject: CN=NSS Root CA 1, OU=Certification Authorities, OU=NSS, O=U.S. Government, C=US Thumbprint: 4D96A58E74C1D5EC06C018459C3DDE71C0DBEF41 NotAfter: 11/28/2029 22:06:38 Subject: CN=NSS Root CA 2, OU=Certification Authorities, OU=NSS, O=U.S. Government, C=US Thumbprint: 3CEE89598C90AA6F5A3B75FB03E94E111D75B5D9 NotAfter: 10/20/2030 13:29:50 Comments |
|||||
| MONT-WS-92010 | 164.231.187.45 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-Windows10_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 1E639BE4EE5A1CDEB45CD6D11961572DC003871E ~~~~~ Subject: CN=DoD Root CA 3, OU=PKI, OU=DoD, O=U.S. Government, C=US Thumbprint: D73CA91102A2204A36459ED32213B467D7CE97FB NotAfter: 12/30/2029 Installed: True Subject: CN=DoD Root CA 4, OU=PKI, OU=DoD, O=U.S. Government, C=US Thumbprint: B8269F25DBD937ECAFD4C35A9838571723F2D026 NotAfter: 7/25/2032 Installed: True Subject: CN=DoD Root CA 5, OU=PKI, OU=DoD, O=U.S. Government, C=US Thumbprint: 4ECB5CC3095670454DA1CBD410FC921F46B8564B NotAfter: 6/14/2041 Installed: True Subject: CN=DoD Root CA 6, OU=PKI, OU=DoD, O=U.S. Government, C=US Thumbprint: D37ECF61C0B4ED88681EF3630C4E2FC787B37AEF NotAfter: 1/24/2053 Installed: True Comments |
|||||
| MONT-WS-92040 | 164.231.187.72 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-Windows10_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 1E639BE4EE5A1CDEB45CD6D11961572DC003871E ~~~~~ Subject: CN=DoD Root CA 3, OU=PKI, OU=DoD, O=U.S. Government, C=US Thumbprint: D73CA91102A2204A36459ED32213B467D7CE97FB NotAfter: 12/30/2029 Installed: True Subject: CN=DoD Root CA 4, OU=PKI, OU=DoD, O=U.S. Government, C=US Thumbprint: B8269F25DBD937ECAFD4C35A9838571723F2D026 NotAfter: 7/25/2032 Installed: True Subject: CN=DoD Root CA 5, OU=PKI, OU=DoD, O=U.S. Government, C=US Thumbprint: 4ECB5CC3095670454DA1CBD410FC921F46B8564B NotAfter: 6/14/2041 Installed: True Subject: CN=DoD Root CA 6, OU=PKI, OU=DoD, O=U.S. Government, C=US Thumbprint: D37ECF61C0B4ED88681EF3630C4E2FC787B37AEF NotAfter: 1/24/2053 Installed: True Comments |
|||||
Check Text
Verify the DoD Root CA certificates are installed as Trusted Root Certification Authorities. The certificates and thumbprints referenced below apply to unclassified systems; refer to PKE documentation for other networks. Run "PowerShell" as an administrator. Execute the following command: Get-ChildItem -Path Cert:Localmachine\root | Where Subject -Like "*DoD*" | FL Subject, Thumbprint, NotAfter If the following certificate "Subject" and "Thumbprint" information is not displayed, this is a finding. Subject: CN=DoD Root CA 3, OU=PKI, OU=DoD, O=U.S. Government, C=US Thumbprint: D73CA91102A2204A36459ED32213B467D7CE97FB NotAfter: 12/30/2029 Subject: CN=DoD Root CA 4, OU=PKI, OU=DoD, O=U.S. Government, C=US Thumbprint: B8269F25DBD937ECAFD4C35A9838571723F2D026 NotAfter: 7/25/2032 Subject: CN=DoD Root CA 5, OU=PKI, OU=DoD, O=U.S. Government, C=US Thumbprint: 4ECB5CC3095670454DA1CBD410FC921F46B8564B NotAfter: 6/14/2041 Subject: CN=DoD Root CA 6, OU=PKI, OU=DoD, O=U.S. Government, C=US Thumbprint : D37ECF61C0B4ED88681EF3630C4E2FC787B37AEF NotAfter: 1/24/2053 Alternately, use the Certificates MMC snap-in: Run "MMC". Select "File", "Add/Remove Snap-in". Select "Certificates", click "Add". Select "Computer account", click "Next". Select "Local computer: (the computer this console is running on)", click "Finish". Click "OK". Expand "Certificates" and navigate to "Trusted Root Certification Authorities >> Certificates". For each of the DoD Root CA certificates noted below: Right-click on the certificate and select "Open". Select the "Details" tab. Scroll to the bottom and select "Thumbprint". If the DoD Root CA certificates below are not listed or the value for the "Thumbprint" field is not as noted, this is a finding. DoD Root CA 3 Thumbprint: D73CA91102A2204A36459ED32213B467D7CE97FB Valid to: Sunday, December 30, 2029 DoD Root CA 4 Thumbprint: B8269F25DBD937ECAFD4C35A9838571723F2D026 Valid to: Sunday, July 25, 2032 DoD Root CA 5 Thumbprint: 4ECB5CC3095670454DA1CBD410FC921F46B8564B Valid to: Friday, June 14, 2041 DoD Root CA 6 Thumbprint : D37ECF61C0B4ED88681EF3630C4E2FC787B37AEF Valid to: Friday, January 24, 2053
Fix Text
Install the DoD Root CA certificates: DoD Root CA 3 DoD Root CA 4 DoD Root CA 5 DoD Root CA 6 The InstallRoot tool is available on Cyber Exchange at https://cyber.mil/pki-pke/tools-configuration-files. Certificate bundles published by the PKI can be found at https://crl.gds.disa.mil/.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-SW-89108 | 22.19.120.22 | 2026-03-04 | |||
Finding DetailsEvaluate-STIG 1.2510.0 (Scan-Windows10_Checks) found this to be NOT APPLICABLE on 12/17/2025 ResultHash: 35876C8966B85EC1E2B626A04F1F3A7173B7D72A ~~~~~ System is a 'Standalone Workstation' so this requirement is NA. Comments |
|||||
| MONT-SW-89134 | 22.19.120.21 | 2026-03-04 | |||
Finding DetailsEvaluate-STIG 1.2510.0 (Scan-Windows10_Checks) found this to be NOT APPLICABLE on 12/17/2025 ResultHash: 35876C8966B85EC1E2B626A04F1F3A7173B7D72A ~~~~~ System is a 'Standalone Workstation' so this requirement is NA. Comments |
|||||
| MONT-WS-92010 | 164.231.187.45 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-Windows10_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 435C81AC79C2FECD84A3BE04A4AA7CC245BEF0D7 ~~~~~ OS Caption: Microsoft Windows 10 Enterprise LTSC OS Version: 10.0.19044 OS Architecture: 64-bit Comments |
|||||
| MONT-WS-92040 | 164.231.187.72 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-Windows10_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 435C81AC79C2FECD84A3BE04A4AA7CC245BEF0D7 ~~~~~ OS Caption: Microsoft Windows 10 Enterprise LTSC OS Version: 10.0.19044 OS Architecture: 64-bit Comments |
|||||
Check Text
Verify domain-joined systems are using Windows 10 Enterprise Edition 64-bit version. For standalone or nondomain-joined systems, this is NA. Open "Settings". Select "System", then "About". If "Edition" is not "Windows 10 Enterprise", this is a finding. If "System type" is not "64-bit operating system…", this is a finding.
Fix Text
Use Windows 10 Enterprise 64-bit version for domain-joined systems.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-SW-89108 | 22.19.120.22 | 2026-03-04 | |||
Finding DetailsEvaluate-STIG 1.2510.0 (Scan-Windows10_Checks) found this to be NOT APPLICABLE on 12/17/2025 ResultHash: 35876C8966B85EC1E2B626A04F1F3A7173B7D72A ~~~~~ System is a 'Standalone Workstation' so this requirement is NA. Comments |
|||||
| MONT-SW-89134 | 22.19.120.21 | 2026-03-04 | |||
Finding DetailsEvaluate-STIG 1.2510.0 (Scan-Windows10_Checks) found this to be NOT APPLICABLE on 12/17/2025 ResultHash: 35876C8966B85EC1E2B626A04F1F3A7173B7D72A ~~~~~ System is a 'Standalone Workstation' so this requirement is NA. Comments |
|||||
| MONT-WS-92010 | 164.231.187.45 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-Windows10_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 346611FFEC18CA874CE847DB523A17BC711DFFEF ~~~~~ TPM Preset = True TPM Ready = True TPM Specification Version = 2.0 Comments |
|||||
| MONT-WS-92040 | 164.231.187.72 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-Windows10_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 346611FFEC18CA874CE847DB523A17BC711DFFEF ~~~~~ TPM Preset = True TPM Ready = True TPM Specification Version = 2.0 Comments |
|||||
Check Text
Verify domain-joined systems have a TPM enabled and ready for use. For standalone or nondomain-joined systems, this is NA. Virtualization-based security, including Credential Guard, currently cannot be implemented in virtual desktop implementations (VDI) due to specific supporting requirements including a TPM, UEFI with Secure Boot, and the capability to run the Hyper-V feature within the virtual desktop. For VDIs where the virtual desktop instance is deleted or refreshed upon logoff, this is NA. Verify the system has a TPM and is ready for use. Run "tpm.msc". Review the sections in the center pane. "Status" must indicate it has been configured with a message such as "The TPM is ready for use" or "The TPM is on and ownership has been taken". TPM Manufacturer Information - Specific Version = 2.0 or 1.2 If a TPM is not found or is not ready for use, this is a finding.
Fix Text
For standalone or nondomain-joined systems, this is NA. Virtualization-based security, including Credential Guard, currently cannot be implemented in VDI due to specific supporting requirements including a TPM, UEFI with Secure Boot, and the capability to run the Hyper-V feature within the virtual desktop. For VDIs where the virtual desktop instance is deleted or refreshed upon logoff, this is NA. Ensure domain-joined systems have a Trusted Platform Module (TPM) that is configured for use. (Versions 2.0 or 1.2 support Credential Guard.) The TPM must be enabled in the firmware. Run "tpm.msc" for configuration options in Windows.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-SW-89108 | 22.19.120.22 | 2026-03-04 | |||
Finding DetailsEvaluate-STIG 1.2510.0 (Scan-Windows10_Checks) found this to be NOT A FINDING on 12/17/2025 ResultHash: 795D12619CC035A12CE3BE8D046C9DA2FD6AC217 ~~~~~ BIOS Mode: UEFI Comments |
|||||
| MONT-SW-89134 | 22.19.120.21 | 2026-03-04 | |||
Finding DetailsEvaluate-STIG 1.2510.0 (Scan-Windows10_Checks) found this to be NOT A FINDING on 12/17/2025 ResultHash: 795D12619CC035A12CE3BE8D046C9DA2FD6AC217 ~~~~~ BIOS Mode: UEFI Comments |
|||||
| MONT-WS-92010 | 164.231.187.45 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-Windows10_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 795D12619CC035A12CE3BE8D046C9DA2FD6AC217 ~~~~~ BIOS Mode: UEFI Comments |
|||||
| MONT-WS-92040 | 164.231.187.72 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-Windows10_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 795D12619CC035A12CE3BE8D046C9DA2FD6AC217 ~~~~~ BIOS Mode: UEFI Comments |
|||||
Check Text
For virtual desktop implementations (VDIs) where the virtual desktop instance is deleted or refreshed upon logoff, this is NA. Verify the system firmware is configured to run in UEFI mode, not Legacy BIOS. Run "System Information". Under "System Summary", if "BIOS Mode" does not display "UEFI", this is a finding.
Fix Text
Configure UEFI firmware to run in UEFI mode, not Legacy BIOS mode.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-SW-89108 | 22.19.120.22 | 2026-03-04 | |||
Finding DetailsNo details recorded. Comments |
|||||
| MONT-SW-89134 | 22.19.120.21 | 2026-03-04 | |||
Finding DetailsNo details recorded. Comments |
|||||
| MONT-WS-92010 | 164.231.187.45 | 2026-01-14 | |||
Finding DetailsNo details recorded. Comments |
|||||
| MONT-WS-92040 | 164.231.187.72 | 2026-01-14 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Verify DOD-approved ESS software is installed and properly operating. Ask the site information system security manager (ISSM) for documentation of the ESS software installation and configuration. If the ISSM is not able to provide a documented configuration for an installed ESS or if the ESS software is not properly maintained or used, this is a finding. Note: Example of documentation can be a copy of the site's CCB approved Software Baseline with version of software noted or a memo from the ISSM stating current ESS software and version.
Fix Text
Install DOD-approved ESS software and ensure it is operating continuously.