| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| SCHR-P3-DP-001 | 164.231.170.44 | 2026-03-05 | |||
Finding DetailsEvaluate-STIG 1.2601.0 (Scan-WindowsServer2022_Checks) found this to be NOT APPLICABLE on 03/05/2026 ResultHash: FE6E08BCA44D55D33AD47289B0481DA21EA7058A ~~~~~ Only system-created shares exist on this system so this requirement is NA. Comments |
|||||
Check Text
If only system-created shares such as "ADMIN$", "C$", and "IPC$" exist on the system, this is NA. (System-created shares will display a message that it has been shared for administrative purposes when "Properties" is selected.) Run "Computer Management". Navigate to System Tools >> Shared Folders >> Shares. Right-click any nonsystem-created shares. Select "Properties". Select the "Share Permissions" tab. If the file shares have not been configured to restrict permissions to the specific groups or accounts that require access, this is a finding. Select the "Security" tab. If the permissions have not been configured to restrict permissions to the specific groups or accounts that require access, this is a finding.
Fix Text
If a nonsystem-created share is required on a system, configure the share and NTFS permissions to limit access to the specific groups or accounts that require it. Remove any unnecessary nonsystem-created shares.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| SCHR-P3-DP-001 | 164.231.170.44 | 2026-03-05 | |||
Finding DetailsEvaluate-STIG 1.2601.0 (Scan-WindowsServer2022_Checks) found this to be NOT A FINDING on 03/05/2026 ResultHash: 6D1B1446FB5CC2634D5EADF74C6B8A5903ECB08C ~~~~~ No .p12 or .pfx certificate files found. Comments |
|||||
Check Text
Search all drives for *.p12 and *.pfx files. If any files with these extensions exist, this is a finding. This does not apply to server-based applications that have a requirement for .p12 certificate files or Adobe PreFlight certificate files. Some applications create files with extensions of .p12 that are not certificate installation files. Removal of noncertificate installation files from systems is not required. These must be documented with the Information System Security Officer (ISSO).
Fix Text
Remove any certificate installation files (*.p12 and *.pfx) found on a system. Note: This does not apply to server-based applications that have a requirement for .p12 certificate files or Adobe PreFlight certificate files.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| SCHR-P3-DP-001 | 164.231.170.44 | 2026-03-05 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
If the data owner has a strict requirement for ensuring data integrity and confidentiality is maintained at every step of the data transfer and handling process, verify protection methods such as TLS, encrypted VPNs, or IPsec have been implemented. If protection methods have not been implemented, this is a finding.
Fix Text
Configure protection methods such as TLS, encrypted VPNs, or IPsec when the data owner has a strict requirement for ensuring data integrity and confidentiality is maintained at every step of the data transfer and handling process.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| SCHR-P3-DP-001 | 164.231.170.44 | 2026-03-05 | |||
Finding DetailsEvaluate-STIG 1.2601.0 (Scan-WindowsServer2022_Checks) was unable to determine a Status but found the below configuration on 03/05/2026: ResultHash: 6EFFFCDAA74F2893347505F85C0B7A675BCD956A ~~~~~ Installed Roles: --------------------- Device Health Attestation File and Storage Services Web Server (IIS) Installed Role Services: --------------------- File and iSCSI Services File Server Storage Services Web Server Common HTTP Features Default Document Directory Browsing HTTP Errors Static Content Health and Diagnostics HTTP Logging Tracing Performance Static Content Compression Security Request Filtering Application Development .NET Extensibility 4.8 ASP.NET 4.8 ISAPI Extensions ISAPI Filters Server Side Includes Management Tools IIS Management Console Installed Features: --------------------- .NET Framework 4.8 Features .NET Framework 4.8 ASP.NET 4.8 WCF Services HTTP Activation TCP Port Sharing Azure Arc Setup Microsoft Defender Antivirus System Data Archiver Windows PowerShell Windows PowerShell 5.1 Windows Process Activation Service Process Model Configuration APIs WoW64 Support Comments |
|||||
Check Text
Required roles and features will vary based on the function of the individual system. Roles and features specifically required to be disabled per the STIG are identified in separate requirements. If the organization has not documented the roles and features required for the system(s), this is a finding. The PowerShell command "Get-WindowsFeature | Where-Object {$_. installstate -eq "Installed"} | Format-List Displayname, Name, Featuretype" will list all roles and features with an "Installed" state.
Fix Text
Document the roles and features required for the system to operate. Uninstall any that are not required.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| SCHR-P3-DP-001 | 164.231.170.44 | 2026-03-05 | |||
Finding DetailsEvaluate-STIG 1.2601.0 (Scan-WindowsServer2022_Checks) was unable to determine a Status but found the below configuration on 03/05/2026: ResultHash: DDEB8EC31627B565DA9A6E2585FF589E535BD0A3 ~~~~~ Active Network Connections: --------------------------- Network Category: DomainAuthenticated Windows Firewall: Disabled Windows Firewall is disabled on one or more active network profiles. Confirm a host-based firewall is in use on this system. Comments |
|||||
Check Text
Determine if a host-based firewall is installed and enabled on the system. If a host-based firewall is not installed and enabled on the system, this is a finding. The configuration requirements will be determined by the applicable firewall STIG.
Fix Text
Install and enable a host-based firewall on the system.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| SCHR-P3-DP-001 | 164.231.170.44 | 2026-03-05 | |||
Finding DetailsEvaluate-STIG 1.2601.0 (Scan-WindowsServer2022_Checks) was unable to determine a Status but found the below configuration on 03/05/2026: ResultHash: 129AAEF8C98B12262CD5814E10D70D7749FB55E0 ~~~~~ No enabled accounts found that are set to expire within 72 hours of the PasswordLastSet date. If there are enabled 'temporary' accounts currently on the system, this should be marked as Open. Otherwise, mark as Not Applicable. Comments |
|||||
Check Text
Review temporary user accounts for expiration dates. Determine if temporary user accounts are used and identify any that exist. If none exist, this is NA. Domain Controllers: Open "PowerShell". Enter "Search-ADAccount -AccountExpiring | FT Name, AccountExpirationDate". If "AccountExpirationDate" has not been defined within 72 hours for any temporary user account, this is a finding. Member servers and standalone or nondomain-joined systems: Open "Command Prompt". Run "Net user [username]", where [username] is the name of the temporary user account. If "Account expires" has not been defined within 72 hours for any temporary user account, this is a finding.
Fix Text
Configure temporary user accounts to automatically expire within 72 hours. Domain accounts can be configured with an account expiration date, under "Account" properties. Local accounts can be configured to expire with the command "Net user [username] /expires:[mm/dd/yyyy]", where [username] is the name of the temporary user account. Delete any temporary user accounts that are no longer necessary.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| SCHR-P3-DP-001 | 164.231.170.44 | 2026-03-05 | |||
Finding DetailsEvaluate-STIG 1.2601.0 (Scan-WindowsServer2022_Checks) was unable to determine a Status but found the below configuration on 03/05/2026: ResultHash: A2DFD837F05076354B18E9404AAC0860BC860EE5 ~~~~~ No enabled accounts found that are set to expire within 72 hours of the PasswordLastSet date. If there are enabled 'emergency' accounts currently on the system, this should be marked as Open. Otherwise, mark as Not Applicable. Comments |
|||||
Check Text
Determine if emergency administrator accounts are used and identify any that exist. If none exist, this is NA. If emergency administrator accounts cannot be configured with an expiration date due to an ongoing crisis, the accounts must be disabled or removed when the crisis is resolved. If emergency administrator accounts have not been configured with an expiration date or have not been disabled or removed following the resolution of a crisis, this is a finding. Domain Controllers: Open "PowerShell". Enter "Search-ADAccount -AccountExpiring | FT Name, AccountExpirationDate". If "AccountExpirationDate" has been defined and is not within 72 hours for an emergency administrator account, this is a finding. Member servers and standalone or nondomain-joined systems: Open "Command Prompt". Run "Net user [username]", where [username] is the name of the emergency account. If "Account expires" has been defined and is not within 72 hours for an emergency administrator account, this is a finding.
Fix Text
Remove emergency administrator accounts after a crisis has been resolved or configure the accounts to automatically expire within 72 hours. Domain accounts can be configured with an account expiration date, under "Account" properties. Local accounts can be configured to expire with the command "Net user [username] /expires:[mm/dd/yyyy]", where [username] is the name of the temporary user account.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| SCHR-P3-DP-001 | 164.231.170.44 | 2026-03-05 | |||
Finding DetailsEvaluate-STIG 1.2601.0 (Scan-WindowsServer2022_Checks) found this to be NOT A FINDING on 03/05/2026 ResultHash: 4D0C4B866AA7FEEDE82ECD2E8B4A22DEDE2618CF ~~~~~ Feature Name: Fax Expected State: Available, Removed Detected State: Available Comments |
|||||
Check Text
Open "PowerShell". Enter "Get-WindowsFeature | Where Name -eq Fax". If "Installed State" is "Installed", this is a finding. An Installed State of "Available" or "Removed" is not a finding.
Fix Text
Uninstall the "Fax Server" role. Start "Server Manager". Select the server with the role. Scroll down to "ROLES AND FEATURES" in the right pane. Select "Remove Roles and Features" from the drop-down "TASKS" list. Select the appropriate server on the "Server Selection" page and click "Next". Deselect "Fax Server" on the "Roles" page. Click "Next" and "Remove" as prompted.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| SCHR-P3-DP-001 | 164.231.170.44 | 2026-03-05 | |||
Finding DetailsEvaluate-STIG 1.2601.0 (Scan-WindowsServer2022_Checks) found this to be NOT A FINDING on 03/05/2026 ResultHash: 8AB08F4114350A4A86D884EB5E8C414772162FB9 ~~~~~ Feature Name: Web-Ftp-Service Expected State: Available, Removed Detected State: Available Comments |
|||||
Check Text
If the server has the role of an FTP server, this is NA. Open "PowerShell". Enter "Get-WindowsFeature | Where Name -eq Web-Ftp-Service". If "Installed State" is "Installed", this is a finding. An Installed State of "Available" or "Removed" is not a finding. If the system has the role of an FTP server, this must be documented with the Information System Security Officer (ISSO).
Fix Text
Uninstall the "FTP Server" role. Start "Server Manager". Select the server with the role. Scroll down to "ROLES AND FEATURES" in the right pane. Select "Remove Roles and Features" from the drop-down "TASKS" list. Select the appropriate server on the "Server Selection" page and click "Next". Deselect "FTP Server" under "Web Server (IIS)" on the "Roles" page. Click "Next" and "Remove" as prompted.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| SCHR-P3-DP-001 | 164.231.170.44 | 2026-03-05 | |||
Finding DetailsEvaluate-STIG 1.2601.0 (Scan-WindowsServer2022_Checks) found this to be NOT A FINDING on 03/05/2026 ResultHash: E1E83B25E45FCBBBA565EC2D58D12CDBFBB1E7FE ~~~~~ Feature Name: PNRP Expected State: Available, Removed Detected State: Available Comments |
|||||
Check Text
Open "PowerShell". Enter "Get-WindowsFeature | Where Name -eq PNRP". If "Installed State" is "Installed", this is a finding. An Installed State of "Available" or "Removed" is not a finding.
Fix Text
Uninstall the "Peer Name Resolution Protocol" feature. Start "Server Manager". Select the server with the feature. Scroll down to "ROLES AND FEATURES" in the right pane. Select "Remove Roles and Features" from the drop-down "TASKS" list. Select the appropriate server on the "Server Selection" page and click "Next". Deselect "Peer Name Resolution Protocol" on the "Features" page. Click "Next" and "Remove" as prompted.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| SCHR-P3-DP-001 | 164.231.170.44 | 2026-03-05 | |||
Finding DetailsEvaluate-STIG 1.2601.0 (Scan-WindowsServer2022_Checks) found this to be NOT A FINDING on 03/05/2026 ResultHash: 40AEBB2BB0A9343573591561E5E7304E61192602 ~~~~~ Feature Name: Simple-TCPIP Expected State: Available, Removed Detected State: Available Comments |
|||||
Check Text
Open "PowerShell". Enter "Get-WindowsFeature | Where Name -eq Simple-TCPIP". If "Installed State" is "Installed", this is a finding. An Installed State of "Available" or "Removed" is not a finding.
Fix Text
Uninstall the "Simple TCP/IP Services" feature. Start "Server Manager". Select the server with the feature. Scroll down to "ROLES AND FEATURES" in the right pane. Select "Remove Roles and Features" from the drop-down "TASKS" list. Select the appropriate server on the "Server Selection" page and click "Next". Deselect "Simple TCP/IP Services" on the "Features" page. Click "Next" and "Remove" as prompted.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| SCHR-P3-DP-001 | 164.231.170.44 | 2026-03-05 | |||
Finding DetailsEvaluate-STIG 1.2601.0 (Scan-WindowsServer2022_Checks) found this to be NOT A FINDING on 03/05/2026 ResultHash: BE5328321458F35B80D9546AF49C8D20D0895613 ~~~~~ Feature Name: Telnet-Client Expected State: Available, Removed Detected State: Available Comments |
|||||
Check Text
Open "PowerShell". Enter "Get-WindowsFeature | Where Name -eq Telnet-Client". If "Installed State" is "Installed", this is a finding. An Installed State of "Available" or "Removed" is not a finding.
Fix Text
Uninstall the "Telnet Client" feature. Start "Server Manager". Select the server with the feature. Scroll down to "ROLES AND FEATURES" in the right pane. Select "Remove Roles and Features" from the drop-down "TASKS" list. Select the appropriate server on the "Server Selection" page and click "Next". Deselect "Telnet Client" on the "Features" page. Click "Next" and "Remove" as prompted.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| SCHR-P3-DP-001 | 164.231.170.44 | 2026-03-05 | |||
Finding DetailsEvaluate-STIG 1.2601.0 (Scan-WindowsServer2022_Checks) found this to be NOT A FINDING on 03/05/2026 ResultHash: FBD7E7D6321CD55D5EFD1C45DD60F9D0AAF741E0 ~~~~~ Feature Name: TFTP-Client Expected State: Available, Removed Detected State: Available Comments |
|||||
Check Text
Open "PowerShell". Enter "Get-WindowsFeature | Where Name -eq TFTP-Client". If "Installed State" is "Installed", this is a finding. An Installed State of "Available" or "Removed" is not a finding.
Fix Text
Uninstall the "TFTP Client" feature. Start "Server Manager". Select the server with the feature. Scroll down to "ROLES AND FEATURES" in the right pane. Select "Remove Roles and Features" from the drop-down "TASKS" list. Select the appropriate server on the "Server Selection" page and click "Next". Deselect "TFTP Client" on the "Features" page. Click "Next" and "Remove" as prompted.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| SCHR-P3-DP-001 | 164.231.170.44 | 2026-03-05 | |||
Finding DetailsEvaluate-STIG 1.2601.0 (Scan-WindowsServer2022_Checks) found this to be NOT A FINDING on 03/05/2026 ResultHash: 89C59932D73F94F028707A00C6DF6452922F914B ~~~~~ The Windows Feature 'FS-SMB1' is Available Comments |
|||||
Check Text
Different methods are available to disable SMBv1 on Windows Server 2022. This is the preferred method, however if WN22-00-000390 and WN22-00-000400 are configured, this is NA. Open "Windows PowerShell" with elevated privileges (run as administrator). Enter "Get-WindowsFeature -Name FS-SMB1". If "Installed State" is "Installed", this is a finding. An Installed State of "Available" or "Removed" is not a finding.
Fix Text
Uninstall the SMBv1 protocol. Open "Windows PowerShell" with elevated privileges (run as administrator). Enter "Uninstall-WindowsFeature -Name FS-SMB1 -Restart". (Omit the Restart parameter if an immediate restart of the system cannot be done.) Alternately: Start "Server Manager". Select the server with the feature. Scroll down to "ROLES AND FEATURES" in the right pane. Select "Remove Roles and Features" from the drop-down "TASKS" list. Select the appropriate server on the "Server Selection" page and click "Next". Deselect "SMB 1.0/CIFS File Sharing Support" on the "Features" page. Click "Next" and "Remove" as prompted.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| SCHR-P3-DP-001 | 164.231.170.44 | 2026-03-05 | |||
Finding DetailsEvaluate-STIG 1.2601.0 (Scan-WindowsServer2022_Checks) found this to be NOT APPLICABLE on 03/05/2026 ResultHash: 26B515519ECF89836EB6C2CFF22BC2444B8E212F ~~~~~ V-254275 (WN22-00-000380) is configured so this requirement is NA. Comments |
|||||
Check Text
Different methods are available to disable SMBv1 on Windows Server 2022, if WN22-00-000380 is configured, this is NA. If the following registry value does not exist or is not configured as specified, this is a finding: Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\ Value Name: SMB1 Type: REG_DWORD Value: 0x00000000 (0)
Fix Text
Configure the policy value for Computer Configuration >> Administrative Templates >> MS Security Guide >> Configure SMBv1 Server to "Disabled". The system must be restarted for the change to take effect. This policy setting requires the installation of the SecGuide custom templates included with the STIG package. "SecGuide.admx" and "SecGuide.adml" must be copied to the \Windows\PolicyDefinitions and \Windows\PolicyDefinitions\en-US directories respectively.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| SCHR-P3-DP-001 | 164.231.170.44 | 2026-03-05 | |||
Finding DetailsEvaluate-STIG 1.2601.0 (Scan-WindowsServer2022_Checks) found this to be NOT APPLICABLE on 03/05/2026 ResultHash: 26B515519ECF89836EB6C2CFF22BC2444B8E212F ~~~~~ V-254275 (WN22-00-000380) is configured so this requirement is NA. Comments |
|||||
Check Text
Different methods are available to disable SMBv1 on Windows Server 2022, if WN22-00-000380 is configured, this is NA. If the following registry value is not configured as specified, this is a finding: Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \SYSTEM\CurrentControlSet\Services\mrxsmb10\ Value Name: Start Type: REG_DWORD Value: 0x00000004 (4)
Fix Text
Configure the policy value for Computer Configuration >> Administrative Templates >> MS Security Guide >> Configure SMBv1 client driver to "Enabled" with "Disable driver (recommended)" selected for "Configure MrxSmb10 driver". The system must be restarted for the changes to take effect. This policy setting requires the installation of the SecGuide custom templates included with the STIG package. "SecGuide.admx" and "SecGuide.adml" must be copied to the \Windows\PolicyDefinitions and \Windows\PolicyDefinitions\en-US directories respectively.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| SCHR-P3-DP-001 | 164.231.170.44 | 2026-03-05 | |||
Finding DetailsEvaluate-STIG 1.2601.0 (Scan-WindowsServer2022_Checks) found this to be NOT A FINDING on 03/05/2026 ResultHash: 0BFB975652099AC78A9E2F9F60247AFF7E3F2EDF ~~~~~ Feature Name: PowerShell-v2 Expected State: Available, Removed Detected State: Available Comments |
|||||
Check Text
Open "PowerShell". Enter "Get-WindowsFeature | Where Name -eq PowerShell-v2". If "Installed State" is "Installed", this is a finding. An Installed State of "Available" or "Removed" is not a finding.
Fix Text
Uninstall the "Windows PowerShell 2.0 Engine". Start "Server Manager". Select the server with the feature. Scroll down to "ROLES AND FEATURES" in the right pane. Select "Remove Roles and Features" from the drop-down "TASKS" list. Select the appropriate server on the "Server Selection" page and click "Next". Deselect "Windows PowerShell 2.0 Engine" under "Windows PowerShell" on the "Features" page. Click "Next" and "Remove" as prompted.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| SCHR-P3-DP-001 | 164.231.170.44 | 2026-03-05 | |||
Finding DetailsEvaluate-STIG 1.2601.0 (Scan-WindowsServer2022_Checks) found this to be NOT APPLICABLE on 03/05/2026 ResultHash: CD7DFE28A41B52BD912CF759969D5D1B7C89F295 ~~~~~ Web-Ftp-Server is not installed so this requirement is NA. Comments |
|||||
Check Text
If FTP is not installed on the system, this is NA. Open "Internet Information Services (IIS) Manager". Select the server. Double-click "FTP Authentication". If the "Anonymous Authentication" status is "Enabled", this is a finding.
Fix Text
Configure the FTP service to prevent anonymous logons. Open "Internet Information Services (IIS) Manager". Select the server. Double-click "FTP Authentication". Select "Anonymous Authentication". Select "Disabled" under "Actions".
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| SCHR-P3-DP-001 | 164.231.170.44 | 2026-03-05 | |||
Finding DetailsEvaluate-STIG 1.2601.0 (Scan-WindowsServer2022_Checks) found this to be NOT APPLICABLE on 03/05/2026 ResultHash: CD7DFE28A41B52BD912CF759969D5D1B7C89F295 ~~~~~ Web-Ftp-Server is not installed so this requirement is NA. Comments |
|||||
Check Text
If FTP is not installed on the system, this is NA. Open "Internet Information Services (IIS) Manager". Select "Sites" under the server name. For any sites with a Binding that lists FTP, right-click the site and select "Explore". If the site is not defined to a specific folder for shared FTP resources, this is a finding. If the site includes any system areas such as root of the drive, Program Files, or Windows directories, this is a finding.
Fix Text
Configure the FTP sites to allow access only to specific FTP shared resources. Do not allow access to other areas of the system.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| SCHR-P3-DP-001 | 164.231.170.44 | 2026-03-05 | |||
Finding DetailsEvaluate-STIG 1.2601.0 (Scan-WindowsServer2022_Checks) found this to be NOT A FINDING on 03/05/2026 ResultHash: 31FA001D95F799B1779974DAE788547F7248BA04 ~~~~~ No unresolved SIDs are assigned any User Right Comments |
|||||
Check Text
Review the effective User Rights setting in Local Group Policy Editor. Run "gpedit.msc". Navigate to Local Computer Policy >> Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> User Rights Assignment. Review each User Right listed for any unresolved SIDs to determine whether they are valid, such as due to being temporarily disconnected from the domain. (Unresolved SIDs have the format that begins with "*S-1-".) If any unresolved SIDs exist and are not for currently valid accounts or groups, this is a finding. For server core installations, run the following command: Secedit /export /areas USER_RIGHTS /cfg c:\path\UserRights.txt The results in the file identify user right assignments by SID instead of group name. Review the SIDs for unidentified ones. A list of typical SIDs \ Groups is below, search Microsoft for articles on well known SIDs for others. If any unresolved SIDs exist and are not for currently valid accounts or groups, this is a finding. SID - Group S-1-5-11 - Authenticated Users S-1-5-113 - Local account S-1-5-114 - Local account and member of Administrators group S-1-5-19 - Local Service S-1-5-20 - Network Service S-1-5-32-544 - Administrators S-1-5-32-546 - Guests S-1-5-6 - Service S-1-5-9 - Enterprise Domain Controllers S-1-5-domain-512 - Domain Admins S-1-5-root domain-519 - Enterprise Admins S-1-5-80-3139157870-2983391045-3678747466-658725712-1809340420 - NT Service\WdiServiceHost
Fix Text
Remove any unresolved SIDs found in User Rights assignments and determined to not be for currently valid accounts or groups by removing the accounts or groups from the appropriate group policy.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| SCHR-P3-DP-001 | 164.231.170.44 | 2026-03-05 | |||
Finding DetailsEvaluate-STIG 1.2601.0 (Scan-WindowsServer2022_Checks) found this to be NOT A FINDING on 03/05/2026 ResultHash: 795D12619CC035A12CE3BE8D046C9DA2FD6AC217 ~~~~~ BIOS Mode: UEFI Comments |
|||||
Check Text
Devices that have UEFI firmware must run in "UEFI" mode. Verify the system firmware is configured to run in "UEFI" mode, not "Legacy BIOS". Run "System Information". Under "System Summary", if "BIOS Mode" does not display "UEFI", this is a finding.
Fix Text
Configure UEFI firmware to run in "UEFI" mode, not "Legacy BIOS" mode.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| SCHR-P3-DP-001 | 164.231.170.44 | 2026-03-05 | |||
Finding DetailsEvaluate-STIG 1.2601.0 (Scan-WindowsServer2022_Checks) found this to be NOT A FINDING on 03/05/2026 ResultHash: F00AB6308F2F40793871577252596AC96D27494C ~~~~~ Confirm-SecureBootUEFI = True Comments |
|||||
Check Text
Devices that have UEFI firmware must have Secure Boot enabled. Run "System Information". Under "System Summary", if "Secure Boot State" does not display "On", this is a finding. On server core installations, run the following PowerShell command: Confirm-SecureBootUEFI If a value of "True" is not returned, this is a finding.
Fix Text
Enable Secure Boot in the system firmware.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| SCHR-P3-DP-001 | 164.231.170.44 | 2026-03-05 | |||
Finding DetailsEvaluate-STIG 1.2601.0 (Scan-WindowsServer2022_Checks) found this to be NOT A FINDING on 03/05/2026 ResultHash: 45DDCAF75C302AFBAF4F0083BDF37443F28A83CC ~~~~~ 'Reset account lockout counter after' is Configured LockoutDuration: 15 Comments |
|||||
Check Text
Verify the effective setting in Local Group Policy Editor. Run "gpedit.msc". Navigate to Local Computer Policy >> Computer Configuration >> Windows Settings >> Security Settings >> Account Policies >> Account Lockout Policy. If the "Account lockout duration" is less than "15" minutes (excluding "0"), this is a finding. For server core installations, run the following command: Secedit /Export /Areas SecurityPolicy /CFG C:\Path\FileName.Txt If "LockoutDuration" is less than "15" (excluding "0") in the file, this is a finding. Configuring this to "0", requiring an administrator to unlock the account, is more restrictive and is not a finding.
Fix Text
Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Account Policies >> Account Lockout Policy >> Account lockout duration to "15" minutes or greater. A value of "0" is also acceptable, requiring an administrator to unlock the account.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| SCHR-P3-DP-001 | 164.231.170.44 | 2026-03-05 | |||
Finding DetailsEvaluate-STIG 1.2601.0 (Scan-WindowsServer2022_Checks) found this to be NOT A FINDING on 03/05/2026 ResultHash: 41AA04D471372F76F2904EE0EF5CA66462310C29 ~~~~~ 'Account lockout threshold' is Configured LockoutBadCount: 3 Comments |
|||||
Check Text
Verify the effective setting in Local Group Policy Editor. Run "gpedit.msc". Navigate to Local Computer Policy >> Computer Configuration >> Windows Settings >> Security Settings >> Account Policies >> Account Lockout Policy. If the "Account lockout threshold" is "0" or more than "3" attempts, this is a finding. For server core installations, run the following command: Secedit /Export /Areas SecurityPolicy /CFG C:\Path\FileName.Txt If "LockoutBadCount" equals "0" or is greater than "3" in the file, this is a finding.
Fix Text
Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Account Policies >> Account Lockout Policy >> Account lockout threshold to "3" or fewer invalid logon attempts (excluding "0", which is unacceptable).
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| SCHR-P3-DP-001 | 164.231.170.44 | 2026-03-05 | |||
Finding DetailsEvaluate-STIG 1.2601.0 (Scan-WindowsServer2022_Checks) found this to be NOT A FINDING on 03/05/2026 ResultHash: C7A0EE0ADBB8B8A24BDEA6EC108E7DA83CCEAB1C ~~~~~ 'Reset account lockout counter after' is Configured ResetLockoutCount: 15 Comments |
|||||
Check Text
Verify the effective setting in Local Group Policy Editor. Run "gpedit.msc". Navigate to Local Computer Policy >> Computer Configuration >> Windows Settings >> Security Settings >> Account Policies >> Account Lockout Policy. If the "Reset account lockout counter after" value is less than "15" minutes, this is a finding. For server core installations, run the following command: Secedit /Export /Areas SecurityPolicy /CFG C:\Path\FileName.Txt If "ResetLockoutCount" is less than "15" in the file, this is a finding.
Fix Text
Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Account Policies >> Account Lockout Policy >> Reset account lockout counter after to at least "15" minutes.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| SCHR-P3-DP-001 | 164.231.170.44 | 2026-03-05 | |||
Finding DetailsEvaluate-STIG 1.2601.0 (Scan-WindowsServer2022_Checks) found this to be NOT A FINDING on 03/05/2026 ResultHash: 3D66E73980452DD8BD3CA8FE1C7ACB35BFFBF1E0 ~~~~~ 'Enforce password history' is Configured PasswordHistorySize: 24 Comments |
|||||
Check Text
Verify the effective setting in Local Group Policy Editor. Run "gpedit.msc". Navigate to Local Computer Policy >> Computer Configuration >> Windows Settings >> Security Settings >> Account Policies >> Password Policy. If the value for "Enforce password history" is less than "24" passwords remembered, this is a finding. For server core installations, run the following command: Secedit /Export /Areas SecurityPolicy /CFG C:\Path\FileName.Txt If "PasswordHistorySize" is less than "24" in the file, this is a finding.
Fix Text
Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Account Policies >> Password Policy >> Enforce password history to "24" passwords remembered.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| SCHR-P3-DP-001 | 164.231.170.44 | 2026-03-05 | |||
Finding DetailsEvaluate-STIG 1.2601.0 (Scan-WindowsServer2022_Checks) found this to be NOT A FINDING on 03/05/2026 ResultHash: 2375DBDED09541A6709A3597732260F71AD44BD7 ~~~~~ 'Maximum password age' is Configured MaximumPasswordAge: 60 Comments |
|||||
Check Text
Verify the effective setting in Local Group Policy Editor. Run "gpedit.msc". Navigate to Local Computer Policy >> Computer Configuration >> Windows Settings >> Security Settings >> Account Policies >> Password Policy. If the value for the "Maximum password age" is greater than "60" days, this is a finding. If the value is set to "0" (never expires), this is a finding. For server core installations, run the following command: Secedit /Export /Areas SecurityPolicy /CFG C:\Path\FileName.Txt If "MaximumPasswordAge" is greater than "60" or equal to "0" in the file, this is a finding.
Fix Text
Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Account Policies >> Password Policy >> Maximum password age to "60" days or less (excluding "0", which is unacceptable).
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| SCHR-P3-DP-001 | 164.231.170.44 | 2026-03-05 | |||
Finding DetailsEvaluate-STIG 1.2601.0 (Scan-WindowsServer2022_Checks) found this to be NOT A FINDING on 03/05/2026 ResultHash: E9E63FACC0D99C86CB8F91687EDAD046854EBCD0 ~~~~~ 'Minimum password age' is Configured MinimumPasswordAge: 1 Comments |
|||||
Check Text
Verify the effective setting in Local Group Policy Editor. Run "gpedit.msc". Navigate to Local Computer Policy >> Computer Configuration >> Windows Settings >> Security Settings >> Account Policies >> Password Policy. If the value for the "Minimum password age" is set to "0" days ("Password can be changed immediately"), this is a finding. For server core installations, run the following command: Secedit /Export /Areas SecurityPolicy /CFG C:\Path\FileName.Txt If "MinimumPasswordAge" equals "0" in the file, this is a finding.
Fix Text
Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Account Policies >> Password Policy >> Minimum password age to at least "1" day.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| SCHR-P3-DP-001 | 164.231.170.44 | 2026-03-05 | |||
Finding DetailsEvaluate-STIG 1.2601.0 (Scan-WindowsServer2022_Checks) found this to be NOT A FINDING on 03/05/2026 ResultHash: 6BE08ACAB8AD3365003019D2702FDF3075E0F32E ~~~~~ 'Minimum password length' is Configured MinimumPasswordLength: 14 Comments |
|||||
Check Text
Verify the effective setting in Local Group Policy Editor. Run "gpedit.msc". Navigate to Local Computer Policy >> Computer Configuration >> Windows Settings >> Security Settings >> Account Policies >> Password Policy. If the value for the "Minimum password length," is less than "14" characters, this is a finding. For server core installations, run the following command: Secedit /Export /Areas SecurityPolicy /CFG C:\Path\FileName.Txt If "MinimumPasswordLength" is less than "14" in the file, this is a finding.
Fix Text
Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Account Policies >> Password Policy >> "Minimum password length" to "14" characters.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| SCHR-P3-DP-001 | 164.231.170.44 | 2026-03-05 | |||
Finding DetailsEvaluate-STIG 1.2601.0 (Scan-WindowsServer2022_Checks) found this to be NOT A FINDING on 03/05/2026 ResultHash: 3254975B2BFF298E56535B14B1F167FECB6E84E0 ~~~~~ 'Password must meet complexity requirements' is Enabled PasswordComplexity: 1 Comments |
|||||
Check Text
Verify the effective setting in Local Group Policy Editor. Run "gpedit.msc". Navigate to Local Computer Policy >> Computer Configuration >> Windows Settings >> Security Settings >> Account Policies >> Password Policy. If the value for "Password must meet complexity requirements" is not set to "Enabled", this is a finding. For server core installations, run the following command: Secedit /Export /Areas SecurityPolicy /CFG C:\Path\FileName.Txt If "PasswordComplexity" equals "0" in the file, this is a finding. Note: If an external password filter is in use that enforces all four character types and requires this setting to be set to "Disabled", this would not be considered a finding. If this setting does not affect the use of an external password filter, it must be enabled for fallback purposes.
Fix Text
Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Account Policies >> Password Policy >> Password must meet complexity requirements to "Enabled".
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| SCHR-P3-DP-001 | 164.231.170.44 | 2026-03-05 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Determine if a process to back up log data to a different system or media than the system being audited has been implemented. If it has not, this is a finding.
Fix Text
Establish and implement a process for backing up log data to another system or media other than the system being audited.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| SCHR-P3-DP-001 | 164.231.170.44 | 2026-03-05 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Verify the audit records, at a minimum, are offloaded for interconnected systems in real time and offloaded for standalone or nondomain-joined systems weekly. If they are not, this is a finding.
Fix Text
Configure the system to, at a minimum, offload audit records of interconnected systems in real time and offload standalone or nondomain-joined systems weekly.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| SCHR-P3-DP-001 | 164.231.170.44 | 2026-03-05 | |||
Finding DetailsEvaluate-STIG 1.2601.0 (Scan-WindowsServer2022_Checks) found this to be NOT A FINDING on 03/05/2026 ResultHash: 548E1706345EB5A15CB428AA4BFEF9410EA96AA3 ~~~~~ Path: C:\WINDOWS\System32\Winevt\Logs\Application.evtx OverallState: Expected permissions in place Compliance: Compliant Comments |
|||||
Check Text
Navigate to the Application event log file. The default location is the "%SystemRoot%\System32\winevt\Logs" folder. However, the logs may have been moved to another folder. If the permissions for the "Application.evtx" file are not as restrictive as the default permissions listed below, this is a finding: Eventlog - Full Control SYSTEM - Full Control Administrators - Full Control
Fix Text
Configure the permissions on the Application event log file (Application.evtx) to prevent access by nonprivileged accounts. The default permissions listed below satisfy this requirement: Eventlog - Full Control SYSTEM - Full Control Administrators - Full Control The default location is the "%SystemRoot%\System32\winevt\Logs" folder. If the location of the logs has been changed, when adding Eventlog to the permissions, it must be entered as "NT Service\Eventlog".
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| SCHR-P3-DP-001 | 164.231.170.44 | 2026-03-05 | |||
Finding DetailsEvaluate-STIG 1.2601.0 (Scan-WindowsServer2022_Checks) found this to be NOT A FINDING on 03/05/2026 ResultHash: FC207BB5E6ABD073A18C6924714E55BE3BFE7F86 ~~~~~ Path: C:\WINDOWS\System32\Winevt\Logs\Security.evtx OverallState: Expected permissions in place Compliance: Compliant Comments |
|||||
Check Text
Navigate to the Security event log file. The default location is the "%SystemRoot%\System32\winevt\Logs" folder. However, the logs may have been moved to another folder. If the permissions for the "Security.evtx" file are not as restrictive as the default permissions listed below, this is a finding: Eventlog - Full Control SYSTEM - Full Control Administrators - Full Control
Fix Text
Configure the permissions on the Security event log file (Security.evtx) to prevent access by nonprivileged accounts. The default permissions listed below satisfy this requirement: Eventlog - Full Control SYSTEM - Full Control Administrators - Full Control The default location is the "%SystemRoot%\System32\winevt\Logs" folder. If the location of the logs has been changed, when adding Eventlog to the permissions, it must be entered as "NT Service\Eventlog".
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| SCHR-P3-DP-001 | 164.231.170.44 | 2026-03-05 | |||
Finding DetailsEvaluate-STIG 1.2601.0 (Scan-WindowsServer2022_Checks) found this to be NOT A FINDING on 03/05/2026 ResultHash: C8851B49AF642F6DEA2F56B31A82E5A84259555F ~~~~~ Path: C:\WINDOWS\System32\Winevt\Logs\System.evtx OverallState: Expected permissions in place Compliance: Compliant Comments |
|||||
Check Text
Navigate to the System event log file. The default location is the "%SystemRoot%\System32\winevt\Logs" folder. However, the logs may have been moved to another folder. If the permissions for the "System.evtx" file are not as restrictive as the default permissions listed below, this is a finding: Eventlog - Full Control SYSTEM - Full Control Administrators - Full Control
Fix Text
Configure the permissions on the System event log file (System.evtx) to prevent access by nonprivileged accounts. The default permissions listed below satisfy this requirement: Eventlog - Full Control SYSTEM - Full Control Administrators - Full Control The default location is the "%SystemRoot%\System32\winevt\Logs" folder. If the location of the logs has been changed, when adding Eventlog to the permissions, it must be entered as "NT Service\Eventlog".
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| SCHR-P3-DP-001 | 164.231.170.44 | 2026-03-05 | |||
Finding DetailsEvaluate-STIG 1.2601.0 (Scan-WindowsServer2022_Checks) found this to be NOT A FINDING on 03/05/2026 ResultHash: FFBD6629F8FCAB722C297362D4BCFAB3EE7637BC ~~~~~ Path: C:\WINDOWS\System32\Eventvwr.exe OverallState: Expected permissions in place Compliance: Compliant Comments |
|||||
Check Text
This is not applicable for Windows Core Edition. Navigate to "%SystemRoot%\System32". View the permissions on "Eventvwr.exe". If any groups or accounts other than TrustedInstaller have "Full control" or "Modify" permissions, this is a finding. The default permissions below satisfy this requirement: TrustedInstaller - Full Control Administrators, SYSTEM, Users, ALL APPLICATION PACKAGES, ALL RESTRICTED APPLICATION PACKAGES - Read & Execute
Fix Text
Configure the permissions on the "Eventvwr.exe" file to prevent modification by any groups or accounts other than TrustedInstaller. The default permissions listed below satisfy this requirement: TrustedInstaller - Full Control Administrators, SYSTEM, Users, ALL APPLICATION PACKAGES, ALL RESTRICTED APPLICATION PACKAGES - Read & Execute The default location is the "%SystemRoot%\System32" folder.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| SCHR-P3-DP-001 | 164.231.170.44 | 2026-03-05 | |||
Finding DetailsEvaluate-STIG 1.2601.0 (Scan-WindowsServer2022_Checks) found this to be NOT A FINDING on 03/05/2026 ResultHash: DA7DF341CB41A0B60FB92B392D3AA616EB0F8C60 ~~~~~ Credential Validation: Success and Failure Comments |
|||||
Check Text
Security Option "Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings" must be set to "Enabled" (WN22-SO-000050) for the detailed auditing subcategories to be effective. Use the "AuditPol" tool to review the current Audit Policy configuration: Open "PowerShell" or a "Command Prompt" with elevated privileges ("Run as administrator"). Enter "AuditPol /get /category:*" Compare the "AuditPol" settings with the following: If the system does not audit the following, this is a finding. Account Logon >> Credential Validation - Success
Fix Text
Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Advanced Audit Policy Configuration >> System Audit Policies >> Account Logon >> Audit Credential Validation with "Success" selected.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| SCHR-P3-DP-001 | 164.231.170.44 | 2026-03-05 | |||
Finding DetailsEvaluate-STIG 1.2601.0 (Scan-WindowsServer2022_Checks) found this to be NOT A FINDING on 03/05/2026 ResultHash: DA7DF341CB41A0B60FB92B392D3AA616EB0F8C60 ~~~~~ Credential Validation: Success and Failure Comments |
|||||
Check Text
Security Option "Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings" must be set to "Enabled" (WN22-SO-000050) for the detailed auditing subcategories to be effective. Use the "AuditPol" tool to review the current Audit Policy configuration: Open "PowerShell" or a "Command Prompt" with elevated privileges ("Run as administrator"). Enter "AuditPol /get /category:*" Compare the "AuditPol" settings with the following: If the system does not audit the following, this is a finding. Account Logon >> Credential Validation - Failure
Fix Text
Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Advanced Audit Policy Configuration >> System Audit Policies >> Account Logon >> Audit Credential Validation with "Failure" selected.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| SCHR-P3-DP-001 | 164.231.170.44 | 2026-03-05 | |||
Finding DetailsEvaluate-STIG 1.2601.0 (Scan-WindowsServer2022_Checks) found this to be NOT A FINDING on 03/05/2026 ResultHash: 9A6F552FAB98CF8F94D1E6F6BD0061408022D4E5 ~~~~~ Other Account Management Events: Success Comments |
|||||
Check Text
Security Option "Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings" must be set to "Enabled" (WN22-SO-000050) for the detailed auditing subcategories to be effective. Use the "AuditPol" tool to review the current Audit Policy configuration: Open "PowerShell" or a "Command Prompt" with elevated privileges ("Run as administrator"). Enter "AuditPol /get /category:*" Compare the "AuditPol" settings with the following: If the system does not audit the following, this is a finding: Account Management >> Other Account Management Events - Success
Fix Text
Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Advanced Audit Policy Configuration >> System Audit Policies >> Account Management >> Audit Other Account Management Events with "Success" selected.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| SCHR-P3-DP-001 | 164.231.170.44 | 2026-03-05 | |||
Finding DetailsEvaluate-STIG 1.2601.0 (Scan-WindowsServer2022_Checks) found this to be NOT A FINDING on 03/05/2026 ResultHash: E026B0CB713D941C6AC9CDB0976AD1DDCB8564DE ~~~~~ Security Group Management: Success Comments |
|||||
Check Text
Security Option "Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings" must be set to "Enabled" (WN22-SO-000050) for the detailed auditing subcategories to be effective. Use the "AuditPol" tool to review the current Audit Policy configuration: Open "PowerShell" or a "Command Prompt" with elevated privileges ("Run as administrator"). Enter "AuditPol /get /category:*" Compare the "AuditPol" settings with the following: If the system does not audit the following, this is a finding. Account Management >> Security Group Management - Success
Fix Text
Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Advanced Audit Policy Configuration >> System Audit Policies >> Account Management >> Audit Security Group Management with "Success" selected.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| SCHR-P3-DP-001 | 164.231.170.44 | 2026-03-05 | |||
Finding DetailsEvaluate-STIG 1.2601.0 (Scan-WindowsServer2022_Checks) found this to be NOT A FINDING on 03/05/2026 ResultHash: 3AA7E01468B70DEFA406DABDAF58FAD0F1E7BE63 ~~~~~ User Account Management: Success and Failure Comments |
|||||
Check Text
Security Option "Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings" must be set to "Enabled" (WN22-SO-000050) for the detailed auditing subcategories to be effective. Use the "AuditPol" tool to review the current Audit Policy configuration: Open "PowerShell" or a "Command Prompt" with elevated privileges ("Run as administrator"). Enter "AuditPol /get /category:*" Compare the "AuditPol" settings with the following: If the system does not audit the following, this is a finding. Account Management >> User Account Management - Success
Fix Text
Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Advanced Audit Policy Configuration >> System Audit Policies >> Account Management >> Audit User Account Management with "Success" selected.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| SCHR-P3-DP-001 | 164.231.170.44 | 2026-03-05 | |||
Finding DetailsEvaluate-STIG 1.2601.0 (Scan-WindowsServer2022_Checks) found this to be NOT A FINDING on 03/05/2026 ResultHash: 3AA7E01468B70DEFA406DABDAF58FAD0F1E7BE63 ~~~~~ User Account Management: Success and Failure Comments |
|||||
Check Text
Security Option "Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings" must be set to "Enabled" (WN22-SO-000050) for the detailed auditing subcategories to be effective. Use the "AuditPol" tool to review the current Audit Policy configuration: Open "PowerShell" or a "Command Prompt" with elevated privileges ("Run as administrator"). Enter "AuditPol /get /category:*" Compare the "AuditPol" settings with the following: If the system does not audit the following, this is a finding. Account Management >> User Account Management - Failure
Fix Text
Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Advanced Audit Policy Configuration >> System Audit Policies >> Account Management >> Audit User Account Management with "Failure" selected.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| SCHR-P3-DP-001 | 164.231.170.44 | 2026-03-05 | |||
Finding DetailsEvaluate-STIG 1.2601.0 (Scan-WindowsServer2022_Checks) found this to be NOT A FINDING on 03/05/2026 ResultHash: DCA308C4975262F51F29DAED106C291E8960644D ~~~~~ Plug and Play Events: Success Comments |
|||||
Check Text
Security Option "Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings" must be set to "Enabled" (WN22-SO-000050) for the detailed auditing subcategories to be effective. Use the "AuditPol" tool to review the current Audit Policy configuration: Open "PowerShell" or a "Command Prompt" with elevated privileges ("Run as administrator"). Enter "AuditPol /get /category:*" Compare the "AuditPol" settings with the following: If the system does not audit the following, this is a finding. Detailed Tracking >> Plug and Play Events - Success
Fix Text
Configure the policy value for Computer Configuration >> Windows Settings >> Advanced Audit Policy Configuration >> System Audit Policies >> Detailed Tracking >> Audit PNP Activity with "Success" selected.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| SCHR-P3-DP-001 | 164.231.170.44 | 2026-03-05 | |||
Finding DetailsEvaluate-STIG 1.2601.0 (Scan-WindowsServer2022_Checks) found this to be NOT A FINDING on 03/05/2026 ResultHash: 812B92C97F6B9D7E16F6294B301DF81AC57720AA ~~~~~ Process Creation: Success Comments |
|||||
Check Text
Security Option "Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings" must be set to "Enabled" (WN22-SO-000050) for the detailed auditing subcategories to be effective. Use the "AuditPol" tool to review the current Audit Policy configuration: Open "PowerShell" or a "Command Prompt" with elevated privileges ("Run as administrator"). Enter "AuditPol /get /category:*" Compare the "AuditPol" settings with the following: If the system does not audit the following, this is a finding. Detailed Tracking >> Process Creation - Success
Fix Text
Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Advanced Audit Policy Configuration >> System Audit Policies >> Detailed Tracking >> Audit Process Creation with "Success" selected.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| SCHR-P3-DP-001 | 164.231.170.44 | 2026-03-05 | |||
Finding DetailsEvaluate-STIG 1.2601.0 (Scan-WindowsServer2022_Checks) found this to be NOT A FINDING on 03/05/2026 ResultHash: 93A0853E44773D10564D3ED14795A30CC6191C41 ~~~~~ Account Lockout: Failure Comments |
|||||
Check Text
Security Option "Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings" must be set to "Enabled" (WN22-SO-000050) for the detailed auditing subcategories to be effective. Use the "AuditPol" tool to review the current Audit Policy configuration: Open "PowerShell" or a "Command Prompt" with elevated privileges ("Run as administrator"). Enter "AuditPol /get /category:*" Compare the "AuditPol" settings with the following: If the system does not audit the following, this is a finding. Logon/Logoff >> Account Lockout - Failure
Fix Text
Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Advanced Audit Policy Configuration >> System Audit Policies >> Logon/Logoff >> Audit Account Lockout with "Failure" selected.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| SCHR-P3-DP-001 | 164.231.170.44 | 2026-03-05 | |||
Finding DetailsEvaluate-STIG 1.2601.0 (Scan-WindowsServer2022_Checks) found this to be NOT A FINDING on 03/05/2026 ResultHash: 6318D6520C67CFD4EB30011DEB0BCAC76DCB6CC8 ~~~~~ Group Membership: Success Comments |
|||||
Check Text
Security Option "Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings" must be set to "Enabled" (WN22-SO-000050) for the detailed auditing subcategories to be effective. Use the "AuditPol" tool to review the current Audit Policy configuration: Open "PowerShell" or a "Command Prompt" with elevated privileges ("Run as administrator"). Enter "AuditPol /get /category:*" Compare the "AuditPol" settings with the following: If the system does not audit the following, this is a finding. Logon/Logoff >> Group Membership - Success
Fix Text
Configure the policy value for Computer Configuration >> Windows Settings >> Advanced Audit Policy Configuration >> System Audit Policies >> Logon/Logoff >> Audit Group Membership with "Success" selected.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| SCHR-P3-DP-001 | 164.231.170.44 | 2026-03-05 | |||
Finding DetailsEvaluate-STIG 1.2601.0 (Scan-WindowsServer2022_Checks) found this to be NOT A FINDING on 03/05/2026 ResultHash: 7A950E7532BE5A2E4F09E8A1E67C0FDAF4E8851D ~~~~~ Logoff: Success Comments |
|||||
Check Text
Security Option "Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings" must be set to "Enabled" (WN22-SO-000050) for the detailed auditing subcategories to be effective. Use the "AuditPol" tool to review the current Audit Policy configuration: Open "PowerShell" or a "Command Prompt" with elevated privileges ("Run as administrator"). Enter "AuditPol /get /category:*" Compare the "AuditPol" settings with the following: If the system does not audit the following, this is a finding. Logon/Logoff >> Logoff - Success
Fix Text
Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Advanced Audit Policy Configuration >> System Audit Policies >> Logon/Logoff >> Audit Logoff with "Success" selected.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| SCHR-P3-DP-001 | 164.231.170.44 | 2026-03-05 | |||
Finding DetailsEvaluate-STIG 1.2601.0 (Scan-WindowsServer2022_Checks) found this to be NOT A FINDING on 03/05/2026 ResultHash: 6557C8974FEC4237F5E900001DCA960F93582900 ~~~~~ Logon: Success and Failure Comments |
|||||
Check Text
Security Option "Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings" must be set to "Enabled" (WN22-SO-000050) for the detailed auditing subcategories to be effective. Use the "AuditPol" tool to review the current Audit Policy configuration: Open "PowerShell" or a "Command Prompt" with elevated privileges ("Run as administrator"). Enter "AuditPol /get /category:*" Compare the "AuditPol" settings with the following: If the system does not audit the following, this is a finding. Logon/Logoff >> Logon - Success
Fix Text
Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Advanced Audit Policy Configuration >> System Audit Policies >> Logon/Logoff >> Audit Logon with "Success" selected.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| SCHR-P3-DP-001 | 164.231.170.44 | 2026-03-05 | |||
Finding DetailsEvaluate-STIG 1.2601.0 (Scan-WindowsServer2022_Checks) found this to be NOT A FINDING on 03/05/2026 ResultHash: 6557C8974FEC4237F5E900001DCA960F93582900 ~~~~~ Logon: Success and Failure Comments |
|||||
Check Text
Security Option "Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings" must be set to "Enabled" (WN22-SO-000050) for the detailed auditing subcategories to be effective. Use the "AuditPol" tool to review the current Audit Policy configuration: Open "PowerShell" or a "Command Prompt" with elevated privileges ("Run as administrator"). Enter "AuditPol /get /category:*" Compare the "AuditPol" settings with the following: If the system does not audit the following, this is a finding. Logon/Logoff >> Logon - Failure
Fix Text
Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Advanced Audit Policy Configuration >> System Audit Policies >> Logon/Logoff >> Audit Logon with "Failure" selected.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| SCHR-P3-DP-001 | 164.231.170.44 | 2026-03-05 | |||
Finding DetailsEvaluate-STIG 1.2601.0 (Scan-WindowsServer2022_Checks) found this to be NOT A FINDING on 03/05/2026 ResultHash: BA41DFC702C29EE8A4A2E9FCA6F596F4BCEB5161 ~~~~~ Special Logon: Success Comments |
|||||
Check Text
Security Option "Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings" must be set to "Enabled" (WN22-SO-000050) for the detailed auditing subcategories to be effective. Use the "AuditPol" tool to review the current Audit Policy configuration: Open "PowerShell" or a "Command Prompt" with elevated privileges ("Run as administrator"). Enter "AuditPol /get /category:*" Compare the "AuditPol" settings with the following: If the system does not audit the following, this is a finding. Logon/Logoff >> Special Logon - Success
Fix Text
Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Advanced Audit Policy Configuration >> System Audit Policies >> Logon/Logoff >> Audit Special Logon with "Success" selected.