Update to HardeningKitty v.0.8.0

scipag · Jun 30, 2022 · de49220 · de49220
1 parent c33feeb
commit de49220
Show file tree

Hide file tree

Showing 44 changed files with 5,835 additions and 2,719 deletions.
diff --git a/Invoke-HardeningKitty.ps1 b/Invoke-HardeningKitty.ps1
diff --git a/README.md b/README.md
@@ -143,14 +143,24 @@ HardeningKitty can be used to audit systems against the following baselines / be
 | CIS Microsoft Windows 10 Enterprise (User) | 2004 | 1.9.1 |
 | CIS Microsoft Windows 10 Enterprise (Machine) | 20H2 | 1.10.1 |
 | CIS Microsoft Windows 10 Enterprise (User) | 20H2 | 1.10.1 |
+| CIS Microsoft Windows 10 Enterprise (Machine) | 21H1 | 1.11.0 |
+| CIS Microsoft Windows 10 Enterprise (User) | 21H1 | 1.11.0 |
+| CIS Microsoft Windows 10 Enterprise (Machine) | 21H2 | 1.12.0 |
+| CIS Microsoft Windows 10 Enterprise (User) | 21H2 | 1.12.0 |
+| CIS Microsoft Windows 11 Enterprise (Machine) | 21H2 | 1.0.0 |
+| CIS Microsoft Windows 11 Enterprise (User) | 21H2 | 1.0.0 |
 | CIS Microsoft Windows Server 2012 R2 (Machine) | R2 | 2.4.0 |
 | CIS Microsoft Windows Server 2012 R2 (User) | R2 | 2.4.0 |
 | CIS Microsoft Windows Server 2016 (Machine) | 1607 | 1.2.0 |
 | CIS Microsoft Windows Server 2016 (User) | 1607 | 1.2.0 |
+| CIS Microsoft Windows Server 2016 (Machine) | 1607 | 1.3.0 |
+| CIS Microsoft Windows Server 2016 (User) | 1607 | 1.3.0 |
 | CIS Microsoft Windows Server 2019 (Machine) | 1809 | 1.1.0 |
 | CIS Microsoft Windows Server 2019 (User) | 1809 | 1.1.0 |
-| CIS Microsoft Windows Server 2019 (Machine) | 1809 | 1.2.0 |
-| CIS Microsoft Windows Server 2019 (User) | 1809 | 1.2.0 |
+| CIS Microsoft Windows Server 2019 (Machine) | 1809 | 1.2.1 |
+| CIS Microsoft Windows Server 2019 (User) | 1809 | 1.2.1 |
+| CIS Microsoft Windows Server 2022 (Machine) | 21H2 | 1.0.0 |
+| CIS Microsoft Windows Server 2022 (User) | 21H2 | 1.0.0 |
 | DoD Microsoft Windows 10 STIG (Machine) | 20H2 | v2r1 |
 | DoD Microsoft Windows 10 STIG (User) | 20H2 | v2r1 |
 | DoD Windows Server 2019 Domain Controller STIG (Machine) | 20H2 | v2r1 |
@@ -165,6 +175,8 @@ HardeningKitty can be used to audit systems against the following baselines / be
 | Microsoft Security baseline for Microsoft Edge | 93, 94 | Final |
 | Microsoft Security baseline for Microsoft Edge | 95 | Final |
 | Microsoft Security baseline for Microsoft Edge | 96 | Final |
+| Microsoft Security baseline for Microsoft Edge | 97 | Final |
+| Microsoft Security baseline for Microsoft Edge | 98, 99, 100, 101, 102, 103 | Final |
 | Microsoft Security baseline for Windows 10 | 2004 | Final |
 | Microsoft Security baseline for Windows 10 | 20H2, 21H1 | Final |
 | Microsoft Security baseline for Windows 10 | 21H2 | Final |
@@ -181,5 +193,8 @@ HardeningKitty can be used to audit systems against the following baselines / be
 | Microsoft Security Baseline for Microsoft 365 Apps for enterprise (User) | v2104, v2106 | Final |
 | Microsoft Security Baseline for Microsoft 365 Apps for enterprise (Machine) | v2112 | Final |
 | Microsoft Security Baseline for Microsoft 365 Apps for enterprise (User) | v2112 | Final |
+| Microsoft Security Baseline for Microsoft 365 Apps for enterprise (Machine) | v2206 | Final |
+| Microsoft Security Baseline for Microsoft 365 Apps for enterprise (User) | v2206 | Final |
 | Microsoft Windows Server TLS Settings | 1809 | 1.0 |
 | Microsoft Windows Server TLS Settings (Future Use with TLSv1.3) | 1903 | 1.0 |
+
diff --git a/lists/finding_list_0x6d69636b_machine.csv b/lists/finding_list_0x6d69636b_machine.csv
@@ -154,7 +154,7 @@ ID,Category,Name,Method,MethodArgument,RegistryPath,RegistryItem,ClassName,Names
 1693,"Administrative Templates: System","Remote Procedure Call: Restrict Unauthenticated RPC clients",Registry,,"HKLM:\Software\Policies\Microsoft\Windows NT\Rpc",RestrictRemoteClients,,,,0,2,=,Medium
 1694,"Administrative Templates: System","Security Settings: Enable svchost.exe mitigation options",Registry,,HKLM:\SYSTEM\CurrentControlSet\Control\SCMConfig,EnableSvchostMitigationPolicy,,,,0,1,=,Medium
 1695,"Administrative Templates: System","Windows Performance PerfTrack: Enable/Disable PerfTrack",Registry,,HKLM:\SOFTWARE\Policies\Microsoft\Windows\WDI\{9c5a40da-b965-4fc3-8781-88dd50a6299d},ScenarioExecutionEnabled,,,,1,0,=,Medium
-1696,"Administrative Templates: System","User Profiles: Turn of the advertising ID",Registry,,HKLM:\SOFTWARE\Policies\Microsoft\Windows\AdvertisingInfo,DisabledByGroupPolicy,,,,0,1,=,Medium
+1696,"Administrative Templates: System","User Profiles: Turn off the advertising ID",Registry,,HKLM:\SOFTWARE\Policies\Microsoft\Windows\AdvertisingInfo,DisabledByGroupPolicy,,,,0,1,=,Medium
 1697,"Administrative Templates: System","Time Providers: Enable Windows NTP Client",Registry,,HKLM:\Software\Policies\Microsoft\W32time\TimeProviders\NtpClient,Enabled,,,,0,1,=,Medium
 1698,"Administrative Templates: System","Time Providers: Enable Windows NTP Server",Registry,,HKLM:\Software\Policies\Microsoft\W32time\TimeProviders\NtpServer,Enabled,,,,0,0,=,Medium
 1700,"Administrative Templates: Windows Components","App Package Deployment: Allow a Windows app to share application data between users",Registry,,HKLM:\Software\Policies\Microsoft\Windows\CurrentVersion\AppModel\StateManager,AllowSharedLocalAppData,,,,1,0,=,Medium
@@ -184,15 +184,15 @@ ID,Category,Name,Method,MethodArgument,RegistryPath,RegistryItem,ClassName,Names
 1721,"Administrative Templates: Windows Components","Cloud Content: Turn off Microsoft consumer experiences",Registry,,HKLM:\Software\Policies\Microsoft\Windows\CloudContent,DisableWindowsConsumerFeatures,,,,0,1,=,Medium
 1722,"Administrative Templates: Windows Components","Credential User Interface: Do not display the password reveal button",Registry,,HKLM:\Software\Policies\Microsoft\Windows\CredUI,DisablePasswordReveal,,,,0,1,=,Medium
 1724,"Administrative Templates: Windows Components","Credential User Interface: Enumerate administrator accounts on elevation",Registry,,HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\CredUI,EnumerateAdministrators,,,,1,0,=,Medium
-1725,"Administrative Templates: Windows Components","Data Collection and Preview Builds: Allow Telemetry",Registry,,HKLM:\Software\Policies\Microsoft\Windows\DataCollection,AllowTelemetry,,,,2,1,<=,Medium
+1725,"Administrative Templates: Windows Components","Data Collection and Preview Builds: Allow Diagnostic Data",Registry,,HKLM:\Software\Policies\Microsoft\Windows\DataCollection,AllowTelemetry,,,,2,1,<=,Medium
 1726,"Administrative Templates: Windows Components","Data Collection and Preview Builds: Allow device name to be sent in Windows diagnostic data",Registry,,HKLM:\Software\Policies\Microsoft\Windows\DataCollection,AllowDeviceNameInTelemetry,,,,1,0,=,Medium
 1727,"Administrative Templates: Windows Components","Delivery Optimization: Download Mode",Registry,,HKLM:\SOFTWARE\Policies\Microsoft\Windows\DeliveryOptimization,DODownloadMode,,,,1,99,=,Medium
-1728,"Administrative Templates: Windows Components","Event Log Service: Specify the maximum Application log file size (KB)",Registry,,HKLM:\Software\Policies\Microsoft\Windows\EventLog\Application,MaxSize,,,,4096,32768,>=,Medium
-1729,"Administrative Templates: Windows Components","Event Log Service: Specify the maximum Security log file size (KB)",Registry,,HKLM:\Software\Policies\Microsoft\Windows\EventLog\Security,MaxSize,,,,4096,196608,>=,Medium
-1730,"Administrative Templates: Windows Components","Event Log Service: Specify the maximum System log file size (KB)",Registry,,HKLM:\Software\Policies\Microsoft\Windows\EventLog\System,MaxSize,,,,4096,32768,>=,Medium
+1728,"Administrative Templates: Windows Components","Event Log Service: Application: Specify the maximum log file size (KB)",Registry,,HKLM:\Software\Policies\Microsoft\Windows\EventLog\Application,MaxSize,,,,4096,32768,>=,Medium
+1729,"Administrative Templates: Windows Components","Event Log Service: Security: Specify the maximum log file size (KB)",Registry,,HKLM:\Software\Policies\Microsoft\Windows\EventLog\Security,MaxSize,,,,4096,196608,>=,Medium
+1730,"Administrative Templates: Windows Components","Event Log Service: System: Specify the maximum log file size (KB)",Registry,,HKLM:\Software\Policies\Microsoft\Windows\EventLog\System,MaxSize,,,,4096,32768,>=,Medium
 1731,"Administrative Templates: Windows Components","File Explorer: Allow the use of remote paths in file shortcut icons",Registry,,HKLM:\Software\Policies\Microsoft\Windows\Explorer,EnableShellShortcutIconRemotePath,,,,0,0,=,Medium
 1732,"Administrative Templates: Windows Components","HomeGroup: Prevent the computer from joining a homegroup",Registry,,HKLM:\Software\Policies\Microsoft\Windows\HomeGroup,DisableHomeGroup,,,,0,1,=,Medium
-1800,"Microsoft Defender Antivirus","Turn off Windows Defender Antivirus",Registry,,"HKLM:\Software\Policies\Microsoft\Windows Defender",DisableAntiSpyware,,,,0,0,=,Medium
+1800,"Microsoft Defender Antivirus","Turn off Microsoft Defender Antivirus",Registry,,"HKLM:\Software\Policies\Microsoft\Windows Defender",DisableAntiSpyware,,,,0,0,=,Medium
 1801,"Microsoft Defender Antivirus","Configure detection for potentially unwanted applications",Registry,,"HKLM:\Software\Policies\Microsoft\Windows Defender",PUAProtection,,,,0,1,>=,Medium
 1806,"Microsoft Defender Antivirus","Exclusions: Extension Exclusions (Policy)",Registry,,"HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions",Exclusions_Extensions,,,,,,=,Medium
 1807,"Microsoft Defender Antivirus","Exclusions: List Extension Exclusions",MpPreferenceExclusion,ExclusionExtension,,,,,,,,=,Medium
@@ -204,20 +204,20 @@ ID,Category,Name,Method,MethodArgument,RegistryPath,RegistryItem,ClassName,Names
 1900,"Microsoft Defender Exploit Guard","Attack Surface Reduction rules",Registry,,"HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR",ExploitGuard_ASR_Rules,,,,0,1,=,Medium
 1901,"Microsoft Defender Exploit Guard","ASR: Block executable content from email client and webmail (Policy)",Registry,,"HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\rules",be9ba2d9-53ea-4cdc-84e5-9b1eeee46550,,,,0,1,=,Medium
 1916,"Microsoft Defender Exploit Guard","ASR: Block executable content from email client and webmail",MpPreferenceAsr,be9ba2d9-53ea-4cdc-84e5-9b1eeee46550,,,,,,0,1,=,Medium
-1902,"Microsoft Defender Exploit Guard","ASR: Block Office applications from creating child processes (Policy)",Registry,,"HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\rules",d4f940ab-401b-4efc-aadc-ad5f3c50688a,,,,0,1,=,Medium
-1917,"Microsoft Defender Exploit Guard","ASR: Block Office applications from creating child processes",MpPreferenceAsr,d4f940ab-401b-4efc-aadc-ad5f3c50688a,,,,,,0,1,=,Medium
+1902,"Microsoft Defender Exploit Guard","ASR: Block all Office applications from creating child processes (Policy)",Registry,,"HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\rules",d4f940ab-401b-4efc-aadc-ad5f3c50688a,,,,0,1,=,Medium
+1917,"Microsoft Defender Exploit Guard","ASR: Block all Office applications from creating child processes",MpPreferenceAsr,d4f940ab-401b-4efc-aadc-ad5f3c50688a,,,,,,0,1,=,Medium
 1903,"Microsoft Defender Exploit Guard","ASR: Block Office applications from creating executable content (Policy)",Registry,,"HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\rules",3b576869-a4ec-4529-8536-b80a7769e899,,,,0,1,=,Medium
 1918,"Microsoft Defender Exploit Guard","ASR: Block Office applications from creating executable content",MpPreferenceAsr,3b576869-a4ec-4529-8536-b80a7769e899,,,,,,0,1,=,Medium
-1904,"Microsoft Defender Exploit Guard","ASR: Block Office applications from injecting into other processes (Policy)",Registry,,"HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\rules",75668c1f-73b5-4cf0-bb93-3ecf5cb7cc84,,,,0,1,=,Medium
-1919,"Microsoft Defender Exploit Guard","ASR: Block Office applications from injecting into other processes",MpPreferenceAsr,75668c1f-73b5-4cf0-bb93-3ecf5cb7cc84,,,,,,0,1,=,Medium
+1904,"Microsoft Defender Exploit Guard","ASR: Block Office applications from injecting code into other processes (Policy)",Registry,,"HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\rules",75668c1f-73b5-4cf0-bb93-3ecf5cb7cc84,,,,0,1,=,Medium
+1919,"Microsoft Defender Exploit Guard","ASR: Block Office applications from injecting code into other processes",MpPreferenceAsr,75668c1f-73b5-4cf0-bb93-3ecf5cb7cc84,,,,,,0,1,=,Medium
 1905,"Microsoft Defender Exploit Guard","ASR: Block JavaScript or VBScript from launching downloaded executable content (Policy)",Registry,,"HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\rules",d3e037e1-3eb8-44c8-a917-57927947596d,,,,0,1,=,Medium
 1920,"Microsoft Defender Exploit Guard","ASR: Block JavaScript or VBScript from launching downloaded executable content",MpPreferenceAsr,d3e037e1-3eb8-44c8-a917-57927947596d,,,,,,0,1,=,Medium
 1906,"Microsoft Defender Exploit Guard","ASR: Block execution of potentially obfuscated scripts (Policy)",Registry,,"HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\rules",5beb7efe-fd9a-4556-801d-275e5ffc04cc,,,,0,1,=,Medium
 1921,"Microsoft Defender Exploit Guard","ASR: Block execution of potentially obfuscated scripts",MpPreferenceAsr,5beb7efe-fd9a-4556-801d-275e5ffc04cc,,,,,,0,1,=,Medium
-1907,"Microsoft Defender Exploit Guard","ASR: Block Win32 imports from Macro code in Office (Policy)",Registry,,"HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\rules",92e97fa1-2edf-4476-bdd6-9dd0b4dddc7b,,,,0,1,=,Medium
-1922,"Microsoft Defender Exploit Guard","ASR: Block Win32 imports from Macro code in Office",MpPreferenceAsr,92e97fa1-2edf-4476-bdd6-9dd0b4dddc7b,,,,,,0,1,=,Medium
-1908,"Microsoft Defender Exploit Guard","ASR: Block executable files from running unless they meet a prevalence, age, or trusted list criteria (Policy)",Registry,,"HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\rules",01443614-cd74-433a-b99e-2ecdc07bfc25,,,,0,1,=,Medium
-1923,"Microsoft Defender Exploit Guard","ASR: Block executable files from running unless they meet a prevalence, age, or trusted list criteria",MpPreferenceAsr,01443614-cd74-433a-b99e-2ecdc07bfc25,,,,,,0,1,=,Medium
+1907,"Microsoft Defender Exploit Guard","ASR: Block Win32 API calls from Office macros (Policy)",Registry,,"HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\rules",92e97fa1-2edf-4476-bdd6-9dd0b4dddc7b,,,,0,1,=,Medium
+1922,"Microsoft Defender Exploit Guard","ASR: Block Win32 API calls from Office macros",MpPreferenceAsr,92e97fa1-2edf-4476-bdd6-9dd0b4dddc7b,,,,,,0,1,=,Medium
+1908,"Microsoft Defender Exploit Guard","ASR: Block executable files from running unless they meet a prevalence, age, or trusted list criterion (Policy)",Registry,,"HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\rules",01443614-cd74-433a-b99e-2ecdc07bfc25,,,,0,1,=,Medium
+1923,"Microsoft Defender Exploit Guard","ASR: Block executable files from running unless they meet a prevalence, age, or trusted list criterion",MpPreferenceAsr,01443614-cd74-433a-b99e-2ecdc07bfc25,,,,,,0,1,=,Medium
 1909,"Microsoft Defender Exploit Guard","ASR: Use advanced protection against ransomware (Policy)",Registry,,"HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\rules",c1db55ab-c21a-4637-bb3f-a12568109d35,,,,0,1,=,Medium
 1924,"Microsoft Defender Exploit Guard","ASR: Use advanced protection against ransomware",MpPreferenceAsr,c1db55ab-c21a-4637-bb3f-a12568109d35,,,,,,0,1,=,Medium
 1910,"Microsoft Defender Exploit Guard","ASR: Block credential stealing from the Windows local security authority subsystem (lsass.exe) (Policy)",Registry,,"HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\rules",9e6c4e1f-7d60-472f-ba1a-a39ef669e4b2,,,,0,1,=,Medium
@@ -226,8 +226,8 @@ ID,Category,Name,Method,MethodArgument,RegistryPath,RegistryItem,ClassName,Names
 1926,"Microsoft Defender Exploit Guard","ASR: Block process creations originating from PSExec and WMI commands",MpPreferenceAsr,d1e49aac-8f56-4280-b9ba-993a6d77406c,,,,,,0,1,=,Medium
 1912,"Microsoft Defender Exploit Guard","ASR: Block untrusted and unsigned processes that run from USB (Policy)",Registry,,"HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\rules",b2b3f03d-6a65-4f7b-a9c7-1c7ef74a9ba4,,,,0,1,=,Medium
 1927,"Microsoft Defender Exploit Guard","ASR: Block untrusted and unsigned processes that run from USB",MpPreferenceAsr,b2b3f03d-6a65-4f7b-a9c7-1c7ef74a9ba4,,,,,,0,1,=,Medium
-1913,"Microsoft Defender Exploit Guard","ASR: Block Office communication applications from creating child processes (Policy)",Registry,,"HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\rules",26190899-1602-49e8-8b27-eb1d0a1ce869,,,,0,1,=,Medium
-1928,"Microsoft Defender Exploit Guard","ASR: Block Office communication applications from creating child processes",MpPreferenceAsr,26190899-1602-49e8-8b27-eb1d0a1ce869,,,,,,0,1,=,Medium
+1913,"Microsoft Defender Exploit Guard","ASR: Block Office communication application from creating child processes (Policy)",Registry,,"HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\rules",26190899-1602-49e8-8b27-eb1d0a1ce869,,,,0,1,=,Medium
+1928,"Microsoft Defender Exploit Guard","ASR: Block Office communication application from creating child processes",MpPreferenceAsr,26190899-1602-49e8-8b27-eb1d0a1ce869,,,,,,0,1,=,Medium
 1914,"Microsoft Defender Exploit Guard","ASR: Block Adobe Reader from creating child processes (Policy)",Registry,,"HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\rules",7674ba52-37eb-4a4f-a9a1-f0f9a1619a2c,,,,0,1,=,Medium
 1929,"Microsoft Defender Exploit Guard","ASR: Block Adobe Reader from creating child processes",MpPreferenceAsr,7674ba52-37eb-4a4f-a9a1-f0f9a1619a2c,,,,,,0,1,=,Medium
 1915,"Microsoft Defender Exploit Guard","ASR: Block persistence through WMI event subscription (Policy)",Registry,,"HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\ASR\rules",e6db77e5-3df2-4cf1-b95a-636979351e5b,,,,0,1,=,Medium

diff --git a/lists/finding_list_bsi_sisyphus_windows_10_hd_machine.csv b/lists/finding_list_bsi_sisyphus_windows_10_hd_machine.csv
@@ -73,7 +73,7 @@ ID,Category,Name,Method,MethodArgument,RegistryPath,RegistryItem,ClassName,Names
 31,"Administrative Templates: Network","Windows Connect Now: Configuration of wireless settings using Windows Connect Now (DisableWPDRegistrar)",Registry,,HKLM:\SOFTWARE\Policies\Microsoft\Windows\WCN\Registrars,DisableWPDRegistrar,,,,1,0,=,Medium
 32,"Administrative Templates: Network","Windows Connect Now: Prohibit access of the Windows Connect Now wizards",Registry,,HKLM:\SOFTWARE\Policies\Microsoft\Windows\WCN\UI,DisableWcnUi,,,,0,1,=,Medium
 36,"Administrative Templates: Start Menu and Taskbar","Notifications: Turn off notifications network usage",Registry,,HKLM:\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\PushNotifications,NoCloudApplicationNotification,,,,0,1,=,Medium
-47,"Administrative Templates: System","User Profiles: Turn of the advertising ID",Registry,,HKLM:\SOFTWARE\Policies\Microsoft\Windows\AdvertisingInfo,DisabledByGroupPolicy,,,,0,1,=,Medium
+47,"Administrative Templates: System","User Profiles: Turn off the advertising ID",Registry,,HKLM:\SOFTWARE\Policies\Microsoft\Windows\AdvertisingInfo,DisabledByGroupPolicy,,,,0,1,=,Medium
 48,"Administrative Templates: System","OS Policies: Allow upload of User Activities",Registry,,HKLM:\SOFTWARE\Policies\Microsoft\Windows\System,UploadUserActivities,,,,1,0,=,Medium
 49,"Administrative Templates: System","OS Policies: Allow Clipboard synchronization across devices",Registry,,HKLM:\SOFTWARE\Policies\Microsoft\Windows\System,AllowCrossDeviceClipboard,,,,1,0,=,Medium
 58,"Administrative Templates: System","Locale Services: Disallow copying of user input methods to the system account for sign-in",Registry,,"HKLM:\SOFTWARE\Policies\Microsoft\Control Panel\International",BlockUserInputMethodsForSignIn,,,,0,1,=,Medium