Registry Modifications - HP StorageWorks X5000 Technical Manual

Nas security: technical guide to nsa, c2, e3-fc2, and cc security compliancy

Hide thumbs Also See for StorageWorks X5000:

Release note (39 pages)

Limited warranty (76 pages)

Support manual (17 pages)

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

page of 156

/ 156
Contents
Table of Contents
Bookmarks

Table of Contents

Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options

The Devices: Restrict floppy access to locally logged-on user only security option setting determines

whether removable floppy media are accessible to both local and remote users simultaneously.

Enabling this setting allows only the interactively logged-on user to access removable floppy media. If

this policy is enabled, and no one is logged on interactively, the floppy media is accessible over the

network. For CC security compliancy, this value is set to Enabled.

Audit: Shut down system immediately if unable to log security audits

Member Server Default

Disabled

This Security Option setting can be configured in Windows Server 2003 at the following location

within the Group Policy Object Editor:

Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options

The Audit: Shut down system immediately if unable to log security audits security option setting

determines whether the system shuts down immediately if it is unable to log security events. The

administrative overhead required to enable this setting in the Legacy Client and Enterprise Client

environments was determined to be too high within NSA security requirements. However, this setting

must be set to Enabled for CC security compliancy.

Member Server Default

Warn but allow

installation

This Security Option setting can be configured in Windows Server 2003 at the following location

within the Group Policy Object Editor:

Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options

The Devices: Unsigned non-driver installation behavior security option setting determines what

happens when an attempt is made to install a non-device driver software that has not been certified.

This option prevents the installation of unsigned non-driver software or warns the administrator that an

unsigned non-driver software is about to be installed. This can prevent installing non-drivers that have

not been certified to run on Windows Server 2003. One potential problem with configuring this

setting to the Warn but allow installation value is that unattended installation scripts will fail when

installing unsigned non-drivers.

3.2 Registry Modifications

The following registry modifications or additions are required to meet CC security requirements.

Key Path: HKLM\SYSTEM\CurrentControlSet\Control\GraphicsDrivers

Key: DCI

Name: Timeout

Legacy Client

Enabled

Devices: Unsigned non-driver installation behavior

Legacy Client

Warn but allow

installation

Disable DirectDraw

153

Enterprise Client

Enabled

Enterprise Client

Warn but allow

installation

Value

REG_DWORD

High Security Client

Enabled

High Security Client

Warn but allow

installation

Format

Value

Table of Contents

This manual is also suitable for:

Nsa security compliancy C2 security compliancy E3-fc2 security compliancy Cc security compliancy

Registry Modifications - HP StorageWorks X5000 Technical Manual

3.2 Registry Modifications

Related Manuals for HP StorageWorks X5000

Related Content for HP StorageWorks X5000

This manual is also suitable for:

Table of Contents