Policy Commander delivers powerful security policy management that improves the overall security state of your network, and helps you comply with data privacy and security provisions of regulatory mandates. The Security Policy Knowledge Base utilized by Policy Commander is a constantly growing online repository of security policies authored and validated by New Boundary Technologies. The following index provides a sample of the policies you will find in the Security Policy Knowledge Base.
If you’d like to see for yourself the power and simplicity of Policy Commander, we invite you to download a 30-day trial version. You can use the trial version to test Policy Commander on up to 20 workstations and servers. Click below to download your trial version of Policy Commander.
| Automatic log off after period of inactivity |
| This automatic log off policy can be implemented to minimize the likelihood that an unauthorized individual may access the workstation |
| Disable the Print Screen key |
| This policy disables the Print Screen key. |
| Disable the use of USB storage devices |
| This policy prevents users from connecting to USB storage devices. |
| Prevent writing to USB storage devices |
| This policy prevents write operations to USB block storage devices, such as memory sticks. |
| Secure a file |
| This sample policy demonstrates how you can ensure that a file can only be accessed by authorized users. |
| Secure Electronic Protected Health Information |
| This sample policy demonstrates how you can ensure that Electronic Protected Health Information (ePHI) can only be accessed by authorized users. |
| NIST Windows XP - 2.1 Local Policies - Audit Policy Settings |
| Use this policy to configure the system audit settings consistent with the NIST recommendations for Windows XP. |
| NIST Windows XP - 2.2 Local Policies - User Rights Assignment Settings |
| This policy assures that User Rights Assignments are consistent with the NIST recommendations. |
| NIST Windows XP - 2.3 Local Policies - Security Options - Control system shut down when unable to log security audits |
| This policy assures compliance with the NIST recommendation that computers should be configured to shut down immediately when security events cannot be written to the Security log file. |
| NIST Windows XP - 2.3 Local Policies - Security Options - FIPS Certified Cryptography |
| This policy assures compliance with the NIST recommendation for the use of FIPS (Federal Information Processing Standards ) compliant algorithms for encryption, hashing, and signing in Windows XP High Security environments. |
| NIST Windows XP - 2.3 Local Policies - Security Options - Harden Devices settings |
| This policy assures that Devices settings are consistent with the NIST recommendations for strengthening Devices security options to achieve greater security than the default settings provide. |
| NIST Windows XP - 2.3 Local Policies - Security Options - Harden Domain Member settings |
| This policy assures that Domain member settings are consistent with the NIST recommendations for strengthening Domain member security options to achieve greater security than the default settings provide. |
| NIST Windows XP - 2.3 Local Policies - Security Options - Harden Microsoft network client settings |
| This policy assures that Microsoft network client settings are consistent with the NIST recommendations for strengthening Microsoft network client security options to achieve greater security than the default settings provide. |
| NIST Windows XP - 2.3 Local Policies - Security Options - Harden Microsoft network server settings |
| This policy assures that Microsoft network server settings are consistent with the NIST recommendations for strengthening Microsoft network server security options to achieve greater security than the default settings provide. |
| NIST Windows XP - 2.3 Local Policies - Security Options - Harden network access settings |
| This policy assures that the network access settings are consistent with the NIST recommendations for restricting which types of network access may be performed, in order to achieve greater security than the default settings provide. |
| NIST Windows XP - 2.3 Local Policies - Security Options - Harden network security settings |
| This policy assures that the network security settings are consistent with the NIST recommendations for strengthening the network security settings, in order to achieve greater security than the default settings provide. |
| NIST Windows XP - 2.3 Local Policies - Security Options - Harden Recovery console settings |
| This policy assures that Recovery console settings are consistent with the NIST recommendations for strengthening Recovery console security options to achieve greater security than the default settings provide. |
| NIST Windows XP - 2.3 Local Policies - Security Options - Harden System objects settings |
| This policy assures that the System objects settings are consistent with the NIST recommendations for strengthening System objects security options to achieve greater security than the default settings provide. |
| NIST Windows XP - 2.3 Local Policies - Security Options - Harden the Interactive logon settings |
| This policy assures that the interactive logon settings are consistent with the NIST recommendations. |
| NIST Windows XP - 2.3 Local Policies - Security Options - Harden the Shutdown settings |
| This policy assures that shutdown settings are consistent with the NIST recommendations. |
| NIST Windows XP - 2.3 Local Policies - Security Options - Limit local account use of blank passwords to console only |
| This policy assures that this setting is enabled, consistent with the NIST recommendation. |
| NIST Windows XP - 3.0 Event Log Policy Parameters |
| This policy assures that the Event Log settings are consistent with the NIST recommendations. |
| NIST Windows XP - 4.0 Restricted Groups Settings |
| This policy removes all users from the Remote Desktop Users and Power Users groups. |
| NIST Windows XP - 5.0 System Services Settings |
| This policy disables and secures the services that the NIST guidance indicates are unnecessary for Windows XP. |
| NIST Windows XP - 6.0 File Permission Settings |
| This security policy restricts access to 26 operating system executables, protecting them from unauthorized modification and usage. |
| NIST Windows XP - 7.0 Registry Permission Settings |
| This security policy restricts access to these critical registry keys. |
| NIST Windows XP - 8.1 Registry Values - Debugging |
| This policy disables the Dr. Watson program debugger, and disables creation of the Dr. Watson memory dump file. |
| NIST Windows XP - 8.2 Registry Values - Automatic Functions - Disable automatic logon |
| This policy assures that the automatic logon feature is disabled. |
| NIST Windows XP - 8.2 Registry Values - Automatic Functions - Disable automatic reboot |
| This policy assures that the automatic reboot feature is disabled. |
| NIST Windows XP - 8.2 Registry Values - Automatic Functions - Disable Automatically Running CD-ROMs |
| This policy assures that the automatic execution of CD-ROM content is disabled. |
| NIST Windows XP - 8.3 Registry Values - Networking - Harden the Microsoft TCPIP stack settings |
| This policy assures that the Microsoft TCP/IP stack settings are configured to be consistent with the NIST recommendations. |
| NIST Windows XP - 8.3 Registry Values - Networking - Strengthen miscellaneous networking settings |
| This policy assures that the networking settings are consistent with the NIST recommendations. |
| Disable Computer Browser Service |
| This policy disables the Computer Browser Service. |
| Disable Error Reporting Service |
| This policy stops your computers from reporting error information to Microsoft when an application crashes. |
| Disable IIS on unauthorized computers |
| IIS should not be operational unless the computer has the "IIS Server" role. |
| Disable Messenger Service |
| This policy stops the Microsoft Messenger Service from popping up broadcast messages on your computers. This is not related to the MSN Messenger Instant Messaging program. |
| Disable Remote Registry Service |
| This policy stops users from connecting to a computers registry from a remote machine. |
| Disable RPC Service |
| This policy turns off the Remote Procedure Call (RPC) Service (a service that allows remote computers to programmatically execute commands on client machines). |
| Disable Task Scheduler Service |
| This policy stops the Task Scheduler Service from launching applications at scheduled times. |
| Disable TCP/IP NetBIOS Helper Service |
| This policy disables the TCP/IP NetBIOS Helper Service (a service that is typically only necessary if your network still uses the Windows Internet Name Service (WINS) protocol). |
| Disable the Server Service |
| This turns off a service which provides support for file and print serving as well as RPC. |
| Disable Windows Update |
| This policy disables the "automatic update" feature of Windows Update. |
| Disable Wireless Zero Configuration Service |
| This policy turns off automatic configuration of Wi-Fi connections. |
| NIST Windows XP - 2.1 Local Policies - Audit Policy Settings |
| Use this policy to configure the system audit settings consistent with the NIST recommendations for Windows XP. |
| NIST Windows XP - 2.2 Local Policies - User Rights Assignment Settings |
| This policy assures that User Rights Assignments are consistent with the NIST recommendations. |
| NIST Windows XP - 2.3 Local Policies - Security Options - Control system shut down when unable to log security audits |
| This policy assures compliance with the NIST recommendation that computers should be configured to shut down immediately when security events cannot be written to the Security log file. |
| NIST Windows XP - 2.3 Local Policies - Security Options - FIPS Certified Cryptography |
| This policy assures compliance with the NIST recommendation for the use of FIPS (Federal Information Processing Standards ) compliant algorithms for encryption, hashing, and signing in Windows XP High Security environments. |
| NIST Windows XP - 2.3 Local Policies - Security Options - Harden Devices settings |
| This policy assures that Devices settings are consistent with the NIST recommendations for strengthening Devices security options to achieve greater security than the default settings provide. |
| NIST Windows XP - 2.3 Local Policies - Security Options - Harden Domain Member settings |
| This policy assures that Domain member settings are consistent with the NIST recommendations for strengthening Domain member security options to achieve greater security than the default settings provide. |
| NIST Windows XP - 2.3 Local Policies - Security Options - Harden Microsoft network client settings |
| This policy assures that Microsoft network client settings are consistent with the NIST recommendations for strengthening Microsoft network client security options to achieve greater security than the default settings provide. |
| NIST Windows XP - 2.3 Local Policies - Security Options - Harden Microsoft network server settings |
| This policy assures that Microsoft network server settings are consistent with the NIST recommendations for strengthening Microsoft network server security options to achieve greater security than the default settings provide. |
| NIST Windows XP - 2.3 Local Policies - Security Options - Harden network access settings |
| This policy assures that the network access settings are consistent with the NIST recommendations for restricting which types of network access may be performed, in order to achieve greater security than the default settings provide. |
| NIST Windows XP - 2.3 Local Policies - Security Options - Harden network security settings |
| This policy assures that the network security settings are consistent with the NIST recommendations for strengthening the network security settings, in order to achieve greater security than the default settings provide. |
| NIST Windows XP - 2.3 Local Policies - Security Options - Harden Recovery console settings |
| This policy assures that Recovery console settings are consistent with the NIST recommendations for strengthening Recovery console security options to achieve greater security than the default settings provide. |
| NIST Windows XP - 2.3 Local Policies - Security Options - Harden System objects settings |
| This policy assures that the System objects settings are consistent with the NIST recommendations for strengthening System objects security options to achieve greater security than the default settings provide. |
| NIST Windows XP - 2.3 Local Policies - Security Options - Harden the Interactive logon settings |
| This policy assures that the interactive logon settings are consistent with the NIST recommendations. |
| NIST Windows XP - 2.3 Local Policies - Security Options - Harden the Shutdown settings |
| This policy assures that shutdown settings are consistent with the NIST recommendations. |
| NIST Windows XP - 2.3 Local Policies - Security Options - Limit local account use of blank passwords to console only |
| This policy assures that this setting is enabled, consistent with the NIST recommendation. |
| NIST Windows XP - 3.0 Event Log Policy Parameters |
| This policy assures that the Event Log settings are consistent with the NIST recommendations. |
| NIST Windows XP - 4.0 Restricted Groups Settings |
| This policy removes all users from the Remote Desktop Users and Power Users groups. |
| NIST Windows XP - 5.0 System Services Settings |
| This policy disables and secures the services that the NIST guidance indicates are unnecessary for Windows XP. |
| NIST Windows XP - 6.0 File Permission Settings |
| This security policy restricts access to 26 operating system executables, protecting them from unauthorized modification and usage. |
| NIST Windows XP - 7.0 Registry Permission Settings |
| This security policy restricts access to these critical registry keys. |
| NIST Windows XP - 8.1 Registry Values - Debugging |
| This policy disables the Dr. Watson program debugger, and disables creation of the Dr. Watson memory dump file. |
| NIST Windows XP - 8.2 Registry Values - Automatic Functions - Disable automatic logon |
| This policy assures that the automatic logon feature is disabled. |
| NIST Windows XP - 8.2 Registry Values - Automatic Functions - Disable automatic reboot |
| This policy assures that the automatic reboot feature is disabled. |
| NIST Windows XP - 8.2 Registry Values - Automatic Functions - Disable Automatically Running CD-ROMs |
| This policy assures that the automatic execution of CD-ROM content is disabled. |
| NIST Windows XP - 8.3 Registry Values - Networking - Harden the Microsoft TCPIP stack settings |
| This policy assures that the Microsoft TCP/IP stack settings are configured to be consistent with the NIST recommendations. |
| NIST Windows XP - 8.3 Registry Values - Networking - Strengthen miscellaneous networking settings |
| This policy assures that the networking settings are consistent with the NIST recommendations. |
| Windows 2000 Professional: Baseline Security Settings |
| This policy provides settings to support the Evaluated Configuration of Windows 2000 under the Common Criteria (CC) for Information Technology Security Evaluation. |
| Windows 2000 Professional: High Security Settings |
| This policy provides settings for high security computers to support the Evaluated Configuration of Windows 2000 under the Common Criteria (CC) for Information Technology Security Evaluation. |
| Windows 2000 Server: Domain Controller |
| This Security Configuration Template provides settings to support the Windows 2000 Server domain-controller security settings for the Securing Windows 2000 Server Solution Guide. |
| Windows 2000 Server: File Server |
| This Security Configuration Template provides settings to support the Windows 2000 Server File-Server or Print-Server security settings for the Securing Windows 2000 Server Solution Guide. |
| Windows 2000 Server: IIS Server |
| This Security Configuration Template provides settings to support the Windows 2000 Server IIS Server security settings for the Securing Windows 2000 Server Solution Guide. |
| Windows 2000 Server: Infrastructure Server |
| This Security Configuration Template provides settings to support the Windows 2000 Server Infrastructure Server security settings for the Securing Windows 2000 Server Solution Guide. |
| Windows 2000 Server: Member Server |
| This Security Configuration Template provides settings to support the Windows 2000 Server base security settings for the Securing Windows 2000 Server Solution Guide. |
| Windows 2000 Server: Print Server |
| This Security Configuration Template provides settings to support the Windows 2000 Server File-Server or Print-Server security settings for the Securing Windows 2000 Server Solution Guide. |
| Windows Server 2003: Enterprise Client - Certificate Services |
| This policy provides incremental settings for a Certificate Services Server in an environment with only Windows 2000 or Windows XP clients. |
| Windows Server 2003: Enterprise Client - Domain Controller |
| This policy provides settings for a Domain Controller in an environment with only Windows 2000 or Windows XP clients. |
| Windows Server 2003: Enterprise Client - File Server |
| This policy provides incremental settings for a File Server in an environment with only Windows 2000 or Windows XP clients. |
| Windows Server 2003: Enterprise Client - IAS Server |
| This policy provides incremental settings for an IAS Server in an environment with only Windows 2000 or Windows XP clients. |
| Windows Server 2003: Enterprise Client - IIS Server |
| This policy provides incremental settings for an IIS Server in an environment with only Windows 2000 or Windows XP clients. |
| Windows Server 2003: Enterprise Client - Infrastructure Server |
| This policy provides incremental settings for an Infrastructure Server in an environment with only Windows 2000 or Windows XP clients. |
| Windows Server 2003: Enterprise Client - Member Server Baseline |
| This policy provides baseline settings for all Member Servers in an environment with only Windows 2000 or Windows XP clients. |
| Windows Server 2003: Enterprise Client - Print Server |
| This policy provides incremental settings for a Print Server in an environment with only Windows 2000 or Windows XP clients. |
| Windows Server 2003: High Security - Bastion Host |
| This policy provides settings for a Bastion Host server. |
| Windows Server 2003: High Security - Domain Controller |
| This policy provides settings for a Domain Controller in an environment with high security requirements. |
| Windows Server 2003: High Security - File Server |
| This policy provides incremental settings for a File Server in an environment with high security requirements. |
| Windows Server 2003: High Security - IIS Server |
| This policy provides incremental settings for an IIS Server in an environment with high security requirements. |
| Windows Server 2003: High Security - Infrastructure Server |
| This policy provides incremental settings for an Infrastructure Server in an environment with high security requirements. |
| Windows Server 2003: High Security - Member Server Baseline |
| This policy provides baseline settings for all Member Servers in an environment with high security requirements. |
| Windows Server 2003: High Security - Print Server |
| This policy provides incremental settings for a Print Server in an environment with high security requirements. |
| Windows Server 2003: Legacy Client - Domain Controller |
| This policy provides settings for a Domain Controller in an environment with legacy clients. |
| Windows Server 2003: Legacy Client - File Server |
| This policy provides incremental settings for a File Server in an environment with legacy clients. |
| Windows Server 2003: Legacy Client - IIS Server |
| This policy provides incremental settings for an IIS Server in an environment with legacy clients. |
| Windows Server 2003: Legacy Client - Infrastructure Server |
| This policy provides incremental settings for an Infrastructure Server in an environment with legacy clients. |
| Windows Server 2003: Legacy Client - Member Server Baseline |
| This policy provides baseline settings for all Member Servers in an environment with legacy clients. |
| Windows Server 2003: Legacy Client - Print Server |
| This policy provides incremental settings for a Print Server in an environment with legacy clients. |
| Windows XP: Enterprise Client - Desktop Computer |
| Enterprise client settings for Windows XP desktop computers. |
| Windows XP: Enterprise Client- Laptop Computer |
| Enterprise client settings for Windows XP laptop computers. |
| Windows XP: High Security - Desktop Computer |
| High Security Settings for Windows XP desktop computers. |
| Windows XP: High Security - Laptop Computer |
| High security settings for Windows XP laptop computers. |
