Announcement of upcoming changes affecting all Guest OS families

Article ID: 2859054 - View products that this article applies to.
Expand all | Collapse all
In addition to regular MSRC updates, the next OS release will include enhanced security configuration settings for all of the Guest OS families (1.X , 2.X and 3.X).  If you are running Cloud Service and using the auto-update  option for Guest OS versions, please review the table listed below for the changes you can expect to see in the new release. These configuration settings are not Windows default settings, but have been implemented to meet security and compliance recommendations.
 
It is highly unlikely  that these changes will impact most Azure Cloud Service scenarios.  However, customers should review the configuration settings listed below to determine if their own Cloud Service scenarios are impacted and modify them accordingly. 
 

Collapse this tableExpand this table
CategorySetting NameCurrent ValueNew Value
Auditing PolicyAccount Logon: Credential ValidationSuccessSuccess and Failure
Auditing PolicyAccount Management: Other Account Management EventsNo AuditingSuccess and Failure
Auditing PolicyAccount Management: Security Group ManagementSuccessSuccess and Failure
Auditing PolicyAccount Management: User Account ManagementSuccessSuccess and Failure
Auditing PolicyDetailed Tracking: Process CreationNo AuditingSuccess
Auditing PolicyPolicy Change: Audit Policy ChangeSuccessSuccess and Failure
Auditing PolicyPrivilege Use: Sensitive Privilege UseNo AuditingSuccess and Failure
Auditing PolicySystem: IPsec DriverNo AuditingSuccess and Failure
Auditing PolicySystem: Other System EventsSuccess and FailureNo Auditing
Auditing PolicySystem: Security State ChangeSuccessSuccess and Failure
Auditing PolicySystem: Security System ExtensionNo AuditingSuccess and Failure
Auditing PolicyObject Access: Detailed File ShareNot DefinedNo Auditing
Auditing PolicyForce audit policy subcategory settings (Windows Vista or later) to override audit policy category settingsNot Defined1
Logon PolicyAllow log on locallyAdministrators, Users, BackupOperatorsAdministrators
Logon PolicyAllow log on through Remote Desktop ServicesAdministrators, RemoteDesktopUsersAdministrators
MSS RecommendationEnable Automatic LogonNot Defined0
MSS RecommendationEnable Safe DLL search modeNot Defined1
MSS RecommendationThe time in seconds before the screen saver grace period expiresNot Defined0
MSS RecommendationPercentage threshold for the security event log at which the system will generate a warningNot Defined90
RecommededRetain old eventsNot DefinedDisabled
RecommededTurn off AutoplayNot DefinedEnabled
Security OptionsInteractive logon: Do not display last user nameDisabledEnabled
Security OptionsDevices: Allowed to format and eject removable mediaNot DefinedAdministrators and Interactive Users
Software Restriction PoliciesSystem settings: Use Certificate Rules on Windows Executables for Software Restriction PoliciesDisabledEnabled
User Account ControlAdmin Approval Mode for the Built-in Administrator accountDisabledEnabled
User Account ControlBehavior of the elevation prompt for administrators in Admin Approval ModePrompt for credentials on the secure desktopPrompt for consent for non-Windows binaries
User Account ControlBehavior of the elevation prompt for standard usersPrompt for credentials on the secure desktopPrompt for credentials.
User ConfigurationAlways install with elevated privilegesNot DefinedDisabled
User Rights  AssignmentDeny log on as a batch jobNot DefinedGuests
User Rights  AssignmentDeny log on locallyNot DefinedGuests
User Rights AssignmentAccess this computer from the networkEveryone, Administrators, Users, BackupOperatorsAdministrators, AuthenticatedUsers
User Rights AssignmentShut down the systemAdministrators, BackupOperatorsAdministrators
User Rights AssignmentDeny access to this computer from the networkNot DefinedGuests
 
MSS : Microsoft Solutions for Security Group
Note This is a "FAST PUBLISH" article created directly from within the Microsoft support organization. The information contained herein is provided as-is in response to emerging issues. As a result of the speed in making it available, the materials may include typographical errors and may be revised at any time without notice. See Terms of Use for other considerations.

Properties

Article ID: 2859054 - Last Review: June 5, 2013 - Revision: 1.0
Applies to
  • Windows Azure Developer
Keywords: 
KB2859054

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com