OS,Policy name,Policy,Settings,Note iOS,JC Enhanced Security - Restrict Sharing Between Managed and Unmanaged Apps,Restrict Sharing Between Managed and Unmanaged Apps,"Allow Managed Apps to Share to Unmanaged Apps :FALSE, Allow Unmanaged Apps to Share to Managed Apps :FALSE, Apply Management to Pasteboard :TRUE,", iOS,JC Enhanced Security - Supervised iOS Restrictions - Restrictive,Supervised iOS Restrictions - Restrictive,"Force Automatic Time & Date :TRUE, Block Modifying Cellular Data App Settings :FALSE, Block Modifying Device Name :TRUE, Block Screen Time :TRUE, Block Modifying Wallpaper :FALSE, Block Dictation :FALSE, Block AirDrop :TRUE, Block AirPrint :FALSE, Block iMessage :FALSE, Block iBooks Store :FALSE, Block Apple Music :FALSE, Block Apple Music Radio :FALSE, Block Installation of Apps :TRUE, Block User Installation of Configuration Profiles :TRUE, Block Adding VPN Configs :TRUE, Block Modifying Bluetooth Settings :FALSE, Block Find My Devices :FALSE, Block Find My Friends :TRUE, Block Predictive Keyboard :FALSE, Block Keyboard Shortcuts :FALSE, Block iCloud Drive Sync :TRUE, Block USB Drive Access :TRUE, Block Network Drive Access :TRUE, Block Password AutoFill :FALSE, Block iCloud Private Relay :TRUE,", Linux,JC Enhanced Security - Additional Process Hardening, Linux - Additional Process Hardening Policy ,"Ensure core dumps are restricted: TRUE, Ensure XD/NX support is enabled: TRUE, Ensure address space layout randomization (ASLR) is enabled: TRUE, Ensure prelink is disabled: TRUE,", Linux,JC Enhanced Security - Services Hardening: Service Clients,CentOS 7: Services Hardening: Service Clients,"Uninstall the NFS client :TRUE, Uninstall the rsh client :TRUE, Uninstall the talk client :TRUE, Uninstall the telnet client :TRUE, Uninstall the LDAP client :TRUE,", Linux,JC Enhanced Security - Forbidden Services,Linux - Forbidden Services Policy,"Disable xinetd :TRUE, Disable Avahi :TRUE, Disable CUPS :TRUE, Disable DHCP :TRUE, Disable LDAP :TRUE, Disable NFS and RPC :TRUE, Disable DNS :TRUE, Disable FTP :TRUE, Disable HTTP :TRUE, Disable IMAP and POP3 server :TRUE, Disable Samba :TRUE, Disable HTTP Proxy server :TRUE, Disable SNMP server :TRUE, Disable rsync service :TRUE, Disable NIS server :TRUE,", Linux,JC Enhanced Security - Network Parameters,Linux - Network Parameters Policy,"Ensure IP forwarding is disabled. :TRUE, Ensure packet redirect sending is disabled. :TRUE, Ensure source routed packets are not accepted. :TRUE, Ensure ICMP redirects are not accepted. :TRUE, Ensure secure ICMP redirects are not accepted. :TRUE, Ensure suspicious packets are logged. :TRUE, Ensure broadcast ICMP requests are ignored. :TRUE, Ensure bogus ICMP responses are ignored. :TRUE, Ensure Reverse Path Filtering is enabled. :TRUE, Ensure TCP SYN Cookies is enabled. :TRUE,", Linux,JC Enhanced Security - Partition and Mount Options,Partition and Mount Options,"Ensure nodev option set on /tmp partition. :TRUE, Ensure nosuid option set on /tmp partition. :TRUE, Ensure noexec option set on /tmp partition. :TRUE, Ensure separate partition exists for /var. :TRUE, Ensure separate partition exists for /var/tmp. :TRUE, Ensure nodev option set on /var/tmp partition. :TRUE, Ensure nosuid option set on /var/tmp partition. :TRUE, Ensure noexec option set on /var/tmp partition. :TRUE, Ensure separate partition exists for /var/log. :TRUE, Ensure separate partition exists for /var/log/audit. :TRUE, Ensure separate partition exists for /home. :TRUE, Ensure nodev option set on /home partition. :TRUE, Ensure nodev option set on /dev/shm partition. :TRUE, Ensure nosuid option set on /dev/shm partition. :TRUE, Ensure noexec option set on /dev/shm partition. :TRUE,", Linux,JC Enhanced Security - Secure Boot Settings,Secure Boot Settings,"Ensure bootloader password is set :TRUE, Ensure authentication required for single user mode :TRUE, Ensure interactive boot is not enabled :TRUE,", Linux,JC Enhanced Security - SSH Server Security Enforcement,SSH Server Security Enforcement,"Ensure SSH Protocol is set to 2. :TRUE, Ensure SSH LogLevel is appropriate. :TRUE, Ensure SSH X11 forwarding is disabled. :TRUE, Ensure SSH MaxAuthTries is set to 4 or less. :TRUE, Ensure SSH IgnoreRhosts is enabled. :TRUE, Ensure SSH HostbasedAuthentication is disabled. :TRUE, Ensure SSH PermitEmptyPasswords is disabled. :TRUE, Ensure SSH PermitUserEnvironment is disabled. :TRUE, Ensure only strong Ciphers are used. :TRUE, Ensure only strong MAC algorithms are used. :TRUE, Ensure only strong Key Exchange algorithms are used. :TRUE, Ensure SSH Idle Timeout Interval is configured. :TRUE, Ensure SSH LoginGraceTime is set to one minute or less. :TRUE, Ensure SSH warning banner is configured. :TRUE, Ensure SSH PAM is enabled. :TRUE, Ensure SSH AllowTcpForwarding is disabled. :TRUE, Ensure SSH MaxStartups is configured. :TRUE, Ensure SSH MaxSessions is set to 4 or less. :TRUE,", macOS,JC Enhanced Security - App Store Restrictions,App Store Restrictions,"Restrict App Store installs to Admin only :FALSE, Restrict App Store to Updates only :TRUE,", macOS,JC Enhanced Security - Block iCloud Access,Block iCloud Access,"Allow Cloud Bookmarks :FALSE, Allow Cloud Mail :FALSE, Allow Cloud Calendar :FALSE, Allow Cloud Reminders :FALSE, Allow Cloud Address Book :FALSE, Allow Cloud Notes :FALSE, Allow Cloud Document Sync :FALSE, Alow Cloud Keychain Sync :FALSE, Allow Cloud Photo Library :FALSE, Allow Cloud Desktop And Documents :FALSE,", macOS,JC Enhanced Security - Block Manual Profile Installation,Block Manual Profile Installation,TRUE, macOS,JC Enhanced Security - Disable Content Caching,Disable Content Caching,TRUE, macOS,JC Enhanced Security - Disable Siri,Disable Siri,TRUE, macOS,JC Enhanced Security - Restrict Erase All Contents and Settings,Restrict Erase All Contents and Settings,TRUE, macOS,JC Enhanced Security - System Preferences Control,Preferences Control,"App Store: FALSE, Apple ID: TRUE, Time Machine: FALSE, Bluetooth: FALSE, CDs & DVDs: TRUE, Classroom Settings: TRUE, Date and Time: FALSE, Desktop: FALSE, Displays: FALSE, Dock: FALSE, Energy Saver: TRUE, Family Sharing: TRUE, Fiber Channel: FALSE, Mission Control: FALSE, Extensions: TRUE, General: FALSE, iCloud: TRUE, Ink: FALSE, Internet Accounts: FALSE, Keyboard: FALSE, Language and Region: FALSE, Mouse: FALSE, Network: TRUE, Notifications: FALSE, Parental Controls: TRUE, Printers and Scanners: FALSE, Profiles: TRUE, Screen Time: TRUE, Security and Privacy: FALSE, Sharing: TRUE, Sidecar: TRUE, Siri: FALSE, Software Update: TRUE, Sound: FALSE, Spotlight: FALSE, Startup Disk: TRUE, Touch ID: FALSE, Trackpad: FALSE, Universal Access: FALSE, Users & Groups: FALSE, Wallet & Apple Pay: TRUE, Xsan: TRUE,", Windows,JC Enhanced Security - Control Panel Display,Control Panel Display,"Do not display the lock screen :FALSE, Force a specific Start background :FALSE, Force a specific background and accent color :FALSE, Force a specific default lock screen and logon image :FALSE, Turn off fun facts, tips, tricks, and more on lock screen :TRUE, Prevent changing lock screen and logon image :FALSE, Prevent changing start menu background :FALSE, Prevent enabling lock screen camera :TRUE, Prevent enabling lock screen slide show :TRUE,", Windows,JC Enhanced Security - Device Installation Block,Device Installation,"Allow administrators to override Device Installation Restriction policies :TRUE, Allow remote access to the Plug and Play interface :FALSE, Prevent creation of a system restore point during device activity that would normally prompt creation of a restore point :FALSE, Prevent installation of devices not described by other policy settings :TRUE, Prevent installation of removable devices :TRUE, Prioritize all digitally signed drivers equally during the driver ranking and selection process :FALSE,", Windows,JC Enhanced Security - Disable Windows Store Application,Windows Store Application,"Turn Off The Store Application :TRUE,", Windows,JC Enhanced Security - Logon Behaviors, Windows - Logon Policy ,"Always wait for the network at computer startup and logon :FALSE, Block user from showing account details on sign-in :TRUE, Display highly detailed status messages :FALSE, Do not display network selection UI :FALSE, Do not process the legacy run list :FALSE, Do not process the run once list :FALSE, Hide entry points for Fast User Switching :FALSE, Show first sign-in animation :FALSE, Turn off Windows Startup sound :FALSE, Turn off app notifications on the lock screen :TRUE,", Windows,JC Enhanced Security - Software Restrictions,Software Restrictions,"Mode: DENY Extensions List: ADE ADP BAS BAT CHM CMD COM CPL CRT EXE HLP HTA INF INS ISP LNK MDB MDE MSC MSI MSP MST OCX PCD PIF REG SCR SHS URL VB WSC", macOS,JC Enhanced Security - Allow Activation Lock,Allow Activation Lock,TRUE,Also in Light Security & Standard Security iOS,JC Enhanced Security - Allow Activation Lock - iOS,Allow Activation Lock,TRUE,Also in Light Security & Standard Security macOS,JC Enhanced Security - App Notification Settings,Mac - App Notification Settings Policy,Configured for Google Chrome,Also in Light Security & Standard Security Linux,JC Enhanced Security - Disable USB Storage - Linux,Disable USB Storage,TRUE,Also in Light Security & Standard Security macOS,JC Enhanced Security - Disable iCloud Private Relay,Disable iCloud Private Relay,TRUE,Also in Light Security & Standard Security macOS,JC Enhanced Security - Login Window Controls,Login Window Controls,"Show Username And Password Dialog :FALSE,",Also in Light Security & Standard Security macOS,JC Enhanced Security - Login Window Text,Login Window Text,"Set Text Displayed At Login Window : ""Your admin manages this device with 黑料海角91入口",Also in Light Security & Standard Security Windows,JC Enhanced Security - Disable Cortana,Disable Cortana,TRUE,Also in Light Security & Standard Security Windows,JC Enhanced Security - Do Not Require CTRL+ALT+DEL on logon screen,Do Not Require CTRL+ALT+DEL on logon screen,"Do Not Require CTRL + ALT + DEL :FALSE,",Also in Light Security & Standard Security Windows,JC Enhanced Security - Message Text For Users Attempting To Log On,Message Text For Users Attempting To Log On,"Message Title For Users Attempting To Log On: ""System Message:"", Message Text For Users Attempting To Log On : ""Your administrator manages this device via 黑料海角91入口.""",Also in Light Security & Standard Security Windows,JC Enhanced Security - Remote Assistance,Remote Assistance,"Allow only Windows Vista or later connections :FALSE, Turn on session logging :TRUE,",Also in Light Security & Standard Security Windows,JC Enhanced Security - Removable Storage,Removable Storage,"All Removable Storage classes: Deny all access :TRUE, All Removable Storage: Allow direct access in remote sessions :FALSE, CD and DVD: Deny execute access :FALSE, CD and DVD: Deny read access :FALSE, CD and DVD: Deny write access :FALSE, Floppy Drives: Deny execute access :FALSE, Floppy Drives: Deny read access :FALSE, Floppy Drives: Deny write access :FALSE, Removable Disks: Deny execute access :FALSE, Removable Disks: Deny read access :FALSE, Removable Disks: Deny write access :FALSE, Tape Drives: Deny execute access :FALSE, Tape Drives: Deny read access :FALSE, Tape Drives: Deny write access :FALSE, WPD Devices: Deny read access :FALSE, WPD Devices: Deny write access :FALSE,",Also in Light Security & Standard Security Windows,JC Enhanced Security - Turn Off Autoplay.,Turn Off Autoplay.,"Turn Off Autoplay :TRUE,",Also in Light Security & Standard Security iOS,JC Enhanced Security - Restrict Erase All Contents and Settings,Restrict Erase All Contents and Settings,TRUE,Also in Light Security & Standard Security ,JC Enhanced Security - Supervised iOS Restrictions - Standard,Supervised iOS Restrictions - Standard,"Force Automatic Time & Date :FALSE, Block Modifying Cellular Data App Settings :FALSE, Block Modifying Device Name :FALSE, Block Screen Time :TRUE, Block Modifying Wallpaper :FALSE, Block Dictation :FALSE, Block AirDrop :TRUE, Block AirPrint :FALSE, Block iMessage :FALSE, Block iBooks Store :FALSE, Block Apple Music :FALSE, Block Apple Music Radio :FALSE, Block Installation of Apps :FALSE, Block User Installation of Configuration Profiles :TRUE, Block Adding VPN Configs :FALSE, Block Modifying Bluetooth Settings :FALSE, Block Find My Devices :FALSE, Block Find My Friends :FALSE, Block Predictive Keyboard :FALSE, Block Keyboard Shortcuts :FALSE, Block iCloud Drive Sync :TRUE, Block USB Drive Access :TRUE, Block Network Drive Access :TRUE, Block Password AutoFill :FALSE, Block iCloud Private Relay :TRUE,",Also in Light Security & Standard Security macOS,JC Enhanced Security - Allow Standard Users To Approve Screen Sharing & Recording,Allow Standard Users To Approve Screen Sharing & Recording,"AnyDesk :FALSE, BlueJeans :FALSE, Camtasia 2020 :FALSE, Cisco Webex Meeting Manager :TRUE, Cisco Webex Meetings :TRUE, Firefox :TRUE, Google Chrome :TRUE, GoToMeeting :FALSE, LogMeIn Ignition :FALSE, Microsoft Edge :TRUE, Microsoft Teams :TRUE, QuickTime Player :TRUE, Skype :TRUE, Skype for Business :TRUE, Slack :TRUE, Snagit 2020 :TRUE, TeamViewer :FALSE, Zoho Assist :FALSE, Zoho Cliq :FALSE, Zoho Join :FALSE, Zoho Meeting :FALSE, Zoom :TRUE, ",Also in Light Security & Standard Security Windows,JC Enhanced Security - Allow The Use of Biometrics,Allow The Use of Biometrics,Allow The Use Of Biometrics :TRUE,Also in Light Security & Standard Security MacOS,JC Enhanced Security - Application Privacy Preferences - Google Chrome Access to User Files, Mac - Application Privacy Preferences Policy ,Configured for Google Chrome,Also in Light Security & Standard Security Linux,JC Enhanced Security - Check Disk Encryption,Linux - Check Disk Encryption Policy,Check if all managed users home directories are encrypted:TRUE,Also in Light Security & Standard Security Linux,JC Enhanced Security - Disable Unused Filesystems,Disable Unused Filesystems,"Ensure mounting of cramfs filesystems is disabled.:TRUE, Ensure mounting of freevxfs filesystems is disabled.:TRUE, Ensure mounting of jffs2 filesystems is disabled.:TRUE, Ensure mounting of hfs filesystems is disabled.:TRUE, Ensure mounting of hfsplus filesystems is disabled.:TRUE, Ensure mounting of squashfs filesystems is disabled.:TRUE, Ensure mounting of udf filesystems is disabled.:TRUE, Ensure mounting of FAT filesystems is disabled.:TRUE,",Also in Light Security & Standard Security Linux,JC Enhanced Security - File Ownership and Permissions,File Ownership and Permissions,"Ensure permissions on bootloader config are configured. Sets owner to root:root and permissions to 400 on the files /boot/grub/grub.cfg or /boot/grub2/grub.cfg.:TRUE, Ensure permissions on /etc/motd are configured. Sets owner to root:root and permissions to 644 on the file /etc/motd.:TRUE, Ensure permissions on /etc/issue are configured. Sets owner to root:root and permissions to 644 on the file /etc/issue.:TRUE, Ensure permissions on /etc/issue.net are configured. Sets owner to root:root and permissions to 644 on the file /etc/issue.net.:TRUE, Ensure permissions on /etc/hosts.allow are configured. Sets owner to root:root and permissions to 644 on the file /etc/hosts.allow.:TRUE, Ensure permissions on /etc/hosts.deny are configured. Sets owner to root:root and permissions to 644 on the file /etc/hosts.deny.:TRUE, Ensure permissions on /etc/crontab are configured. Sets owner to root:root and permissions to 600 on the file /etc/crontab.:TRUE, Ensure permissions on /etc/cron.hourly are configured. Sets owner to root:root and permissions to 700 on the directory /etc/cron.hourly.:TRUE, Ensure permissions on /etc/cron.daily are configured. Sets owner to root:root and permissions to 700 on the directory /etc/cron.daily.:TRUE, Ensure permissions on /etc/cron.weekly are configured. Sets owner to root:root and permissions to 700 on the directory /etc/cron.weekly.:TRUE, Ensure permissions on /etc/cron.monthly are configured. Sets owner to root:root and permissions to 700 on the directory /etc/cron.monthly.:TRUE, Ensure permissions on /etc/cron.d are configured. Sets owner to root:root and permissions to 700 on the directory /etc/cron.d.:TRUE, Ensure permissions on /etc/ssh/sshd_config are configured. Sets owner to root:root and permissions to 600 on the file /etc/ssh/sshd_config.:TRUE, Ensure permissions on /etc/passwd are configured. Sets owner to root:root and permissions to 644 on the file /etc/passwd.:TRUE, Ensure permissions on /etc/shadow are configured. Sets owner to root:root and permissions to 640 on the file /etc/shadow.:TRUE, Ensure permissions on /etc/group are configured. Sets owner to root:root and permissions to 644 on the file /etc/group.:TRUE, Ensure permissions on /etc/gshadow are configured. Sets owner to root:root and permissions to 640 on the file /etc/gshadow.:TRUE, Ensure permissions on /etc/passwd- are configured. Sets owner to root:root and permissions to 600 on the file /etc/passwd-.:TRUE, Ensure permissions on /etc/shadow- are configured. Sets owner to root:root and permissions to 640 on the file /etc/shadow-.:TRUE, Ensure permissions on /etc/group- are configured. Sets owner to root:root and permissions to 644 on the file /etc/group-.:TRUE,",Also in Light Security & Standard Security Linux,JC Enhanced Security - Lock Screen - Linux,Lock Screen - Linux,Value: 600 Seconds,Also in Light Security & Standard Security Linux,JC Enhanced Security - SSH Root Access,SSH Root Access,Allow SSH Root Login: FALSE,Also in Light Security & Standard Security macOS,JC Enhanced Security - Disable Guest Account,Disable Guest Account,"Show the FileVault Recovery Key to the user when enabled: FALSE Do not prompt the user to enable FileVault at logout: FALSE Number of times the user can bypass enabling FileVault: VALUE 0",Also in Light Security & Standard Security macOS,JC Enhanced Security - FileVault 2,FileVault 2,,Also in Light Security & Standard Security macOS,JC Enhanced Security - Gatekeeper Control,Gatekeeper Control,"Enable Gatekeeper Control: True, Allow Apps From Identified Developers: True, Disable Gatekeeper Override: True",Also in Light Security & Standard Security macOS,JC Enhanced Security - Local Firewall Controls,Local Firewall Controls,"Enable Firewall :TRUE, Block All Incoming Connections :TRUE, Enable Stealth Mode :TRUE, Enable Logging :TRUE, Logging Option: BRIEF, Enable Private Data Collection :TRUE",Also in Light Security & Standard Security macOS,JC Enhanced Security - Lock Screen - macOS,Lock Screen,VALUE: 300 Seconds,Also in Light Security & Standard Security Windows,JC Enhanced Security - BitLocker Full Disk Encryption,Encrypt All Non-Removable Drives.,Encrypt All Non-Removable Drives :TRUE ,Also in Light Security & Standard Security Windows,JC Enhanced Security - Built-in Administrator Account Status,Built-in Administrator Account Status,Disable Built-in Administrator Account :TRUE,Also in Light Security & Standard Security Windows,JC Enhanced Security - Built-in Guest Account Status,Built-in Guest Account Status,Disable Built-in Guest Account :TRUE,Also in Light Security & Standard Security Windows,JC Enhanced Security - Display User Info When The Session Is Locked,Display User Info When The Session Is Locked,"Do Not Display User Information :TRUE,",Also in Light Security & Standard Security Windows,JC Enhanced Security - Do Not Display Last Username on Logon Screen,Do Not Display Last Username on Logon Screen,"Do Not Display Last Username: TRUE,",Also in Light Security & Standard Security Windows,JC Enhanced Security - Lock Screen Windows,Lock Screen Windows,VALUE: 600 Seconds,Also in Light Security & Standard Security Windows,JC Enhanced Security - Restrict Control Panel Access,Restrict Control Panel Access,"Completely disable the control panel :FALSE, Action Center :FALSE, Add features to Windows 8.1 :TRUE, Administrative Tools :FALSE, AutoPlay :FALSE, Backup and Restore :FALSE, BitLocker Drive Encryption :TRUE, Color Management :FALSE, Credential Manager :FALSE, Date and Time :FALSE, Default Programs :FALSE, Desktop Gadgets :FALSE, Device Manager :TRUE, Devices and Printers :FALSE, Display :FALSE, Ease of Access Center :FALSE, Family Safety :FALSE, Folder Options :FALSE, File Explorer Options :FALSE, File History :FALSE, Flash Player (32-bit) :FALSE, Fonts :FALSE, Getting Started :FALSE, HomeGroup :FALSE, Indexing Options :FALSE, Infrared :FALSE, Internet Options :FALSE, iSCSI Initiator :FALSE, Keyboard :FALSE, Language :FALSE, Location Settings/Other Sensors :FALSE, Mouse :FALSE, Network and Sharing Center :FALSE, Notification Area Icons :FALSE, Parental Controls :FALSE, Performance Information and Tools :FALSE, Personalization :FALSE, Phone and Modem :FALSE, Power Options :FALSE, Programs and Features :FALSE, Recovery :FALSE, Region :FALSE, RemoteApp and Desktop Connections :FALSE, Security and Maintenance :FALSE, Sound :FALSE, Speech Recognition/Text to Speech :FALSE, Storage Spaces :TRUE, Sync Center :FALSE, System :FALSE, Taskbar and Navigation :FALSE, Troubleshooting :FALSE, User Accounts :TRUE, Windows Anytime Upgrade :TRUE, Windows CardSpace :FALSE, Windows Defender (Windows Server 2016) :FALSE, Windows Defender Firewall (Windows 10 & 11) :TRUE, Windows Firewall (Windows Server 2012 R2/2016) :FALSE, Windows Mobility Center, Windows To Go :FALSE, Windows Update (Windows Server 2012 R2) :FALSE, Work Folders :FALSE,",Also in Light Security & Standard Security Windows,JC Enhanced Security - Windows Defender,Windows Defender,"Allow antimalware service to remain running always :FALSE, Allow antimalware service to startup with normal priority :FALSE, Allow definition updates from Microsoft Update :FALSE, Allow definition updates when running on battery power :FALSE, Allow notifications to disable definitions based reports to Microsoft MAPS :FALSE, Allow real-time definition updates based on reports to Microsoft MAPS :FALSE, Allow users to pause scan :FALSE, Check for the latest virus and spyware definitions before running a scheduled scan :FALSE, Check for the latest virus and spyware definitions on startup :FALSE, Configure Watson events :FALSE, Configure local administrator merge behavior for lists :FALSE, Configure local setting override for maximum percentage of CPU utilization :FALSE, Configure local setting override for monitoring file and program activity on your computer :FALSE, Configure local setting override for monitoring for incoming and outgoing file activity :FALSE, Configure local setting override for reporting to Microsoft MAPS :FALSE, Configure local setting override for scanning all downloaded files and attachments :FALSE, Configure local setting override for schedule scan day :FALSE, Configure local setting override for scheduled quick scan time :FALSE, Configure local setting override for scheduled scan time :FALSE, Configure local setting override for the removal of items from Quarantine folder :FALSE, Configure local setting override for the scan type to use for a scheduled scan :FALSE, Configure local setting override for the time of day to run a scheduled full scan to complete remediation :FALSE, Configure local setting override for turn on behavior monitoring :FALSE, Configure local setting override to turn on real-time protection :FALSE, Configure the 'Block at First Sight' feature :TRUE, Create a system restore point :FALSE, Enable headless UI mode :FALSE, Initiate definition update on startup :FALSE, Monitor file and program activity on your computer :TRUE, Randomize scheduled task times :FALSE, Run full scan on mapped network drives :FALSE, Scan all downloaded files and attachments :TRUE, Scan archive files :FALSE, Scan network files :FALSE, Scan packed executables :FALSE, Scan removable drives :FALSE, Start the scheduled scan only when computer is on but not in use :FALSE, Suppress all notifications :FALSE, Suppresses reboot notifications :FALSE, Turn off Auto Exclusions :FALSE, Turn off Windows Defender Antivirus :FALSE, Turn off enhanced notifications :FALSE, Turn off real-time protection :FALSE, Turn off routine remediation :FALSE, Turn on behavior monitoring :TRUE, Turn on catch-up full scan :FALSE, Turn on catch-up quick scan :FALSE, Turn on definition retirement :FALSE, Turn on e-mail scanning :FALSE, Turn on heuristics :FALSE, Turn on process scanning whenever real-time protection is enabled :TRUE, Turn on protocol recognition :FALSE, Turn on raw volume write notifications :FALSE, Turn on reparse point scanning :FALSE, Turn on scan after signature update :FALSE,",Also in Light Security & Standard Security Windows,JC Enhanced Security - Windows Firewall,Windows Firewall,"Windows Firewall: Allow local port exceptions (domain profile) :FALSE, Windows Firewall: Allow local port exceptions (standard profile) :FALSE, Windows Firewall: Allow local program exceptions (standard profile) :FALSE, Windows Firewall: Allow local program exceptions (domain profile) :FALSE, Windows Firewall: Do not allow exceptions (standard profile) :FALSE, Windows Firewall: Do not allow exceptions (domain profile) :FALSE, Windows Firewall: Prohibit notifications (standard profile) :FALSE, Windows Firewall: Prohibit notifications (domain profile) :FALSE, Windows Firewall: Prohibit unicast response to multicast or broadcast requests (domain profile) :FALSE, Windows Firewall: Prohibit unicast response to multicast or broadcast requests (standard profile) :TRUE, Windows Firewall: Protect all network connections (domain profile) :TRUE, Windows Firewall: Protect all network connections (standard profile) :TRUE,",Also in Light Security & Standard Security Windows,JC Enhanced Security - Rename Local Administrator Account Policy,Rename Local Administrator Account,"Local Administrator Account Name :""JC-User""", iOS,JC Enhanced Security - Require Passcode for User-Enrolled Devices,Require Passcode for User-Enrolled Devices,TRUE, iOS,JC Enhanced Security - Passcode Restrictions,Passcode Restrictions,"Allow simple passcodes :FALSE, Require alphanumeric :FALSE, Force PIN :TRUE, Set max failed attempts :TRUE, Max failed attempts :10, Set max grace period :FALSE, Set max inactivity :FALSE, Set max PIN age :TRUE, Max PIN age :365, Minimum complex characters :0, Minimum length :6, Set PIN history length, :TRUE, PIN History Length :5,",