{221C15F2-D130-431A-B557-B3793AABCDDE} azureblog.pl Tier0 PAW Configuration - Computer true 2020-05-23T17:58:50 2020-05-23T18:55:35 2020-05-23T19:05:45.8715904Z O:DAG:DAD:PAI(OA;CI;CR;edacfd8f-ffb3-11d1-b41d-00a0c968f939;;AU)(A;;CCDCLCSWRPWPDTLOSDRCWDWO;;;DA)(A;CI;CCDCLCSWRPWPDTLOSDRCWDWO;;;DA)(A;CI;CCDCLCSWRPWPDTLOSDRCWDWO;;;S-1-5-21-657827913-1895599540-1755036276-519)(A;CI;LCRPLORC;;;ED)(A;CI;LCRPLORC;;;AU)(A;CI;CCDCLCSWRPWPDTLOSDRCWDWO;;;SY)(A;CIIO;CCDCLCSWRPWPDTLOSDRCWDWO;;;CO)S:AI(OU;CIIDSA;WPWD;;f30e3bc2-9ff0-11d1-b603-0000f80367c1;WD)(OU;CIIOIDSA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)(OU;CIIOIDSA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD) S-1-5-21-657827913-1895599540-1755036276-512 AZUREBLOG\Domain Admins S-1-5-21-657827913-1895599540-1755036276-512 AZUREBLOG\Domain Admins true false S-1-5-9 NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS Allow false true false true false Read 0 S-1-5-18 NT AUTHORITY\SYSTEM Allow false true false true false Edit, delete, modify security 0 S-1-5-21-657827913-1895599540-1755036276-512 AZUREBLOG\Domain Admins Allow false true false true false Edit, delete, modify security 0 S-1-5-11 NT AUTHORITY\Authenticated Users Allow false true false true false Apply Group Policy 0 S-1-5-21-657827913-1895599540-1755036276-519 AZUREBLOG\Enterprise Admins Allow false true false true false Edit, delete, modify security 0 false true 6 6 true 1 2 3 4 5 6 7 Local Users and Groups SeInteractiveLogonRight S-1-5-21-657827913-1895599540-1755036276-3101 AZUREBLOG\Tier0PAWUsers S-1-5-21-657827913-1895599540-1755036276-3102 AZUREBLOG\Tier0PAWMaint S-1-5-32-544 BUILTIN\Administrators false Security 541 false false true true false true true %systemroot%\system32\logfiles\firewall\pfirewall.log 32767 true true false false true true false true true false false true true false true true %systemroot%\system32\logfiles\firewall\pfirewall.log 32767 false false 2.20 Allow @FirewallAPI.dll,-25351 In System 41 @FirewallAPI.dll,-25357 true @FirewallAPI.dll,-25000 2.20 Allow @FirewallAPI.dll,-25426 In System IPTLSIn IPHTTPSIn 6 @FirewallAPI.dll,-25428 true @FirewallAPI.dll,-25000 2.20 Allow @FirewallAPI.dll,-25326 In %SystemRoot%\system32\svchost.exe iphlpsvc Teredo 17 @FirewallAPI.dll,-25332 true @FirewallAPI.dll,-25000 2.20 Allow @FirewallAPI.dll,-25304 In %SystemRoot%\system32\svchost.exe dhcp 546 547 17 @FirewallAPI.dll,-25306 true @FirewallAPI.dll,-25000 2.20 Allow @FirewallAPI.dll,-25301 In %SystemRoot%\system32\svchost.exe dhcp 68 67 17 @FirewallAPI.dll,-25303 true @FirewallAPI.dll,-25000 2.20 Allow @FirewallAPI.dll,-25376 In System 2 @FirewallAPI.dll,-25382 true @FirewallAPI.dll,-25000 2.20 Allow @FirewallAPI.dll,-25251 In System 1 3:4 @FirewallAPI.dll,-25257 true @FirewallAPI.dll,-25000 2.20 Allow @FirewallAPI.dll,-25082 In System LocalSubnet LocalSubnet 58 132:* @FirewallAPI.dll,-25088 true @FirewallAPI.dll,-25000 2.20 Allow @FirewallAPI.dll,-25075 In System LocalSubnet LocalSubnet 58 143:* @FirewallAPI.dll,-25081 true @FirewallAPI.dll,-25000 2.20 Allow @FirewallAPI.dll,-25068 In System LocalSubnet LocalSubnet 58 131:* @FirewallAPI.dll,-25074 true @FirewallAPI.dll,-25000 2.20 Allow @FirewallAPI.dll,-25061 In System LocalSubnet LocalSubnet 58 130:* @FirewallAPI.dll,-25067 true @FirewallAPI.dll,-25000 2.20 Allow @FirewallAPI.dll,-25009 In System 58 133:* @FirewallAPI.dll,-25011 true @FirewallAPI.dll,-25000 2.20 Allow @FirewallAPI.dll,-25012 In System fe80::/64 58 134:* @FirewallAPI.dll,-25018 true @FirewallAPI.dll,-25000 2.20 Allow @FirewallAPI.dll,-25026 In System 58 136:* @FirewallAPI.dll,-25032 true true @FirewallAPI.dll,-25000 2.20 Allow @FirewallAPI.dll,-25019 In System 58 135:* @FirewallAPI.dll,-25025 true true @FirewallAPI.dll,-25000 2.20 Allow @FirewallAPI.dll,-25116 In System 58 4:* @FirewallAPI.dll,-25118 true true @FirewallAPI.dll,-25000 2.20 Allow @FirewallAPI.dll,-25113 In System 58 3:* @FirewallAPI.dll,-25115 true true @FirewallAPI.dll,-25000 2.20 Allow @FirewallAPI.dll,-25001 In 58 2:* @FirewallAPI.dll,-25007 true true @FirewallAPI.dll,-25000 2.20 Allow @FirewallAPI.dll,-25110 In System 58 1:* @FirewallAPI.dll,-25112 true true @FirewallAPI.dll,-25000 2.27 Allow @ipnathlp.dll,-144 In %systemroot%\system32\svchost.exe SharedAccess {A1131DFB-A2A7-4C2C-9FE6-CDCF4DD7CACA} Domain Private Public 67 17 @ipnathlp.dll,-10143 true @ipnathlp.dll,-140 2.27 Allow @ipnathlp.dll,-145 In %systemroot%\system32\svchost.exe SharedAccess {A1131DFB-A2A7-4C2C-9FE6-CDCF4DD7CACA} Domain Private Public 68 17 @ipnathlp.dll,-10144 true @ipnathlp.dll,-140 2.28 Allow @FirewallAPI.dll,-37631 In System 58 128:* @FirewallAPI.dll,-37632 true @FirewallAPI.dll,-37601 2.28 Allow @FirewallAPI.dll,-37627 In System 1 8:* @FirewallAPI.dll,-37628 true @FirewallAPI.dll,-37601 2.28 Allow @FirewallAPI.dll,-37604 In %systemroot%\System32\lsass.exe 636 6 @FirewallAPI.dll,-37617 true @FirewallAPI.dll,-37601 2.28 Allow @FirewallAPI.dll,-37636 In %systemroot%\system32\svchost.exe rpcss RPC-EPMap 6 @FirewallAPI.dll,-37614 true @FirewallAPI.dll,-37601 2.28 Allow @FirewallAPI.dll,-37635 In %systemroot%\System32\lsass.exe RPC 6 @FirewallAPI.dll,-37613 true @FirewallAPI.dll,-37601 2.28 Allow @firewallapi.dll,-53003 In %systemroot%\System32\dns.exe dns RPC 6 @firewallapi.dll,-53009 true @firewallapi.dll,-53012 2.28 Allow @firewallapi.dll,-53002 In %systemroot%\System32\dns.exe dns 53 17 @firewallapi.dll,-53008 true @firewallapi.dll,-53012 2.28 Allow @firewallapi.dll,-53001 In %systemroot%\System32\dns.exe dns 53 6 @firewallapi.dll,-53007 true @firewallapi.dll,-53012 2.28 Allow @firewallapi.dll,-53000 In %systemroot%\system32\svchost.exe rpcss RPC-EPMap 6 @firewallapi.dll,-53006 true @firewallapi.dll,-53012 2.28 Allow @FirewallAPI.dll,-30253 In System Public LocalSubnet LocalSubnet 5985 6 @FirewallAPI.dll,-30256 true @FirewallAPI.dll,-30267 2.28 Allow @FirewallAPI.dll,-30253 In System Domain Private 5985 6 @FirewallAPI.dll,-30256 true @FirewallAPI.dll,-30267 2.28 Allow @FirewallAPI.dll,-35001 In System 80 6 @FirewallAPI.dll,-35002 true @FirewallAPI.dll,-30252 2.20 Allow LSASS Outbound Allow Out %windir%\system32\lsass.exe Domain true 2.20 Allow Allow WMI outbound query Out %windir%\system32\wbem\wmiprvse.exe Domain 389 6 true 2.20 Allow @FirewallAPI.dll,-28550 Out %SystemRoot%\system32\svchost.exe dnscache Domain LocalSubnet LocalSubnet 5355 17 @FirewallAPI.dll,-28551 true @FirewallAPI.dll,-28502 2.20 Allow @FirewallAPI.dll,-28546 Out Domain 58 128:* @FirewallAPI.dll,-28547 true @FirewallAPI.dll,-28502 2.20 Allow @FirewallAPI.dll,-28544 Out Domain 1 8:* @FirewallAPI.dll,-28547 true @FirewallAPI.dll,-28502 2.20 Allow @FirewallAPI.dll,-28531 Out System Domain 138 17 @FirewallAPI.dll,-28534 true @FirewallAPI.dll,-28502 2.20 Allow @FirewallAPI.dll,-28523 Out System Domain 137 17 @FirewallAPI.dll,-28526 true @FirewallAPI.dll,-28502 2.20 Allow @FirewallAPI.dll,-28507 Out System Domain 139 6 @FirewallAPI.dll,-28510 true @FirewallAPI.dll,-28502 2.20 Allow Allow outbound NlaSvc Service port 389 Out %windir%\System32\svchost.exe NlaSvc Domain 389 6 true 2.20 Allow Outbound RDP (3389) Out Domain 3389 6 true 2.20 Allow @FirewallAPI.dll,-25407 Out %SystemRoot%\system32\lsass.exe Domain 6 @FirewallAPI.dll,-25408 true @FirewallAPI.dll,-25000 2.20 Allow @FirewallAPI.dll,-25405 Out %SystemRoot%\system32\svchost.exe dnscache 53 17 @FirewallAPI.dll,-25406 true @FirewallAPI.dll,-25000 2.20 Allow @FirewallAPI.dll,-25403 Out %SystemRoot%\system32\svchost.exe Domain 6 @FirewallAPI.dll,-25404 true @FirewallAPI.dll,-25000 2.20 Allow @FirewallAPI.dll,-25401 Out System Domain 445 6 @FirewallAPI.dll,-25401 true @FirewallAPI.dll,-25000 2.20 Allow @FirewallAPI.dll,-25352 Out System 41 @FirewallAPI.dll,-25358 true @FirewallAPI.dll,-25000 2.20 Allow @FirewallAPI.dll,-25427 Out %SystemRoot%\system32\svchost.exe iphlpsvc IPTLSOut IPHTTPSOut 6 @FirewallAPI.dll,-25429 true @FirewallAPI.dll,-25000 2.20 Allow @FirewallAPI.dll,-25327 Out %SystemRoot%\system32\svchost.exe iphlpsvc 17 @FirewallAPI.dll,-25333 true @FirewallAPI.dll,-25000 2.20 Allow @FirewallAPI.dll,-25305 Out %SystemRoot%\system32\svchost.exe dhcp 546 547 17 @FirewallAPI.dll,-25306 true @FirewallAPI.dll,-25000 2.20 Allow @FirewallAPI.dll,-25302 Out %SystemRoot%\system32\svchost.exe dhcp 68 67 17 @FirewallAPI.dll,-25303 true @FirewallAPI.dll,-25000 2.20 Allow @FirewallAPI.dll,-25377 Out System 2 @FirewallAPI.dll,-25382 true @FirewallAPI.dll,-25000 2.20 Allow @FirewallAPI.dll,-25083 Out LocalSubnet LocalSubnet 58 132:* @FirewallAPI.dll,-25088 true @FirewallAPI.dll,-25000 2.20 Allow @FirewallAPI.dll,-25076 Out LocalSubnet LocalSubnet 58 143:* @FirewallAPI.dll,-25081 true @FirewallAPI.dll,-25000 2.20 Allow @FirewallAPI.dll,-25069 Out LocalSubnet LocalSubnet 58 131:* @FirewallAPI.dll,-25074 true @FirewallAPI.dll,-25000 2.20 Allow @FirewallAPI.dll,-25062 Out LocalSubnet LocalSubnet 58 130:* @FirewallAPI.dll,-25067 true @FirewallAPI.dll,-25000 2.20 Allow @FirewallAPI.dll,-25008 Out LocalSubnet LocalSubnet fe80::/64 ff02::2 58 133:* @FirewallAPI.dll,-25011 true @FirewallAPI.dll,-25000 2.20 Allow @FirewallAPI.dll,-25013 Out fe80::/64 LocalSubnet LocalSubnet fe80::/64 ff02::1 58 134:* @FirewallAPI.dll,-25018 true @FirewallAPI.dll,-25000 2.20 Allow @FirewallAPI.dll,-25027 Out 58 136:* @FirewallAPI.dll,-25032 true @FirewallAPI.dll,-25000 2.20 Allow @FirewallAPI.dll,-25020 Out 58 135:* @FirewallAPI.dll,-25025 true @FirewallAPI.dll,-25000 2.20 Allow @FirewallAPI.dll,-25117 Out 58 4:* @FirewallAPI.dll,-25118 true @FirewallAPI.dll,-25000 2.20 Allow @FirewallAPI.dll,-25114 Out 58 3:* @FirewallAPI.dll,-25115 true @FirewallAPI.dll,-25000 2.20 Allow @FirewallAPI.dll,-25002 Out 58 2:* @FirewallAPI.dll,-25007 true @FirewallAPI.dll,-25000 2.20 Allow Allow outbound NlaSvc Service port 389 TCP Out Private Public 389 6 true 2.20 Allow Allow outbound NlaSvc Service port 389 UDP Out Private Public 389 17 true 2.27 Allow @ipnathlp.dll,-151 Out %systemroot%\system32\svchost.exe SharedAccess {A1131DFB-A2A7-4C2C-9FE6-CDCF4DD7CACA} Domain Private Public @ipnathlp.dll,-10149 true @ipnathlp.dll,-140 2.28 Block Block HTTP/HTTPS Out 80 443 6 Blocks outbound HTTP and HTTPS true 2.28 Allow @FirewallAPI.dll,-37633 Out System 58 128:* @FirewallAPI.dll,-37634 true @FirewallAPI.dll,-37601 2.28 Allow @FirewallAPI.dll,-37629 Out System 1 8:* @FirewallAPI.dll,-37630 true @FirewallAPI.dll,-37601 2.28 Allow @FirewallAPI.dll,-37608 Out %systemroot%\System32\lsass.exe 17 @FirewallAPI.dll,-37621 true @FirewallAPI.dll,-37601 2.28 Allow @FirewallAPI.dll,-37607 Out %systemroot%\System32\lsass.exe 6 @FirewallAPI.dll,-37620 true @FirewallAPI.dll,-37601 2.28 Allow @firewallapi.dll,-53005 Out %systemroot%\System32\dns.exe dns 17 @firewallapi.dll,-53011 true @firewallapi.dll,-53012 2.28 Allow @firewallapi.dll,-53004 Out %systemroot%\System32\dns.exe dns 6 @firewallapi.dll,-53010 true @firewallapi.dll,-53012 Windows Firewall Windows Defender Firewall: Allow logging Enabled Allows Windows Defender Firewall to record information about the unsolicited incoming messages that it receives. If you enable this policy setting, Windows Defender Firewall writes the information to a log file. You must provide the name, location, and maximum size of the log file. The location can contain environment variables. You must also specify whether to record information about incoming messages that the firewall blocks (drops) and information about successful incoming and outgoing connections. Windows Defender Firewall does not provide an option to log successful incoming messages. If you are configuring the log file name, ensure that the Windows Defender Firewall service account has write permissions to the folder containing the log file. Default path for the log file is %systemroot%\system32\LogFiles\Firewall\pfirewall.log. If you disable this policy setting, Windows Defender Firewall does not record information in the log file. If you enable this policy setting, and Windows Defender Firewall creates the log file and adds information, then upon disabling this policy setting, Windows Defender Firewall leaves the log file intact. If you do not configure this policy setting, Windows Defender Firewall behaves as if the policy setting were disabled. At least Windows XP Professional with SP2 Network/Network Connections/Windows Defender Firewall/Domain Profile Log dropped packets Enabled Log successful connections Enabled Log file path and name: Enabled %systemroot%\system32\logfiles\firewall\pfirewall.log Size limit (KB): Enabled 32767 Windows Defender Firewall: Prohibit notifications Disabled Prevents Windows Defender Firewall from displaying notifications to the user when a program requests that Windows Defender Firewall add the program to the program exceptions list. If you enable this policy setting, Windows Defender Firewall prevents the display of these notifications. If you disable this policy setting, Windows Defender Firewall allows the display of these notifications. In the Windows Defender Firewall component of Control Panel, the "Notify me when Windows Defender Firewall blocks a new program" check box is selected and administrators cannot clear it. If you do not configure this policy setting, Windows Defender Firewall behaves as if the policy setting were disabled, except that in the Windows Defender Firewall component of Control Panel, the "Notify me when Windows Defender Firewall blocks a new program" check box is selected by default, and administrators can change it. At least Windows XP Professional with SP2 Network/Network Connections/Windows Defender Firewall/Domain Profile Windows Defender Firewall: Prohibit unicast response to multicast or broadcast requests Enabled Prevents this computer from receiving unicast responses to its outgoing multicast or broadcast messages. If you enable this policy setting, and this computer sends multicast or broadcast messages to other computers, Windows Defender Firewall blocks the unicast responses sent by those other computers. If you disable or do not configure this policy setting, and this computer sends a multicast or broadcast message to other computers, Windows Defender Firewall waits as long as three seconds for unicast responses from the other computers and then blocks all later responses. Note: This policy setting has no effect if the unicast message is a response to a Dynamic Host Configuration Protocol (DHCP) broadcast message sent by this computer. Windows Defender Firewall always permits those DHCP unicast responses. However, this policy setting can interfere with the NetBIOS messages that detect name conflicts. At least Windows XP Professional with SP2 Network/Network Connections/Windows Defender Firewall/Domain Profile Windows Defender Firewall: Protect all network connections Enabled Turns on Windows Defender Firewall. If you enable this policy setting, Windows Defender Firewall runs and ignores the "Computer Configuration\Administrative Templates\Network\Network Connections\Prohibit use of Internet Connection Firewall on your DNS domain network" policy setting. If you disable this policy setting, Windows Defender Firewall does not run. This is the only way to ensure that Windows Defender Firewall does not run and administrators who log on locally cannot start it. If you do not configure this policy setting, administrators can use the Windows Defender Firewall component in Control Panel to turn Windows Defender Firewall on or off, unless the "Prohibit use of Internet Connection Firewall on your DNS domain network" policy setting overrides. At least Windows XP Professional with SP2 Network/Network Connections/Windows Defender Firewall/Domain Profile SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications false SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts false SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile\AuthorizedApplications false SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile\GloballyOpenPorts false SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\AuthorizedApplications false SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\GloballyOpenPorts false SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\Logging false false Registry 2 2 false Devices azureblog.pl/Admin/Tier0/Devices true false