Hi, as title, while reviewing policies, especially on window servers policies, some of them have either "disable" , "enable" and "key not found" check box. Let say I have policy stated" Do not allow passwords to be save", this policy will prevent password to be saved in Remote Desktop Services clients and user will no longer be able to save passwords. According to CIS benchmark, this should be enable by default, but somehow I have dilemma on "key no found" check box. What if some servers does not have this registry key, or maybe the service is not installed, will this policy flag that server for this reason just because it does not find the key? To me, if the key is not found, it is even more secure since if attack wish to exploit on this services, but could not find the key, nothing could be exploit.
Kindly correct me if I left out anything.