Vista Security Guide: Audio and SSLF configuration

The SSLF configuration currently prescribed in the guide contains a setting recommendation that prevents the Windows Audio service from starting correctly. The Windows Audio service manages audio for Windows programs. If this service is stopped, audio devices do not function properly. To ensure this service starts correctly on SSLF computers, the Increase a process working set setting under Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignments must include the following groups: Administrators, LOCAL SERVICE.

The following locations in the guide improperly specify the configuration of this setting:

  • Table A15 in Appendix A specifies that the Increase a process working set  setting should be configured only to Administrators… the same is specified in the setting description on p. 25. The correct configuration of the setting should include Administrators and Local Service.
  • Line 42 of the Computer Policy Settings sheet in the Windows Vista Security Guide Settings.xls specifies only Administrators. Cells N42 and O42 should both contain Administrators, LOCAL SERVICE.
  • The SSLF Laptop and Desktop GPOs created by the GPOAccelerator tool, as well as the SSLF security templates (.inf files) included with the guide configures the setting for the Administrators group only. For the Windows Audio service to start correctly, the Increase a process working set setting in these GPOs must include the following groups: Administrators, LOCAL SERVICE.