Most of our compliance benchmarks have several profiles. Profiles allow for a single benchmark document to be used to audit different OS platforms, and allow for rule values appropriate to the platform. i.e. Windows 2008 R2 might use the same rule as Windows 2008, but the actual setting for that rule might be different on R2 than on vanilla 2008. Likewise, rules for a specific platform will vary based on the security needs of the machine being audited. For example, an R2 server hosting a web application on the DMZ is much more at risk than an internal R2 server hosting fileshares, so their security settings will be different.
Your screenshot shows that you are viewing the base benchmark, otherwise called the 'no profile' profile. This profile has all of the rules disabled. But if you use the drop-down to select the appropriate profile, you'll see that rules are enabled.
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.
Community Help Hub
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.