diff --git a/tasks/section02.yml b/tasks/section02.yml
index 7461587..b2bbce8 100644
--- a/tasks/section02.yml
+++ b/tasks/section02.yml
@@ -874,7 +874,7 @@
   win_regedit:
     path: HKLM:\System\Currentcontrolset\Services\Netlogon\Parameters
     name: disablepasswordchange
-    data: 1
+    data: 0
     type: dword
   when:
     - rule_2_3_6_4
@@ -1378,7 +1378,7 @@
   win_regedit:
     path: HKLM:\Software\Microsoft\Windows\Currentversion\Policies\System\Kerberos\Parameters
     name: SupportedEncryptionTypes
-    data: 2147483644
+    data: 2147483640
     type: dword
   when:
     - rule_2_3_11_4
diff --git a/tasks/section09.yml b/tasks/section09.yml
index d2dd2da..4901180 100644
--- a/tasks/section09.yml
+++ b/tasks/section09.yml
@@ -43,7 +43,7 @@
   win_regedit:
     path: HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile
     name: DisableNotifications
-    data: 0
+    data: 1
     type: dword
   when:
     - rule_9_1_4
@@ -154,7 +154,7 @@
   win_regedit:
     path: HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile
     name: DisableNotifications
-    data: 0
+    data: 1
     type: dword
   when:
     - rule_9_2_4
@@ -265,7 +265,7 @@
   win_regedit:
     path: HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile
     name: DisableNotifications
-    data: 0
+    data: 1
     type: dword
   when:
     - rule_9_3_4
diff --git a/tasks/section17.yml b/tasks/section17.yml
index 634788d..f4c0695 100644
--- a/tasks/section17.yml
+++ b/tasks/section17.yml
@@ -278,7 +278,7 @@
         register: rule_17_5_1_audit
 
       - name: "SCORED | 17.5.1 | PATCH | L1 Ensure Audit Account Lockout is set to include Failure"
-        win_shell: AuditPol /set /subcategory:"Account Lockout" /success:enable
+        win_shell: AuditPol /set /subcategory:"Account Lockout" /failure:enable
         when: "'Failure' not in rule_17_5_1_audit.stdout"
   when:
     - rule_17_5_1
diff --git a/tasks/section18.yml b/tasks/section18.yml
index 736cb8f..2b4c964 100644
--- a/tasks/section18.yml
+++ b/tasks/section18.yml
@@ -237,7 +237,7 @@
   win_regedit:
       path: HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager\kernel
       name: DisableExceptionChainValidation
-      data: 1
+      data: 0
       type: dword
       state: present
   when:
@@ -271,8 +271,8 @@
   win_regedit:
       path: HKLM:\SYSTEM\CurrentControlSet\Services\NetBT\Parameters
       state: present
-      name: NodeType
-      value: "{{ netbt_nodetype }}"
+      value: NodeType
+      data: "{{ netbt_nodetype }}"
       datatype: dword
   when:
     - rule_18_3_6
@@ -745,7 +745,7 @@
   win_regedit:
     path: HKLM:\Software\Policies\Microsoft\Windows\Wcmsvc\Grouppolicy
     name: fMinimizeConnections
-    data: 1
+    data: 3
     type: dword
   when:
     - rule_18_5_21_1
@@ -1754,7 +1754,7 @@
     path: HKLM:\Software\Policies\Microsoft\Windows\EventLog\Application
     name: Retention
     data: 0
-    type: dword
+    type: string
   when:
     - rule_18_9_26_1_1
   tags:
@@ -1807,7 +1807,7 @@
 
 - name: "SCORED | 18.9.26.3.1 | PATCH | L1 Ensure Setup Control Event Log behavior when the log file reaches its maximum size is set to Disabled"
   win_regedit:
-    path: HKLM:\Software\Policies\Microsoft\Windows\Eventlog\Application
+    path: HKLM:\Software\Policies\Microsoft\Windows\Eventlog\Setup
     name: Retention
     data: 0
     type: string
@@ -2352,7 +2352,7 @@
 - name: "SCORED | 18.9.77.13.3.1 | PATCH | L1 Ensure Prevent users and apps from accessing dangerous websites is set to Enabled Block"
   win_regedit:
     path: HKLM:\Software\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Network Protection
-    name: ExploitGuard_ASR_Rules
+    name: EnableNetworkProtection
     data: 1
     type: dword
   when:
@@ -2502,7 +2502,7 @@
   win_regedit:
     path: HKLM:\Software\Policies\Microsoft\Windows\Powershell\Scriptblocklogging
     name: EnableScriptBlockLogging
-    data: 1
+    data: 0
     type: dword
   when:
     - rule_18_9_95_1
@@ -2516,7 +2516,7 @@
   win_regedit:
     path: HKLM:\Software\Policies\Microsoft\Windows\Powershell\Transcription
     name: EnableTranscripting
-    data: 1
+    data: 0
     type: dword
   when:
     - rule_18_9_95_2
diff --git a/tasks/section19.yml b/tasks/section19.yml
index e564c5d..1869611 100644
--- a/tasks/section19.yml
+++ b/tasks/section19.yml
@@ -143,14 +143,14 @@
       win_regedit:
           path: HKU:\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments
           name: SaveZoneInformation
-          data: 3
+          data: 2
           type: dword
 
     - name: "SCORED | 19.7.4.1 | PATCH | L1 Ensure Do not preserve zone information in file attachments is set to Disabled"
       win_regedit:
           path: HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments
           name: SaveZoneInformation
-          data: 3
+          data: 2
           type: dword
   when:
     - rule_19_7_4_1