Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-220715 | WN10-00-000085 | SV-220715r890423_rule | Low |
Description |
---|
To minimize potential points of attack, local user accounts, other than built-in accounts and local administrator accounts, must not exist on a workstation in a domain. Users must log on to workstations in a domain with their domain accounts. |
STIG | Date |
---|---|
Microsoft Windows 10 Security Technical Implementation Guide | 2024-02-21 |
Check Text ( C-22430r890421_chk ) |
---|
For standalone or nondomain-joined systems, this is Not Applicable. Run "Computer Management". Navigate to System Tools >> Local Users and Groups >> Users. If local users other than the accounts listed below exist on a workstation in a domain, this is a finding. Built-in Administrator account (Disabled) Built-in Guest account (Disabled) Built-in DefaultAccount (Disabled) Built-in defaultuser0 (Disabled) Built-in WDAGUtilityAccount (Disabled) Local administrator account(s) All of the built-in accounts may not exist on a system, depending on the Windows 10 version. |
Fix Text (F-22419r890422_fix) |
---|
Limit local user accounts on domain-joined systems. Remove any unauthorized local accounts. |