UCF STIG Viewer Logo

Standard user accounts must only have Read permissions to the Winlogon registry key.


Overview

Finding ID Version Rule ID IA Controls Severity
V-226268 WN12-RG-000001 SV-226268r794557_rule High
Description
Permissions on the Winlogon registry key must only allow privileged accounts to change registry values. If standard users have these permissions, there is a potential for programs to run with elevated privileges when a privileged user logs on to the system.
STIG Date
Microsoft Windows Server 2012/2012 R2 Domain Controller Security Technical Implementation Guide 2022-03-01

Details

Check Text ( C-27970r476648_chk )
Run "Regedit".
Navigate to the following registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\

Right-click on "WinLogon" and select "Permissions…".
Select "Advanced".

If the permissions are not as restrictive as the defaults listed below, this is a finding.

The following are the same for each permission listed:
Type - Allow
Inherited from - MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion
Applies to - This key and subkeys

Columns: Principal - Access
TrustedInstaller - Full Control
SYSTEM - Full Control
Administrators - Full Control
Users - Read
ALL APPLICATION PACKAGES - Read
Fix Text (F-27958r476649_fix)
Maintain permissions at least as restrictive as the defaults listed below for the "WinLogon" registry key. It is recommended to not change the permissions from the defaults.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\

The following are the same for each permission listed:
Type - Allow
Inherited from - MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion
Applies to - This key and subkeys

Columns: Principal - Access
TrustedInstaller - Full Control
SYSTEM - Full Control
Administrators - Full Control
Users - Read
ALL APPLICATION PACKAGES - Read