Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
WN12-RG-000001 | WN12-RG-000001 | WN12-RG-000001_rule | High |
Description |
---|
Permissions on the Winlogon registry key must only allow privileged accounts to change registry values. If standard users have this capability, there is a potential for programs to run with elevated privileges when a privileged user logs on to the system. |
STIG | Date |
---|---|
Microsoft Windows Server 2012 Member Server Security Technical Implementation Guide | 2013-07-25 |
Check Text ( C-WN12-RG-000001_chk ) |
---|
Navigate to the following registry key and review the assigned permissions: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon Standard user accounts and groups must only have Read permissions to this registry key. If any standard user accounts or groups have greater permissions, this is a finding. The default permissions satisfy this requirement. |
Fix Text (F-WN12-RG-000001_fix) |
---|
Ensure only Read permissions are assigned to standard user accounts and groups for the following registry key. The default configuration satisfies this requirement. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon |