UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Users must not be allowed to run virtual machines in Hyper-V on the system.


Overview

Finding ID Version Rule ID IA Controls Severity
V-63365 WN10-00-000080 SV-77855r2_rule Medium
Description
Allowing other operating systems to run on a secure system may allow users to circumvent security. Preventing users from being assigned to the Hyper-V Administrators group will prevent them from accessing or creating virtual machines on the system. The Hyper-V Hypervisor is used by Virtualization Based Security features such as Credential Guard on Windows 10; however, it is not the full Hyper-V installation.
STIG Date
Windows 10 Security Technical Implementation Guide 2019-01-04

Details

Check Text ( C-76165r2_chk )
Run "Computer Management".
Navigate to System Tools >> Local Users and Groups >> Groups.
Double click on "Hyper-V Administrators".

If any groups or user accounts are listed in "Members:", this is a finding.

If the workstation has an approved use of Hyper-V, such as being used as a dedicated admin workstation using Hyper-V to separate administration and standard user functions, the account(s) needed to access the virtual machine is not a finding.
Fix Text (F-69285r1_fix)
Remove any groups or users from the "Hyper-V Administrators" group.