Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-63365 | WN10-00-000080 | SV-77855r2_rule | Medium |
Description |
---|
Allowing other operating systems to run on a secure system may allow users to circumvent security. Preventing users from being assigned to the Hyper-V Administrators group will prevent them from accessing or creating virtual machines on the system. The Hyper-V Hypervisor is used by Virtualization Based Security features such as Credential Guard on Windows 10; however, it is not the full Hyper-V installation. |
STIG | Date |
---|---|
Windows 10 Security Technical Implementation Guide | 2019-01-04 |
Check Text ( C-76165r2_chk ) |
---|
Run "Computer Management". Navigate to System Tools >> Local Users and Groups >> Groups. Double click on "Hyper-V Administrators". If any groups or user accounts are listed in "Members:", this is a finding. If the workstation has an approved use of Hyper-V, such as being used as a dedicated admin workstation using Hyper-V to separate administration and standard user functions, the account(s) needed to access the virtual machine is not a finding. |
Fix Text (F-69285r1_fix) |
---|
Remove any groups or users from the "Hyper-V Administrators" group. |