Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-26070 | 2.023 | SV-33308r3_rule | High |
Description |
---|
Permissions on the Winlogon registry key must only allow privileged accounts to change registry values. If standard users have this capability there is a potential for programs to run with elevated privileges when a privileged user logs on to the system. |
STIG | Date |
---|---|
Windows 2008 Domain Controller Security Technical Implementation Guide | 2019-01-16 |
Check Text ( C-74021r2_chk ) |
---|
Run "Regedit". Navigate to the following registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\ Right-click on "WinLogon" and select "Permissions…". Select "Advanced". If the permissions are not as restrictive as the defaults listed below, this is a finding. The following are the same for each permission listed: Type - Allow Inherited from - MACHINE\SOFTWARE Columns: Name - Permission - Apply to Users - Read - This key and subkeys Administrators - Full Control - This key and subkeys SYSTEM - Full Control - This key and subkeys CREATOR OWNER - Special - Subkeys only (Special = Full Control) |
Fix Text (F-80417r1_fix) |
---|
Maintain permissions at least as restrictive as the defaults listed below for the "WinLogon" registry key. It is recommended to not change the permissions from the defaults. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\ The following are the same for each permission listed: Type - Allow Inherited from - MACHINE\SOFTWARE Columns: Name - Permission - Apply to Users - Read - This key and subkeys Administrators - Full Control - This key and subkeys SYSTEM - Full Control - This key and subkeys CREATOR OWNER - Special - Subkeys only (Special = Full Control) |