Standard user accounts must only have Read permissions to the Winlogon registry key.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-26070 | WN08-RG-000001 | SV-48504r2_rule | High |
| Description |
|---|
| Permissions on the Winlogon registry key must only allow privileged accounts to change registry values. If standard users have this capability, there is a potential for programs to run with elevated privileges when a privileged user logs on to the system. |
| STIG | Date |
|---|---|
| Windows 8 / 8.1 Security Technical Implementation Guide | 2016-12-19 |
Details
| Check Text ( C-64135r1_chk ) |
|---|
| Run "Regedit". Navigate to the following registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\ Review the permissions. If the default permissions listed below have been changed, this is a finding. TrustedInstaller - Full Control SYSTEM - Full Control Administrators - Full Control Users - Read ALL APPLICATION PACKAGES - Read |
| Fix Text (F-69315r1_fix) |
|---|
| Maintain the default permissions of the following registry key as noted below: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\ TrustedInstaller - Full Control SYSTEM - Full Control Administrators - Full Control Users - Read ALL APPLICATION PACKAGES - Read |