Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-26070 | 2.023 | SV-33310r1_rule | ECCD-1 ECCD-2 | High |
Description |
---|
Permissions on the Winlogon registry key should only allow privileged accounts to change registry values. If standard users have this capability there is a potential for programs to run with elevated privileges when a privileged user logs on to the system. |
STIG | Date |
---|---|
Windows Server 2008 R2 Domain Controller Security Technical Implementation Guide | 2012-09-05 |
Check Text ( C-32949r1_chk ) |
---|
Navigate to the following registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon. Verify the permissions assigned. Standard user accounts and groups will only have Read permissions to this registry key. If any standard user accounts or groups have greater permissions, this is a finding. The default permissions satisfy this requirement. |
Fix Text (F-29102r1_fix) |
---|
Assign only Read permissions for standard user accounts and groups to the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon registry key. This is the default configuration. |