UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Standard user accounts must only have Read permissions to the Winlogon registry key.


Overview

Finding ID Version Rule ID IA Controls Severity
V-26070 2.023 SV-33310r3_rule High
Description
Permissions on the Winlogon registry key must only allow privileged accounts to change registry values. If standard users have this capability there is a potential for programs to run with elevated privileges when a privileged user logs on to the system.
STIG Date
Windows Server 2008 R2 Member Server Security Technical Implementation Guide 2019-03-13

Details

Check Text ( C-74013r2_chk )
Run "Regedit".
Navigate to the following registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\

Right-click on "WinLogon" and select "Permissions…".
Select "Advanced".

If the permissions are not as restrictive as the defaults listed below, this is a finding.

The following are the same for each permission listed:
Type - Allow
Inherited from - MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion
Apply to - This key and subkeys

Columns: Name - Permission
TrustedInstaller - Full Control
SYSTEM - Full Control
Administrators - Full Control
Users - Read
Fix Text (F-80409r1_fix)
Maintain permissions at least as restrictive as the defaults listed below for the "WinLogon" registry key. It is recommended to not change the permissions from the defaults.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\

The following are the same for each permission listed:
Type - Allow
Inherited from - MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion
Apply to - This key and subkeys

Columns: Name - Permission
TrustedInstaller - Full Control
SYSTEM - Full Control
Administrators - Full Control
Users - Read