Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-26070 | WN12-RG-000001 | SV-53123r1_rule | ECCD-1 ECCD-2 | High |
Description |
---|
Permissions on the Winlogon registry key must only allow privileged accounts to change registry values. If standard users have this capability, there is a potential for programs to run with elevated privileges when a privileged user logs on to the system. |
STIG | Date |
---|---|
Windows Server 2012 / 2012 R2 Domain Controller Security Technical Implementation Guide | 2014-12-18 |
Check Text ( C-47429r1_chk ) |
---|
Navigate to the following registry key and review the assigned permissions: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon Standard user accounts and groups must only have Read permissions to this registry key. If any standard user accounts or groups have greater permissions, this is a finding. The default permissions satisfy this requirement. |
Fix Text (F-46049r1_fix) |
---|
Ensure only Read permissions are assigned to standard user accounts and groups for the following registry key. The default configuration satisfies this requirement. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon |