Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
Standard user accounts must only have Read permissions to the Winlogon registry key.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-26070 | WN12-RG-000001 | SV-53123r3_rule | High |
| Description |
|---|
| Permissions on the Winlogon registry key must only allow privileged accounts to change registry values. If standard users have these permissions, there is a potential for programs to run with elevated privileges when a privileged user logs on to the system. |
| STIG | Date |
|---|---|
| Windows Server 2012 / 2012 R2 Member Server Security Technical Implementation Guide | 2016-06-08 |
Details
| Check Text ( C-66341r1_chk ) |
|---|
| Run "Regedit". Navigate to the following registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\ Review the permissions. If the default permissions listed below have been changed, this is a finding. TrustedInstaller - Full Control SYSTEM - Full Control Administrators - Full Control Users - Read ALL APPLICATION PACKAGES - Read |
| Fix Text (F-71729r1_fix) |
|---|
| Maintain the default permissions of the following registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\ TrustedInstaller - Full Control SYSTEM - Full Control Administrators - Full Control Users - Read ALL APPLICATION PACKAGES - Read |