5.12 Ensure 'Microsoft iSCSI Initiator Service (MSiSCSI)' is set to 'Disabled'

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version


Manages Internet SCSI (iSCSI) sessions from this computer to remote target devices.

The recommended state for this setting is: Disabled.


This service is critically necessary in order to directly attach to an iSCSI device. However, iSCSI itself uses a very weak authentication protocol (CHAP), which means that the passwords for iSCSI communication are easily exposed, unless all of the traffic is isolated and/or encrypted using another technology like IPsec. This service is generally more appropriate for servers in a controlled environment then on workstations requiring high security.


The computer will not be able to directly login to or access iSCSI targets.


To establish the recommended configuration via GP, set the following UI path to: Disabled.

Computer Configuration\Policies\Windows Settings\Security Settings\System Services\Microsoft iSCSI Initiator Service

Default Value:


See Also