4.11.50.2 (L1) Ensure 'Sign-in and lock last interactive user automatically after a restart' is set to 'Disabled'

Information

This policy setting controls whether a device will automatically sign-in the last interactive user after Windows Update restarts the system.

The recommended state for this setting is: Disabled

Disabling this feature will prevent the caching of user's credentials and unauthorized use of the device, and also ensure the user is aware of the restart.

Solution

To establish the recommended configuration via configuration profiles, set the following Settings Catalog path to Disabled

Administrative Templates\Windows Components\Windows Logon Options\Sign-in and lock last interactive user automatically after a restart

Impact:

The device does not store the user's credentials for automatic sign-in after a Windows Update restart. The users' lock screen apps are not restarted after the system restarts. The user is required to present the logon credentials in order to proceed after restart.

Item Details

Audit Name: CIS Microsoft Intune for Windows 11 v4.0.0 L1

Category: ACCESS CONTROL

References: 800-53|AC-11, CSCv7|16.11

Plugin: Windows

Control ID: a5de59718154032d72084a4752bf4e945cbd0c37db39f63fbd8ced2f31221db0

Detections

Analytics

4.11.50.2 (L1) Ensure 'Sign-in and lock last interactive user automatically after a restart' is set to 'Disabled'

Information

Solution

See Also

Item Details