Detections
Analytics

1.226 WN10-SO-000255

Information

User Account Control must automatically deny elevation requests for standard users.

GROUP ID: V-220947RULE ID: SV-220947r1051036

User Account Control (UAC) is a security mechanism for limiting the elevation of privileges, including administrative accounts, unless authorized. Denying elevation requests from standard user accounts requires tasks that need elevation to be initiated by accounts with administrative privileges. This ensures correct accounts are used on the system for privileged tasks to help mitigate credential theft.

Solution

Configure the policy value for

Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> Security Options >> 'User Account Control: Behavior of the elevation prompt for standard users'

to 'Automatically deny elevation requests'.

See Also

https://workbench.cisecurity.org/benchmarks/23869

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-11, CCI|CCI-002038, Rule-ID|SV-220947r1051036_rule, STIG-ID|WN10-SO-000255, Vuln-ID|V-220947

Plugin: Windows

Control ID: 0472f2edd884405e150888dff0dc888201ae023d2210288b5276ebe62463803f