18.9.15.1 Ensure 'Require pin for pairing' is set to 'Enabled: First Time' OR 'Enabled: Always'

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

This policy setting controls whether or not a PIN is required for pairing to a wireless display device.

The recommended state for this setting is: Enabled: First Time OR Enabled: Always.

Rationale:

If this setting is not configured or disabled then a PIN would not be required when pairing wireless display devices to the system, increasing the risk of unauthorized use.

Impact:

The pairing ceremony for connecting to new wireless display devices will always require a PIN.

Solution

To establish the recommended configuration via GP, set the following UI path to Enabled: First Time OR Enabled: Always:

Computer Configuration\Policies\Administrative Templates\Windows Components\Connect\Require pin for pairing

Note: This Group Policy path may not exist by default. It is provided by the Group Policy template WirelessDisplay.admx/adml that is included with the Microsoft Windows 10 Release 1607 & Server 2016 Administrative Templates (or newer). The new Choose one of the following actions sub-option was later added as of the Windows 10 Release 1809 Administrative Templates. Choosing Enabled in the older templates is the equivalent of choosing Enabled: First Time in the newer templates.

Default Value:

Disabled. (A PIN is not required for pairing to a wireless display device.)

See Also

https://workbench.cisecurity.org/files/4063