Information
This policy setting allows you to control whether anyone can interact with available networks UI on the logon screen.
The recommended state for this setting is: Enabled.
Rationale:
An unauthorized user could disconnect the PC from the network or can connect the PC to other available networks without signing into Windows.
Impact:
The PC's network connectivity state cannot be changed without signing into Windows.
Solution
To establish the recommended configuration via GP, set the following UI path to Enabled:
Computer Configuration\Policies\Administrative Templates\System\Logon\Do not display network selection UI
Note: This Group Policy path may not exist by default. It is provided by the Group Policy template Logon.admx/adml that is included with the Microsoft Windows 8.1 & Server 2012 R2 Administrative Templates (or newer).
Default Value:
Disabled. (Any user can disconnect the PC from the network or can connect the PC to other available networks without signing into Windows.)
Additional Information:
Microsoft Windows Server 2016 Security Technical Implementation Guide:
Version 2, Release 2, Benchmark Date: May 04, 2021
Vul ID: V-224928
Rule ID: SV-224928r569186_rule
STIG ID: WN16-CC-000180
Severity: CAT II
Item Details
Category: CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION
References: 800-53|CM-1, 800-53|CM-2, 800-53|CM-6, 800-53|CM-7, 800-53|CM-7(1), 800-53|CM-9, 800-53|SA-3, 800-53|SA-8, 800-53|SA-10, CSCv7|5.1
Control ID: 44cde9512302087aefe3253e2b7ffa5eb4aecb88b2881b3aa7dffd7190a825a4