Detections
Analytics

1.117 WN22-CC-000240

Information

Windows Server 2022 administrator accounts must not be enumerated during elevation.

GROUP ID: V-254355
RULE ID: SV-254355r958518

Enumeration of administrator accounts when elevating can provide part of the logon information to an unauthorized user. This setting configures the system to always require users to type in a username and password to elevate a running application.

Solution

Configure the policy value for

Computer Configuration >> Administrative Templates >> Windows Components >> Credential User Interface >> Enumerate administrator accounts on elevation to 'Disabled'

See Also

https://workbench.cisecurity.org/benchmarks/22357

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-3, CAT|II, CCI|CCI-001084, Rule-ID|SV-254355r958518_rule, STIG-ID|WN22-CC-000240, Vuln-ID|V-254355

Plugin: Windows

Control ID: 8de59b45d006f201a502d053d7b30956cd96e268f8dd44785fe83ca3dd9d0b1e