Detections
Analytics

1.145 WN22-CC-000520

Information

Windows Server 2022 Windows Remote Management (WinRM) service must not store RunAs credentials.

GROUP ID: V-254383
RULE ID: SV-254383r1051100

Storage of administrative credentials could allow unauthorized access. Disallowing the storage of RunAs credentials for Windows Remote Management will prevent them from being used with plug-ins.

Satisfies: SRG-OS-000373-GPOS-00156, SRG-OS-000373-GPOS-00157

Solution

Configure the policy value for

Computer Configuration >> Administrative Templates >> Windows Components >> Windows Remote Management (WinRM) >> WinRM Service >> Disallow WinRM from storing RunAs credentials to 'Enabled'

See Also

https://workbench.cisecurity.org/benchmarks/22357

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-11, CAT|II, CCI|CCI-002038, Rule-ID|SV-254383r1051100_rule, STIG-ID|WN22-CC-000520, Vuln-ID|V-254383

Plugin: Windows

Control ID: 59c028df0d31c848f4a1f3b944aa47fd061a88c97c873670734ac5594fad11f3