WN25-DC-000410 - The Windows Server 2025 'Deny log on through Remote Desktop Services' user right on domain controllers must be configured to prevent unauthenticated access.

Information

Inappropriately granting user rights provides system, administrative, and other high-level capabilities.

The 'Deny log on through Remote Desktop Services' user right defines the accounts that are prevented from logging on using Remote Desktop Services.

The Guests group must be assigned this right to prevent unauthenticated access.

Solution

Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> User Rights Assignment >> Deny log on through Remote Desktop Services to include the following:
- Guests Group.

Item Details

Audit Name: DISA Microsoft Windows Server 2025 STIG v1r1

Category: ACCESS CONTROL

Plugin: Windows

Control ID: 614a31809b747664c3eee9c9e35ae6c6558c30bf1cc61619c1a75b5cc21e2eb3

Detections

Analytics

WN25-DC-000410 - The Windows Server 2025 'Deny log on through Remote Desktop Services' user right on domain controllers must be configured to prevent unauthenticated access.

Information

Solution

See Also

Item Details