WN11-00-000085 - Standard local user accounts must not exist on a system in a domain.

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

To minimize potential points of attack, local user accounts, other than built-in accounts and local administrator accounts, must not exist on a workstation in a domain. Users must log onto workstations in a domain with their domain accounts.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

Limit local user accounts on domain-joined systems. Remove any unauthorized local accounts.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_Windows_11_V1R2_STIG.zip

Item Details

References: CAT|III, CCI|CCI-000366, Rule-ID|SV-253272r828900_rule, STIG-ID|WN11-00-000085, Vuln-ID|V-253272

Plugin: Windows

Control ID: 1529dffbe5fae67ad7df0a1ef86958afb34097ca62154fdae47cc46dccb0d1cf