Details
This policy prevents automatic copying of user input methods to the system account for use on the sign-in screen. The user is restricted to the set of input methods that are enabled in the system account.
The recommended state for this setting is: Enabled.
Rationale:
This is a way to increase the security of the system account.
Solution
To establish the recommended configuration via GP, set the following UI path to Enabled:
Computer ConfigurationPoliciesAdministrative TemplatesSystemLocale ServicesDisallow copying of user input methods to the system account for sign-in
Note: This Group Policy path may not exist by default. It is provided by the Group Policy template Globalization.admx/adml that is included with the Microsoft Windows 8.0 & Server 2012 (non-R2) Administrative Templates (or newer).
Impact:
Users will have input methods enabled for the system account on the sign-in page.
Default Value:
Disabled. (Users will be able to use input methods enabled for their user account on the sign-in page.)
References:
CCE-36343-2
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Access Control.This control applies to the following type of system Windows.