Details
Permissions on the Winlogon registry key must only allow privileged accounts to change registry values. If standard users have this capability there is a potential for programs to run with elevated privileges when a privileged user logs on to the system.
Solution
Maintain the default permissions of the following registry key-
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogon
Users – Read
Administrators – Full Control
SYSTEM – Full Control
CREATOR OWNER – Special
(Special = Full Control – Subkeys only)
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Access Control.This control applies to the following type of system Windows.
References
- 800-53|AC-6(10)
- CAT|I
- CCI|CCI-002235
- CSCv6|3.1
- Rule-ID|SV-33307r2_rule
- STIG-ID|2.023
- Vuln-ID|V-26070