Details

Permissions on the Winlogon registry key must only allow privileged accounts to change registry values. If standard users have this capability there is a potential for programs to run with elevated privileges when a privileged user logs on to the system.

Solution

Maintain the default permissions of the following registry key-

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogon

Users – Read
Administrators – Full Control
SYSTEM – Full Control
CREATOR OWNER – Special
(Special = Full Control – Subkeys only)

Supportive Information

The following resource is also helpful.

• http://iasecontent.disa.mil/stigs/zip/Oct2016/U_Windows_Vista_V6R41_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: Access Control.This control applies to the following type of system Windows.

References

• 800-53|AC-6(10)
• CAT|I
• CCI|CCI-002235
• CSCv6|3.1
• Rule-ID|SV-33307r2_rule
• STIG-ID|2.023
• Vuln-ID|V-26070

Source

• Tenable.com/audits