Check: WN11-SO-000005
Microsoft Windows 11 STIG:
WN11-SO-000005
(in versions v2 r2 through v1 r1)
Title
The built-in administrator account must be disabled. (Cat II impact)
Discussion
The built-in administrator account is a well-known account subject to attack. It also provides no accountability to individual administrators on a system. It must be disabled to prevent its use.
Check Content
Verify the effective setting in Local Group Policy Editor. Run "gpedit.msc". Navigate to Local Computer Policy >> Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> Security Options. If the value for "Accounts: Administrator account status" is not set to "Disabled", this is a finding.
Fix Text
Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> Security Options >> "Accounts: Administrator account status" to "Disabled".
Additional Identifiers
Rule ID: SV-253432r958482_rule
Vulnerability ID: V-253432
Group Title: SRG-OS-000104-GPOS-00051
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000764 |
Uniquely identify and authenticate organizational users and associate that unique identification with processes acting on behalf of those users. |
Controls
Number | Title |
---|---|
IA-2 |
Identification and Authentication (organizational Users) |