Check: WN11-00-000175
Microsoft Windows 11 STIG:
WN11-00-000175
(in versions v1 r6 through v1 r1)
Title
The Secondary Logon service must be disabled on Windows 11. (Cat II impact)
Discussion
The Secondary Logon service provides a means for entering alternate credentials, typically used to run commands with elevated privileges. Using privileged credentials in a standard user session can expose those credentials to theft.
Check Content
Run "Services.msc". Locate the "Secondary Logon" service. If the "Startup Type" is not "Disabled" or the "Status" is "Running", this is a finding.
Fix Text
Configure the "Secondary Logon" service "Startup Type" to "Disabled".
Additional Identifiers
Rule ID: SV-253289r828951_rule
Vulnerability ID: V-253289
Group Title: SRG-OS-000095-GPOS-00049
Expert Comments
Expert comments are only available to logged-in users.
CCIs
CCIs tied to check.
| Number | Definition |
|---|---|
| CCI-000381 |
The organization configures the information system to provide only essential capabilities. |
Controls
Controls tied to check. These are derived from the CCIs shown above.
| Number | Title |
|---|---|
| CM-7 |
Least Functionality |