Check: WN10-00-000175
Microsoft Windows 10 STIG:
WN10-00-000175
(in versions v2 r9 through v1 r18)
Title
The Secondary Logon service must be disabled on Windows 10. (Cat II impact)
Discussion
The Secondary Logon service provides a means for entering alternate credentials, typically used to run commands with elevated privileges. Using privileged credentials in a standard user session can expose those credentials to theft.
Check Content
Run "Services.msc". Locate the "Secondary Logon" service. If the "Startup Type" is not "Disabled" or the "Status" is "Running", this is a finding.
Fix Text
Configure the "Secondary Logon" service "Startup Type" to "Disabled".
Additional Identifiers
Rule ID: SV-220732r569187_rule
Vulnerability ID: V-220732
Group Title: SRG-OS-000095-GPOS-00049
Expert Comments
Expert comments are only available to logged-in users.
CCIs
CCIs tied to check.
| Number | Definition |
|---|---|
| CCI-000381 |
The organization configures the information system to provide only essential capabilities. |
Controls
Controls tied to check. These are derived from the CCIs shown above.
| Number | Title |
|---|---|
| CM-7 |
Least Functionality |