Title

The Recovery Console option is set to permit automatic logon to the system. (Cat I impact)

Discussion

This is a Category 1 finding because if this option is set, the Recovery Console does not require you to provide a password and will automatically log on to the system, giving Administrator access to system files. By default, the Recovery Console requires you to provide the password for the Administrator account before accessing the system.

Check Content

Fix Text

Configure the policy value for Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Security Options -> “Recovery Console: Allow automatic administrative logon” to “Disabled”.

Additional Identifiers

Rule ID: SV-29022r1_rule

Vulnerability ID: V-1159

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.