Title

The system must be configured to prevent the display of error messages to the user. (Cat II impact)

Discussion

Displaying error messages to users provides them the option of sending the reports. Error reports should be sent silently, unknown to the user. This setting controls whether users are shown an error dialog box that lets them report an error.

Check Content

If the following registry values do not exist or are not configured as specified, this is a finding: Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \SOFTWARE\Policies\Microsoft\PCHealth\ErrorReporting\ Value Name: ShowUI Type: REG_DWORD Value: 0 Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \SOFTWARE\Policies\Microsoft\PCHealth\ErrorReporting\DW\ Value Name: DWAllowHeadless Type: REG_DWORD Value: 1

Fix Text

Configure the policy value for Computer Configuration -> Administrative Templates -> System -> Error Reporting -> "Display Error Notification" to "Disabled".

Additional Identifiers

Rule ID: SV-70817r1_rule

Vulnerability ID: V-56557

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.