Check: 3.049
Win7 Audit:
3.049
(in version v1 r16)
Title
The Recovery Console option is set to permit automatic logon to the system. (Cat I impact)
Discussion
This is a Category 1 finding because if this option is set, the Recovery Console does not require you to provide a password and will automatically log on to the system, giving administrator access to system files. By default, the Recovery Console requires you to provide the password for the administrator account before accessing the system.
Check Content
Fix Text
Configure the policy value for Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Security Options -> “Recovery Console: Allow automatic administrative logon” to “Disabled”.
Additional Identifiers
Rule ID: SV-25109r1_rule
Vulnerability ID: V-1159
Group Title: Recovery Console - Automatic Logon
Expert Comments
Expert comments are only available to logged-in users.
CCIs
CCIs tied to check.
| Number | Definition |
|---|---|
| No CCIs are assigned to this check |
Controls
Controls tied to check. These are derived from the CCIs shown above.
| Number | Title |
|---|---|
| No controls are assigned to this check |