Title

The classic logon screen must be required for user logons. (Cat III impact)

Discussion

The classic logon screen requires users to enter a logon name and password to access a system. The simple logon screen or Welcome screen displays usernames for selection, providing part of the necessary logon information.

Check Content

If the system is a member of a domain, this is NA. If the following registry value does not exist or is not configured as specified, this is a finding: Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ Value Name: LogonType Type: REG_DWORD Value: 0

Fix Text

If the system is a member of a domain, this is NA. Configure the policy value for Computer Configuration -> Administrative Templates -> System -> Logon -> "Always use classic logon" to "Enabled".

Additional Identifiers

Rule ID:

Vulnerability ID: V-15680

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.