An error occurred:

Check: 5.132

Windows Vista STIG: 5.132 (in versions v6 r42 through v6 r41)

Title

Require username and password to elevate a running application. (Cat II impact)

Discussion

This check verifies that the system is configured to always require users to type in a user name and password to elevate a running application.

Check Content

If the following registry value doesn’t exist or is not configured as specified, this is a finding: Registry Hive: HKEY_LOCAL_MACHINE Subkey: \Software\Microsoft\Windows\CurrentVersion\Policies\CredUI Value Name: EnumerateAdministrators Type: REG_DWORD Value: 0

Fix Text

Configure the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Credential User Interface “Enumerate administrator accounts on elevation” to “Disabled”.

Additional Identifiers

Rule ID: SV-14854r1_rule

Vulnerability ID: V-14243

Group Title: Enumerate Administrator Accounts on Elevation

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-001084

The information system isolates security functions from nonsecurity functions.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
SC-3

Security Function Isolation