Title

Users must be notified if the logon server was inaccessible and cached credentials were used. (Cat III impact)

Discussion

Notifying a user whether cached credentials were used may make them aware of connection issues.

Check Content

If the system is not a member of a domain, this is NA. If the following registry value does not exist or is not configured as specified, this is a finding: Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ Value Name: ReportControllerMissing Type: REG_DWORD Value: 1

Fix Text

If the system is not a member of a domain, this is NA. Configure the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Windows Logon Options -> "Report when logon server was not available during user logon" to "Enabled".

Additional Identifiers

Rule ID: SV-16658r3_rule

Vulnerability ID: V-15719

Group Title: Logon – Report Logon Server

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.