An error occurred:

Check: 2.023

Windows Vista STIG: 2.023 (in versions v6 r42 through v6 r41)

Title

Standard user accounts must only have Read permissions to the Winlogon registry key. (Cat I impact)

Discussion

Permissions on the Winlogon registry key must only allow privileged accounts to change registry values. If standard users have this capability there is a potential for programs to run with elevated privileges when a privileged user logs on to the system.

Check Content

Run "Regedit". Navigate to the following registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\ Review the permissions. If the default permissions listed below have been changed, this is a finding. Users - Read Administrators - Full Control SYSTEM - Full Control CREATOR OWNER - Special (Special = Full Control - Subkeys only)

Fix Text

Maintain the default permissions of the following registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\ Users - Read Administrators - Full Control SYSTEM - Full Control CREATOR OWNER - Special (Special = Full Control - Subkeys only)

Additional Identifiers

Rule ID: SV-33307r2_rule

Vulnerability ID: V-26070

Group Title: Winlogon Registry Permissions

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-002235

The information system prevents non-privileged users from executing privileged functions to include disabling, circumventing, or altering implemented security safeguards/countermeasures.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
AC-6 (10)

Prohibit Non-Privileged Users From Executing Privileged Functions