Title

The system is not configured to use the Classic security model. (Cat II impact)

Discussion

Windows includes two network-sharing security models - Classic and Guest only. With the classic model, local accounts must be password protected; otherwise, anyone can use guest user accounts to access shared system resources.

Check Content

Analyze the system using the Security Configuration and Analysis snap-in. Expand the Security Configuration and Analysis tree view. Navigate to Local Policies -> Security Options. If the value for “Network access: Sharing and security model for local accounts” is not set to “Classic - local users authenticate as themselves”, then this is a finding. The policy referenced configures the following registry value: Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \System\CurrentControlSet\Control\Lsa\ Value Name: ForceGuest Value Type: REG_DWORD Value: 0

Fix Text

Configure the policy value for Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Security Options -> “Network access: Sharing and security model for local accounts” to “Classic - local users authenticate as themselves”.

Additional Identifiers

Rule ID: SV-3378r1_rule

Vulnerability ID: V-3378

Group Title: Sharing and Security Model for Local Accounts

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.