STIGQter: STIG Summary: Windows 10 Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 04 May 2021:

User Account Control must, at minimum, prompt administrators for consent on the secure desktop.

DISA Rule

SV-220945r569187_rule

Vulnerability Number

V-220945

Group Title

SRG-OS-000134-GPOS-00068

Rule Version

WN10-SO-000250

Severity

CAT II

CCI(s)

• CCI-001084 - The information system isolates security functions from nonsecurity functions.

Weight

10

Fix Recommendation

Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> Security Options >> "User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode" to "Prompt for consent on the secure desktop".

Check Contents

If the following registry value does not exist or is not configured as specified, this is a finding:

Registry Hive: HKEY_LOCAL_MACHINE
Registry Path: \SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

Value Name: ConsentPromptBehaviorAdmin

Value Type: REG_DWORD
Value: 2 (Prompt for consent on the secure desktop)

Vulnerability Number

V-220945

Documentable

False

Rule Version

WN10-SO-000250

Severity Override Guidance

If the following registry value does not exist or is not configured as specified, this is a finding:

Registry Hive: HKEY_LOCAL_MACHINE
Registry Path: \SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

Value Name: ConsentPromptBehaviorAdmin

Value Type: REG_DWORD
Value: 2 (Prompt for consent on the secure desktop)

Check Content Reference

M

Target Key

4072

Comments