SV-225478r569185_rule
V-225478
SRG-OS-000480-GPOS-00229
WN12-SO-000036
CAT II
10
Configure the policy value for Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Security Options -> "MSS: (AutoAdminLogon) Enable Automatic Logon (not recommended)" to "Disabled".
Ensure no passwords are stored in the "DefaultPassword" registry value noted below:
Registry Hive: HKEY_LOCAL_MACHINE
Registry Path: \Software\Microsoft\Windows NT\CurrentVersion\Winlogon\
Value Name: DefaultPassword
(See "Updating the Windows Security Options File" in the STIG Overview document if MSS settings are not visible in the system's policy tools.)
Severity Override Guidance: If the DefaultName or DefaultDomainName in the same registry path contain an administrator account name and the DefaultPassword contains a value, this is a CAT I finding.
If the following registry value does not exist or is not configured as specified, this is a finding:
Registry Hive: HKEY_LOCAL_MACHINE
Registry Path: \Software\Microsoft\Windows NT\CurrentVersion\Winlogon\
Value Name: AutoAdminLogon
Type: REG_SZ
Value: 0
V-225478
False
WN12-SO-000036
If the following registry value does not exist or is not configured as specified, this is a finding:
Registry Hive: HKEY_LOCAL_MACHINE
Registry Path: \Software\Microsoft\Windows NT\CurrentVersion\Winlogon\
Value Name: AutoAdminLogon
Type: REG_SZ
Value: 0
M
4214