STIGQter STIGQter: STIG Summary: Microsoft Windows Server 2012/2012 R2 Domain Controller Security Technical Implementation Guide Version: 3 Release: 2 Benchmark Date: 04 May 2021:

Automatic download of updates from the Windows Store must be turned off.

DISA Rule

SV-226207r569184_rule

Vulnerability Number

V-226207

Group Title

SRG-OS-000095-GPOS-00049

Rule Version

WN12-CC-000109

Severity

CAT III

CCI(s)

Weight

10

Fix Recommendation

The Windows Store is not installed by default. If the \Windows\WinStore directory does not exist, this is NA.

Windows 2012 R2:
Windows 2012 R2 split the original policy that configures this setting into two separate ones. Configuring either one to "Enabled" will update the registry value as identified in the Check section.

Configure the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Store ->
"Turn off Automatic Download of updates on Win8 machines" or "Turn off Automatic Download and install of updates" to "Enabled".

Windows 2012:
Configure the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Store -> "Turn off Automatic Download of updates" to "Enabled".

Check Contents

The Windows Store is not installed by default. If the \Windows\WinStore directory does not exist, this is NA.
If the following registry value does not exist or is not configured as specified, this is a finding:

Windows 2012 R2:
Registry Hive: HKEY_LOCAL_MACHINE
Registry Path: \SOFTWARE\Policies\Microsoft\WindowsStore\

Value Name: AutoDownload

Type: REG_DWORD
Value: 0x00000002 (2)

Windows 2012:
Registry Hive: HKEY_LOCAL_MACHINE
Registry Path: \SOFTWARE\Policies\Microsoft\WindowsStore\WindowsUpdate\

Value Name: AutoDownload

Type: REG_DWORD
Value: 0x00000002 (2)

Vulnerability Number

V-226207

Documentable

False

Rule Version

WN12-CC-000109

Severity Override Guidance

The Windows Store is not installed by default. If the \Windows\WinStore directory does not exist, this is NA.
If the following registry value does not exist or is not configured as specified, this is a finding:

Windows 2012 R2:
Registry Hive: HKEY_LOCAL_MACHINE
Registry Path: \SOFTWARE\Policies\Microsoft\WindowsStore\

Value Name: AutoDownload

Type: REG_DWORD
Value: 0x00000002 (2)

Windows 2012:
Registry Hive: HKEY_LOCAL_MACHINE
Registry Path: \SOFTWARE\Policies\Microsoft\WindowsStore\WindowsUpdate\

Value Name: AutoDownload

Type: REG_DWORD
Value: 0x00000002 (2)

Check Content Reference

M

Target Key

4217

Comments