Domain Member: Local users on domain-joined member servers must not

Domain Member: Local users on domain-joined member servers must not be enumerated

a115da09-58b1-40dd-85ca-6f6e4cac977d

The username is one part of logon credentials that could be used to gain access to a system. Preventing the enumeration of users limits this information to authorized personnel.

Remediation

To fix this configure the policy value for
Computer Configuration
|_ Administrative Templates
|_ System
|_ Logon
|_ "Enumerate local users on domain-joined computers" to "Disabled".

STIG: Server:
2022: https://stigviewer.com/stigs/microsoft_windows_server_2022/2023-09-11/finding/V-254430
2019: https://stigviewer.com/stigs/microsoft_windows_server_2019/2023-09-11/finding/V-205696

Desktop:
W11: https://stigviewer.com/stigs/microsoft_windows_11/2023-09-29/finding/V-253379
W10: https://stigviewer.com/stigs/microsoft_windows_10/2023-09-29/finding/V-220820

Nist 800-53: AC-6(10)
Nist 800-171: 3.1.7

Domain Member: Local users on domain-joined member servers must not be enumerated

Remediation

Tags

Your Privacy Choices