CCE-35947-1Platform: cpe:/o:microsoft:windows_server_2012::r2 | Date: (C)2015-10-08 (M)2023-07-04 |
Turn off Local Group Policy objects processing
This policy setting prevents Local Group Policy objects (Local GPOs) from being applied.
By default, the policy settings in Local GPOs are applied before any domain-based GPO policy settings. These policy settings can apply to both users and the local computer. You can disable the processing and application of all Local GPOs to ensure that only domain-based GPOs are applied.
If you enable this policy setting, the system will not process and apply any Local GPOs.
If you disable or do not configure this policy setting, Local GPOs will continue to be applied.
Note: For computers joined to a domain, it is strongly recommended that you only configure this policy setting in domain-based GPOs. This setting will be ignored on computers that are joined to a workgroup.
Parameter:
[enable/disable]
Technical Mechanism:
(1) GPO: Computer ConfigurationAdministrative TemplatesSystemGroup Policy!Turn off Local Group Policy objects processing
(2) REG: HKEY_LOCAL_MACHINESoftwarePoliciesMicrosoftWindowsSystem!DisableLGPOProcessing
CCSS Severity: | CCSS Metrics: |
CCSS Score : 8.1 | Attack Vector: NETWORK |
Exploit Score: 2.2 | Attack Complexity: HIGH |
Impact Score: 5.9 | Privileges Required: NONE |
Severity: HIGH | User Interaction: NONE |
Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H | Scope: UNCHANGED |
| Confidentiality: HIGH |
| Integrity: HIGH |
| Availability: HIGH |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:27209 |