[Forgot Password]
Login  Register Subscribe

23631

 
 

117687

 
 

98218

 
 

909

 
 

79198

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CCE
view XML

CCE-38240-8

Platform: win2012r2Date: (C)2015-10-08   (M)2017-10-26



Interactive logon: Require Domain Controller authentication to unlock workstation Logon information is required to unlock a locked computer. For domain accounts, the Interactive logon: Require Domain Controller authentication to unlock workstation setting determines whether it is necessary to contact a domain controller to unlock a computer. If you enable this setting, a domain controller must authenticate the domain account that is being used to unlock the computer. If you disable this setting, logon information confirmation with a domain controller is not required for a user to unlock the computer. However, if you configure the Interactive logon: Number of previous logons to cache (in case domain controller is not available) setting to a value that is greater than zero, then the user's cached credentials will be used to unlock the computer. Note: This setting applies to Windows 2000 computers, but it is not available through the Security Configuration Manager tools on these computers.


Parameter:


Technical Mechanism: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options!Interactive logon: Require Domain Controller authentication to unlock workstation (2) REG: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon!ForceUnlockLogon

References:

Resource IdReference
SCAP Repo OVAL Definitionoval:org.secpod.oval:def:23074


OVAL    1
oval:org.secpod.oval:def:23074
XCCDF    5
xccdf_org.secpod_benchmark_general_Windows_2012_R2
xccdf_org.secpod_benchmark_NIST_800_53_r4_Windows_2012_R2
xccdf_org.secpod_benchmark_PCI_Windows_2012_R2
xccdf_org.secpod_benchmark_PCI_3_2_Windows_Server_2012_R2
...

© 2013 SecPod Technologies