[Forgot Password]
Login  Register Subscribe

23631

 
 

115038

 
 

95906

 
 

909

 
 

77986

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CCE
view XML

CCE-46148-3

Platform: win2016Date: (C)2017-08-03   (M)2017-10-16



"Interactive logon: Smart card removal behavior" This policy setting determines what happens when the smart card for a logged-on user is removed from the smart card reader. Vulnerability: Users sometimes forget to lock their workstations when they are away from them, allowing the possibility for malicious users to access their computers. If smart cards are used for authentication, the computer should automatically lock itself when the card is removed to ensure that only the user with the smart card is accessing resources using those credentials. Counter Measure: Configure the Smart card removal behavior setting to Lock Workstation. If you select Lock Workstation in the Properties dialog box for this policy setting, the workstation locks when the smart card is removed. Users can leave the area, take their smart card with them, and still maintain a protected session. If you select Force Logoff in the Properties dialog box for this policy setting, the user is automatically logged off when the smart card is removed. Potential Impact: If you select Force Logoff, users will have to re-insert their smart cards and re-enter their PINs when they return to their workstations. Enforcing this setting on computers used by people who must log onto multiple computers in order to perform their duties could be frustrating and lower productivity. For example, if network administrators are limited to a single account but need to log into several computers simultaneously in order to effectively manage the network enforcing this setting will limit them to logging onto one computer at a time. For these reasons Microsoft recommends that this setting only be enforced on workstations used for purposes commonly associated with typical users such as document creation and email.


Parameter: scremoveoption


Technical Mechanism: Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options (2) REG: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon!scremoveoption

References:

Resource IdReference
SCAP Repo OVAL Definitionoval:org.secpod.oval:def:40232


OVAL    1
oval:org.secpod.oval:def:40232
XCCDF    3
xccdf_org.secpod_benchmark_PCI_3_2_Windows_Server_2016
xccdf_org.secpod_benchmark_NIST_800_171_R1_Windows_Server_2016
xccdf_org.secpod_benchmark_general_Windows_Server_2016

© 2013 SecPod Technologies