[Forgot Password]
Login  Register Subscribe

23631

 
 

126941

 
 

98250

 
 

909

 
 

79281

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CCE
view XML

CCE-47000-5

Platform: win2016Date: (C)2017-08-03   (M)2017-10-16



"User Account Control: Admin Approval Mode for the Built-in Administrator account" This policy setting controls the behavior of Admin Approval Mode for the built-in Administrator account. The options are: - Enabled: The built-in Administrator account uses Admin Approval Mode. By default, any operation that requires elevation of privilege will prompt the user to approve the operation. - Disabled: (Default) The built-in Administrator account runs all applications with full administrative privilege. Vulnerability: One of the risks that the User Account Control feature introduced with Windows Vista is trying to mitigate is that of malicious software running under elevated credentials without the user or administrator being aware of its activity. An attack vector for these programs was to discover the password of the account named "Administrator" because that user account was created for all installations of Windows. To address this risk, in Windows Vista the built-in Administrator account is disabled. In a default installation of a new computer, accounts with administrative control over the computer are initially set up in one of two ways: - If the computer is not joined to a domain, the first user account you create has the equivalent permissions as a local administrator. - If the computer is joined to a domain, no local administrator accounts are created. The Enterprise or Domain Administrator must log on to the computer and create one if a local administrator account is warranted. Once Windows Vista is installed, the built-in Administrator account may be enabled, but we strongly recommend that this account remain disabled. Counter Measure: Enable the User Account Control: Admin Approval Mode for the Built-in Administrator account setting if you have the built-in Administrator account enabled. Potential Impact: Users that log on using the local Administrator account will be prompted for consent whenever a program requests an elevation in privilege.


Parameter: FilterAdministratorToken


Technical Mechanism: Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options (2) REG: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System!FilterAdministratorToken

References:

Resource IdReference
SCAP Repo OVAL Definitionoval:org.secpod.oval:def:40229


OVAL    1
oval:org.secpod.oval:def:40229
XCCDF    3
xccdf_org.secpod_benchmark_general_Windows_Server_2016
xccdf_org.secpod_benchmark_NIST_800_171_R1_Windows_Server_2016
xccdf_org.secpod_benchmark_PCI_3_2_Windows_Server_2016

© 2013 SecPod Technologies