CCE-5032-8Platform: cpe:/o:microsoft:windows_xp | Date: (C)2012-03-13 (M)2023-07-04 |
This policy setting ignores customized run-once lists.
You can create a customized list of additional programs and documents that are started automatically the next time the system starts (but not thereafter). These programs are added to the standard list of programs and services that the system starts.
If you enable this policy setting, the system ignores the run-once list.
If you disable or do not configure this policy setting, the system runs the programs in the run-once list.
This policy setting appears in the Computer Configuration and User Configuration folders. If both policy settings are configured, the policy setting in Computer Configuration takes precedence over the policy setting in User Configuration.
Note: Customized run-once lists are stored in the registry in HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce.
Also, see the ""Do not process the legacy run list"" policy setting.
Countermeasure:
Configure the Do not process the run once list setting to Enabled.
Potential Impact:
If you enable the Do not process the run once list setting you should experience minimal functionality loss for users in your environment, especially if the clients have been configured with all of your organization's standard software before you apply this setting through Group Policy. However, this configuration may prevent some setup and installation programs, such as Internet Explorer, from working properly.
Parameter:
[enabled/disabled]
Technical Mechanism:
(1) GPO: Computer Configuration\\Administrative Templates\\System\\Logon\\Do not process the run once list
(2) REG: HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer!DisableLocalMachineRunOnce
CCSS Severity: | CCSS Metrics: |
CCSS Score : 3.3 | Attack Vector: LOCAL |
Exploit Score: 1.8 | Attack Complexity: LOW |
Impact Score: 1.4 | Privileges Required: LOW |
Severity: LOW | User Interaction: NONE |
Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L | Scope: UNCHANGED |
| Confidentiality: NONE |
| Integrity: NONE |
| Availability: LOW |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:gov.nist.usgcb.xp:def:100205 |
BITS Shared Assessments SIG v6.0 | BITS Shared Assessments SIG v6.0 |
Jericho Forum | Jericho Forum |
HIPAA/HITECH Act | HIPAA/HITECH Act |
FedRAMP Security Controls(Final Release Jan 2012)--LOW IMPACT LEVEL-- | FedRAMP Security Controls(Final Release Jan 2012)--LOW IMPACT LEVEL-- |
ISO/IEC 27001-2005 | ISO/IEC 27001-2005 |
COBIT 4.1 | COBIT 4.1 |
GAPP (Aug 2009) | GAPP (Aug 2009) |
NERC CIP | NERC CIP |
NIST SP800-53 R3 | NIST SP800-53 R3 AC-2 |
NIST SP800-53 R3 | NIST SP800-53 R3 CM-6 |
PCIDSS v2.0 | PCIDSS v2.0 |
FedRAMP Security Controls(Final Release Jan 2012)--MODERATE IMPACT LEVEL-- | FedRAMP Security Controls(Final Release Jan 2012)--MODERATE IMPACT LEVEL-- |
BITS Shared Assessments AUP v5.0 | BITS Shared Assessments AUP v5.0 |