[Forgot Password]
Login  Register Subscribe

24128

 
 

131615

 
 

111543

 
 

909

 
 

86957

 
 

136

Paid content will be excluded from the download.


Download | Alert*
OVAL

User Account Control: Admin Approval Mode for the Built-in Administrator account

ID: oval:org.secpod.oval:def:40229Date: (C)2017-04-25   (M)2018-07-10
Class: COMPLIANCEFamily: windows




This policy setting controls the behavior of Admin Approval Mode for the built-in Administrator account. The options are: - Enabled: The built-in Administrator account uses Admin Approval Mode. By default, any operation that requires elevation of privilege will prompt the user to approve the operation. - Disabled: (Default) The built-in Administrator account runs all applications with full administrative privilege. Vulnerability: One of the risks that the User Account Control feature introduced with Windows Vista is trying to mitigate is that of malicious software running under elevated credentials without the user or administrator being aware of its activity. An attack vector for these programs was to discover the password of the account named "Administrator" because that user account was created for all installations of Windows. To address this risk, in Windows Vista the built-in Administrator account is disabled. In a default installation of a new computer, accounts with administrative control over the computer are initially set up in one of two ways: - If the computer is not joined to a domain, the first user account you create has the equivalent permissions as a local administrator. - If the computer is joined to a domain, no local administrator accounts are created. The Enterprise or Domain Administrator must log on to the computer and create one if a local administrator account is warranted. Once Windows Vista is installed, the built-in Administrator account may be enabled, but we strongly recommend that this account remain disabled. Counter Measure: Enable the User Account Control: Admin Approval Mode for the Built-in Administrator account setting if you have the built-in Administrator account enabled. Potential Impact: Users that log on using the local Administrator account will be prompted for consent whenever a program requests an elevation in privilege. Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\User Account Control: Admin Approval Mode for the Built-in Administrator account (2) REG: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System!FilterAdministratorToken

Platform:
Microsoft Windows Server 2016
Reference:
CCE-47000-5
CPE    1
cpe:/o:microsoft:windows_server_2016:::x64
CCE    1
CCE-47000-5
XCCDF    5
xccdf_org.secpod_benchmark_general_Windows_Server_2016
xccdf_org.secpod_benchmark_NIST_800_53_r4_Windows_Server_2016
xccdf_org.secpod_benchmark_HIPAA_45CFR_164_Windows_Server_2016
xccdf_org.secpod_benchmark_NIST_800_171_R1_Windows_Server_2016
...

© SecPod Technologies