Devices: Allow undock without having to log onID: oval:org.secpod.oval:def:8807 | Date: (C)2013-01-21 (M)2023-05-09 |
Class: COMPLIANCE | Family: windows |
The Devices: Allow undock without having to log on setting should be configured correctly.
This policy setting determines whether a portable computer can be undocked if the user does not log on to the system. Enable this policy setting to eliminate a Logon requirement and allow use of an external hardware eject button to undock the computer. If you disable this policy setting, a user must log on and have been assigned the Remove computer from docking station user right to undock the computer.
Fix:
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Devices: Allow undock without having to log on
(2) KEY: HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\undockwithoutlogon = 4
Platform: |
Microsoft Windows Server 2008 R2 |