CCE-36343-2Platform: cpe:/o:microsoft:windows_server_2012::r2 | Date: (C)2015-10-08 (M)2023-07-04 |
This policy prevents automatic copying of user input methods to the system account for use on the sign-in screen. The user is restricted to the set of input methods that are enabled in the system account.
Note this does not affect the availability of user input methods on the lock screen or with the UAC prompt.
If the policy is Enabled, then the user will get input methods enabled for the system account on the sign-in page.
If the policy is Disabled or Not Configured, then the user will be able to use input methods enabled for their user account on the sign-in page.
Fix:
(1) GPO: Computer ConfigurationAdministrative TemplatesSystemLocale ServicesDisallow copying of user input methods to the system account for sign-in
(2) REG: HKEY_LOCAL_MACHINESoftwarePoliciesMicrosoftControl PanelInternational!BlockUserInputMethodsForSignIn
Parameter:
[enabled/disabled]
Technical Mechanism:
(1) GPO: Computer Configuration\Administrative Templates\System\Locale Services\Disallow copying of user input methods to the system account for sign-in
(2) REG: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Control Panel\International!BlockUserInputMethodsForSignIn
CCSS Severity: | CCSS Metrics: |
CCSS Score : 4.2 | Attack Vector: PHYSICAL |
Exploit Score: 0.5 | Attack Complexity: HIGH |
Impact Score: 3.6 | Privileges Required: NONE |
Severity: MEDIUM | User Interaction: NONE |
Vector: AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N | Scope: UNCHANGED |
| Confidentiality: HIGH |
| Integrity: NONE |
| Availability: NONE |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:27436 |