CCE-38510-4Platform: cpe:/o:microsoft:windows_server_2012::r2 | Date: (C)2022-06-14 (M)2023-07-14 |
This policy setting enables or disables the Administrator account during normal operation. When a computer is booted into safe mode, the Administrator account is always enabled, regardless of how this setting is configured. Note: that this setting will have no impact when applied to the domain controller organizational unit via group policy because domain controllers have no local account database. It can be configured at the domain level via group policy, similar to account lockout and password policy settings.
Countermeasure:
Configure the Accounts: Administrator account status setting to Disabled so that the built-in Administrator account is no longer usable in a normal system startup.
Potential Impact:
Maintenance issues can arise under certain circumstances if you disable the Administrator account. For example, if the secure channel between a member computer and the domain controller fails in a domain environment for any reason and there is no other local Administrator account, you must restart in safe mode to fix the problem that broke the secure channel.
If the current Administrator password does not meet the password requirements, you will not be able to re-enable the Administrator account after it is disabled. If this situation occurs, another member of the Administrators group must set the password on the Administrator account with the Local Users and Groups tool.
Parameter:
[enabled/disabled]
Technical Mechanism:
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Accounts: Administrator account status
(2) REG: ###
(3) WMI: ###
CCSS Severity: | CCSS Metrics: |
CCSS Score : 8.0 | Attack Vector: NETWORK |
Exploit Score: 1.3 | Attack Complexity: HIGH |
Impact Score: 6.0 | Privileges Required: HIGH |
Severity: HIGH | User Interaction: NONE |
Vector: AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H | Scope: CHANGED |
| Confidentiality: HIGH |
| Integrity: HIGH |
| Availability: HIGH |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:81466 |