CIS Microsoft Windows 10 Enterprise Release 1909 Benchmark

18.9.86Windows LogonOptions

This section contains recommendations related to Windows Logon Options.

This Group Policy section is provided by the Group Policy template WinLogon.admx/adml that is included with all versions of the Microsoft Windows Administrative Templates.

18.9.86.1 (L1) Ensure 'Sign-in and lock last interactive user automatically after a restart' is set to 'Disabled' (Scored)

ProfileApplicability:

 Level 1 (L1) - Corporate/Enterprise Environment (general use)

Description:

This policy setting controls whether a device will automatically sign-in the last interactive user after Windows Update restarts the system.

The recommended state for this setting is: Disabled .

Rationale:

Disabling this feature will prevent the caching of user's credentials and unauthorized use of the device, and also ensure the user is aware of the restart.

Audit:

Navigate to the UI Path articulated in the Remediation section and confirm it is set as prescribed. This group policy setting is backed by the following registry location:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System: DisableAutomaticRestartSignOn

1144 | P a g e