CIS Microsoft Windows 10 Enterprise Release 1909 Benchmark

Impact:

The WinRM service will not allow the RunAsUser or RunAsPassword configuration values to be set for any plug-ins. If a plug-in has already set the RunAsUser and RunAsPassword configuration values, the RunAsPassword configuration value will be erased from the credential store on the computer.

If this setting is later Disabled again, any values that were previously configured for RunAsPassword will need to be reset.

Default Value:

Disabled. (The WinRM service will allow the RunAsUser and RunAsPassword configuration values to be set for plug-ins and the RunAsPassword valuewill be stored securely.)

References:

1. CCE-35416-7

CIS Controls:

Version 6

16.4 Automatically Log Off Users After Standard Period Of Inactivity Regularly monitor the use of all accounts, automatically logging off users after a standard period of inactivity.

Version 7

14.3 Disable Workstation to Workstation Communication Disable all workstation to workstation communication to limit an attacker's ability to move laterally and compromise neighboring systems, through technologies such as Private VLANs or microsegmentation.

1166 | P a g e