CIS Microsoft Windows 10 Enterprise Release 1909 Benchmark

Remediation:

To establish the recommended configuration via GP, set the following UI path to Enabled :

User Configuration\Policies\Administrative Templates\Start Menu and Taskbar\Notifications\Turn off toast notifications on the lock screen

Note: This Group Policy path may not exist by default. It is provided by the Group Policy template WPN.admx/adml that is included with the Microsoft Windows 8.0 & Server 2012 (non-R2) Administrative Templates (or newer).

Impact:

Applications will not be able to raise toast notifications on the lock screen.

Default Value:

Disabled. (Toast notifications on the lock screen are enabled and can be turned off by the administrator or user.)

References:

1. CCE-33727-9

CIS Controls:

Version 6

16.5 Ensure Workstation Screen Locks Are Configured Configure screen locks on systems to limit access to unattended workstations.

Version 7

16.11 LockWorkstation Sessions After Inactivity Automatically lockworkstation sessions after a standard period of inactivity.

1203 | P a g e