CIS Microsoft Windows 10 Enterprise Release 1909 Benchmark

Audit:

Navigate to the UI Path articulated in the Remediation section and confirm it is set as prescribed. This group policy setting is backed by the following registry location:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon:AutoAdminLogon

Remediation:

To establish the recommended configuration via GP, set the following UI path to Disabled :

Computer Configuration\Policies\Administrative Templates\MSS (Legacy)\MSS: (AutoAdminLogon) Enable Automatic Logon (not recommended)

Note: This Group Policy path does not exist by default. An additional Group Policy template ( MSS-legacy.admx/adml ) isrequired - it is available from this TechNet blog post: The MSS settings – Microsoft Security Guidance blog

Impact:

None - this is the default behavior.

Default Value:

Disabled.

References:

1. CCE-35438-1

CIS Controls:

Version 6

16 Account Monitoring and Control Account Monitoring and Control

Version 7

4.3 Ensure the Use of Dedicated Administrative Accounts Ensure that all users with administrative account access use a dedicated or secondary account for elevated activities. This account should only be used for administrative activities and not internet browsing, email, or similar activities.

541 | P a g e