CIS Microsoft Windows 10 Enterprise Release 1909 Benchmark

Remediation:

To establish the recommended configuration via GP, set the following UI path to Enabled with the following paths configured, at a minimum:

\\*\NETLOGON RequireMutualAuthentication=1, RequireIntegrity=1 \\*\SYSVOL RequireMutualAuthentication=1, RequireIntegrity=1

Computer Configuration\Policies\Administrative Templates\Network\Network Provider\Hardened UNC Paths

Note: This Group Policy path does not exist by default. An additional Group Policy template ( NetworkProvider.admx/adml ) isrequired - it is included with the MS15-011 / MSKB 3000483 security update or with the Microsoft Windows 10 RTM (Release 1507) Administrative Templates (or newer).

Impact:

Windows only allows access to the specified UNC paths after fulfilling additional security requirements.

Default Value:

Disabled. (No UNC paths are hardened.)

CIS Controls:

Version 6

3 Secure Configurations for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers Secure Configurations for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers

Version 7

3.1 Run Automated Vulnerability Scanning Tools Utilize an up-to-date SCAP-compliant vulnerability scanning tool to automatically scan all systems on the network on a weekly or more frequent basis to identify all potential vulnerabilities on the organization's systems.

591 | P a g e