Accounts: Automatic logons must be disabled


Allowing a system to automatically log on when the machine is booted could give access to any unauthorized individual who restarts the computer. Automatic logon with administrator privileges would give full access to an unauthorized individual.


To fix this configure the policy value for:
Computer Configuration
|_ Administrative Template
|_ MSS (Legacy)
|_ MSS: (AutoAdminLogon) Enable Automatic Logon (not recommended) to "Disabled".

This policy setting requires the installation of the MSS-Legacy custom template. "MSS-Legacy.admx" and " MSS-Legacy.adml" must be copied to the \Windows\PolicyDefinitions and \Windows\PolicyDefinitions\en-US directories respectively. Files are available at EventSentry GitHub Repository at:

Stig Desktop:

NIST 800-53: CM-6b. A-2, IA-5(13)
CCE: CCE-85419-0
CCI: CCI-000366
STIG-ID: APPL-11-002066