Autorun: Prevent AutoRun by default

746184bf-3f96-4365-8bb4-c7abf8a772ac

Allowing AutoRun commands to execute may introduce malicious code to a system. Configuring this setting prevents AutoRun commands from executing.

Remediation

Via GPO:
Under Computer Configuration / Administrative Templates / Windows Components / Autoplay Policies / Set the default behavior for AutoRun: Enable - And Select "Do not execute any autorun commands" under "Default Autorun Behavior"

Windows Server: https://www.stigviewer.com/stig/windows_server_2016/2019-01-16/finding/V-73547
Windows Desktop https://www.stigviewer.com/stig/windows_10/2020-03-24/finding/V-63671
https://www.stigviewer.com/stig/windows_10/2021-03-10/finding/V-220828
Disabling Autorun by GPO: https://www.techrepublic.com/article/how-to-disable-autoplay-and-autorun-in-windows-10/



stig-high-server
stig-high-desktop
desktop
server
bestpractice-desktop
bestpractice-server
compliance-desktop
compliance-server
security-desktop
security-server
nist800-171
cmmc-l3