Autorun: behavior must be configured to prevent Autorun commands


Allowing AutoRun commands to execute may introduce malicious code to a system. Configuring this setting prevents AutoRun commands from executing.


Via GPO:
Under Computer Configuration / Administrative Templates / Windows Components / Autoplay Policies / Set the default behavior for AutoRun: Enable - And Select "Do not execute any autorun commands" under "Default Autorun Behavior"

STIG: Server: 2016 -
Server 2019 -

Disabling Autorun by GPO:

NIST 800-171: 3.4.6 3.4.7
NIST 800-53 Rev4: CM-7(2)
CMMC Level 2: CM.2.062
CMMC Level 3: CM.3.068