Domain Member: Local users on domain-joined member servers must not be enumerated

a115da09-58b1-40dd-85ca-6f6e4cac977d

The username is one part of logon credentials that could be used to gain access to a system. Preventing the enumeration of users limits this information to authorized personnel.

Remediation

To fix this configure the policy value for
Computer Configuration
|_ Administrative Templates
|_ System
|_ Logon
|_ "Enumerate local users on domain-joined computers" to "Disabled".

STIG: Server:
2022: https://system32.eventsentry.com/stig/viewer/V-254430
2019:https://system32.eventsentry.com/stig/viewer/V-205696

Desktop:
W11: https://system32.eventsentry.com/stig/viewer/V-253379
W10: https://system32.eventsentry.com/stig/viewer/V-220820

Nist 800-53: AC-6(10)
Nist 800-171: 3.1.7