Domain Member: local users on domain-joined member servers must not be enumerated

a115da09-58b1-40dd-85ca-6f6e4cac977d

The username is one part of logon credentials that could be used to gain access to a system. Preventing the enumeration of users limits this information to authorized personnel.

Remediation

To fix this configure the policy value for Computer Configuration >> Administrative Templates >> System >> Logon >> "Enumerate local users on domain-joined computers" to "Disabled".

STIG: Server: https://www.stigviewer.com/stig/windows_server_2019/2020-06-15/finding/V-93419
Desktop: https://www.stigviewer.com/stig/windows_10/2021-08-18/finding/V-220820

stig-medium-server

compliance-server

security-server

nist800-171

cmmc-l2

domainmember

stig-medium-desktop

compliance-desktop

security-desktop

Knowledge Base
Documentation
Tutorials
Screencasts
Validation Scripts
Support Center