Domain Member: local users on domain-joined member servers must not

Domain Member: local users on domain-joined member servers must not be enumerated

a115da09-58b1-40dd-85ca-6f6e4cac977d

The username is one part of logon credentials that could be used to gain access to a system. Preventing the enumeration of users limits this information to authorized personnel.

Remediation

To fix this configure the policy value for Computer Configuration >> Administrative Templates >> System >> Logon >> "Enumerate local users on domain-joined computers" to "Disabled".

STIG: Server: https://www.stigviewer.com/stig/windows_server_2019/2020-06-15/finding/V-93419
Desktop: https://www.stigviewer.com/stig/windows_10/2021-08-18/finding/V-220820

Domain Member: local users on domain-joined member servers must not be enumerated

Remediation

Tags