a256ebbf-e5b2-4b73-a375-6587c8d1b0ba
The default Windows configuration caches the last logon credentials for users who log on interactively to a system. This feature is provided for system availability reasons, such as the user's machine being disconnected from the network or domain controllers being unavailable. Even though the credential cache is well-protected, if a system is attacked, an unauthorized individual may isolate the password to a domain user account using a password-cracking program and gain access to the domain.
This is the default configuration for this setting (10 logons to cache).
TO fix this configure the policy value for
Computer Configuration
|_ Windows Settings
|_ Security Settings
|_ Local Policies
|_ Security Options
|_ Interactive logon: Number of previous logons to cache (in case domain controller is not available) to "10" logons or less.
This setting only applies to domain-joined systems, however, it is configured by default on all systems.
STIG Desktop:
W10: https://www.stigviewer.com/stig/microsoft_windows_10/2022-04-08/finding/V-220923 / https://www.stigviewer.com/stig/windows_10/2021-08-18/finding/V-220923
W11: https://www.stigviewer.com/stig/microsoft_windows_11/2022-08-31/finding/V-253447
NIST 800-53: CM-6b.
CAT: III
CCI: CCI-000366
Rule-ID: SV-28978r3_rule
STIG-ID: 3.013
Vuln-ID: V-1090