Accounts: Administrator accounts must not be enumerated during elevation

f3afb7e7-d38a-42f2-8290-56da3b445913

Enumeration of administrator accounts when elevating can provide part of the logon information to an unauthorized user. This setting configures the system to always require users to type in a username and password to elevate a running application.

Remediation

To fix this configure the policy value for:
Computer Configuration
|_ Administrative Templates
|_ Windows Components
|_ Credential User Interface
|_ Enumerate administrator accounts on elevation to "Disabled"

STIG: Server 2019: https://www.stigviewer.com/stig/windows_server_2019/2020-06-15/finding/V-93517
Server 2016: https://www.stigviewer.com/stig/microsoft_windows_server_2016/2022-03-01/finding/V-224935
Desktop:https://www.stigviewer.com/stig/windows_10/2021-08-18/finding/V-220832