Accounts: Administrator accounts must not be enumerated during elevation

f3afb7e7-d38a-42f2-8290-56da3b445913

Enumeration of administrator accounts when elevating can provide part of the logon information to an unauthorized user. This setting configures the system to always require users to type in a username and password to elevate a running application.

Remediation

To fix this configure the policy value for Computer Configuration >> Administrative Templates >> Windows Components >> Credential User Interface >> "Enumerate administrator accounts on elevation" to "Disabled".

STIG: Server: https://www.stigviewer.com/stig/windows_server_2019/2020-06-15/finding/V-93517
Desktop:https://www.stigviewer.com/stig/windows_10/2021-08-18/finding/V-220832



stig-medium-server
compliance-server
security-server
nist800-171
cmmc-l2
domainmember
stig-medium-desktop
compliance-desktop
security-desktop