Accounts: Administrator accounts must not be enumerated during elevation

f3afb7e7-d38a-42f2-8290-56da3b445913

Enumeration of administrator accounts when elevating can provide part of the logon information to an unauthorized user. This setting configures the system to always require users to type in a username and password to elevate a running application.

Remediation

To fix this configure the policy value for:
Computer Configuration
|_ Administrative Templates
|_ Windows Components
|_ Credential User Interface
|_ Enumerate administrator accounts on elevation to "Disabled"

STIG: Server
2022: https://www.stigviewer.com/stig/microsoft_windows_server_2022/2022-08-25/finding/V-254355
2019: https://www.stigviewer.com/stig/microsoft_windows_server_2019/2022-03-01/finding/V-205714 / https://www.stigviewer.com/stig/windows_server_2019/2020-06-15/finding/V-93517
2016: https://www.stigviewer.com/stig/microsoft_windows_server_2016/2022-03-01/finding/V-224935 / https://www.stigviewer.com/stig/windows_server_2016/2020-06-16/finding/V-73487

Desktop:
W11: https://www.stigviewer.com/stig/microsoft_windows_11/2022-06-24/finding/V-253391
W10: https://www.stigviewer.com/stig/microsoft_windows_10/2022-04-08/finding/V-220832 / https://www.stigviewer.com/stig/windows_10/2021-08-18/finding/V-220832

Nist 800-53: CM-1, CM-2, CM-6, CM-7, CM-7(1), CM-9, SA-3, SA-8, SA-10
Nist 800-171: 3.1.12.a, 3.1.16.a, 3.1.18.a, 3.1.18.c, 3.4.1.a, 3.4.2.a, 3.4.6.a, 3.4.6.b, 3.4.6.a, 3.4.6.b, 3.4.6.d, 3.5.7.e, 3.5.7.f, 3.5.12.d
CSCv7: 5.1
Owasp Top 10: A01:2021, A02:2021, A03:2021, A04:2021, A05:2021, A06:2021, A07:2021, A08:2021, A09:2021, A10:2021
PCI-DSS v3.2: 1.1, 1.1.1, 2.2, 2.2.1, 2.2.2, 2.2.3,2.2.4
PCI-DSS v4: 1.1, 1.2.1, 1.2.6, 2.2.1, 8.3.2, 8.5, 10.2, 10.2.1, 10.2.1.1, 10.2.1.2, 10.2.1.3, 10.2.1.4, 10.2.1.5, 10.2.1.6, 10.2.1.7, 10.2.2, 10.6, 10.6.1, 10.6, 10.6.1, 10.6.2, 10.6.3,11.2
CMMC v2.1: CM.L2-3.4.1, CM.L2-3.4.2, CM.L2-3.4.1, CM.L2-3.4.2, CM.L3-3.4.1e, CM.L3-3.4.2e, SI.L3-3.14.3e