CCE-42264-2Platform: cpe:/o:microsoft:windows_10 | Date: (C)2016-09-23 (M)2023-07-04 |
Disable: 'Network access: Sharing and security model for local accounts' for ForceGuest
This policy setting determines how network logons that use local accounts are authenticated. The Classic option allows precise control over access to resources, including the ability to assign different types of access to different users for the same resource. The Guest only option allows you to treat all users equally. In this context, all users authenticate as Guest only to receive the same access level to a given resource.
Counter Measure:
For network servers, configure the Network access: Sharing and security model for local accounts setting to Classic - local users authenticate as themselves. On end-user computers, configure this policy setting to Guest only - local users authenticate as guest.
Potential Impact:
None. This is the default configuration.
Parameter:
[classic: local users authenticate as themselves/guest only: local users authenticate as guest]
Technical Mechanism:
(1) GPO: Computer ConfigurationWindows SettingsSecurity SettingsLocal PoliciesSecurity OptionsNetwork access: Sharing and security model for local accounts
(2) REG: HKEY_LOCAL_MACHINESystemCurrentControlSetControlLsaForceGuest
CCSS Severity: | CCSS Metrics: |
CCSS Score : 7.7 | Attack Vector: NETWORK |
Exploit Score: 2.2 | Attack Complexity: HIGH |
Impact Score: 5.5 | Privileges Required: NONE |
Severity: HIGH | User Interaction: NONE |
Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L | Scope: UNCHANGED |
| Confidentiality: HIGH |
| Integrity: HIGH |
| Availability: LOW |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:35081 |