CCE-96839-6Platform: cpe:/o:microsoft:windows_11 | Date: (C)2022-05-07 (M)2023-07-04 |
This policy setting allows you to manage the deployment operations of app packages when the user is logged in under special profiles.
Deployment operation refers to adding, registering, staging, updating or removing an app package.
Special profiles refer to profiles with the following types: mandatory, super-mandatory, temporary or system. Local and roaming profiles are not special profiles. When the user is logged in to a guest account, the profile type is temporary.
If you enable this policy setting, the system allows deployment operations when the user is using a special profile.
If you disable or do not configure this policy setting, the system blocks deployment operations when the user is using a special profile.
Countermeasure:
Disable this setting to prevent users from adding, registering, staging, updating or removing an app package while logged in under a special profile.
Potential Impact:
If you enable this policy setting, the system allows deployment operations when the user is using a special profile.
If you disable or do not configure this policy setting, the system blocks deployment operations when the user is using a special profile."
Parameter:
[enabled/disabled]
Technical Mechanism:
(1) GPO: Computer Configuration\Administrative Templates\Windows Components\App Package Deployment\Allow deployment operations in special profiles
(2) REG: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Appx!AllowDeploymentInSpecialProfiles
CCSS Severity: | CCSS Metrics: |
CCSS Score : 7.0 | Attack Vector: LOCAL |
Exploit Score: 1.0 | Attack Complexity: HIGH |
Impact Score: 5.9 | Privileges Required: LOW |
Severity: HIGH | User Interaction: NONE |
Vector: AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H | Scope: UNCHANGED |
| Confidentiality: HIGH |
| Integrity: HIGH |
| Availability: HIGH |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:79306 |