Devices: Allow undock without having to log onID: oval:org.secpod.oval:def:14666 | Date: (C)2013-08-13 (M)2023-07-04 |
Class: COMPLIANCE | Family: windows |
This security setting determines whether a portable computer can be undocked without having to log on. If this policy is enabled, logon is not required and an external hardware eject button can be used to undock the computer. If disabled, a user must log on and have the Remove computer from docking station privilege to undock the computer.
Default: Enabled.
Caution
Disabling this policy may tempt users to try and physically remove the laptop from its docking station using methods other than the external hardware eject button. Since this may cause damage to the hardware, this setting, in general, should only be disabled on laptop configurations that are physically securable.
Fix:
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Devices: Allow undock without having to log on
(2) REG: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System!undockwithoutlogon
Platform: |
Microsoft Windows 7 |