CCE-37654-1Platform: cpe:/o:microsoft:windows_server_2012::r2 | Date: (C)2015-10-08 (M)2023-07-04 |
Do not forcefully unload the users registry at user logoff
Microsoft Windows will always unload the users registry, even if there are any open handles to the per-user registry keys at user logoff. Using this policy setting, an administrator can negate this behavior, preventing Windows from forcefully unloading the users registry at user logoff.
Note: This policy should only be used for cases where you may be running into application compatibility issues due to this specific Windows behavior. It is not recommended to enable this policy by default as it may prevent users from getting an updated version of their roaming user profile.
If you enable this policy setting, Windows will not forcefully unload the users registry at logoff, but will unload the registry when all open handles to the per-user registry keys are closed.
If you disable or do not configure this policy setting, Windows will always unload the users registry at logoff, even if there are any open handles to the per-user registry keys at user logoff.
Parameter:
[enable/disable]
Technical Mechanism:
(1) GPO: Computer ConfigurationAdministrative TemplatesSystemUser Profiles!Do not forcefully unload the users registry at user logoff
(2) REG: HKEY_LOCAL_MACHINESoftwarePoliciesMicrosoftWindowsSystem!DisableForceUnload
CCSS Severity: | CCSS Metrics: |
CCSS Score : 5.3 | Attack Vector: LOCAL |
Exploit Score: 1.8 | Attack Complexity: LOW |
Impact Score: 3.4 | Privileges Required: LOW |
Severity: MEDIUM | User Interaction: NONE |
Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L | Scope: UNCHANGED |
| Confidentiality: LOW |
| Integrity: LOW |
| Availability: LOW |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:28137 |