V-220908
SV-220908r958482_rule
Deprecated
CAT II
This rule has been deprecated. Deprecated on 2026-03-05. It is no longer included in the current version of this STIG.
The built-in administrator account must be disabled.
From: Microsoft Windows 10 Security Technical Implementation Guide (V3R4)
Description
<VulnDiscussion>The built-in administrator account is a well-known account subject to attack. It also provides no accountability to individual administrators on a system. It must be disabled to prevent its use.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
Check Procedure
Verify the effective setting in Local Group Policy Editor.
Run "gpedit.msc".
Navigate to Local Computer Policy >> Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> Security Options.
If the value for "Accounts: Administrator account status" is not set to "Disabled", this is a finding.
Fix Text
Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> Security Options >> "Accounts: Administrator account status" to "Disabled".
CCI Reference
CCI-000764- Created
- 2026-01-14 17:55:45
- Last Updated
- 2026-01-14 17:55:45