| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-AP-002 | 164.231.187.39 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 Username: MONTFORD-POINT\D.Admin UserSID: S-1-5-21-1360995287-4027491577-3040029667-1104 ResultHash: E24FAFA899A9EF37673E36B9DA7CDC2E96352FB5 ~~~~~ 'Apply UAC restrictions to local accounts on network logons' is Enabled Registry Path: Value Name: LocalAccountTokenFilterPolicy Value: 0x00000000 (0) Type: REG_DWORD Comments |
|||||
| MONT-BE-002 | 164.231.187.37 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 Username: MONTFORD-POINT\S.Admin UserSID: S-1-5-21-1360995287-4027491577-3040029667-1105 ResultHash: E24FAFA899A9EF37673E36B9DA7CDC2E96352FB5 ~~~~~ 'Apply UAC restrictions to local accounts on network logons' is Enabled Registry Path: Value Name: LocalAccountTokenFilterPolicy Value: 0x00000000 (0) Type: REG_DWORD Comments |
|||||
| MONT-DB-002 | 164.231.187.38 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 Username: MONTFORD-POINT\S.Admin UserSID: S-1-5-21-1360995287-4027491577-3040029667-1105 ResultHash: E24FAFA899A9EF37673E36B9DA7CDC2E96352FB5 ~~~~~ 'Apply UAC restrictions to local accounts on network logons' is Enabled Registry Path: Value Name: LocalAccountTokenFilterPolicy Value: 0x00000000 (0) Type: REG_DWORD Comments |
|||||
| MONT-DC-003 | 164.231.187.34 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT APPLICABLE on 10/23/2025 ResultHash: C0F3904C423975C11B19B4BFBF943881A50CAA13 ~~~~~ System is a 'Primary Domain Controller' so this requirement is NA. Comments |
|||||
| MONT-DP-001 | 164.231.187.44 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 Username: MONTFORD-POINT\D.Admin UserSID: S-1-5-21-1360995287-4027491577-3040029667-1104 ResultHash: E24FAFA899A9EF37673E36B9DA7CDC2E96352FB5 ~~~~~ 'Apply UAC restrictions to local accounts on network logons' is Enabled Registry Path: Value Name: LocalAccountTokenFilterPolicy Value: 0x00000000 (0) Type: REG_DWORD Comments |
|||||
| MONT-MB-002 | 164.231.187.36 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 Username: MONTFORD-POINT\montford.exchange UserSID: S-1-5-21-1360995287-4027491577-3040029667-1118 ResultHash: E24FAFA899A9EF37673E36B9DA7CDC2E96352FB5 ~~~~~ 'Apply UAC restrictions to local accounts on network logons' is Enabled Registry Path: Value Name: LocalAccountTokenFilterPolicy Value: 0x00000000 (0) Type: REG_DWORD Comments |
|||||
| MONT-VSF-003 | 164.231.187.42 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 Username: MONTFORD-POINT\D.Admin UserSID: S-1-5-21-1360995287-4027491577-3040029667-1104 ResultHash: E24FAFA899A9EF37673E36B9DA7CDC2E96352FB5 ~~~~~ 'Apply UAC restrictions to local accounts on network logons' is Enabled Registry Path: Value Name: LocalAccountTokenFilterPolicy Value: 0x00000000 (0) Type: REG_DWORD Comments |
|||||
| MONT-VSF-004 | 164.231.187.43 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-WindowsServer2016_Checks) found this to be NOT A FINDING on 10/23/2025 Username: MONTFORD-POINT\D.Admin UserSID: S-1-5-21-1360995287-4027491577-3040029667-1104 ResultHash: E24FAFA899A9EF37673E36B9DA7CDC2E96352FB5 ~~~~~ 'Apply UAC restrictions to local accounts on network logons' is Enabled Registry Path: Value Name: LocalAccountTokenFilterPolicy Value: 0x00000000 (0) Type: REG_DWORD Comments |
|||||
Check Text
This applies to member servers. For domain controllers and standalone or nondomain-joined systems, this is NA. If the following registry value does not exist or is not configured as specified, this is a finding. Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System Value Name: LocalAccountTokenFilterPolicy Type: REG_DWORD Value: 0x00000000 (0) This setting may cause issues with some network scanning tools if local administrative accounts are used remotely. Scans should use domain accounts where possible. If a local administrative account must be used, temporarily enabling the privileged token by configuring the registry value to "1" may be required.
Fix Text
Configure the policy value for Computer Configuration >> Administrative Templates >> MS Security Guide >> "Apply UAC restrictions to local accounts on network logons" to "Enabled". This policy setting requires the installation of the SecGuide custom templates included with the STIG package. "SecGuide.admx" and "SecGuide.adml" must be copied to the \Windows\PolicyDefinitions and \Windows\PolicyDefinitions\en-US directories respectively.