| Vuln ID | Severity | Asset | STIG | Title | Status | Doc Status | Assigned To | Actions |
|---|---|---|---|---|---|---|---|---|
| V-254429 | CAT II | SCHR-P3-DP-001 | Microsoft Windows Server 2022 Security T... | Windows Server 2022 local administrator accounts m... | - | |||
Check TextThis applies to member servers. For domain controllers and standalone or nondomain-joined systems, this is NA. If the following registry value does not exist or is not configured as specified, this is a finding: Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System Value Name: LocalAccountTokenFilterPolicy Type: REG_DWORD Value: 0x00000000 (0) This setting may cause issues with some network scanning tools if local administrative accounts are used remotely. Scans must use domain accounts where possible. If a local administrative account must be used, temporarily enabling the privileged token by configuring the registry value to "1" may be required. Fix TextConfigure the policy value for Computer Configuration >> Administrative Templates >> MS Security Guide >> Apply UAC restrictions to local accounts on network logons to "Enabled". This policy setting requires the installation of the SecGuide custom templates included with the STIG package. "SecGuide.admx" and " SecGuide.adml" must be copied to the \Windows\PolicyDefinitions and \Windows\PolicyDefinitions\en-US directories respectively. Finding DetailsEvaluate-STIG 1.2601.0 (Scan-WindowsServer2022_Checks) found this to be NOT A FINDING on 03/05/2026 ResultHash: 30E45018BB7651DB88A5241CEB1F4E1159C948E7 ~~~~~ 'Apply UAC restrictions to local accounts on network logons' is Enabled Registry Path: HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System Value Name: LocalAccountTokenFilterPolicy Value: 0x00000000 (0) Type: REG_DWORD
Source: SCHR-P3-DP-001_WinServer2022_V2R7_20260305-133436.cklb
Scan Date: 2026-03-05T13:34:36
Technology Area: Windows Operating System
|
||||||||