Back

Configure "Accounts: Limit local account use of blank passwords to console logon only" to organizational standards.


CONTROL ID
07697
CONTROL TYPE
Configuration
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS




This Control directly supports the implied Control(s):
  • Configure Key, Certificate, Password, Authentication and Identity Management settings in accordance with organizational standards., CC ID: 07621

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH




  • Configure the "Accounts: Limit local account use of blank passwords to console logon only" setting to "Enabled". (70BA3854-33F1-4402-B067-2BCADF0D7E66, Win7SP1 Computer Security Compliance, 1.0)
  • Configure the "Accounts: Limit local account use of blank passwords to console logon only" setting to "Enabled". (B3E542E0-55FA-4A8A-BFCA-8EB42D8820DA, Win8 Computer Security Compliance, 1.0)
  • Configure the "Accounts: Limit local account use of blank passwords to console logon only" setting to "Enabled". (3FBCA3B3-9C39-464C-BA70-513D6A237C2C, WinVistaSP2 Computer Security Compliance, 1.0)
  • Configure the "Accounts: Limit local account use of blank passwords to console logon only" setting to "Enabled". (79A303D9-00A9-4B60-9C61-18D077DB9381, WinXPSP3 Computer Security Compliance, 1.0)
  • Configure the "Accounts: Limit local account use of blank passwords to console logon only" setting to "Enabled". (1A1EB341-CD35-4E36-8BD5-33D7B8B86F7E, WS2003SP2 Domain Controller Security Compliance, 1.0)
  • Configure the "Accounts: Limit local account use of blank passwords to console logon only" setting to "Enabled". (9E4D6CB6-EBED-4532-8583-953FA6406D98, WS2003SP2 Member Server Security Compliance, 1.0)
  • Configure the "Accounts: Limit local account use of blank passwords to console logon only" setting to "Enabled". (8E2B9DFB-DB56-4FDC-8120-36755E173DE5, WS2008R2SP1 Domain Controller Security Compliance, 1.1)
  • Configure the "Accounts: Limit local account use of blank passwords to console logon only" setting to "Enabled". (DF5DCBE6-98D9-4057-BF66-FF25AE315091, WS2008R2SP1 Member Server Security Compliance, 1.1)
  • Configure the "Accounts: Limit local account use of blank passwords to console logon only" setting to "Enabled". (4A328944-EC6E-41FE-BA34-7BE07642A1D9, WS2008SP2 Domain Controller Security Compliance, 1.0)
  • Configure the "Accounts: Limit local account use of blank passwords to console logon only" setting to "Enabled". (A4AED997-6BD8-4369-A1DA-29FBBBFC3588, WS2008SP2 Member Server Security Compliance, 1.0)
  • Configure the "Accounts: Limit local account use of blank passwords to console logon only" setting to "Enabled". (E8BA32D1-446C-4208-BC25-D9CF914159DF, WS2012 Domain Controller Security Compliance, 1.0)
  • Configure the "Accounts: Limit local account use of blank passwords to console logon only" setting to "Enabled". (D3A30E93-16CA-4251-B400-34ADC090F11C, WS2012 Member Server Security Compliance, 1.0)
  • (L1) Ensure 'Accounts: Limit local account use of blank passwords to console logon only' is set to 'Enabled' Description: This policy setting determines whether local accounts that are not password protected can be used to log on from locations other than the physical computer console. If you enable… (2.3.1.4, CIS Microsoft Windows Server 2019 Benchmark, v1.2.1, Level 1)
  • (L1) Ensure 'Accounts: Limit local account use of blank passwords to console logon only' is set to 'Enabled' Description: This policy setting determines whether local accounts that are not password protected can be used to log on from locations other than the physical computer console. If you enable… (2.3.1.4, CIS Microsoft Windows Server 2019 Benchmark, v1.2.1, Level 2)
  • Title: Set 'Accounts: Limit local account use of blank passwords to console logon only' to 'Enabled' Description: This policy setting determines whether local accounts that are not password protected can be used to log on from locations other than the physical computer console. If you enable … (Rule: xccdf_org.cisecurity.benchmarks_rule_1.2.1.1.1.12_Set_Accounts_Limit_local_account_use_of_blank_passwords_to_console_logon_only_to_Enabled Artifact Expression: xccdf_org.cisecurity.benchmarks_ae_1.2.1.1.1.12.2_, The Center for Internet Security Microsoft Windows 7 Level 1 + BitLocker Benchmark, 2.1.0)
  • Title: Set 'Accounts: Limit local account use of blank passwords to console logon only' to 'Enabled' Description: This policy setting determines whether local accounts that are not password protected can be used to log on from locations other than the physical computer console. If you enable … (Rule: xccdf_org.cisecurity.benchmarks_rule_1.2.1.1.1.12_Set_Accounts_Limit_local_account_use_of_blank_passwords_to_console_logon_only_to_Enabled Artifact Expression: xccdf_org.cisecurity.benchmarks_ae_1.2.1.1.1.12.1_, The Center for Internet Security Microsoft Windows 7 Level 1 + BitLocker Benchmark, 2.1.0)
  • Title: Set 'Accounts: Limit local account use of blank passwords to console logon only' to 'Enabled' Description: This policy setting determines whether local accounts that are not password protected can be used to log on from locations other than the physical computer console. If you enable … (Rule: xccdf_org.cisecurity.benchmarks_rule_1.2.1.1.1.12_Set_Accounts_Limit_local_account_use_of_blank_passwords_to_console_logon_only_to_Enabled Artifact Expression: xccdf_org.cisecurity.benchmarks_ae_1.2.1.1.1.12.2_, The Center for Internet Security Microsoft Windows 7 Level 1 Benchmark, 2.1.0)
  • Title: Set 'Accounts: Limit local account use of blank passwords to console logon only' to 'Enabled' Description: This policy setting determines whether local accounts that are not password protected can be used to log on from locations other than the physical computer console. If you enable … (Rule: xccdf_org.cisecurity.benchmarks_rule_1.2.1.1.1.12_Set_Accounts_Limit_local_account_use_of_blank_passwords_to_console_logon_only_to_Enabled Artifact Expression: xccdf_org.cisecurity.benchmarks_ae_1.2.1.1.1.12.1_, The Center for Internet Security Microsoft Windows 7 Level 1 Benchmark, 2.1.0)
  • Title: Set 'Accounts: Limit local account use of blank passwords to console logon only' to 'Enabled' Description: This policy setting determines whether local accounts that are not password protected can be used to log on from locations other than the physical computer console. If you enable … (Rule: xccdf_org.cisecurity.benchmarks_rule_1.1.3.1.6_Set_Accounts_Limit_local_account_use_of_blank_passwords_to_console_logon_only_to_Enabled Artifact Expression: xccdf_org.cisecurity.benchmarks_ae_1.1.3.1.6.2_, The Center for Internet Security Microsoft Windows 8 Level 1 + BitLocker Benchmark, 1.0.0)
  • Title: Set 'Accounts: Limit local account use of blank passwords to console logon only' to 'Enabled' Description: This policy setting determines whether local accounts that are not password protected can be used to log on from locations other than the physical computer console. If you enable … (Rule: xccdf_org.cisecurity.benchmarks_rule_1.1.3.1.6_Set_Accounts_Limit_local_account_use_of_blank_passwords_to_console_logon_only_to_Enabled Artifact Expression: xccdf_org.cisecurity.benchmarks_ae_1.1.3.1.6.1_, The Center for Internet Security Microsoft Windows 8 Level 1 + BitLocker Benchmark, 1.0.0)
  • Title: Set 'Accounts: Limit local account use of blank passwords to console logon only' to 'Enabled' Description: This policy setting determines whether local accounts that are not password protected can be used to log on from locations other than the physical computer console. If you enable … (Rule: xccdf_org.cisecurity.benchmarks_rule_1.1.3.1.6_Set_Accounts_Limit_local_account_use_of_blank_passwords_to_console_logon_only_to_Enabled Artifact Expression: xccdf_org.cisecurity.benchmarks_ae_1.1.3.1.6.2_, The Center for Internet Security Microsoft Windows 8 Level 1 Benchmark, 1.0.0)
  • Title: Set 'Accounts: Limit local account use of blank passwords to console logon only' to 'Enabled' Description: This policy setting determines whether local accounts that are not password protected can be used to log on from locations other than the physical computer console. If you enable … (Rule: xccdf_org.cisecurity.benchmarks_rule_1.1.3.1.6_Set_Accounts_Limit_local_account_use_of_blank_passwords_to_console_logon_only_to_Enabled Artifact Expression: xccdf_org.cisecurity.benchmarks_ae_1.1.3.1.6.1_, The Center for Internet Security Microsoft Windows 8 Level 1 Benchmark, 1.0.0)
  • Title: Set 'Accounts: Limit local account use of blank passwords to console logon only' to 'Enabled' Description: This policy setting determines whether local accounts that are not password protected can be used to log on from locations other than the physical computer console. If you enable … (Rule: xccdf_org.cisecurity.benchmarks_rule_1.1.1.2.1.65_Set_Accounts_Limit_local_account_use_of_blank_passwords_to_console_logon_only_to_Enabled Artifact Expression: xccdf_org.cisecurity.benchmarks_ae_1.1.1.2.1.65.1_, The Center for Internet Security Microsoft Windows Server 2008 Level 1 Domain Controller Benchmark, 2.1.0)
  • Title: Set 'Accounts: Limit local account use of blank passwords to console logon only' to 'Enabled' Description: This policy setting determines whether local accounts that are not password protected can be used to log on from locations other than the physical computer console. If you enable … (Rule: xccdf_org.cisecurity.benchmarks_rule_1.1.1.2.1.65_Set_Accounts_Limit_local_account_use_of_blank_passwords_to_console_logon_only_to_Enabled Artifact Expression: xccdf_org.cisecurity.benchmarks_ae_1.1.1.2.1.65.2_, The Center for Internet Security Microsoft Windows Server 2008 Level 1 Domain Controller Benchmark, 2.1.0)
  • Title: Set 'Accounts: Limit local account use of blank passwords to console logon only' to 'Enabled' Description: This policy setting determines whether local accounts that are not password protected can be used to log on from locations other than the physical computer console. If you enable … (Rule: xccdf_org.cisecurity.benchmarks_rule_1.1.1.2.1.65_Set_Accounts_Limit_local_account_use_of_blank_passwords_to_console_logon_only_to_Enabled Artifact Expression: xccdf_org.cisecurity.benchmarks_ae_1.1.1.2.1.65.1_, The Center for Internet Security Microsoft Windows Server 2008 Level 1 Member Server Benchmark, 2.1.0)
  • Title: Set 'Accounts: Limit local account use of blank passwords to console logon only' to 'Enabled' Description: This policy setting determines whether local accounts that are not password protected can be used to log on from locations other than the physical computer console. If you enable … (Rule: xccdf_org.cisecurity.benchmarks_rule_1.1.1.2.1.65_Set_Accounts_Limit_local_account_use_of_blank_passwords_to_console_logon_only_to_Enabled Artifact Expression: xccdf_org.cisecurity.benchmarks_ae_1.1.1.2.1.65.2_, The Center for Internet Security Microsoft Windows Server 2008 Level 1 Member Server Benchmark, 2.1.0)
  • Title: Set 'Accounts: Limit local account use of blank passwords to console logon only' to 'Enabled' Description: This policy setting determines whether local accounts that are not password protected can be used to log on from locations other than the physical computer console. If you enable … (Rule: xccdf_org.cisecurity.benchmarks_rule_1.1.1.2.1.56_Set_Accounts_Limit_local_account_use_of_blank_passwords_to_console_logon_only_to_Enabled Artifact Expression: xccdf_org.cisecurity.benchmarks_ae_1.1.1.2.1.56.2_, The Center for Internet Security Microsoft Windows Server 2008 R2 Level 1 Domain Controller Benchmark, 2.1.0)
  • Title: Set 'Accounts: Limit local account use of blank passwords to console logon only' to 'Enabled' Description: This policy setting determines whether local accounts that are not password protected can be used to log on from locations other than the physical computer console. If you enable … (Rule: xccdf_org.cisecurity.benchmarks_rule_1.1.1.2.1.56_Set_Accounts_Limit_local_account_use_of_blank_passwords_to_console_logon_only_to_Enabled Artifact Expression: xccdf_org.cisecurity.benchmarks_ae_1.1.1.2.1.56.1_, The Center for Internet Security Microsoft Windows Server 2008 R2 Level 1 Domain Controller Benchmark, 2.1.0)
  • Title: Set 'Accounts: Limit local account use of blank passwords to console logon only' to 'Enabled' Description: This policy setting determines whether local accounts that are not password protected can be used to log on from locations other than the physical computer console. If you enable … (Rule: xccdf_org.cisecurity.benchmarks_rule_1.1.1.2.1.56_Set_Accounts_Limit_local_account_use_of_blank_passwords_to_console_logon_only_to_Enabled Artifact Expression: xccdf_org.cisecurity.benchmarks_ae_1.1.1.2.1.56.2_, The Center for Internet Security Microsoft Windows Server 2008 R2 Level 1 Member Server Benchmark, 2.1.0)
  • Title: Set 'Accounts: Limit local account use of blank passwords to console logon only' to 'Enabled' Description: This policy setting determines whether local accounts that are not password protected can be used to log on from locations other than the physical computer console. If you enable … (Rule: xccdf_org.cisecurity.benchmarks_rule_1.1.1.2.1.56_Set_Accounts_Limit_local_account_use_of_blank_passwords_to_console_logon_only_to_Enabled Artifact Expression: xccdf_org.cisecurity.benchmarks_ae_1.1.1.2.1.56.1_, The Center for Internet Security Microsoft Windows Server 2008 R2 Level 1 Member Server Benchmark, 2.1.0)
  • Title: Set 'Accounts: Limit local account use of blank passwords to console logon only' to 'Enabled' Description: This policy setting determines whether local accounts that are not password protected can be used to log on from locations other than the physical computer console. If you enable … (Rule: xccdf_org.cisecurity.benchmarks_rule_1.1.3.1.3_Set_Accounts_Limit_local_account_use_of_blank_passwords_to_console_logon_only_to_Enabled Artifact Expression: xccdf_org.cisecurity.benchmarks_ae_1.1.3.1.3.1_, The Center for Internet Security Microsoft Windows Server 2012 Level 1 Domain Controller Benchmark, 1.0.0)
  • Title: Set 'Accounts: Limit local account use of blank passwords to console logon only' to 'Enabled' Description: This policy setting determines whether local accounts that are not password protected can be used to log on from locations other than the physical computer console. If you enable … (Rule: xccdf_org.cisecurity.benchmarks_rule_1.1.3.1.3_Set_Accounts_Limit_local_account_use_of_blank_passwords_to_console_logon_only_to_Enabled Artifact Expression: xccdf_org.cisecurity.benchmarks_ae_1.1.3.1.3.2_, The Center for Internet Security Microsoft Windows Server 2012 Level 1 Domain Controller Benchmark, 1.0.0)
  • Title: Set 'Accounts: Limit local account use of blank passwords to console logon only' to 'Enabled' Description: This policy setting determines whether local accounts that are not password protected can be used to log on from locations other than the physical computer console. If you enable … (Rule: xccdf_org.cisecurity.benchmarks_rule_1.1.3.1.3_Set_Accounts_Limit_local_account_use_of_blank_passwords_to_console_logon_only_to_Enabled Artifact Expression: xccdf_org.cisecurity.benchmarks_ae_1.1.3.1.3.2_, The Center for Internet Security Microsoft Windows Server 2012 Level 1 Member Server Benchmark, 1.0.0)
  • Title: Set 'Accounts: Limit local account use of blank passwords to console logon only' to 'Enabled' Description: This policy setting determines whether local accounts that are not password protected can be used to log on from locations other than the physical computer console. If you enable … (Rule: xccdf_org.cisecurity.benchmarks_rule_1.1.3.1.3_Set_Accounts_Limit_local_account_use_of_blank_passwords_to_console_logon_only_to_Enabled Artifact Expression: xccdf_org.cisecurity.benchmarks_ae_1.1.3.1.3.1_, The Center for Internet Security Microsoft Windows Server 2012 Level 1 Member Server Benchmark, 1.0.0)
  • The 'Accounts: Limit local account use of blank passwords to console logon only' setting should be configured correctly. Technical Mechanisms: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Accounts: Limit local account use of blank passwords to c… (CCE-9992-9, Common Configuration Enumeration List, Combined XML: Microsoft Windows Server 2008 R2, 5.20130214)
  • The "Limit local account user of blank passwords to console logon only" policy should be set correctly. Technical Mechanisms: (1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\LimitBlankPasswordUse (2) Computer Configuration\Windows Settings\Security Settings\ Local Policies\Security Opt… (CCE-3357-1, Common Configuration Enumeration List, Combined XML: Windows Server 2003, 5.20130214)