Add check for allowadministratorlockout #380

TuemmlerKelch · 2023-09-13T15:09:20Z

MS added a new account lockout policy that allows the builtin administrator account to be locked, which was previously not possible and made this account prone to brute force attacks.

Please find out if and how we can check this

TuemmlerKelch · 2024-03-14T09:32:19Z

The check can be implemented like any other security option looking at ['System Access']["AllowAdministratorLockout"]

TuemmlerKelch · 2024-03-25T09:15:22Z

Affected Benchmarks
CIS Microsoft Windows Server 2022 2.0.0
CIS Microsoft Windows Server 2019 2.0.0
CIS Microsoft Windows 10 2.0.0
CIS Microsoft Windows Server 2016 2.0.0

TuemmlerKelch added the enhancement New feature or request label Sep 13, 2023

TuemmlerKelch added this to the 5.9.0 milestone Mar 21, 2024

TuemmlerKelch assigned TuemmlerKelch and SteffenWinternheimer Mar 25, 2024

SteffenWinternheimer mentioned this issue Mar 25, 2024

Add "AllowAdministratorLockout"-Setting to several AuditGroups #532

Merged

TuemmlerKelch closed this as completed Mar 25, 2024

TuemmlerKelch added the minor Incremental updates and enhancements for improved functionality without major changes. label Mar 25, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add check for allowadministratorlockout #380

Add check for allowadministratorlockout #380

TuemmlerKelch commented Sep 13, 2023

TuemmlerKelch commented Mar 14, 2024

TuemmlerKelch commented Mar 25, 2024

Add check for allowadministratorlockout #380

Add check for allowadministratorlockout #380

Comments

TuemmlerKelch commented Sep 13, 2023

TuemmlerKelch commented Mar 14, 2024

TuemmlerKelch commented Mar 25, 2024