Administrator accounts are enumerated during elevation
Description
"Enumerate administrator accounts on elevation" setting must be disabled. Otherwise, administrator accounts are displayed when an unauthorized user attempts to elevate an application. This provides a part of logon information to an attacker who might perform a brute force attack on administrator accounts. Disabling this policy requires users to type in a username and password to elevate a running application.
Severity
Critical
Category
Logon Security
Resolution
Follow the below steps in GPO to resolve the misconfiguration.
Configure the policy value for Computer Configuration >> Administrative Templates >> Windows Components >> Credential User Interface >> "Enumerate administrator accounts on elevation" to "Disabled".
Does remediation require reboot?
No
Vulnerability Manager Plus tracks security configurations and remediate misconfigurations in your network systems from a centralized console. View a list of all the security misconfigurations detected by Vulnerability Manager Plus.