STIGQter: STIG Summary: Windows Server 2008 R2 Member Server Security Technical Implementation Guide Version: 1 Release: 30 Benchmark Date: 26 Jul 2019: Domain users will be required to elevate when setting a network’s location.

DISA Rule

SV-32451r1_rule

Vulnerability Number

V-21960

Group Title

Elevate when setting a network’s location

Rule Version

5.270

Severity

CAT III

CCI(s)

• CCI-001084 - The information system isolates security functions from nonsecurity functions.

Weight

10

Fix Recommendation

Configure the policy value for Computer Configuration -> Administrative Templates -> Network -> Network Connections -> “Require domain users to elevate when setting a network's location” to “Enabled”.

Check Contents

If the following registry value doesn’t exist or is not configured as specified, this is a finding:

Registry Hive: HKEY_LOCAL_MACHINE
Subkey: \Software\Policies\Microsoft\Windows\Network Connections\

Value Name: NC_StdDomainUserSetLocation

Type: REG_DWORD
Value: 1

Vulnerability Number

V-21960

Documentable

False

Rule Version

5.270

Severity Override Guidance

If the following registry value doesn’t exist or is not configured as specified, this is a finding:

Registry Hive: HKEY_LOCAL_MACHINE
Subkey: \Software\Policies\Microsoft\Windows\Network Connections\

Value Name: NC_StdDomainUserSetLocation

Type: REG_DWORD
Value: 1

Check Content Reference

M

Responsibility

System Administrator

Target Key

1823

Comments