Standard local user accounts must not exist on a system in a domain.

STIG ID: WN10-00-000085  |  SRG: SRG-OS-000480-GPOS-00227 |  Severity: low |  CCI: CCI-000366 |  Vulnerability Id: V-220715 | 

Vulnerability Discussion

To minimize potential points of attack, local user accounts, other than built-in accounts and local administrator accounts, must not exist on a workstation in a domain. Users must log on to workstations in a domain with their domain accounts.

Check

For standalone or nondomain-joined systems, this is Not Applicable.

Run "Computer Management".

Navigate to System Tools >> Local Users and Groups >> Users.

If local users other than the accounts listed below exist on a workstation in a domain, this is a finding.

Built-in Administrator account (Disabled)
Built-in Guest account (Disabled)
Built-in DefaultAccount (Disabled)
Built-in defaultuser0 (Disabled)
Built-in WDAGUtilityAccount (Disabled)
Local administrator account(s)

All of the built-in accounts may not exist on a system, depending on the Windows 10 version.

Fix

Limit local user accounts on domain-joined systems. Remove any unauthorized local accounts.
This website is not created by, run, approved, or endorsed by the U.S. Department of Defense. Use at your own risk. This website is created by open-source software.