Standard local user accounts must not exist on a system in a domain.

STIG ID: WN11-00-000085  |  SRG: SRG-OS-000480-GPOS-00227 | Severity: low |  CCI: CCI-000366

Vulnerability Discussion

To minimize potential points of attack, local user accounts, other than built-in accounts and local administrator accounts, must not exist on a workstation in a domain. Users must log on to workstations in a domain with their domain accounts.

Check

Run "Computer Management".
Navigate to System Tools >> Local Users and Groups >> Users.

If local users other than the accounts listed below exist on a workstation in a domain, this is a finding.

For standalone or nondomain-joined systems, this is Not Applicable.

Built-in Administrator account (Disabled)
Built-in Guest account (Disabled)
Built-in DefaultAccount (Disabled)
Built-in defaultuser0 (Disabled)
Built-in WDAGUtilityAccount (Disabled)
Local administrator account(s)

All of the built-in accounts may not exist on a system, depending on the Windows 11 version.

Fix

Limit local user accounts on domain-joined systems. Remove any unauthorized local accounts.
This website is not created by, run, approved, or endorsed by the U.S. Department of Defense. Use at your own risk. This website is created by open-source software.