Vulnerability Discussion
This policy controls whether a domain user can sign in using a convenience PIN to prevent enabling (Password Stuffer).
Check
If the following registry value does not exist or is not configured as specified, this is a finding:
Registry Hive: HKEY_LOCAL_MACHINE
Registry Path: \Software\Policies\Microsoft\Windows\System
Value Name: AllowDomainPINLogon
Value Type: REG_DWORD
Value data: 0
Fix
Disable the convenience PIN sign-in.
To correct this, configure the policy value for Computer Configuration >> Administrative Templates >> System >> Logon >> Set "Turn on convenience PIN sign-in" to "Disabled".