Skip to main content

Banner

Win - OIB - SC - Device Security - D - Local Security Policies - v3.0

CMMC Control Mapping Matrix

NameValue
Basics
NameWin - OIB - SC - Device Security - D - Local Security Policies - v3.0
Description
Profile typeSettings catalog
Platform supportedWindows 10 and later
CreatedThursday, February 26, 2026 5:39:12 AM
Last modifiedThursday, February 26, 2026 5:39:12 AM
Scope tagsDefault
Table 11. Basics - Win - OIB - SC - Device Security - D - Local Security Policies - v3.0
NameValue
Local Policies Security Options
Accounts Enable Administrator Account StatusEnable
Accounts Enable Guest Account StatusDisable
Accounts Limit Local Account Use Of Blank Passwords To Console Logon OnlyEnabled
Interactive Logon Smart Card Removal BehaviorLock Workstation
Microsoft Network Client Digitally Sign Communications AlwaysEnable
Microsoft Network Client Send Unencrypted Password To Third Party SMB ServersDisable
Microsoft Network Server Digitally Sign Communications AlwaysEnable
Network Access Do Not Allow Anonymous Enumeration Of SAM AccountsEnabled
Network Access Do Not Allow Anonymous Enumeration Of Sam Accounts And SharesEnabled
Network Access Restrict Anonymous Access To Named Pipes And SharesEnable
Network Access Restrict Clients Allowed To Make Remote Calls To SAMO:BAG:BAD:(A;;RC;;;BA)
Network Security Do Not Store LAN Manager Hash Value On Next Password ChangeEnable
Network Security LAN Manager Authentication LevelSend NTLMv2 responses only. Refuse LM and NTLM
Network Security Minimum Session Security For NTLMSSP Based ClientsRequire NTLM and 128-bit encryption
Network Security Minimum Session Security For NTLMSSP Based ServersRequire NTLM and 128-bit encryption
User Account Control Behavior Of The Elevation Prompt For AdministratorsPrompt for consent on the secure desktop
User Account Control Behavior Of The Elevation Prompt For Standard UsersPrompt for credentials on the secure desktop
User Account Control Detect Application Installations And Prompt For ElevationEnable
User Account Control Only Elevate UI Access Applications That Are Installed In Secure LocationsEnabled: Application runs with UIAccess integrity only if it resides in secure location.
User Account Control Run All Administrators In Admin Approval ModeEnabled
User Account Control Switch To The Secure Desktop When Prompting For ElevationEnabled
User Account Control Use Admin Approval ModeEnable
User Account Control Virtualize File And Registry Write Failures To Per User LocationsEnabled
Table 12. Settings - Win - OIB - SC - Device Security - D - Local Security Policies - v3.0

📩 Don't Miss the Next Solution

Join the list to see the real-time solutions I'm delivering to my GCC High clients.