STIG ID: WN11-00-000085 | SRG: SRG-OS-000480-GPOS-00227 | Severity: low | CCI: | Vulnerability Id: V-253272
To minimize potential points of attack, local user accounts, other than built-in accounts and local administrator accounts, must not exist on a workstation in a domain. Users must log on to workstations in a domain with their domain accounts.
Limit local user accounts on domain-joined systems. Remove any unauthorized local accounts.
Run "Computer Management".
Navigate to System Tools >> Local Users and Groups >> Users.
If local users other than the accounts listed below exist on a workstation in a domain, this is a finding.
For standalone or nondomain-joined systems, this is Not Applicable.
Built-in Administrator account (Disabled)
Built-in Guest account (Disabled)
Built-in DefaultAccount (Disabled)
Built-in defaultuser0 (Disabled)
Built-in WDAGUtilityAccount (Disabled)
Local administrator account(s)
All of the built-in accounts may not exist on a system, depending on the Windows 11 version.