STIG ID: WN11-CC-000060 | SRG: SRG-OS-000480-GPOS-00227 | Severity: medium | CCI: | Vulnerability Id: V-253365
Multiple network connections can provide additional attack vectors to a system and must be limited. When connected to a domain, communication must go through the domain connection.
Configure the policy value for Computer Configuration >> Administrative Templates >> Network >> Windows Connection Manager >> "Prohibit connection to non-domain networks when connected to domain authenticated network" to "Enabled".
If the following registry value does not exist or is not configured as specified, this is a finding:
Registry Hive: HKEY_LOCAL_MACHINE
Registry Path: \SOFTWARE\Policies\Microsoft\Windows\WcmSvc\GroupPolicy\
Value Name: fBlockNonDomain
Value Type: REG_DWORD
Value: 1