19.5.1.1 (L1) Ensure 'Turn off toast notifications on the lock screen' is set to 'Enabled'

Information

This policy setting turns off toast notifications on the lock screen.

The recommended state for this setting is Enabled

While this feature can be handy for users, applications that provide toast notifications might display sensitive personal or business data while the device is left unattended.

Solution

To establish the recommended configuration via GP, set the following UI path to Enabled :

User Configuration\Policies\Administrative Templates\Start Menu and Taskbar\Notifications\Turn off toast notifications on the lock screen

Note: This Group Policy path may not exist by default. It is provided by the Group Policy template WPN.admx/adml that is included with the Microsoft Windows 8.0 & Server 2012 (non-R2) Administrative Templates (or newer).

Impact:

Applications will not be able to raise toast notifications on the lock screen.

See Also

https://workbench.cisecurity.org/benchmarks/15290

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-11, CSCv7|16.11

Plugin: Windows

Control ID: d5ad3cb44825c7db156746f54d7c05b866739b914fa2929ca9f73c5d73d37aa3