18.10.4.1 (L1) Ensure 'Let Windows apps activate with voice while the system is locked' is set to 'Enabled: Force Deny'

Information

This policy setting specifies whether Windows apps can be activated by voice (apps and Cortana) while the system is locked.

The recommended state for this setting is: Enabled: Force Deny

Access to any computer resource should not be allowed when the device is locked.

Solution

To establish the recommended configuration via GP, set the following UI path to Enabled: Force Deny :

Computer Configuration\Policies\Administrative Templates\Windows Components\App Privacy\Let Windows apps activate with voice while the system is locked

Note: This Group Policy path is provided by the Group Policy template AppPrivacy.admx/adml that is included with the Microsoft Windows 10 Release 1903 Administrative Templates (or newer).

Impact:

Users will not be able to activate apps while the computer is locked.

See Also

https://workbench.cisecurity.org/benchmarks/16514

Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SI-4, CSCv7|9.2

Plugin: Windows

Control ID: cb2089979964f39e4787230505aba81601f926d53c737bb44f870403e0bd10b7