18.1.1.1 (L1) Ensure 'Prevent enabling lock screen camera' is set to 'Enabled'

Information

Disables the lock screen camera toggle switch in PC Settings and prevents a camera from being invoked on the lock screen.

The recommended state for this setting is: Enabled

Disabling the lock screen camera extends the protection afforded by the lock screen to camera features.

Solution

To establish the recommended configuration via GP, set the following UI path to Enabled :

Computer Configuration\Policies\Administrative Templates\Control Panel\Personalization\Prevent enabling lock screen camera

Note: This Group Policy path may not exist by default. It is provided by the Group Policy template ControlPanelDisplay.admx/adml that is included with the Microsoft Windows 8.1 & Server 2012 R2 Administrative Templates (or newer).

Impact:

If you enable this setting, users will no longer be able to enable or disable lock screen camera access in PC Settings, and the camera cannot be invoked on the lock screen.

See Also

https://workbench.cisecurity.org/benchmarks/17971

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6b.

Plugin: Windows

Control ID: fc2592b59783d5eb400d874c70c00aa4c5c292983a5df26abd09787e0a97d8e4