The ability to store user passwords in Skype must be disabled.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-70901 | DTOO420 | SV-85525r1_rule | CCI-000366 | medium |
| Description | ||||
| Allows Microsoft Lync to store user passwords. If you enable this policy setting, Microsoft Lync can store a password on request from the user. If you disable this policy setting, Microsoft Lync cannot store a password. If you do not configure this policy setting and the user logs on to a domain, Microsoft Lync does not store the password. If you do not configure this policy setting and the user does not log on to a domain (for example, if the user logs on to a workgroup), Microsoft Lync can store the password. Note: You can configure this policy setting under both Computer Configuration and User Configuration, but the policy setting under Computer Configuration takes precedence. | ||||
| STIG | Date | |||
| Microsoft Skype for Business 2016 Security Technical Implementation Guide | 2016-11-02 | |||
Details
Check Text (C-85525r1_chk)
Verify the policy value for Computer Configuration -> Administrative Templates -> Skype for Business 2016 -> Microsoft Lync Feature Policies "Allow storage of user passwords" is set to "Disabled".
Procedure: Use the Windows Registry Editor to navigate to the following key:
HKLM\Software\Policies\Microsoft\office\16.0\lync
Criteria: If the value savepassword is REG_DWORD = 0, this is not a finding.
Fix Text (F-77233r1_fix)
Set the policy value for Computer Configuration -> Administrative Templates -> Skype for Business 2016 -> Microsoft Lync Feature Policies "Allow storage of user passwords" to "Disabled".