Permanent auto admin login to containers + other defaults = large security bug

[itiligent]

Operating system

All

Description

The default unattended xml configuration files for each OS build all appear to allocate a permanent auto admin logon.

This in combination with other published defaults sets up a perfect storm where the user's windows container will be published to the world and can be accessed interactively accessed without any authentiation (as admin) by any user on the same network over via http://x.x.x.x:8006

Is the auto admin login really required? If it is required for unattented install actions a better option would be to use the "AutoLogonCount" directive, and simply limit this to only the number of reboots/logins that are needed, rather than permanently.

Docker compose

N/A

Docker log

N/A

Screenshots (optional)

N/A