2.2.38 (L1) Ensure 'Shut down the system' is set to 'Administrators, Users'

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

This policy setting determines which users who are logged on locally to the computers in your environment can shut down the operating system with the Shut Down command. Misuse of this user right can result in a denial of service condition.
The recommended state for this setting is: Administrators, Users.

Rationale:
The ability to shut down a workstation should be available generally to Administrators and authorized users of that workstation, but not permitted for guests or unauthorized users - in order to prevent a Denial of Service attack.

Solution

To establish the recommended configuration via GP, set the following UI path to Administrators, Users:
Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Shut down the system

Impact:
The impact of removing these default groups from the Shut down the system user right could limit the delegated abilities of assigned roles in your environment. You should confirm that delegated activities will not be adversely affected.

Default Value:
Administrators, Backup Operators, Users.

References:
1. CCE-35004-1

See Also

https://workbench.cisecurity.org/files/2754