2.2.12 Ensure 'Create a token object' is set to 'No One'

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

This policy setting allows a process to create an access token, which may provide elevated rights to access sensitive data.

The recommended state for this setting is: 'No One'.

Solution

To establish the recommended configuration via GP, set the following UI path to 'No One':

Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Create a token object

See Also

https://workbench.cisecurity.org/files/1941