2.2.27 Ensure 'Load and unload device drivers' is set to 'Administrators'

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

This policy setting allows users to dynamically load a new device driver on a system.

An attacker could potentially use this capability to install malicious code that appears to be a device driver.

This user right is required for users to add local printers or printer drivers in Windows Vista.

The recommended state for this setting is: 'Administrators'.

Solution

To establish the recommended configuration via GP, set the following UI path to 'Administrators': Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Load and unload device drivers

See Also

https://workbench.cisecurity.org/files/1941