2.2.3 Ensure 'Act as part of the operating system' is set to 'No One'

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

This policy setting allows a process to assume the identity of any user and thus gain access to the resources that the user is authorized to access.

The recommended state for this setting is: 'No One'.

Solution

To establish the recommended configuration via GP, set the following UI path to 'No One':

Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Act as part of the operating system

See Also

https://workbench.cisecurity.org/files/1941