2.2.25 Configure 'Impersonate a client after authentication'

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

The policy setting allows programs that run on behalf of a user to impersonate that user (or another specified account) so that they can act on behalf of the user. If this user right is required for this kind of impersonation, an unauthorized user will not be able to convince a client to connect--for example, by remote procedure call (RPC) or named pipes--to a service that they have created to impersonate that client, which could elevate the unauthorized user's permissions to administrative or system levels.

Solution

To establish the recommended configuration via GP, set ' Administrators, LOCAL SERVICE, NETWORK SERVICE, SERVICE' for the following UI path: Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Impersonate a client after authentication

See Also

https://workbench.cisecurity.org/files/1941