Detections
Analytics

1.253 WN10-UR-000110

Information

The Impersonate a client after authentication user right must only be assigned to Administrators, Service, Local Service, and Network Service.

GROUP ID: V-220975RULE ID: SV-220975r958726

Inappropriate granting of user rights can provide system, administrative, and other high level capabilities.

The 'Impersonate a client after authentication' user right allows a program to impersonate another user or account to run on their behalf. An attacker could potentially use this to elevate privileges.

Solution

Configure the policy value for

Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> User Rights Assignment >> 'Impersonate a client after authentication'

to only include the following groups or accounts:

AdministratorsLOCAL SERVICENETWORK SERVICESERVICE

See Also

https://workbench.cisecurity.org/benchmarks/23869

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-6(10), CCI|CCI-002235, Rule-ID|SV-220975r958726_rule, STIG-ID|WN10-UR-000110, Vuln-ID|V-220975

Plugin: Windows

Control ID: c280d0200e5acd9ef0ed49e26a0d5c75a901a5dc5cc0aba8bc4c5362d37033bf