Detections
Analytics

1.234 WN10-UR-000005

Information

The Access Credential Manager as a trusted caller user right must not be assigned to any groups or accounts.

GROUP ID: V-220956RULE ID: SV-220956r958726

Inappropriate granting of user rights can provide system, administrative, and other high level capabilities.

Accounts with the 'Access Credential Manager as a trusted caller' user right may be able to retrieve the credentials of other accounts from Credential Manager.

Solution

Configure the policy value for

Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> User Rights Assignment >> 'Access Credential Manager as a trusted caller'

to be defined but containing no entries (blank).

See Also

https://workbench.cisecurity.org/benchmarks/23869

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-6(10), CCI|CCI-002235, Rule-ID|SV-220956r958726_rule, STIG-ID|WN10-UR-000005, Vuln-ID|V-220956

Plugin: Windows

Control ID: cbbce7add64428c520192345f625b66f784295e133bf9f13beac47109a61143a