Information
This policy setting ensures that users with administrative privileges must have separate accounts for administrative duties and normal user operational tasks.
Rationale:
Allowing a user with administrative privileges to perform normal user operational tasks such as checking email or accessing the Internet is a security risk. If an attacker gains control of administrate privileges, this makes the computer and network vulnerable to malicious software due to having full administrative privileges.
Impact:
A user with administrative privileges will have two accounts, one for normal user operational tasks and one for administrative duties.
NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.
Solution
If a standard user account is found to have administrative privileges, remove the privileges from the standard user account, and create an administrative account for the user.
Default Value:
N/A
Additional Information:
Microsoft Windows Server 2016 Security Technical Implementation Guide:
Version 2, Release 2, Benchmark Date: May 04, 2021
Vul ID: V-224819
Rule ID: SV-224819r569186_rule
STIG ID: WN16-00-000010
Severity: CAT I