Information
This policy setting ensures that only administrators responsible for the domain controller have Administrator rights on the system.
Rationale:
An account that does not have Administrator duties must not have Administrator rights. Such rights would allow the account to bypass or modify required security restrictions on that machine and make it vulnerable to attack.
Impact:
Only users that administrator rights will have administrator rights.
NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.
Solution
Remove any unauthorized or standard user accounts from the Administrators group.
Stand-alone system
Open Local Users and Groups
Select Groups and review the Administrators group for unauthorized accounts or standard user accounts that should not have administrator privileges.
Remove any unauthorized or standard user accounts.
Domain-joined system
Open Active Directory Users and Computers and review the Administrators group for unauthorized accounts or standard user accounts that should not have administrator privileges.
Remove any unauthorized or standard user accounts.
Default Value:
N/A
Additional Information:
Microsoft Windows Server 2019 Security Technical Implementation Guide:
Version 2, Release 1, Benchmark Date: November 13, 2020
Vul ID: V-205738
Rule ID: SV-205738r569188_rule
STIG ID: WN19-DC-000010
Severity: CAT I