Information
This policy setting ensures that users with administrative privileges must have separate accounts for administrative duties and normal user operational tasks.
Rationale:
Allowing a user with administrative privileges to perform normal user operational tasks such as checking email or accessing the Internet is a security risk. If an attacker gains control of administrate privileges, this makes the computer and network vulnerable to malicious software due to having full administrative privileges.
Impact:
A user with administrative privileges will have two accounts, one for normal user operational tasks and one for administrative duties.
NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.
Solution
If a standard user account is found to have administrative privileges, remove the privileges from the standard user account, and create an administrative account for the user.
Default Value:
N/A
Additional Information:
Microsoft Windows Server 2019 Security Technical Implementation Guide:
Version 2, Release 1, Benchmark Date: November 13, 2020
Vul ID: V-205844
Rule ID: SV-205844r569188_rule
STIG ID: WN19-00-000010
Severity: CAT I