Detections
Analytics

1.254 WN19-UR-000010

Information

Windows Server 2019 Access Credential Manager as a trusted caller user right must not be assigned to any groups or accounts.

GROUP ID:V-205749
RULE ID:SV-205749r958726

Inappropriate granting of user rights can provide system, administrative, and other high-level capabilities.

Accounts with the 'Access Credential Manager as a trusted caller' user right may be able to retrieve the credentials of other accounts from Credential Manager.

Solution

Configure the policy value for

Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> User Rights Assignment >> 'Access Credential Manager as a trusted caller' to be defined but containing no entries (blank).

See Also

https://workbench.cisecurity.org/benchmarks/22176

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-6(7)(b)

Plugin: Windows

Control ID: 9c2fb9bb2982ccd1491e5533c44c7eee3845ffaedbe7cfb1500b35cd6301da76