Detections
Analytics

1.266 WN22-UR-000130

Information

Windows Server 2022 impersonate a client after authentication user right must only be assigned to Administrators, Service, Local Service, and Network Service.

GROUP ID: V-254503
RULE ID: SV-254503r958726

Inappropriate granting of user rights can provide system, administrative, and other high-level capabilities.

The 'Impersonate a client after authentication' user right allows a program to impersonate another user or account to run on their behalf. An attacker could use this to elevate privileges.

Solution

Configure the policy value for

Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> User Rights Assignment >> Impersonate a client after authentication

to include only the following accounts or groups:

 - Administrators
 - Service
 - Local Service
 - Network Service

See Also

https://workbench.cisecurity.org/benchmarks/22357

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-6(10), CAT|II, CCI|CCI-002235, Rule-ID|SV-254503r958726_rule, STIG-ID|WN22-UR-000130, Vuln-ID|V-254503

Plugin: Windows

Control ID: 8e73c752492ce32ac51b4196a2156c5c627edb19f0af0b94d8e082c521a0788b