Detections
Analytics

1.264 WN22-UR-000110

Information

Windows Server 2022 force shutdown from a remote system user right must only be assigned to the Administrators group.

GROUP ID: V-254501
RULE ID: SV-254501r958726

Inappropriate granting of user rights can provide system, administrative, and other high-level capabilities.

Accounts with the 'Force shutdown from a remote system' user right can remotely shut down a system, which could result in a denial of service.

Solution

Configure the policy value for

Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> User Rights Assignment >> Force shutdown from a remote system

to include only the following accounts or groups:

 - Administrators

See Also

https://workbench.cisecurity.org/benchmarks/22357

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-6(10), CAT|II, CCI|CCI-002235, Rule-ID|SV-254501r958726_rule, STIG-ID|WN22-UR-000110, Vuln-ID|V-254501

Plugin: Windows

Control ID: 1870fa6ee7fc1232c7f7e23d90444fb6b037946f2acb9742ce1b81d50d53d340