Detections
Analytics
WN12-UR-000001 - The Access Credential Manager as a trusted caller user right must not be assigned to any groups or accounts.
Information
Inappropriate granting of user rights can provide system, administrative, and other high-level capabilities.Accounts with the 'Access Credential Manager as a trusted caller' user right may be able to retrieve the credentials of other accounts from Credential Manager.
Solution
Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> User Rights Assignment >> 'Access Credential Manager as a trusted caller' to be defined but containing no entries (blank).See Also
https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_Windows_2012_and_2012_R2_DC_V3R7_STIG.zip
Item Details
Category: ACCESS CONTROL
References: 800-53|AC-6(10), CAT|II, CCI|CCI-002235, Rule-ID|SV-226370r877392_rule, STIG-ID|WN12-UR-000001, STIG-Legacy|SV-53120, STIG-Legacy|V-26469, Vuln-ID|V-226370
Plugin: Windows
Control ID: 6d1fe3e30c203f7697620127c572627bcfe20160194c38ebb592a80d5a25e43e