WN12-UR-000025 - The Impersonate a client after authentication user right must only be assigned to Administrators, Service, Local Service, and Network Service.

Information

Inappropriate granting of user rights can provide system, administrative, and other high-level capabilities.

The 'Impersonate a client after authentication' user right allows a program to impersonate another user or account to run on their behalf. An attacker could potentially use this to elevate privileges.

Solution

Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> User Rights Assignment >> 'Impersonate a client after authentication' to only include the following accounts or groups:

Administrators
Service
Local Service
Network Service

Item Details

Audit Name: DISA Windows Server 2012 and 2012 R2 DC STIG v3r7

Category: ACCESS CONTROL

Plugin: Windows

Control ID: da90e81fc26ebaa1ffbc8cdc9e7d75e320bed9af2f4354bb52dd02690257c126

Detections

Analytics

WN12-UR-000025 - The Impersonate a client after authentication user right must only be assigned to Administrators, Service, Local Service, and Network Service.

Information

Solution

See Also

Item Details