CSCv7|4.6

Title

Use of Dedicated Machines For All Administrative Tasks

Description

Ensure administrators use a dedicated machine for all administrative tasks or tasks requiring administrative access. This machine will be segmented from the organization's primary network and not be allowed Internet access. This machine will not be used for reading e-mail, composing documents, or browsing the Internet.

Reference Item Details

Category: Controlled Use of Administrative Privileges

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.4.2 If SNMPv2 is in use, set Restrictions on Access - ACLCiscoCIS Cisco NX-OS L1 v1.0.0
1.4.2 If SNMPv2 is in use, set Restrictions on Access - snmp-serverCiscoCIS Cisco NX-OS L1 v1.0.0
2.2.10 (L1) Ensure 'Create a pagefile' is set to 'Administrators'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1
2.2.10 (L1) Ensure 'Create a pagefile' is set to 'Administrators'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1 Bitlocker
2.2.10 Ensure 'Back up files and directories' is set to 'Administrators'WindowsCIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.0
2.2.10 Ensure 'Back up files and directories' is set to 'Administrators'WindowsCIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.0
2.2.10 Ensure 'Back up files and directories' is set to 'Administrators'WindowsCIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.0
2.2.10 Ensure 'Back up files and directories' is set to 'Administrators'WindowsCIS Microsoft Windows Server 2008 Member Server Level 1 v3.3.0
2.2.11 (L1) Ensure 'Create a token object' is set to 'No One'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1
2.2.11 (L1) Ensure 'Create a token object' is set to 'No One'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1 Bitlocker
2.2.11 Ensure 'Change the system time' is set to 'Administrators, LOCAL SERVICE'WindowsCIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.0
2.2.11 Ensure 'Change the system time' is set to 'Administrators, LOCAL SERVICE'WindowsCIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.0
2.2.11 Ensure 'Change the system time' is set to 'Administrators, LOCAL SERVICE'WindowsCIS Microsoft Windows Server 2008 Member Server Level 1 v3.3.0
2.2.11 Ensure 'Change the system time' is set to 'Administrators, LOCAL SERVICE'WindowsCIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.0
2.2.12 (L1) Ensure 'Create global objects' is set to 'Administrators, LOCAL SERVICE, NETWORK SERVICE, SERVICE'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1 Bitlocker
2.2.12 (L1) Ensure 'Create global objects' is set to 'Administrators, LOCAL SERVICE, NETWORK SERVICE, SERVICE'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1
2.2.12 Ensure 'Change the time zone' is set to 'Administrators, LOCAL SERVICE'WindowsCIS Microsoft Windows Server 2008 Member Server Level 1 v3.3.0
2.2.12 Ensure 'Change the time zone' is set to 'Administrators, LOCAL SERVICE'WindowsCIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.0
2.2.12 Ensure 'Change the time zone' is set to 'Administrators, LOCAL SERVICE'WindowsCIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.0
2.2.12 Ensure 'Change the time zone' is set to 'Administrators, LOCAL SERVICE'WindowsCIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.0
2.2.13 Ensure 'Create a pagefile' is set to 'Administrators'WindowsCIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.0
2.2.13 Ensure 'Create a pagefile' is set to 'Administrators'WindowsCIS Microsoft Windows Server 2008 Member Server Level 1 v3.3.0
2.2.13 Ensure 'Create a pagefile' is set to 'Administrators'WindowsCIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.0
2.2.13 Ensure 'Create a pagefile' is set to 'Administrators'WindowsCIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.0
2.2.14 (L1) Configure 'Create symbolic links'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1
2.2.14 (L1) Configure 'Create symbolic links'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1 Bitlocker
2.2.15 (L1) Ensure 'Debug programs' is set to 'Administrators'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1 Bitlocker
2.2.15 (L1) Ensure 'Debug programs' is set to 'Administrators'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1
2.2.15 Ensure 'Create global objects' is set to 'Administrators, LOCAL SERVICE, NETWORK SERVICE, SERVICE'WindowsCIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.0
2.2.15 Ensure 'Create global objects' is set to 'Administrators, LOCAL SERVICE, NETWORK SERVICE, SERVICE'WindowsCIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.0
2.2.15 Ensure 'Create global objects' is set to 'Administrators, LOCAL SERVICE, NETWORK SERVICE, SERVICE'WindowsCIS Microsoft Windows Server 2008 Member Server Level 1 v3.3.0
2.2.15 Ensure 'Create global objects' is set to 'Administrators, LOCAL SERVICE, NETWORK SERVICE, SERVICE'WindowsCIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.0
2.2.17 Ensure 'Create symbolic links' is set to 'Administrators' (DC only)WindowsCIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.0
2.2.17 Ensure 'Create symbolic links' is set to 'Administrators' (DC only)WindowsCIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.0
2.2.18 Ensure 'Create symbolic links' is set to 'Administrators, NT VIRTUAL MACHINE\Virtual Machines' (MS only)WindowsCIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.0
2.2.21 (L1) Ensure 'Enable computer and user accounts to be trusted for delegation' is set to 'No One'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1 Bitlocker
2.2.21 (L1) Ensure 'Enable computer and user accounts to be trusted for delegation' is set to 'No One'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1
2.2.22 (L1) Ensure 'Force shutdown from a remote system' is set to 'Administrators'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1 Bitlocker
2.2.22 (L1) Ensure 'Force shutdown from a remote system' is set to 'Administrators'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1
2.2.24 (L1) Ensure 'Impersonate a client after authentication' is set to 'Administrators, LOCAL SERVICE, NETWORK SERVICE, SERVICE'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1 Bitlocker
2.2.24 (L1) Ensure 'Impersonate a client after authentication' is set to 'Administrators, LOCAL SERVICE, NETWORK SERVICE, SERVICE'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1
2.2.25 (L1) Ensure 'Increase scheduling priority' is set to 'Administrators'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1
2.2.25 (L1) Ensure 'Increase scheduling priority' is set to 'Administrators'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1 Bitlocker
2.2.25 (L1) Ensure 'Increase scheduling priority' is set to 'Administrators' - Window Manager\Window Manager Group'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1 Bitlocker
18.9.85.1 (L1) Ensure 'Allow user control over installs' is set to 'Disabled'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1
18.9.85.1 (L1) Ensure 'Allow user control over installs' is set to 'Disabled'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1 Bitlocker
18.9.85.2 (L1) Ensure 'Always install with elevated privileges' is set to 'Disabled'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1 Bitlocker
18.9.85.2 (L1) Ensure 'Always install with elevated privileges' is set to 'Disabled'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1
19.7.41.1 (L1) Ensure 'Always install with elevated privileges' is set to 'Disabled'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1 Bitlocker
19.7.41.1 (L1) Ensure 'Always install with elevated privileges' is set to 'Disabled'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1