Theme

CSCv7|4.6

Title

Use of Dedicated Machines For All Administrative Tasks

Description

Ensure administrators use a dedicated machine for all administrative tasks or tasks requiring administrative access. This machine will be segmented from the organization's primary network and not be allowed Internet access. This machine will not be used for reading e-mail, composing documents, or browsing the Internet.

Reference Item Details

Reference: CIS Critical Security Controls v7

Category: Controlled Use of Administrative Privileges

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.4.2 If SNMPv2 is in use, set Restrictions on Access - ACL	Cisco	CIS Cisco NX-OS L1 v1.0.0
1.4.2 If SNMPv2 is in use, set Restrictions on Access - snmp-server	Cisco	CIS Cisco NX-OS L1 v1.0.0
2.2.10 (L1) Ensure 'Create a pagefile' is set to 'Administrators'	Windows	CIS Microsoft Windows 8.1 v2.4.0 L1
2.2.10 (L1) Ensure 'Create a pagefile' is set to 'Administrators'	Windows	CIS Microsoft Windows 8.1 v2.4.0 L1 Bitlocker
2.2.10 Ensure 'Back up files and directories' is set to 'Administrators'	Windows	CIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.0
2.2.10 Ensure 'Back up files and directories' is set to 'Administrators'	Windows	CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.0
2.2.10 Ensure 'Back up files and directories' is set to 'Administrators'	Windows	CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.0
2.2.10 Ensure 'Back up files and directories' is set to 'Administrators'	Windows	CIS Microsoft Windows Server 2008 Member Server Level 1 v3.3.0
2.2.11 (L1) Ensure 'Create a token object' is set to 'No One'	Windows	CIS Microsoft Windows 8.1 v2.4.0 L1
2.2.11 (L1) Ensure 'Create a token object' is set to 'No One'	Windows	CIS Microsoft Windows 8.1 v2.4.0 L1 Bitlocker
2.2.11 Ensure 'Change the system time' is set to 'Administrators, LOCAL SERVICE'	Windows	CIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.0
2.2.11 Ensure 'Change the system time' is set to 'Administrators, LOCAL SERVICE'	Windows	CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.0
2.2.11 Ensure 'Change the system time' is set to 'Administrators, LOCAL SERVICE'	Windows	CIS Microsoft Windows Server 2008 Member Server Level 1 v3.3.0
2.2.11 Ensure 'Change the system time' is set to 'Administrators, LOCAL SERVICE'	Windows	CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.0
2.2.12 (L1) Ensure 'Create global objects' is set to 'Administrators, LOCAL SERVICE, NETWORK SERVICE, SERVICE'	Windows	CIS Microsoft Windows 8.1 v2.4.0 L1 Bitlocker
2.2.12 (L1) Ensure 'Create global objects' is set to 'Administrators, LOCAL SERVICE, NETWORK SERVICE, SERVICE'	Windows	CIS Microsoft Windows 8.1 v2.4.0 L1
2.2.12 Ensure 'Change the time zone' is set to 'Administrators, LOCAL SERVICE'	Windows	CIS Microsoft Windows Server 2008 Member Server Level 1 v3.3.0
2.2.12 Ensure 'Change the time zone' is set to 'Administrators, LOCAL SERVICE'	Windows	CIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.0
2.2.12 Ensure 'Change the time zone' is set to 'Administrators, LOCAL SERVICE'	Windows	CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.0
2.2.12 Ensure 'Change the time zone' is set to 'Administrators, LOCAL SERVICE'	Windows	CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.0
2.2.13 Ensure 'Create a pagefile' is set to 'Administrators'	Windows	CIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.0
2.2.13 Ensure 'Create a pagefile' is set to 'Administrators'	Windows	CIS Microsoft Windows Server 2008 Member Server Level 1 v3.3.0
2.2.13 Ensure 'Create a pagefile' is set to 'Administrators'	Windows	CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.0
2.2.13 Ensure 'Create a pagefile' is set to 'Administrators'	Windows	CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.0
2.2.14 (L1) Configure 'Create symbolic links'	Windows	CIS Microsoft Windows 8.1 v2.4.0 L1
2.2.14 (L1) Configure 'Create symbolic links'	Windows	CIS Microsoft Windows 8.1 v2.4.0 L1 Bitlocker
2.2.15 (L1) Ensure 'Debug programs' is set to 'Administrators'	Windows	CIS Microsoft Windows 8.1 v2.4.0 L1 Bitlocker
2.2.15 (L1) Ensure 'Debug programs' is set to 'Administrators'	Windows	CIS Microsoft Windows 8.1 v2.4.0 L1
2.2.15 Ensure 'Create global objects' is set to 'Administrators, LOCAL SERVICE, NETWORK SERVICE, SERVICE'	Windows	CIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.0
2.2.15 Ensure 'Create global objects' is set to 'Administrators, LOCAL SERVICE, NETWORK SERVICE, SERVICE'	Windows	CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.0
2.2.15 Ensure 'Create global objects' is set to 'Administrators, LOCAL SERVICE, NETWORK SERVICE, SERVICE'	Windows	CIS Microsoft Windows Server 2008 Member Server Level 1 v3.3.0
2.2.15 Ensure 'Create global objects' is set to 'Administrators, LOCAL SERVICE, NETWORK SERVICE, SERVICE'	Windows	CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.0
2.2.17 Ensure 'Create symbolic links' is set to 'Administrators' (DC only)	Windows	CIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.0
2.2.17 Ensure 'Create symbolic links' is set to 'Administrators' (DC only)	Windows	CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.0
2.2.18 Ensure 'Create symbolic links' is set to 'Administrators, NT VIRTUAL MACHINE\Virtual Machines' (MS only)	Windows	CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.0
2.2.21 (L1) Ensure 'Enable computer and user accounts to be trusted for delegation' is set to 'No One'	Windows	CIS Microsoft Windows 8.1 v2.4.0 L1 Bitlocker
2.2.21 (L1) Ensure 'Enable computer and user accounts to be trusted for delegation' is set to 'No One'	Windows	CIS Microsoft Windows 8.1 v2.4.0 L1
2.2.22 (L1) Ensure 'Force shutdown from a remote system' is set to 'Administrators'	Windows	CIS Microsoft Windows 8.1 v2.4.0 L1 Bitlocker
2.2.22 (L1) Ensure 'Force shutdown from a remote system' is set to 'Administrators'	Windows	CIS Microsoft Windows 8.1 v2.4.0 L1
2.2.24 (L1) Ensure 'Impersonate a client after authentication' is set to 'Administrators, LOCAL SERVICE, NETWORK SERVICE, SERVICE'	Windows	CIS Microsoft Windows 8.1 v2.4.0 L1 Bitlocker
2.2.24 (L1) Ensure 'Impersonate a client after authentication' is set to 'Administrators, LOCAL SERVICE, NETWORK SERVICE, SERVICE'	Windows	CIS Microsoft Windows 8.1 v2.4.0 L1
2.2.25 (L1) Ensure 'Increase scheduling priority' is set to 'Administrators'	Windows	CIS Microsoft Windows 8.1 v2.4.0 L1
2.2.25 (L1) Ensure 'Increase scheduling priority' is set to 'Administrators'	Windows	CIS Microsoft Windows 8.1 v2.4.0 L1 Bitlocker
2.2.25 (L1) Ensure 'Increase scheduling priority' is set to 'Administrators' - Window Manager\Window Manager Group'	Windows	CIS Microsoft Windows 8.1 v2.4.0 L1 Bitlocker
18.9.85.1 (L1) Ensure 'Allow user control over installs' is set to 'Disabled'	Windows	CIS Microsoft Windows 8.1 v2.4.0 L1
18.9.85.1 (L1) Ensure 'Allow user control over installs' is set to 'Disabled'	Windows	CIS Microsoft Windows 8.1 v2.4.0 L1 Bitlocker
18.9.85.2 (L1) Ensure 'Always install with elevated privileges' is set to 'Disabled'	Windows	CIS Microsoft Windows 8.1 v2.4.0 L1 Bitlocker
18.9.85.2 (L1) Ensure 'Always install with elevated privileges' is set to 'Disabled'	Windows	CIS Microsoft Windows 8.1 v2.4.0 L1
19.7.41.1 (L1) Ensure 'Always install with elevated privileges' is set to 'Disabled'	Windows	CIS Microsoft Windows 8.1 v2.4.0 L1 Bitlocker
19.7.41.1 (L1) Ensure 'Always install with elevated privileges' is set to 'Disabled'	Windows	CIS Microsoft Windows 8.1 v2.4.0 L1