[Forgot Password]
Login  Register Subscribe

23631

 
 

126941

 
 

98250

 
 

909

 
 

79281

 
 

109

Paid content will be excluded from the download.


Download | Alert*
OVAL

User Right Assignment: Debug Programs

ID: oval:org.secpod.oval:def:22446Date: (C)2015-01-07   (M)2017-11-21
Class: COMPLIANCEFamily: windows




This policy setting determines which user accounts will have the right to attach a debugger to any process or to the kernel, which provides complete access to sensitive and critical operating system components. Developers who are debugging their own applications do not need to be assigned this user right; however, developers who are debugging new system components will need it. Note Microsoft released several security updates in October 2003 that used a version of Update.exe that required the administrator to have the Debug programs user right. Administrators who did not have this user right were unable to install these security updates until they reconfigured their user rights. This is not typical behavior for operating system updates. For more information, see Knowledge Base article 830846: 'Windows Product Updates may stop responding or may use most or all the CPU resources.' When configuring a user right in the SCM enter a comma delimited list of accounts. Accounts can be either local or located in Active Directory, they can be groups, users, or computers. Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment!Debug programs (2) WMI: root\rsop\computer#RSOP_UserPrivilegeRight#AccountList#UserRight='SeDebugPrivilege' and precedence=1

Platform:
Microsoft Windows 8.1
Reference:
CCE-33157-9
CPE    1
cpe:/o:microsoft:windows_8.1
CCE    1
CCE-33157-9
XCCDF    6
xccdf_org.secpod_benchmark_ISO27001_Windows_8_1
xccdf_org.secpod_benchmark_NIST_800_171_R1_Windows_8_1
xccdf_org.secpod_benchmark_NIST_800_53_r4_Windows_8_1
xccdf_org.secpod_benchmark_general_Windows_8_1
...

© 2013 SecPod Technologies