CCE-2846-4Platform: cpe:/o:microsoft:windows_xp | Date: (C)2012-03-13 (M)2023-07-04 |
This policy setting determines which users and groups can change the time and date on the internal clock of the computers in your environment. Users who are assigned this user right can affect the appearance of event logs. When a computer's time setting is changed, logged events reflect the new time, not the actual time that the events occurred.
Note: Discrepancies between the time on the local computer and on the domain controllers in your environment may cause problems for the Kerberos authentication protocol, which could make it impossible for users to log on to the domain or obtain authorization to access domain resources after they are logged on. Also, problems will occur when Group Policy is applied to client computers if the system time is not synchronized with the domain controllers.
Countermeasure:
Restrict the Change the system time user right to users with a legitimate need to change the system time, such as members of the IT team.
Potential Impact:
There should be no impact, because time synchronization for most organizations should be fully automated for all computers that belong to the domain. Computers that do not belong to the domain should be configured to synchronize with an external source.
Parameter:
[list_of_users_followed_by_comma]
Technical Mechanism:
(1) GPO: Computer Configuration\\Windows Settings\\Security Settings\\Local Policies\\User Rights Assignment\\Change the system time
(2) REG: ###
(3) WMI: root\\rsop\\computer#RSOP_UserPrivilegeRight#AccountList#UserRight='SeSystemtimePrivilege' and precedence=1
CCSS Severity: | CCSS Metrics: |
CCSS Score : 6.6 | Attack Vector: LOCAL |
Exploit Score: 1.8 | Attack Complexity: LOW |
Impact Score: 4.7 | Privileges Required: LOW |
Severity: MEDIUM | User Interaction: NONE |
Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H | Scope: UNCHANGED |
| Confidentiality: LOW |
| Integrity: LOW |
| Availability: HIGH |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:gov.nist.usgcb.xp:def:169 |
BITS Shared Assessments SIG v6.0 | BITS Shared Assessments SIG v6.0 |
Jericho Forum | Jericho Forum |
BITS Shared Assessments AUP v5.0 | BITS Shared Assessments AUP v5.0 |
FedRAMP Security Controls(Final Release Jan 2012)--LOW IMPACT LEVEL-- | FedRAMP Security Controls(Final Release Jan 2012)--LOW IMPACT LEVEL-- |
HIPAA/HITECH Act | HIPAA/HITECH Act |
ISO/IEC 27001-2005 | ISO/IEC 27001-2005 |
COBIT 4.1 | COBIT 4.1 |
GAPP (Aug 2009) | GAPP (Aug 2009) |
NERC CIP | NERC CIP |
NIST SP800-53 R3 | NIST SP800-53 R3 AU-8 |
NIST SP800-53 R3 | NIST SP800-53 R3 CM-7 |
PCIDSS v2.0 | PCIDSS v2.0 |
FedRAMP Security Controls(Final Release Jan 2012)--MODERATE IMPACT LEVEL-- | FedRAMP Security Controls(Final Release Jan 2012)--MODERATE IMPACT LEVEL-- |