[Forgot Password]
Login  Register Subscribe

23631

 
 

115038

 
 

96174

 
 

909

 
 

78077

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CCE
view XML

CCE-38331-5

Platform: win2012r2Date: (C)2015-10-08   (M)2017-09-27



Audit Policy: Privilege Use: Non Sensitive Privilege Use This subcategory reports when a user account or service uses a non-sensitive privilege. A non-sensitive privilege includes the following user rights: Access Credential Manager as a trusted caller, Access this computer from the network, Add workstations to domain, Adjust memory quotas for a process, Allow log on locally, Allow log on through Terminal Services, Bypass traverse checking, Change the system time, Create a pagefile, Create global objects, Create permanent shared objects, Create symbolic links, Deny access this computer from the network, Deny log on as a batch job, Deny log on as a service, Deny log on locally, Deny log on through Terminal Services, Force shutdown from a remote system, Increase a process working set, Increase scheduling priority, Lock pages in memory, Log on as a batch job, Log on as a service, Modify an object label, Perform volume maintenance tasks, Profile single process, Profile system performance, Remove computer from docking station, Shut down the system, and Synchronize directory service data. Auditing this subcategory will create a very high volume of events. Events for this subcategory include: ? 4672: Special privileges assigned to new logon. ? 4673: A privileged service was called. ? 4674: An operation was attempted on a privileged object. Refer to the Microsoft Knowledgebase article ?Description of security events in Windows Vista and in Windows Server 2008? for the most recent information about this setting: http://support.microsoft.com/default.aspx/kb/947226.


Parameter:


Technical Mechanism: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\Audit Policies\Privilege Use!Audit Policy: Privilege Use: Non Sensitive Privilege Use (2) WMI: ###

References:

Resource IdReference
SCAP Repo OVAL Definitionoval:org.secpod.oval:def:22796


OVAL    1
oval:org.secpod.oval:def:22796
XCCDF    6
xccdf_org.secpod_benchmark_NIST_800_53_r4_Windows_2012_R2
xccdf_org.secpod_benchmark_PCI_Windows_2012_R2
xccdf_org.secpod_benchmark_ISO27001_Windows_2012_R2
xccdf_org.secpod_benchmark_general_Windows_2012_R2
...

© 2013 SecPod Technologies