|Platform: win10||Date: (C)2016-09-23 (M)2018-07-10|
Create a token object
This policy setting allows a process to create an access token, which may provide elevated rights to access sensitive data.
When configuring a user right in the SCM enter a comma delimited list of accounts. Accounts can be either local or located in Active Directory, they can be groups, users, or computers.
Do not assign the Create a token object user right to any users. Processes that require this user right should use the Local System account, which already includes it, instead of a separate user account that has this user right assigned.
None. This is the default configuration.
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Create a token object
(2) REG: ###
(3) WMI: root\rsop\computer
UserRight='SeCreateTokenPrivilege' and precedence=1
|SCAP Repo OVAL Definition||oval:org.secpod.oval:def:36506|