[Forgot Password]
Login  Register Subscribe

23631

 
 

115038

 
 

96125

 
 

909

 
 

78020

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CCE
view XML

CCE-43648-5

Platform: win10Date: (C)2016-09-23   (M)2017-10-18



Replace a process level token This policy setting allows one process or service to start another service or process with a different security access token, which can be used to modify the security access token of that sub-process and result in the escalation of privileges. When configuring a user right in the SCM enter a comma delimited list of accounts. Accounts can be either local or located in Active Directory, they can be groups, users, or computers. Counter Measure: For member servers, ensure that only the Local Service and Network Service accounts have the Replace a process level token user right. Potential Impact: On most computers, this is the default configuration and there will be no negative impact. However, if you have installed optional components such as ASP.NET or IIS, you may need to assign the Replace a process level token privilege to additional accounts. For example, IIS requires that the Service, Network Service, and IWAM_ accounts be explicitly granted this user right.


Parameter:


Technical Mechanism: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Replace a process level token (2) REG: ### (3) WMI: root\rsop\computer RSOP_UserPrivilegeRight AccountList UserRight='SeAssignPrimaryTokenPrivilege' and precedence=1

References:

Resource IdReference
SCAP Repo OVAL Definitionoval:org.secpod.oval:def:36540


OVAL    1
oval:org.secpod.oval:def:36540
XCCDF    4
xccdf_org.secpod_benchmark_NIST_800_53_r4_Windows_10
xccdf_org.secpod_benchmark_PCI_3_2_Windows_10
xccdf_org.secpod_benchmark_NIST_800_171_R1_Windows_10
xccdf_org.secpod_benchmark_general_Windows_10
...

© 2013 SecPod Technologies