Audit Policy: Privilege Use: Non Sensitive Privilege UseID: oval:org.secpod.oval:def:19123 | Date: (C)2014-05-29 (M)2021-06-02 |
Class: COMPLIANCE | Family: windows |
Auditing of Privilege Use: Non Sensitive Privilege Use events on failure should be enabled or disabled as appropriate.
Audit Non-Sensitive Privilege Use, which determines whether the operating system generates audit events when non-sensitive privileges (user rights) are used. The following privileges are non-sensitive: * Access Credential Manager as a trusted caller * Access this computer from the network * Add workstations to domain * Adjust memory quotas for a process * Allow log on locally * Allow log on through Terminal Services * Bypass traverse checking * Change the system time * Create a page file * Create global objects * Create permanent shared objects * Create symbolic links * Deny access to this computer from the network * Deny log on as a batch job * Deny log on as a service * Deny log on locally * Deny log on through Terminal Services * Force shutdown from a remote system * Increase a process working set * Increase scheduling priority * Lock pages in memory * Log on as a batch job * Log on as a service * Modify an object label * Perform volume maintenance tasks * Profile single process * Profile system performance * Remove computer from docking station * Shut down the system * Synchronize directory service data. If you configure this policy setting, an audit event is generated when a non-sensitive privilege is called. Success audits record successful attempts, and failure audits record unsuccessful attempts.
Fix:
(1) GPO: Commandline: auditpol.exe
(2) REG: NO INFO
Platform: |
Microsoft Windows Server 2008 R2 |