[Forgot Password]
Login  Register Subscribe

24003

 
 

131423

 
 

103942

 
 

909

 
 

84080

 
 

133

Paid content will be excluded from the download.


Download | Alert*
OVAL

Create symbolic links

ID: oval:org.secpod.oval:def:36491Date: (C)2016-08-05   (M)2018-03-24
Class: COMPLIANCEFamily: windows




This privilege determines if the user can create a symbolic link from the computer he is logged on to. Default: Administrator WARNING: This privilege should only be given to trusted users. Symbolic links can expose security vulnerabilities in applications that aren't designed to handle them. Note This setting can be used in conjunction a symlink filesystem setting that can be manipulated with the command line utility to control the kinds of symlinks that are allowed on the machine. Type 'fsutil behavior set symlinkevaluation /?' at the command line to get more information about fsutil and symbolic links. Counter Measure: Do not assign the Create Symbolic Links user right to standard users. Restrict this right to trusted administrators. You can use the fsutil command to establish a symlink file system setting that controls the kind of symlinks that can be created on a computer. For more information about fsutil and symbolic links, type fsutil behavior set symlinkevaluation /? at an elevated command prompt. Potential Impact: In most cases there will be no impact because this is the default configuration, however, on Windows Servers with the Hyper-V server role installed this user right should also be granted to the special group 'Virtual Machines' otherwise you will not be able to create new virtual machines. Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Create symbolic links (2) REG: ### (3) WMI: root\rsop\computer#RSOP_UserPrivilegeRight#AccountList#UserRight='SeCreateSymbolicLinkPrivilege' and precedence=1

Platform:
Microsoft Windows 10
Reference:
CCE-42069-5
CCE    1
CCE-42069-5
XCCDF    5
xccdf_org.secpod_benchmark_NIST_800_53_r4_Windows_10
xccdf_org.secpod_benchmark_general_Windows_10
xccdf_org.secpod_benchmark_HIPAA_45CFR_164_Windows_10
xccdf_org.secpod_benchmark_NIST_800_171_R1_Windows_10
...

© 2013 SecPod Technologies