[Forgot Password]
Login  Register Subscribe

23631

 
 

117687

 
 

98218

 
 

909

 
 

79198

 
 

109

Paid content will be excluded from the download.


Download | Alert*
OVAL

Force shutdown from a remote system

ID: oval:org.secpod.oval:def:36499Date: (C)2016-08-05   (M)2017-11-21
Class: COMPLIANCEFamily: windows




This security setting determines which users are allowed to shut down a computer from a remote location on the network. Misuse of this user right can result in a denial of service. This user right is defined in the Default Domain Controller Group Policy object (GPO) and in the local security policy of workstations and servers. Default: On workstations and servers: Administrators. On domain controllers: Administrators, Server Operators. Counter Measure: Restrict the Force shutdown from a remote system user right to members of the Administrators group or other specifically assigned roles that require this capability (such as non-administrative operations center staff). Potential Impact: If you remove the Force shutdown from a remote system user right from the Server Operator group you could limit the abilities of users who are assigned to specific administrative roles in your environment. You should confirm that delegated activities will not be adversely affected. Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Force shutdown from a remote system (2) REG: ### (3) WMI: root\rsop\computer#RSOP_UserPrivilegeRight#AccountList#UserRight='SeRemoteShutdownPrivilege' and precedence=1

Platform:
Microsoft Windows 10
Reference:
CCE-42847-4
CCE    1
CCE-42847-4
XCCDF    4
xccdf_org.secpod_benchmark_general_Windows_10
xccdf_org.secpod_benchmark_NIST_800_53_r4_Windows_10
xccdf_org.secpod_benchmark_NIST_800_171_R1_Windows_10
xccdf_org.secpod_benchmark_PCI_3_2_Windows_10
...

© 2013 SecPod Technologies