[Forgot Password]
Login  Register Subscribe

24128

 
 

131615

 
 

111666

 
 

909

 
 

87321

 
 

136

Paid content will be excluded from the download.


Download | Alert*
OVAL

Create a token object

ID: oval:org.secpod.oval:def:36506Date: (C)2016-08-05   (M)2018-07-10
Class: COMPLIANCEFamily: windows




This security setting determines which accounts can be used by processes to create a token that can then be used to get access to any local resources when the process uses an internal application programming interface (API) to create an access token. This user right is used internally by the operating system. Unless it is necessary, do not assign this user right to a user, group, or process other than Local System. Caution Assigning this user right can be a security risk. Do not assign this user right to any user, group, or process that you do not want to take over the system. Default: None Counter Measure: Do not assign the Create a token object user right to any users. Processes that require this user right should use the Local System account, which already includes it, instead of a separate user account that has this user right assigned. Potential Impact: None. This is the default configuration. Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Create a token object (2) REG: ### (3) WMI: root\rsop\computer#RSOP_UserPrivilegeRight#AccountList#UserRight='SeCreateTokenPrivilege' and precedence=1

Platform:
Microsoft Windows 10
Reference:
CCE-43249-2
CCE    1
CCE-43249-2
XCCDF    4
xccdf_org.secpod_benchmark_general_Windows_10
xccdf_org.secpod_benchmark_NIST_800_171_R1_Windows_10
xccdf_org.secpod_benchmark_NIST_800_53_r4_Windows_10
xccdf_org.secpod_benchmark_PCI_3_2_Windows_10
...

© SecPod Technologies