Specify the list of Users to 'Create a token object'
|ID: oval:org.secpod.oval:def:36506||Date: (C)2016-08-05 (M)2017-10-18|
|Class: COMPLIANCE||Family: windows|
This policy setting allows a process to create an access token, which may provide elevated rights to access sensitive data.
When configuring a user right in the SCM enter a comma delimited list of accounts. Accounts can be either local or located in Active Directory, they can be groups, users, or computers.
Do not assign the Create a token object user right to any users. Processes that require this user right should use the Local System account, which already includes it, instead of a separate user account that has this user right assigned.
None. This is the default configuration.
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Create a token object
(2) REG: ###
(3) WMI: root\rsop\computer
UserRight='SeCreateTokenPrivilege' and precedence=1
|Microsoft Windows 10|