Modify an object label
|ID: oval:org.secpod.oval:def:36536||Date: (C)2016-08-05 (M)2017-11-21|
|Class: COMPLIANCE||Family: windows|
This privilege determines which user accounts can modify the integrity label of objects, such as files, registry keys, or processes owned by other users. Processes running under a user account can modify the label of an object owned by that user to a lower level without this privilege.
Configure this setting so that only authorized users are allowed to modify object labels.
None, by default the Administrators group has this user right.
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Modify an object label
(2) REG: ###
(3) WMI: root\rsop\computer#RSOP_UserPrivilegeRight#AccountList#UserRight='SeRelabelPrivilege' and precedence=1
|Microsoft Windows 10|