Restore files and directories
|ID: oval:org.secpod.oval:def:36543||Date: (C)2016-08-05 (M)2018-03-24|
|Class: COMPLIANCE||Family: windows|
This security setting determines which users can bypass file, directory, registry, and other persistent objects permissions when restoring backed up files and directories, and determines which users can set any valid security principal as the owner of an object.
Specifically, this user right is similar to granting the following permissions to the user or group in question on all files and folders on the system:
Traverse Folder/Execute File
Assigning this user right can be a security risk. Since users with this user right can overwrite registry settings, hide data, and gain ownership of system objects, only assign this user right to trusted users.
Workstations and servers: Administrators, Backup Operators.
Domain controllers: Administrators, Backup Operators, Server Operators.
Ensure that only the local Administrators group is assigned the Restore files and directories user right, unless your organization has clearly defined roles for backup and for restore personnel.
If you remove the Restore files and directories user right from the Backup Operators group and other accounts you could make it impossible for users who have been delegated specific tasks to perform those tasks. You should verify that this change won't negatively affect the ability of your organization's personnel to do their jobs.
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Restore files and directories
(2) REG: ###
(3) WMI: root\rsop\computer#RSOP_UserPrivilegeRight#AccountList#UserRight='SeRestorePrivilege' and precedence=1
|Microsoft Windows 10|