Specify the list of Users to 'Modify firmware environment values'
|ID: oval:org.secpod.oval:def:36546||Date: (C)2016-08-05 (M)2017-10-13|
|Class: COMPLIANCE||Family: windows|
This policy setting allows users to configure the system-wide environment variables that affect hardware configuration. This information is typically stored in the Last Known Good Configuration. Modification of these values and could lead to a hardware failure that would result in a denial of service condition.
When configuring a user right in the SCM enter a comma delimited list of accounts. Accounts can be either local or located in Active Directory, they can be groups, users, or computers.
Ensure that only the local Administrators group is assigned the Modify firmware environment values user right.
None. This is the default configuration.
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Modify firmware environment values
(2) REG: ###
(3) WMI: root\rsop\computer
UserRight='SeSystemEnvironmentPrivilege' and precedence=1
|Microsoft Windows 10|