[Forgot Password]
Login  Register Subscribe

23631

 
 

117687

 
 

98250

 
 

909

 
 

79198

 
 

109

Paid content will be excluded from the download.


Download | Alert*
OVAL

Enable computer and user accounts to be trusted for delegation

ID: oval:org.secpod.oval:def:40293Date: (C)2017-04-25   (M)2017-11-21
Class: COMPLIANCEFamily: windows




This policy setting allows users to change the Trusted for Delegation setting on a computer object in Active Directory. Abuse of this privilege could allow unauthorized users to impersonate other users on the network. When configuring a user right in the SCM enter a comma delimited list of accounts. Accounts can be either local or located in Active Directory, they can be groups, users, or computers. Vulnerability: Misuse of the Enable computer and user accounts to be trusted for delegation user right could allow unauthorized users to impersonate other users on the network. An attacker could exploit this privilege to gain access to network resources and make it difficult to determine what has happened after a security incident. Counter Measure: The Enable computer and user accounts to be trusted for delegation user right should be assigned only if there is a clear need for its functionality. When you assign this right, you should investigate the use of constrained delegation to control what the delegated accounts can do. Note There is no reason to assign this user right to anyone on member servers and workstations that belong to a domain because it has no meaning in those contexts; it is only relevant on domain controllers and stand-alone computers. Potential Impact: None. This is the default configuration. Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Enable computer and user accounts to be trusted for delegation (2) REG: NO INFO

Platform:
Microsoft Windows Server 2016
Reference:
CCE-47308-2
CPE    1
cpe:/o:microsoft:windows_server_2016:::x64
CCE    1
CCE-47308-2
XCCDF    3
xccdf_org.secpod_benchmark_general_Windows_Server_2016
xccdf_org.secpod_benchmark_NIST_800_171_R1_Windows_Server_2016
xccdf_org.secpod_benchmark_PCI_3_2_Windows_Server_2016

© 2013 SecPod Technologies