Modify firmware environment values
|ID: oval:org.secpod.oval:def:40305||Date: (C)2017-04-25 (M)2017-11-21|
|Class: COMPLIANCE||Family: windows|
This policy setting allows users to configure the system-wide environment variables that affect hardware configuration. This information is typically stored in the Last Known Good Configuration. Modification of these values and could lead to a hardware failure that would result in a denial of service condition.
When configuring a user right in the SCM enter a comma delimited list of accounts. Accounts can be either local or located in Active Directory, they can be groups, users, or computers.
Anyone who is assigned the Modify firmware environment values user right could configure the settings of a hardware component to cause it to fail, which could lead to data corruption or a DoS condition.
Ensure that only the local Administrators group is assigned the Modify firmware environment values user right.
None. This is the default configuration.
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Modify firmware environment values
(2) REG: NO INFO
|Microsoft Windows Server 2016|