|Platform: win2016||Date: (C)2017-08-03 (M)2018-11-15|
"Manage auditing and security log"
This policy setting determines which users can change the auditing options for files and directories and clear the Security log.
When configuring a user right in the SCM enter a comma delimited list of accounts. Accounts can be either local or located in Active Directory, they can be groups, users, or computers.
The ability to manage the Security event log is a powerful user right and it should be closely guarded. Anyone with this user right can clear the Security log to erase important evidence of unauthorized activity.
Ensure that only the local Administrators group has the Manage auditing and security log user right.
None. This is the default configuration.
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment
(2) REG: No Registry Info
|SCAP Repo OVAL Definition||oval:org.secpod.oval:def:40202|