This user right determines which accounts can be used by processes to create a directory object using the object manager. This user right is used internally by the operating system and is useful to kernel-mode components that extend the object namespace. Because components that are running in kernel mode already have this user right assigned to them, it is not necessary to specifically assign it. Default: None. Counter Measure: Do not assign the Create permanent shared objects user right to any users. Processes that require this user right should use the System account (which already includes this user right) instead of a separate user account. Potential Impact: None. This is the default configuration. Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Create permanent shared objects (2) REG: ### (3) WMI: root\rsop\computer#RSOP_UserPrivilegeRight#AccountList#UserRight=SeCreatePermanentPrivilege and precedence=1