CCE

CCE-44500-7

Platform: win2016

Date: (C)2017-08-04   (M)2022-10-10

"Devices: Allowed to format and eject removable media" This policy setting determines who is allowed to format and eject removable media. You can use this policy setting to prevent unauthorized users from removing data on one computer to access it on another computer on which they have local administrator privileges. Vulnerability: Users may be able to move data on removable disks to a different computer where they have administrative privileges. The user could then take ownership of any file, grant themselves full control, and view or modify any file. The fact that most removable storage devices will eject media by pressing a mechanical button diminishes the advantage of this policy setting. Counter Measure: Configure the Devices: Allowed to format and eject removable media setting to Administrators. Potential Impact: Only Administrators will be able to format and eject removable media. If users are in the habit of using removable media for file transfers and storage, they will need to be informed of the change in policy.

Parameter:

AllocateDASD

Technical Mechanism:

Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options (2) REG: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon!AllocateDASD

CCSS Severity:		CCSS Metrics:
CCSS Score :		Attack Vector:
Exploit Score:		Attack Complexity:
Impact Score:		Privileges Required:
Severity:		User Interaction:
Vector:		Scope:
		Confidentiality:
		Integrity:
		Availability:

References:

Resource Id	Reference