Documentation - V-225081

V-225081

Microsoft Windows Server 2016 Security Technical Implementation Guide

CAT II

Title

The Generate security audits user right must only be assigned to Local Service and Network Service.

Description

<VulnDiscussion>Inappropriate granting of user rights can provide system, administrative, and other high-level capabilities. The "Generate security audits" user right specifies users and processes that can generate Security Log audit records, which must only be the system service accounts defined.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><Pot...

Fix Text (Documentation Requirement)

Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> User Rights Assignment >> "Generate security audits" to include only the following accounts or groups: - Local Service - Network Service

View Full STIG Details →

Documentation Status

Status

Documented Verified - link to a ship document Awaiting Review Evidence submitted, needs verification Pending Needs documentation Not Required Documentation not needed Not Applicable STIG doesn't apply

Notes (Optional)

Cancel