An error occurred:

Check: WINUR-000022

Win7 Audit: WINUR-000022 (in version v1 r16)

Title

Unauthorized accounts will not have the "Enable computer and user accounts to be trusted for delegation" user right. (Cat II impact)

Discussion

Inappropriate granting of user rights can provide system, administrative, and other high level capabilities. The "Enable computer and user accounts to be trusted for delegation" right allows the Trusted for Delegation setting to be changed. This could potentially allow unauthorized users to impersonate other users.

Check Content

Fix Text

Configure the policy value for Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> User Rights Assignment -> "Enable computer and user accounts to be trusted for delegation" as defined in the Check section.

Additional Identifiers

Rule ID: SV-35942r1_rule

Vulnerability ID: V-26487

Group Title: Enable accounts to be trusted for delegation

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
No CCIs are assigned to this check

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
No controls are assigned to this check