PingSentry   |   Discord   |   System32   |   GitHub   |   Free tools

Security: create global objects user right must only be assigned to Administrators, Service, Local Service, and Network Service

532446ee-fe0d-42f7-bdd5-d2805482a186

Inappropriate granting of user rights can provide system, administrative, and other high-level capabilities.

Accounts with the "Create global objects" user right can create objects that are available to all sessions, which could affect processes in other users' sessions.

Remediation

To fix this configure the policy value for
Computer Configuration
|_ Windows Settings
|_ Security Settings
|_ Local Policies
|_ User Rights Assignment
|_ Create global objects to include only the following accounts or groups:
- Administrators
- Service
- Local Service
- Network Service

STIG: Server
2025: https://system32.eventsentry.com/stig/viewer/V-278247
2022: https://system32.eventsentry.com/stig/viewer/V-254497
2019: https://system32.eventsentry.com/stig/viewer/V-205754
2016: https://system32.eventsentry.com/stig/viewer/V-225076

Desktop
W11: https://system32.eventsentry.com/stig/viewer/V-253487
W10: https://system32.eventsentry.com/stig/viewer/V-220964

NIST 800-53 : AC-3, AC-6, CM-6
NIST 800-171: 3.1.1, 3.1.2, 3.4.6
CMMC v2.0 L2: AC.L2-3.1.1, AC.L2-3.1.2, CM.L2-3.4.6
PCI-DSS v4.0: 2.2.1, 7.2.1
HIPAA SR : ยง164.312(a)(1)
HIPAA HICP : Practice 3 (Identity and Access Management)



Tags

stig-medium-server stig-medium-desktop nist800-171-server nist800-171-desktop nist800-53-desktop nist800-53-server pci-dss-v4-desktop pci-dss-v4-server hipaa-desktop hipaa-server cmmc2-l2-desktop cmmc2-l2-server

Your Privacy Choices

Manage your cookie preferences below:

Helps us improve website performance and understand how visitors use our site.

Allows us to collect feedback about our products and improve them based on your input.

To learn more about our use of cookies, please see our
Privacy Policy.