PingSentry   |   Discord   |   System32   |   GitHub   |   Free tools

Security: Create a token object user right must not be assigned to any groups or accounts

95b6abcc-8651-42e0-83e8-1397a9df5442

Inappropriate granting of user rights can provide system, administrative, and other high-level capabilities.

The "Create a token object" user right allows a process to create an access token. This could be used to provide elevated rights and compromise a system.

Remediation

To fix this configure the policy value for
Computer Configuration
|_ Windows Settings
|_ Security Settings
|_ Local Policies
|_ User Rights Assignment
|_ "Create a token object" to be defined but containing no entries (blank).

STIG: Server
2022: https://system32.eventsentry.com/stig/viewer/V-254496
2019: https://system32.eventsentry.com/stig/viewer/V-205753
2016: https://system32.eventsentry.com/stig/viewer/V-225091

Desktop
W11: https://system32.eventsentry.com/stig/viewer/V-253486
W10: https://system32.eventsentry.com/stig/viewer/V-220963

NIST 800-53 : AC-6, CM-6
NIST 800-171: 3.1.1, 3.1.2, 3.4.6
CMMC v2.0 L2: AC.L2-3.1.1, AC.L2-3.1.2, CM.L2-3.4.6
PCI-DSS v4.0: 2.2.1, 7.2.1
HIPAA SR : ยง164.312(a)(1)
HIPAA HICP : Practice 3 (Identity and Access Management)



Tags

stig-medium-server stig-medium-desktop nist800-171-server nist800-171-desktop nist800-53-desktop nist800-53-server pci-dss-v4-desktop pci-dss-v4-server hipaa-desktop hipaa-server cmmc2-l2-desktop cmmc2-l2-server

Your Privacy Choices

Manage your cookie preferences below:

Helps us improve website performance and understand how visitors use our site.

Allows us to collect feedback about our products and improve them based on your input.

To learn more about our use of cookies, please see our
Privacy Policy.