UCF STIG Viewer Logo

No dedicated VirtualCenter administrator created within the Windows Administrator Group on the Windows Server for managing the VirtualCenter environment.


Overview

Finding ID Version Rule ID IA Controls Severity
V-15870 ESX0710 SV-16811r1_rule ECCD-1 ECCD-2 Medium
Description
By default, the local administrator or domain administrator is allowed to log on to VirtualCenter. These administrators are allowed since VirtualCenter requires a user with local administrator privileges to run. To limit the local administrative access, a dedicated VirtualCenter account will be created. This VirtualCenter account is an ordinary user that is a member of the local administrators group. This configuration avoids automatically giving administrative access to domain administrators, who typically belong to the local administrators group. This also provides a way of getting into VirtualCenter when the domain controller is down, because the local VirtualCenter administrator account does not require remote authentication.
STIG Date
VMware ESX 3 Virtual Center 2016-05-03

Details

Check Text ( C-16227r1_chk )
1. On the VirtualCenter Server, go to Start>Administrative Tools>Computer Management>Local Users and Groups>Groups
2. Open the Administrators group.
3. Verify that a VirtualCenter administrator is listed. Work with the system administrator to identify the user.

If no VirtualCenter administrator is listed, this is a finding.
Fix Text (F-15830r1_fix)
Create a VirtualCenter administrator user in the Windows Administrator Group.