UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The Horizon Connection Server must limit access to the global configuration privilege.


Overview

Finding ID Version Rule ID IA Controls Severity
V-246890 HRZV-7X-000009 SV-246890r768630_rule Medium
Description
The Horizon Connection Server comes with pre-defined privileges that can be combined in any combination into a role. That role is then assigned to a user or group. Any role that has the "Manage Global Configuration and Policies" has the ability to change the configuration of the Connection Server, including the events database. This privilege must be restricted and monitored over time.
STIG Date
VMware Horizon 7.13 Connection Server Security Technical Implementation Guide 2021-07-30

Details

Check Text ( C-50322r768628_chk )
Log in to the Horizon 7 Console. From the left pane, navigate to Settings >> Administrators. From the "Role Privileges" tab, review each role in the left pane and their associated privileges in the right pane.

Note any role with the "Manage Global Configuration and Policies" privilege. Switch to the "Role Permissions" tab. For each noted role, if there are any users or group listed who are not permitted to change the events database configuration, this is a finding.
Fix Text (F-50276r768629_fix)
Log in to the Horizon 7 Console. From the left pane, navigate to Settings >> Administrators. Select each user or group with inappropriate access to the "Manage Global Configuration and Policies" privilege. Remove access or modify permissions as appropriate.

To remove users or groups:

From the "Administrators and Groups" tab, select the unnecessary users or groups in the left pane and click the "Remove User or Group" button. Click "OK'" to confirm removal.

To modify assigned permissions:

From the "Administrators and Groups" tab, select the appropriate user or group in the left pane. From the right pane, select the role to remove and click the "Remove Permission" button. Click "OK" to confirm removal.