UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Privilege re-assignment must be checked after the vCenter Server restarts.


Overview

Finding ID Version Rule ID IA Controls Severity
VCENTER-000005 VCENTER-000005 VCENTER-000005_rule Medium
Description
During a restart of vCenter Server, if the user or user group that is assigned Administrator role on the root folder could not be verified as a valid user/group during the restart, the user/group's permission as Administrator will be removed. In its place, vCenter Server grants the Administrator role to the local Windows administrators group, to act as a new vCenter Server administrator. Since it is not recommended to grant vCenter Server Administrator rights to Windows Administrators, resulting in a situation that should be rectified by re-establishing a legitimate administrator account.
STIG Date
VMware vCenter Server Security Technical Implementation Guide 2013-01-15

Details

Check Text ( C-VCENTER-000005_chk )
After the Windows server hosting the vCenter Server has been rebooted, a vCenter Server user or member of the user group granted the administrator role must log in and verify the role permissions remain intact.

If the user and/or user group granted vCenter administrator role permissions cannot be verified intact, this is a finding.
Fix Text (F-VCENTER-000005_fix)
As a Windows Administrator, log in to the vCenter Server and restore a legitimate administrator account per site-specific user/group/role requirements.