UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The vCenter Server for Windows must minimize access to the vCenter server.


Overview

Finding ID Version Rule ID IA Controls Severity
V-94763 VCWN-65-000027 SV-104593r1_rule High
Description
After someone has logged in to the vCenter Server system, it becomes more difficult to prevent what they can do. In general, logging in to the vCenter Server system should be limited to very privileged administrators, and then only for the purpose of administering vCenter Server or the host OS. Anyone logged in to the vCenter Server can potentially cause harm, either intentionally or unintentionally, by altering settings and modifying processes. They also have potential access to vCenter credentials, such as the SSL certificate.
STIG Date
VMware vSphere 6.5 vCenter Server for Windows Security Technical Implementation Guide 2019-05-22

Details

Check Text ( C-93955r1_chk )
Login to the vCenter server and verify the only local administrators group contains users and/or groups that contain vCenter Administrators.

If the local administrators group contains users and/or groups that are not vCenter Administrators such as "Domain Admins", this is a finding.
Fix Text (F-100883r1_fix)
Remove all unnecessary users and/or groups from the local administrators group of the vCenter server.