Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The vCenter Server for Windows must check the privilege re-assignment after restarts.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-94845 | VCWN-65-000026 | SV-104675r1_rule | Medium |
| Description |
|---|
| Check for privilege reassignment when you restart vCenter Server. If the user or user group that is assigned the Administrator role on the root folder cannot be verified as a valid user or group during a restart, the role is removed from that user or group. In its place, vCenter Server grants the Administrator role to the vCenter Single Sign-On account administrator@vsphere.local. This account can then act as the administrator. Reestablish a named administrator account and assign the Administrator role to that account to avoid using the anonymous administrator@vsphere.local account. |
| STIG | Date |
|---|---|
| VMware vSphere 6.5 vCenter Server for Windows Security Technical Implementation Guide | 2019-05-22 |
Details
| Check Text ( C-94041r1_chk ) |
|---|
| After the Windows server hosting the vCenter Server has been rebooted, a vCenter Server user or member of the user group granted the administrator role must log in and verify the role permissions remain intact. If the user and/or user group granted vCenter administrator role permissions cannot be verified as intact, this is a finding. |
| Fix Text (F-100969r1_fix) |
|---|
| As the SSO Administrator, log in to the vCenter Server and restore a legitimate administrator account per site-specific user/group/role requirements. |