Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-94763 | VCWN-65-000027 | SV-104593r1_rule | High |
Description |
---|
After someone has logged in to the vCenter Server system, it becomes more difficult to prevent what they can do. In general, logging in to the vCenter Server system should be limited to very privileged administrators, and then only for the purpose of administering vCenter Server or the host OS. Anyone logged in to the vCenter Server can potentially cause harm, either intentionally or unintentionally, by altering settings and modifying processes. They also have potential access to vCenter credentials, such as the SSL certificate. |
STIG | Date |
---|---|
VMware vSphere 6.5 vCenter Server for Windows Security Technical Implementation Guide | 2019-12-12 |
Check Text ( C-93955r1_chk ) |
---|
Login to the vCenter server and verify the only local administrators group contains users and/or groups that contain vCenter Administrators. If the local administrators group contains users and/or groups that are not vCenter Administrators such as "Domain Admins", this is a finding. |
Fix Text (F-100883r1_fix) |
---|
Remove all unnecessary users and/or groups from the local administrators group of the vCenter server. |