UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The vCenter Server for Windows must check the privilege re-assignment after restarts.


Overview

Finding ID Version Rule ID IA Controls Severity
V-94845 VCWN-65-000026 SV-104675r1_rule Medium
Description
Check for privilege reassignment when you restart vCenter Server. If the user or user group that is assigned the Administrator role on the root folder cannot be verified as a valid user or group during a restart, the role is removed from that user or group. In its place, vCenter Server grants the Administrator role to the vCenter Single Sign-On account administrator@vsphere.local. This account can then act as the administrator. Reestablish a named administrator account and assign the Administrator role to that account to avoid using the anonymous administrator@vsphere.local account.
STIG Date
VMware vSphere 6.5 vCenter Server for Windows Security Technical Implementation Guide 2019-12-12

Details

Check Text ( C-94041r1_chk )
After the Windows server hosting the vCenter Server has been rebooted, a vCenter Server user or member of the user group granted the administrator role must log in and verify the role permissions remain intact.

If the user and/or user group granted vCenter administrator role permissions cannot be verified as intact, this is a finding.
Fix Text (F-100969r1_fix)
As the SSO Administrator, log in to the vCenter Server and restore a legitimate administrator account per site-specific user/group/role requirements.