UCF STIG Viewer Logo

The vCenter Server must minimize access to the vCenter server.


Overview

Finding ID Version Rule ID IA Controls Severity
V-243128 VCTR-67-000073 SV-243128r719627_rule Medium
Description
After someone has logged in to the vCenter Server system, it becomes more difficult to prevent what they can do. In general, logging in to the vCenter Server system should be limited to very privileged administrators, and then only for the purpose of administering vCenter Server or the host OS. Anyone logged in to the vCenter Server can potentially cause harm, either intentionally or unintentionally, by altering settings and modifying processes. They also have potential access to vCenter credentials, such as the SSL certificate.
STIG Date
VMware vSphere 6.7 vCenter Security Technical Implementation Guide 2021-04-16

Details

Check Text ( C-46403r719625_chk )
Note: For vCenter Server Appliance, this is not applicable.

Login to the vCenter server and verify the only local administrators group contains users and/or groups that contain vCenter Administrators.

If the local administrators group contains users and/or groups that are not vCenter Administrators such as "Domain Admins", this is a finding.
Fix Text (F-46360r719626_fix)
Remove all unnecessary users and/or groups from the local administrators group of the vCenter server.