Users with administrative privilege are not documented or do not have separate accounts for administrative duties and normal operational tasks.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-1140	1.006	SV-24997r1_rule	ECLP-1	Medium

Description
Using a privileged account to perform routine functions makes the computer vulnerable to attack by any virus or Trojan Horse inadvertently introduced during a session that has been granted full privileges. The rule of least privilege should always be enforced.

STIG	Date
Windows 7 Security Technical Implementation Guide	2012-07-02

Details

Check Text ( C-7884r1_chk )
Ask the System Administrator (SA) to show the necessary documentation that identifies the members of this privileged group. This check verifies that each user with administrative privileges has been assigned a unique account, separate from the built-in “Administrator” account. This check also verifies that the default “Administrator” account is not being used. Administrators should be properly trained before being permitted to perform administrator duties. The IAO will maintain a list of all users belonging to the Administrator’s group. If any of the following conditions are true, then this is a finding: •Each SA does not have a unique userid dedicated for administering the system. •Each SA does not have a separate account for normal user tasks. •The built-in administrator account is used to administer the system. •Administrators have not been properly trained. •The IAO does not maintain a list of users belonging to the Administrator’s group.

Check Text ( C-7884r1_chk )

Ask the System Administrator (SA) to show the necessary documentation that identifies the members of this privileged group.

This check verifies that each user with administrative privileges has been assigned a unique account, separate from the built-in “Administrator” account. This check also verifies that the default “Administrator” account is not being used. Administrators should be properly trained before being permitted to perform administrator duties. The IAO will maintain a list of all users belonging to the Administrator’s group.

If any of the following conditions are true, then this is a finding:

•Each SA does not have a unique userid dedicated for administering the system.
•Each SA does not have a separate account for normal user tasks.
•The built-in administrator account is used to administer the system.
•Administrators have not been properly trained.
•The IAO does not maintain a list of users belonging to the Administrator’s group.

Fix Text (F-32r1_fix)
Create the necessary documentation that identifies the members of this privileged group. Ensure that each member has a separate account for user duties and one for his privileged duties and the other requirements outlined in the manual check are met.