Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-1127 | 4.027 | SV-32254r1_rule | ECPA-1 | Medium |
Description |
---|
A user who does not have administrator duties should not have Administrator rights. Such rights would allow the account to bypass or modify required security restrictions on that machine and make it vulnerable to attack from both internal and external sources. |
STIG | Date |
---|---|
Windows Server 2008 R2 Member Server Security Technical Implementation Guide | 2012-08-28 |
Check Text ( C-32920r1_chk ) |
---|
If an account without administrator duties is a member of administrative groups, then this is a finding. Run the DUMPSEC utility. Select “Dump Users as Table” from the “Report” menu. Select the following available fields and click the “Add” button: UserName SID PswdRequired PswdExpires LastLogonTime AcctDisabled Groups Review the results for unauthorized members of the administrative groups. Documentable Explanation: Approved exceptions to this requirement should be documented with the IAO. |
Fix Text (F-5773r1_fix) |
---|
Configure the system to prevent non-administrators from having administrator rights. |