Unauthorized accounts must not have the Access this computer from the network user right on member servers.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-26470	WINUR-000002-MS	SV-33376r3_rule	ECLP-1	Medium

Description
Inappropriate granting of user rights can provide system, administrative, and other high-level capabilities. Accounts with the "Access this computer from the network" user right may access resources on the system, and must be limited to those that require it.

STIG	Date
Windows Server 2008 R2 Member Server Security Technical Implementation Guide	2015-06-25

Details

Check Text ( None )
None

Fix Text (F-49517r3_fix)
Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> User Rights Assignment >> "Access this computer from the network" to only include the following accounts or groups: Administrators Authenticated Users Systems dedicated to managing Active Directory (AD admin platforms, see V-36436 in the Active Directory Domain STIG), must only allow Administrators, removing the Authenticated Users group.

Fix Text (F-49517r3_fix)

Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> User Rights Assignment >> "Access this computer from the network" to only include the following accounts or groups:

Administrators
Authenticated Users

Systems dedicated to managing Active Directory (AD admin platforms, see V-36436 in the Active Directory Domain STIG), must only allow Administrators, removing the Authenticated Users group.