42587e5b-a61b-49e2-b25b-5413d52ebd05
Inappropriate granting of user rights can provide system, administrative, and other high-level capabilities. The "Enable computer and user accounts to be trusted for delegation" user right allows the "Trusted for Delegation" setting to be changed. This could allow unauthorized users to impersonate other users.
To fix this configure the policy value for
Computer Configuration
|_ Windows Settings
|_ Security Settings
|_ Local Policies
|_ User Rights Assignment
|_ "Enable computer and user accounts to be trusted for delegation" to include only the following accounts or groups:
STIG: Server
2022: https://www.stigviewer.com/stig/microsoft_windows_server_2022/2024-06-14/finding/V-254426
2019: https://www.stigviewer.com/stig/windows_server_2019/2020-06-15/finding/V-93041 / https://www.stigviewer.com/stig/microsoft_windows_server_2019/2024-06-14/finding/V-205745
2016: https://www.stigviewer.com/stig/microsoft_windows_server_2016/2024-02-21/finding/V-225005 / https://www.stigviewer.com/stig/windows_server_2016/2020-06-16/finding/V-73777
NIST 800-53: AC-6(7)
NIST 800-171 rev3 FPO: 3.1.1.g.3, 3.1.5.c, 3.1.5.d
NIST 800-171 rev3: 03.01.01.g.03, 03.01.05.c, 03.01.05.d, 03.10.01.c, 03.10.01.d
NIST 800-171A rev3: A.03.01.05.ODP[03], A.03.01.05.c, A.03.01.05.d
CAT: II
CCI: CCI-002235
CSCv6: 5.1
Rule-ID: SV-205745r569188_rule
STIG-ID: WN19-DC-000420
STIG-Legacy: SV-103129
STIG-Legacy: V-93041
Vuln-ID: V-205745
PCI-DSS v4: 7.2.4, 7.2.5.1, A3.4.1