Microsoft Windows Server 2016 Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
The Debug programs user right must only be assigned to the Administrators group.
Inappropriate granting of user rights can provide system, administrative, and other high-level capabilities. Accounts with the "Debug programs" user right can attach a debugger to any process or t...Rule High Severity -
SRG-OS-000324-GPOS-00125
Group -
SRG-OS-000324-GPOS-00125
Group -
The Impersonate a client after authentication user right must only be assigned to Administrators, Service, Local Service, and Network Service.
Inappropriate granting of user rights can provide system, administrative, and other high-level capabilities. The "Impersonate a client after authentication" user right allows a program to imperson...Rule Medium Severity -
SRG-OS-000324-GPOS-00125
Group -
The Increase scheduling priority user right must only be assigned to the Administrators group.
Inappropriate granting of user rights can provide system, administrative, and other high-level capabilities. Accounts with the "Increase scheduling priority" user right can change a scheduling pri...Rule Medium Severity -
SRG-OS-000324-GPOS-00125
Group -
The Load and unload device drivers user right must only be assigned to the Administrators group.
Inappropriate granting of user rights can provide system, administrative, and other high-level capabilities. The "Load and unload device drivers" user right allows a user to load device drivers dy...Rule Medium Severity -
SRG-OS-000324-GPOS-00125
Group -
The Lock pages in memory user right must not be assigned to any groups or accounts.
Inappropriate granting of user rights can provide system, administrative, and other high-level capabilities. The "Lock pages in memory" user right allows physical memory to be assigned to processe...Rule Medium Severity -
SRG-OS-000057-GPOS-00027
Group -
SRG-OS-000324-GPOS-00125
Group -
SRG-OS-000324-GPOS-00125
Group -
The Perform volume maintenance tasks user right must only be assigned to the Administrators group.
Inappropriate granting of user rights can provide system, administrative, and other high-level capabilities. Accounts with the "Perform volume maintenance tasks" user right can manage volume and d...Rule Medium Severity -
SRG-OS-000324-GPOS-00125
Group -
SRG-OS-000324-GPOS-00125
Group -
The Create a token object user right must not be assigned to any groups or accounts.
Inappropriate granting of user rights can provide system, administrative, and other high-level capabilities. The "Create a token object" user right allows a process to create an access token. This...Rule High Severity -
SRG-OS-000324-GPOS-00125
Group -
The Restore files and directories user right must only be assigned to the Administrators group.
Inappropriate granting of user rights can provide system, administrative, and other high-level capabilities. Accounts with the "Restore files and directories" user right can circumvent file and di...Rule Medium Severity -
SRG-OS-000324-GPOS-00125
Group
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.