The "Profile single process" user right must only be assigned to the Administrators group.

An XCCDF Rule

Details
Profiles

Description

Inappropriate granting of user rights can provide system, administrative, and other high-level capabilities. Accounts with the "Profile single process" user right can monitor non-system processes performance. An attacker could potentially use this to identify processes to attack.

ID: SV-253504r958726_rule
Version: WN11-UR-000150
Severity: Medium
References: CCI-002235
Updated: 24 days ago

Remediation Templates

Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> User Rights Assignment >> "Profile single process" to only include the following groups or accounts:

Administrators

The "Profile single process" user right must only be assigned to the Administrators group.

Description

Remediation Templates

A Manual Procedure