The Create symbolic links user right must only be assigned to the Administrators group.

An XCCDF Rule

Details
Profiles

Description

Inappropriate granting of user rights can provide system, administrative, and other high-level capabilities. Accounts with the "Create symbolic links" user right can create pointers to other objects, which could expose the system to attack.

ID: SV-225078r958726_rule
Version: WN16-UR-000120
Severity: Medium
References: CCI-002235
Updated: 23 days ago

Remediation Templates

Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> User Rights Assignment >> "Create symbolic links" to include only the following accounts or groups:

- Administrators

Systems that have the Hyper-V role will also have "Virtual Machines" given this user right. If this needs to be added manually, enter it as "NT Virtual Machine\Virtual Machines".

The Create symbolic links user right must only be assigned to the Administrators group.

Description

Remediation Templates

A Manual Procedure