The vCenter Server must disable accounts used for Integrated Windows Authentication (IWA).

An XCCDF Rule

Details
Profiles

Description

If not used for their intended purpose, default accounts must be disabled. vCenter ships with several default accounts, two of which are specific to IWA and SASL/Kerberos authentication. If other methods of authentication are used, these accounts are not needed and must be disabled.

ID: SV-265979r1003616_rule
Version: VCSA-80-000305
Severity: Medium
References: CCI-000366
Updated: about 2 months ago

Remediation Templates

From the vSphere Client, go to Administration >> Single Sign On >> Users and Groups >> Users.

Select the "K/M" or "krbtgt/VSPHERE.LOCAL" and click "More" then select "Disable".

Click "Ok" to disable the user account.

The vCenter Server must disable accounts used for Integrated Windows Authentication (IWA).

Description

Remediation Templates

A Manual Procedure