Skip to content

The Horizon Connection Server must limit access to the global configuration privilege.

An XCCDF Rule

Description

<VulnDiscussion>The Horizon Connection Server comes with pre-defined privileges that can be combined in any combination into a role. That role is then assigned to a user or group. Any role that has the "Manage Global Configuration and Policies" has the ability to change the configuration of the Connection Server, including the events database. This privilege must be restricted and monitored over time.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID
SV-246890r768630_rule
Severity
Medium
References
Updated



Remediation - Manual Procedure

Log in to the Horizon 7 Console. From the left pane, navigate to Settings >> Administrators. Select each user or group with inappropriate access to the "Manage Global Configuration and Policies" privilege. Remove access or modify permissions as appropriate.

To remove users or groups:

From the "Administrators and Groups" tab, select the unnecessary users or groups in the left pane and click the "Remove User or Group" button. Click "OK'" to confirm removal.