The Horizon Connection Server Instant Clone domain account must be configured with limited permissions.

An XCCDF Rule

Description

<VulnDiscussion>Configuring the application to implement organization-wide security implementation guides and security checklists ensures compliance with federal standards and establishes a common security baseline across DoD that reflects the most restrictive security posture consistent with operational requirements. Configuration settings are the set of parameters that can be changed that affect the security posture and/or functionality of the system. Security-related parameters are those parameters impacting the security state of the application, including the parameters required to satisfy other security control requirements.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-246905r768675_rule
Severity: Medium
References: CCI-000366
Updated: about 1 year ago

Log in to Active Directory Users and Computers. Set the permission for Instant Clone Domain Account to:

List Contents
Read All Properties
Write All Properties
Read PermissionsReset Password
Create Computer Objects
Delete Computer Objects

Ensure the permissions apply to the correct container and to all child objects of the container.

The Horizon Connection Server Instant Clone domain account must be configured with limited permissions.

Description

Remediation - Manual Procedure