The Create symbolic links user right must only be assigned to the Administrators group.
An XCCDF Rule
Description
<VulnDiscussion>Inappropriate granting of user rights can provide system, administrative, and other high level capabilities. Accounts with the "Create symbolic links" user right can create pointers to other objects, which could potentially expose the system to attack.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-220966r877392_rule
- Severity
- Medium
- References
- Updated
Remediation - Manual Procedure
Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> User Rights Assignment >> "Create symbolic links" to only include the following groups or accounts:
Administrators