This policy setting allows the user of a portable computer to click Eject PC on the Start menu to undock the computer. Countermeasure: Ensure that only the local Administrators group and the user account to which the computer is allocated are assigned the Remove computer from docking station user right. Potential Impact: By default, only members of the local Administrator group are granted this right. Other user accounts must be explicitly granted the right as necessary. If your organization's users are not members of the local Administrators groups on their portable computers, they will be unable to remove their own portable computers from their docking stations without shutting them down first. Therefore, you may want to assign the Remove computer from docking station privilege to the local Users group for portable computers.

[list_of_users_followed_by_comma]

(1) GPO: Computer Configuration\\Windows Settings\\Security Settings\\Local Policies\\User Rights Assignment\\Remove computer from docking station (2) REG: ### (3) WMI: root\\rsop\\computer#RSOP_UserPrivilegeRight#AccountList#UserRight='SeUndockPrivilege' and precedence=1