[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CCE
view XML

CCE-2379-6

Platform: cpe:/o:microsoft:windows_xpDate: (C)2012-03-13   (M)2023-07-04



This policy setting allows other users on the network to connect to the computer and is required by various network protocols that include Server Message Block (SMB)-based protocols, NetBIOS, Common Internet File System (CIFS), and Component Object Model Plus (COM+). Countermeasure: Restrict the Access this computer from the network user right to only those users who require access to the server. For example, if you configure this policy setting to the Administrators and Users groups, users who log on to the domain will be able to access resources shared from servers in the domain if members of the Domain Users group are included in the local Users group. Potential Impact: If you remove the Access this computer from the network user right on domain controllers for all users, no one will be able to log on to the domain or use network resources. If you remove this user right on member servers, users will not be able to connect to those servers through the network. Successful negotiation of IPsec connections requires that the initiating machine has this right, therefor Microsoft recommends that it is assigned to the Users group.If you have installed optional components such as ASP.NET or Internet Information Services (IIS), you may need to assign this user right to additional accounts that are required by those components. It is important to verify that authorized users are assigned this user right for the computers they need to access the network.


Parameter:

[list_of_users_followed_by_comma]


Technical Mechanism:

(1) GPO: Computer Configuration\\Windows Settings\\Security Settings\\Local Policies\\User Rights Assignment\\Access this computer from the network (2) REG: ### (3) WMI: root\\rsop\\computer#RSOP_UserPrivilegeRight#AccountList#UserRight='SeNetworkLogonRight' and precedence=1

CCSS Severity:CCSS Metrics:
CCSS Score : 5.6Attack Vector: NETWORK
Exploit Score: 2.2Attack Complexity: HIGH
Impact Score: 3.4Privileges Required: NONE
Severity: MEDIUMUser Interaction: NONE
Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:LScope: UNCHANGED
 Confidentiality: LOW
 Integrity: LOW
 Availability: LOW
  

References:
Resource IdReference
SCAP Repo OVAL Definitionoval:gov.nist.usgcb.xp:def:161
BITS Shared Assessments SIG v6.0BITS Shared Assessments SIG v6.0
Jericho ForumJericho Forum
HIPAA/HITECH ActHIPAA/HITECH Act
FedRAMP Security Controls(Final Release Jan 2012)--LOW IMPACT LEVEL--FedRAMP Security Controls(Final Release Jan 2012)--LOW IMPACT LEVEL--
ISO/IEC 27001-2005ISO/IEC 27001-2005
COBIT 4.1COBIT 4.1
GAPP (Aug 2009)GAPP (Aug 2009)
NERC CIPNERC CIP
NIST SP800-53 R3NIST SP800-53 R3 AC-3
NIST SP800-53 R3NIST SP800-53 R3 CM-6
PCIDSS v2.0PCIDSS v2.0
FedRAMP Security Controls(Final Release Jan 2012)--MODERATE IMPACT LEVEL--FedRAMP Security Controls(Final Release Jan 2012)--MODERATE IMPACT LEVEL--
BITS Shared Assessments AUP v5.0BITS Shared Assessments AUP v5.0


OVAL    1
oval:gov.nist.usgcb.xp:def:161
XCCDF    4
xccdf_gov.nist_benchmark_USGCB-Windows-XP
xccdf_org.secpod_benchmark_hipaa_windows_xp
xccdf_org.secpod_benchmark_nist_windows_xp
xccdf_org.secpod_benchmark_nerc_cip_Windows_XP
...

© SecPod Technologies