CCE-47694-5Platform: cpe:/o:microsoft:windows_server_2016 | Date: (C)2022-09-02 (M)2023-07-04 |
This user right determines which users and groups can change the time zone used by the computer for displaying the local time, which is the computer's system time plus the time zone offset. System time itself is absolute and is not affected by a change in the time zone.
This user right is defined in the Default Domain Controller Group Policy object (GPO) and in the local security policy of the workstations and servers.
Default: Administrators, Users
NOTE: 'LOCAL SERVICE' will be present always. Even if you delete also, it will get reappear.
Countermeasure:
Countermeasures are not required because system time is not affected by this setting.
Potential Impact:
None. This is the default configuration.
Fix:
(1) GPO: Computer ConfigurationWindows SettingsSecurity SettingsLocal PoliciesUser Rights AssignmentChange the time zone
(2) REG: ###
(3) WMI: root
sopcomputer#RSOP_UserPrivilegeRight#AccountList#UserRight='SeTimeZonePrivilege' and precedence=1
Parameter:
[list_of_users_followed_by_comma]
Technical Mechanism:
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Change the time zone
(2) REG: ###
(3) WMI: root\rsop\computer#RSOP_UserPrivilegeRight#AccountList#UserRight='SeTimeZonePrivilege' and precedence=1
CCSS Severity: | CCSS Metrics: |
CCSS Score : 5.5 | Attack Vector: LOCAL |
Exploit Score: 1.8 | Attack Complexity: LOW |
Impact Score: 3.6 | Privileges Required: LOW |
Severity: MEDIUM | User Interaction: NONE |
Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H | Scope: UNCHANGED |
| Confidentiality: NONE |
| Integrity: NONE |
| Availability: HIGH |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:83630 |