Privilege Use: Audit Sensitive Privilege UseID: oval:gov.nist.usgcb.windowsseven:def:199 | Date: (C)2012-04-13 (M)2022-10-10 |
Class: COMPLIANCE | Family: windows |
This policy setting allows you to audit events generated when sensitive privileges (user rights) are used such as the following:
A privileged service is called.
One of the following privileges are called:
Act as part of the operating system.
Back up files and directories.
Create a token object.
Debug programs.
Enable computer and user accounts to be trusted for delegation.
Generate security audits.
Impersonate a client after authentication.
Load and unload device drivers.
Manage auditing and security log.
Modify firmware environment values.
Replace a process-level token.
Restore files and directories.
Take ownership of files or other objects.
If you configure this policy setting, an audit event is generated when sensitive privilege requests are made. Success audits record successful requests and Failure audits record unsuccessful requests.
If you do not configure this policy setting, no audit event is generated when sensitive privilege requests are made.
Volume: High.
Fix:
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Privilege Use\Audit Sensitive Privilege Use
(2) REG: INFO NOT AVAILABLE
Platform: |
Microsoft Windows 7 |