CCE-93849-8| Platform: cpe:/o:microsoft:windows_server_2019 | Date: (C)2020-09-22 (M)2023-07-04 |
Allow members of the local Administrators group to run all applications
This setting allows members of the local Administrators group to run all applications on computers, regardless of their location.
If you enable this setting, members of the Administrators group will be able to run applications, regardless of their location.
If you disable this setting, members of the Administrators group will be unable to run applications, regardless of their location.
This setting is largely used to control running of apps on sensitive computers (such as domain controllers).
Parameter:
[enable/disable]
Technical Mechanism:
(1) GPO: Computer ConfigurationWindows SettingsSecurity SettingsApplication Control PoliciesAppLockerExecutable Rules!Allow members of the local Administrators group to run all applications
(2) REG: HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsSrpV2Exefd686d83-a829-4351-8ff4-27c7de5755d2!Value
| CCSS Severity: | CCSS Metrics: |
| CCSS Score : 7.2 | Attack Vector: NETWORK |
| Exploit Score: 1.2 | Attack Complexity: LOW |
| Impact Score: 5.9 | Privileges Required: HIGH |
| Severity: HIGH | User Interaction: NONE |
| Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | Scope: UNCHANGED |
| | Confidentiality: HIGH |
| | Integrity: HIGH |
| | Availability: HIGH |
| | |
References: | Resource Id | Reference |
|---|
| SCAP Repo OVAL Definition | oval:org.secpod.oval:def:56865 |
