CCE-93852-2| Platform: cpe:/o:microsoft:windows_server_2019 | Date: (C)2020-09-22 (M)2023-07-04 |
Allow members of the Everyone group to run applications that are located in the Windows folder
This setting allows members of the Everyone group to run applications that are located in (or beneath) the Windows folder.
If you enable this setting, members of the Everyone group will be able to run applications that are located in (or beneath) the Windows folder.
If you disable this setting, members of the Everyone group will not be able to run applications that are located in (or beneath) the Windows folder.
This setting is largely used to control running of apps on sensitive computers (such as domain controllers).
Parameter:
[enable/disable]
Technical Mechanism:
(1) GPO: Computer ConfigurationWindows SettingsSecurity SettingsApplication Control PoliciesAppLockerExecutable Rules!Allow members of the Everyone group to run applications that are located in the Windows folder
(2) REG: HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsSrpV2Exea61c8b2c-a319-4cd0-9690-d2177cad7b51!Value
| CCSS Severity: | CCSS Metrics: |
| CCSS Score : 7.5 | Attack Vector: NETWORK |
| Exploit Score: 1.6 | Attack Complexity: HIGH |
| Impact Score: 5.9 | Privileges Required: LOW |
| Severity: HIGH | User Interaction: NONE |
| Vector: AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H | Scope: UNCHANGED |
| | Confidentiality: HIGH |
| | Integrity: HIGH |
| | Availability: HIGH |
| | |
References: | Resource Id | Reference |
|---|
| SCAP Repo OVAL Definition | oval:org.secpod.oval:def:56868 |
