1.1.4.25 Set 'Impersonate a client after authentication' to 'Administrators, SERVICE, Local Service, Network Service'

Information

The policy setting allows programs that run on behalf of a user to impersonate that user so that they can act
on behalf of the user.

Solution

Make sure 'Impersonate a client after authentication' is set to Administrators, SERVICE, Local Service and Network Service.

See Also

https://workbench.cisecurity.org/files/17

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-6(7)(b), CSCv6|5.1

Plugin: Windows

Control ID: 91d6761d0efa580ddbc12a6030ac2f19ac1dbd5c34222cd26e7b1bf36836f2ff