VCENTER-000008 - The vCenter Server must be installed using a service account instead of a built-in Windows account.

Information

The Microsoft Windows built-in system account or a user account can be used to run vCenter Server. With a user account, the Windows authentication for SQL Server can be enabled; it also provides more security. The user account must be an administrator on the local machine. In the installation wizard, specify the account name as DomainName\Username. If using SQL Server for the vCenter database, the SQL Server database must be configured to allow the domain account access to SQL Server. The Microsoft Windows built-in system account has more permissions and rights on the server than the vCenter Server system requires, which can contribute to security problems. A local user, administrative level account with limited permissions and rights must be set up for the vCenter Server system.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Re-install the vCenter Server with a special-purpose, local-only administrator role with the 'Act as part of the operating system' privilege.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_VMW_ESXi5_vCenter_Server_V2R1_STIG.zip

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6b., CAT|III, CCI|CCI-000366, Group-ID|V-39548, Rule-ID|SV-250730r799880_rule, STIG-ID|VCENTER-000008, STIG-Legacy|SV-51406, STIG-Legacy|V-39548, Vuln-ID|V-250730

Plugin: VMware

Control ID: 2f1c38b0da55ed130ea585948a8e7992c73227e470c74e968df97da8301ad4d8