VCENTER-000005 - Privilege re-assignment must be checked after the vCenter Server restarts.

Information

During a restart of vCenter Server, if the user or user group that is assigned Administrator role on the root folder could not be verified as a valid user/group during the restart, the user/group's permission as Administrator will be removed. In its place, vCenter Server defaults the Administrator role to the local Windows administrators group, to act as a new vCenter Server Administrator. This default administrative assignment must be rectified by re-establishing a legitimate vCenter Server account with an Administrator role.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

As a Windows Administrator, log in to the vCenter Server and restore a legitimate administrator account per site-specific user/group/role requirements.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_VMW_ESXi5_vCenter_Server_V2R1_STIG.zip

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6b., CAT|II, CCI|CCI-000366, Group-ID|V-39545, Rule-ID|SV-250727r799871_rule, STIG-ID|VCENTER-000005, STIG-Legacy|SV-51403, STIG-Legacy|V-39545, Vuln-ID|V-250727

Plugin: VMware

Control ID: 1823150d2b09a9ff452e68462b058c065af1f97af63c9da6c45bffde9fe9442a