Create a token object

Information

Create a token object

This security setting determines which accounts can be used by processes to create a token that can then be used to get access to any local resources when the process uses an internal application programming interface (API) to create an access token.

This user right is used internally by the operating system. Unless it is necessary, do not assign this user right to a user, group, or process other than Local System.

Caution

Assigning this user right can be a security risk. Do not assign this user right to any user, group, or process that you do not want to take over the system.
Default: None

Solution

Policy Path: User Rights Assignments
Policy Setting Name: Create a token object

See Also

https://techcommunity.microsoft.com/t5/microsoft-security-baselines/windows-11-security-baseline/ba-p/2810772

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-6(7)(b)

Plugin: Windows

Control ID: cfd8f93eb89ae2a6d716358d3be5f85f0e7e892313597ad12b84f980281641f8