Access Credential Manager as a trusted caller

Information

This setting is used by Credential Manager during Backup/Restore. No accounts should have this privilege, as it is only assigned to Winlogon. Users saved credentials might be compromised if this privilege is given to other entities.

Solution

Policy Path: Local Policies\User Rights Assignment
Policy Name: Access Credential Manager as a trusted caller

See Also

https://blogs.technet.microsoft.com/secguide/2016/10/17/security-baseline-for-windows-10-v1607-anniversary-edition-and-windows-server-2016/

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-6(7)(b), CSCv6|5.1

Plugin: Windows

Control ID: 5313e3775d2f86f4aaf0891e806efc60f66774d4d2568aba749b0cf9bf5ff009