CIS Microsoft Windows 10 Enterprise Release 1909 Benchmark
2.2.35 (L1) Ensure 'Profile systemperformance' is set to 'Administrators, NT SERVICE\WdiServiceHost' (Scored)
ProfileApplicability:
Level 1 (L1) - Corporate/Enterprise Environment (general use)
Description:
This policy setting allows users to use tools to view the performance of different system processes, which could be abused to allow attackers to determine a system's active processes and provide insight into the potential attack surface of the computer.
The recommended state for this setting is: Administrators, NT SERVICE\WdiServiceHost .
Rationale:
The Profile system performance user right poses a moderate vulnerability. Attackers with this user right could monitor a computer's performance to help identify critical processes that they might wish to attack directly. Attackers may also be able to determine what processes are active on the computer so that they could identify countermeasures that they may need to avoid, such as antivirus software or an intrusion detection system.
Audit:
Navigate to the UI Path articulated in the Remediation section and confirm it is set as prescribed.
Remediation:
To establish the recommended configuration via GP, set the following UI path to Administrators, NT SERVICE\WdiServiceHost :
Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Profile system performance
Impact:
None - this is the default behavior.
140 | P a g e
Made with FlippingBook - Online magazine maker