CIS Microsoft Windows 10 Enterprise Release 1909 Benchmark
2.2.39 (L1) Ensure 'Take ownership of files or other objects' is set to 'Administrators' (Scored)
ProfileApplicability:
Level 1 (L1) - Corporate/Enterprise Environment (general use)
Description:
This policy setting allows users to take ownership of files, folders, registry keys, processes, or threads. This user right bypasses any permissions that are in place to protect objects to give ownership to the specified user.
The recommended state for this setting is: Administrators .
Note: This user right is considered a "sensitive privilege" for the purposes of auditing.
Rationale:
Any users with the Take ownershipof files or other objects user right can take control of any object, regardless of the permissions on that object, and then make any changes they wish to that object. Such changes could result in exposure of data, corruption of data, or a DoS condition.
Audit:
Navigate to the UI Path articulated in the Remediation section and confirm it is set as prescribed.
Remediation:
To establish the recommended configuration via GP, set the following UI path to Administrators :
Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Take ownership of files or other objects
Impact:
None - this is the default behavior.
Default Value:
Administrators.
148 | P a g e
Made with FlippingBook - Online magazine maker