SRG-OS-000324-GPOS-00125 Controls

STIG IDVersionTitleProduct
AZLX-23-001000V1R2Amazon Linux 2023 must have the sudo package installed.Amazon Linux 2023
AZLX-23-002555V1R2Amazon Linux 2023 debug-shell systemd service must be disabled.Amazon Linux 2023
ALMA-09-006620V1R5The systemd Ctrl-Alt-Delete burst key sequence in AlmaLinux OS 9 must be disabled.AlmaLinux OS 9
ALMA-09-006730V1R5The Ctrl-Alt-Delete key sequence must be disabled on AlmaLinux OS 9.AlmaLinux OS 9
ALMA-09-006840V1R5AlmaLinux OS 9 must have the sudo package installed.AlmaLinux OS 9
ALMA-09-006950V1R5The AlmaLinux OS 9 debug-shell systemd service must be disabled.AlmaLinux OS 9
ALMA-09-007060V1R5AlmaLinux OS 9 must enable kernel parameters to enforce discretionary access control on hardlinks.AlmaLinux OS 9
ALMA-09-007170V1R5AlmaLinux OS 9 must enable kernel parameters to enforce discretionary access control (DAC) on symlinks.AlmaLinux OS 9
APPL-13-002069V1R5The macOS system must prevent nonprivileged users from executing privileged functions to include disabling, circumventing, or altering implemented security safeguards/countermeasures.macOS 13 - Ventura
APPL-14-002069V2R4The macOS system must require administrator privileges to modify systemwide settings.macOS 14 - Sonoma
APPL-15-002069V1R6The macOS system must require an administrator password to modify systemwide preferences.macOS 15 - Sequoia
OL07-00-020020V3R5The Oracle Linux operating system must prevent nonprivileged users from executing privileged functions to include disabling, circumventing, or altering implemented security safeguards/countermeasures.Oracle Linux 7
OL07-00-020021V3R5The Oracle Linux operating system must confine SELinux users to roles that conform to least privilege.Oracle Linux 7
OL07-00-020022V3R5The Oracle Linux operating system must not allow privileged accounts to utilize SSH.Oracle Linux 7
OL07-00-020023V3R5The Oracle Linux operating system must elevate the SELinux context when an administrator calls the sudo command.Oracle Linux 7
OL08-00-040400V2R7OL 8 must prevent nonprivileged users from executing privileged functions, including disabling, circumventing, or altering implemented security safeguards/countermeasures.Oracle Linux 8
OL09-00-000230V1R4OL 9 must have the sudo package installed.Oracle Linux 9
OL09-00-002403V1R4OL 9 debug-shell systemd service must be disabled.Oracle Linux 9
OL09-00-002412V1R4OL 9 must be configured so that the systemd Ctrl-Alt-Delete burst key sequence is disabled.Oracle Linux 9
OL09-00-002413V1R4OL 9 must be configured so that the x86 Ctrl-Alt-Delete key sequence is disabled.Oracle Linux 9
RHEL-10-700970V1R1RHEL 10 must disable the debug-shell systemd service.Red Hat Enterprise Linux 10
RHEL-10-200590V1R1RHEL 10 must have the "sudo" package installed.Red Hat Enterprise Linux 10
RHEL-10-700410V1R1RHEL 10 must elevate the SELinux context when an administrator calls the sudo command.Red Hat Enterprise Linux 10
RHEL-10-700950V1R1RHEL 10 must disable the systemd Ctrl-Alt-Delete burst key sequence.Red Hat Enterprise Linux 10
RHEL-10-700960V1R1RHEL 10 must disable the x86 Ctrl-Alt-Delete key sequence.Red Hat Enterprise Linux 10
RHEL-07-020020V3R9The Red Hat Enterprise Linux operating system must prevent non-privileged users from executing privileged functions to include disabling, circumventing, or altering implemented security safeguards/countermeasures.Red Hat Enterprise Linux 7
RHEL-07-020021V3R9The Red Hat Enterprise Linux operating system must confine SELinux users to roles that conform to least privilege.Red Hat Enterprise Linux 7
RHEL-07-020022V3R9The Red Hat Enterprise Linux operating system must not allow privileged accounts to utilize SSH.Red Hat Enterprise Linux 7
RHEL-07-020023V3R9The Red Hat Enterprise Linux operating system must elevate the SELinux context when an administrator calls the sudo command.Red Hat Enterprise Linux 7
RHEL-08-040400V2R6RHEL 8 must prevent nonprivileged users from executing privileged functions, including disabling, circumventing, or altering implemented security safeguards/countermeasures.Red Hat Enterprise Linux 8
RHEL-09-211045V2R7The systemd Ctrl-Alt-Delete burst key sequence in RHEL 9 must be disabled.Red Hat Enterprise Linux 9
RHEL-09-211050V2R7The x86 Ctrl-Alt-Delete key sequence must be disabled on RHEL 9.Red Hat Enterprise Linux 9
RHEL-09-211055V2R7RHEL 9 debug-shell systemd service must be disabled.Red Hat Enterprise Linux 9
RHEL-09-432010V2R7RHEL 9 must have the sudo package installed.Red Hat Enterprise Linux 9
WN10-00-000070V3R6Only accounts responsible for the administration of a system must have Administrator rights on the system.Microsoft Windows 10
WN10-RG-000005V3R6Default permissions for the HKEY_LOCAL_MACHINE registry hive must be maintained.Microsoft Windows 10
WN10-SO-000167V3R6Remote calls to the Security Account Manager (SAM) must be restricted to Administrators.Microsoft Windows 10
WN10-UR-000005V3R6The Access Credential Manager as a trusted caller user right must not be assigned to any groups or accounts.Microsoft Windows 10
WN10-UR-000015V3R6The Act as part of the operating system user right must not be assigned to any groups or accounts.Microsoft Windows 10
WN10-UR-000030V3R6The Back up files and directories user right must only be assigned to the Administrators group.Microsoft Windows 10
WN10-UR-000035V3R6The Change the system time user right must only be assigned to Administrators and Local Service and NT SERVICE\autotimesvc.Microsoft Windows 10
WN10-UR-000040V3R6The Create a pagefile user right must only be assigned to the Administrators group.Microsoft Windows 10
WN10-UR-000045V3R6The Create a token object user right must not be assigned to any groups or accounts.Microsoft Windows 10
WN10-UR-000050V3R6The Create global objects user right must only be assigned to Administrators, Service, Local Service, and Network Service.Microsoft Windows 10
WN10-UR-000055V3R6The Create permanent shared objects user right must not be assigned to any groups or accounts.Microsoft Windows 10
WN10-UR-000060V3R6The Create symbolic links user right must only be assigned to the Administrators group.Microsoft Windows 10
WN10-UR-000065V3R6The Debug programs user right must only be assigned to the Administrators group.Microsoft Windows 10
WN10-UR-000095V3R6The Enable computer and user accounts to be trusted for delegation user right must not be assigned to any groups or accounts.Microsoft Windows 10
WN10-UR-000100V3R6The Force shutdown from a remote system user right must only be assigned to the Administrators group.Microsoft Windows 10
WN10-UR-000110V3R6The "Impersonate a client after authentication" user right must only be assigned to Administrators, Service, Local Service, and Network Service.Microsoft Windows 10
WN10-UR-000120V3R6The Load and unload device drivers user right must only be assigned to the Administrators group.Microsoft Windows 10
WN10-UR-000125V3R6The Lock pages in memory user right must not be assigned to any groups or accounts.Microsoft Windows 10
WN10-UR-000140V3R6The Modify firmware environment values user right must only be assigned to the Administrators group.Microsoft Windows 10
WN10-UR-000145V3R6The Perform volume maintenance tasks user right must only be assigned to the Administrators group.Microsoft Windows 10
WN10-UR-000150V3R6The Profile single process user right must only be assigned to the Administrators group.Microsoft Windows 10
WN10-UR-000160V3R6The Restore files and directories user right must only be assigned to the Administrators group.Microsoft Windows 10
WN10-UR-000165V3R6The Take ownership of files or other objects user right must only be assigned to the Administrators group.Microsoft Windows 10
WN11-RG-000005V2R5Default permissions for the HKEY_LOCAL_MACHINE registry hive must be maintained.Microsoft Windows 11
WN11-SO-000167V2R5Remote calls to the Security Account Manager (SAM) must be restricted to Administrators.Microsoft Windows 11
WN11-UR-000005V2R5The "Access Credential Manager as a trusted caller" user right must not be assigned to any groups or accounts.Microsoft Windows 11
WN11-UR-000015V2R5The "Act as part of the operating system" user right must not be assigned to any groups or accounts.Microsoft Windows 11
WN11-UR-000030V2R5The "Back up files and directories" user right must only be assigned to the Administrators group.Microsoft Windows 11
WN11-UR-000035V2R5The "Change the system time" user right must only be assigned to Administrators and Local Service.Microsoft Windows 11
WN11-UR-000040V2R5The "Create a pagefile" user right must only be assigned to the Administrators group.Microsoft Windows 11
WN11-UR-000045V2R5The "Create a token object" user right must not be assigned to any groups or accounts.Microsoft Windows 11
WN11-UR-000050V2R5The "Create global objects" user right must only be assigned to Administrators, Service, Local Service, and Network Service.Microsoft Windows 11
WN11-UR-000055V2R5The "Create permanent shared objects" user right must not be assigned to any groups or accounts.Microsoft Windows 11
WN11-UR-000060V2R5The "Create symbolic links" user right must only be assigned to the Administrators group.Microsoft Windows 11
WN11-UR-000065V2R5The "Debug programs" user right must only be assigned to the Administrators group.Microsoft Windows 11
WN11-UR-000095V2R5The "Enable computer and user accounts to be trusted for delegation" user right must not be assigned to any groups or accounts.Microsoft Windows 11
WN11-UR-000100V2R5The "Force shutdown from a remote system" user right must only be assigned to the Administrators group.Microsoft Windows 11
WN11-UR-000110V2R5The "Impersonate a client after authentication" user right must only be assigned to Administrators, Service, Local Service, and Network Service.Microsoft Windows 11
WN11-UR-000120V2R5The "Load and unload device drivers" user right must only be assigned to the Administrators group.Microsoft Windows 11
WN11-UR-000125V2R5The "Lock pages in memory" user right must not be assigned to any groups or accounts.Microsoft Windows 11
WN11-UR-000140V2R5The "Modify firmware environment values" user right must only be assigned to the Administrators group.Microsoft Windows 11
WN11-UR-000145V2R5The "Perform volume maintenance tasks" user right must only be assigned to the Administrators group.Microsoft Windows 11
WN11-UR-000150V2R5The "Profile single process" user right must only be assigned to the Administrators group.Microsoft Windows 11
WN11-UR-000160V2R5The "Restore files and directories" user right must only be assigned to the Administrators group.Microsoft Windows 11
WN11-UR-000165V2R5The "Take ownership of files or other objects" user right must only be assigned to the Administrators group.Microsoft Windows 11
WN16-00-000190V2R9Default permissions for the HKEY_LOCAL_MACHINE registry hive must be maintained.Microsoft Windows Server 2016
WN16-DC-000010V2R9Only administrators responsible for the domain controller must have Administrator rights on the system.Microsoft Windows Server 2016
WN16-DC-000070V2R9Permissions on the Active Directory data files must only allow System and Administrators access.Microsoft Windows Server 2016
WN16-DC-000080V2R9The Active Directory SYSVOL directory must have the proper access control permissions.Microsoft Windows Server 2016
WN16-DC-000090V2R9Active Directory Group Policy objects must have proper access control permissions.Microsoft Windows Server 2016
WN16-DC-000100V2R9The Active Directory Domain Controllers Organizational Unit (OU) object must have the proper access control permissions.Microsoft Windows Server 2016
WN16-DC-000110V2R9Domain-created Active Directory Organizational Unit (OU) objects must have proper access control permissions.Microsoft Windows Server 2016
WN16-DC-000350V2R9The Add workstations to domain user right must only be assigned to the Administrators group.Microsoft Windows Server 2016
WN16-DC-000420V2R9The Enable computer and user accounts to be trusted for delegation user right must only be assigned to the Administrators group on domain controllers.Microsoft Windows Server 2016
WN16-MS-000010V2R9Only administrators responsible for the member server or standalone or nondomain-joined system must have Administrator rights on the system.Microsoft Windows Server 2016
WN16-MS-000310V2R9Remote calls to the Security Account Manager (SAM) must be restricted to Administrators.Microsoft Windows Server 2016
WN16-MS-000420V2R9The "Enable computer and user accounts to be trusted for delegation" user right must not be assigned to any groups or accounts on member servers.Microsoft Windows Server 2016
WN16-UR-000010V2R9The Access Credential Manager as a trusted caller user right must not be assigned to any groups or accounts.Microsoft Windows Server 2016
WN16-UR-000030V2R9The Act as part of the operating system user right must not be assigned to any groups or accounts.Microsoft Windows Server 2016
WN16-UR-000070V2R9The Back up files and directories user right must only be assigned to the Administrators group.Microsoft Windows Server 2016
WN16-UR-000080V2R9The Create a pagefile user right must only be assigned to the Administrators group.Microsoft Windows Server 2016
WN16-UR-000100V2R9The Create global objects user right must only be assigned to Administrators, Service, Local Service, and Network Service.Microsoft Windows Server 2016
WN16-UR-000110V2R9The Create permanent shared objects user right must not be assigned to any groups or accounts.Microsoft Windows Server 2016
WN16-UR-000120V2R9The Create symbolic links user right must only be assigned to the Administrators group.Microsoft Windows Server 2016
WN16-UR-000130V2R9The Debug programs user right must only be assigned to the Administrators group.Microsoft Windows Server 2016
WN16-UR-000200V2R9The Force shutdown from a remote system user right must only be assigned to the Administrators group.Microsoft Windows Server 2016
WN16-UR-000210V2R9The Generate security audits user right must only be assigned to Local Service and Network Service.Microsoft Windows Server 2016
WN16-UR-000220V2R9The Impersonate a client after authentication user right must only be assigned to Administrators, Service, Local Service, and Network Service.Microsoft Windows Server 2016
WN16-UR-000230V2R9The Increase scheduling priority user right must only be assigned to the Administrators group.Microsoft Windows Server 2016
WN16-UR-000240V2R9The Load and unload device drivers user right must only be assigned to the Administrators group.Microsoft Windows Server 2016
WN16-UR-000250V2R9The Lock pages in memory user right must not be assigned to any groups or accounts.Microsoft Windows Server 2016
WN16-UR-000270V2R9The Modify firmware environment values user right must only be assigned to the Administrators group.Microsoft Windows Server 2016
WN16-UR-000280V2R9The Perform volume maintenance tasks user right must only be assigned to the Administrators group.Microsoft Windows Server 2016
WN16-UR-000290V2R9The Profile single process user right must only be assigned to the Administrators group.Microsoft Windows Server 2016
WN16-UR-000090V2R9The Create a token object user right must not be assigned to any groups or accounts.Microsoft Windows Server 2016
WN16-UR-000300V2R9The Restore files and directories user right must only be assigned to the Administrators group.Microsoft Windows Server 2016
WN16-UR-000310V2R9The Take ownership of files or other objects user right must only be assigned to the Administrators group.Microsoft Windows Server 2016
WN19-00-000170V3R7Windows Server 2019 default permissions for the HKEY_LOCAL_MACHINE registry hive must be maintained.Microsoft Windows Server 2019
WN19-DC-000010V3R7Windows Server 2019 must only allow administrators responsible for the domain controller to have Administrator rights on the system.Microsoft Windows Server 2019
WN19-DC-000070V3R7Windows Server 2019 permissions on the Active Directory data files must only allow System and Administrators access.Microsoft Windows Server 2019
WN19-DC-000080V3R7Windows Server 2019 Active Directory SYSVOL directory must have the proper access control permissions.Microsoft Windows Server 2019
WN19-DC-000090V3R7Windows Server 2019 Active Directory Group Policy objects must have proper access control permissions.Microsoft Windows Server 2019
WN19-DC-000100V3R7Windows Server 2019 Active Directory Domain Controllers Organizational Unit (OU) object must have the proper access control permissions.Microsoft Windows Server 2019
WN19-DC-000110V3R7Windows Server 2019 organization created Active Directory Organizational Unit (OU) objects must have proper access control permissions.Microsoft Windows Server 2019
WN19-DC-000350V3R7Windows Server 2019 Add workstations to domain user right must only be assigned to the Administrators group on domain controllers.Microsoft Windows Server 2019
WN19-DC-000420V3R7Windows Server 2019 Enable computer and user accounts to be trusted for delegation user right must only be assigned to the Administrators group on domain controllers.Microsoft Windows Server 2019
WN19-MS-000010V3R7Windows Server 2019 must only allow Administrators responsible for the member server or standalone or nondomain-joined system to have Administrator rights on the system.Microsoft Windows Server 2019
WN19-MS-000060V3R7Windows Server 2019 must restrict remote calls to the Security Account Manager (SAM) to Administrators on domain-joined member servers and standalone or nondomain-joined systems.Microsoft Windows Server 2019
WN19-MS-000130V3R7Windows Server 2019 "Enable computer and user accounts to be trusted for delegation" user right must not be assigned to any groups or accounts on domain-joined member servers and standalone or nondomain-joined systems.Microsoft Windows Server 2019
WN19-UR-000010V3R7Windows Server 2019 Access Credential Manager as a trusted caller user right must not be assigned to any groups or accounts.Microsoft Windows Server 2019
WN19-UR-000020V3R7Windows Server 2019 Act as part of the operating system user right must not be assigned to any groups or accounts.Microsoft Windows Server 2019
WN19-UR-000040V3R7Windows Server 2019 Back up files and directories user right must only be assigned to the Administrators group.Microsoft Windows Server 2019
WN19-UR-000050V3R7Windows Server 2019 Create a pagefile user right must only be assigned to the Administrators group.Microsoft Windows Server 2019
WN19-UR-000060V3R7Windows Server 2019 Create a token object user right must not be assigned to any groups or accounts.Microsoft Windows Server 2019
WN19-UR-000070V3R7Windows Server 2019 Create global objects user right must only be assigned to Administrators, Service, Local Service, and Network Service.Microsoft Windows Server 2019
WN19-UR-000080V3R7Windows Server 2019 Create permanent shared objects user right must not be assigned to any groups or accounts.Microsoft Windows Server 2019
WN19-UR-000090V3R7Windows Server 2019 Create symbolic links user right must only be assigned to the Administrators group.Microsoft Windows Server 2019
WN19-UR-000100V3R7Windows Server 2019 Debug programs: user right must only be assigned to the Administrators group.Microsoft Windows Server 2019
WN19-UR-000110V3R7Windows Server 2019 Force shutdown from a remote system user right must only be assigned to the Administrators group.Microsoft Windows Server 2019
WN19-UR-000120V3R7Windows Server 2019 Generate security audits user right must only be assigned to Local Service and Network Service.Microsoft Windows Server 2019
WN19-UR-000130V3R7Windows Server 2019 Impersonate a client after authentication user right must only be assigned to Administrators, Service, Local Service, and Network Service.Microsoft Windows Server 2019
WN19-UR-000140V3R7Windows Server 2019 Increase scheduling priority: user right must only be assigned to the Administrators group.Microsoft Windows Server 2019
WN19-UR-000150V3R7Windows Server 2019 Load and unload device drivers user right must only be assigned to the Administrators group.Microsoft Windows Server 2019
WN19-UR-000160V3R7Windows Server 2019 Lock pages in memory user right must not be assigned to any groups or accounts.Microsoft Windows Server 2019
WN19-UR-000180V3R7Windows Server 2019 Modify firmware environment values user right must only be assigned to the Administrators group.Microsoft Windows Server 2019
WN19-UR-000190V3R7Windows Server 2019 Perform volume maintenance tasks user right must only be assigned to the Administrators group.Microsoft Windows Server 2019
WN19-UR-000200V3R7Windows Server 2019 Profile single process user right must only be assigned to the Administrators group.Microsoft Windows Server 2019
WN19-UR-000210V3R7Windows Server 2019 Restore files and directories user right must only be assigned to the Administrators group.Microsoft Windows Server 2019
WN19-UR-000220V3R7Windows Server 2019 Take ownership of files or other objects user right must only be assigned to the Administrators group.Microsoft Windows Server 2019
WN22-00-000170V2R7Windows Server 2022 default permissions for the HKEY_LOCAL_MACHINE registry hive must be maintained.Microsoft Windows Server 2022
WN22-DC-000010V2R7Windows Server 2022 must only allow administrators responsible for the domain controller to have Administrator rights on the system.Microsoft Windows Server 2022
WN22-DC-000070V2R7Windows Server 2022 permissions on the Active Directory data files must only allow System and Administrators access.Microsoft Windows Server 2022
WN22-DC-000080V2R7Windows Server 2022 Active Directory SYSVOL directory must have the proper access control permissions.Microsoft Windows Server 2022
WN22-DC-000090V2R7Windows Server 2022 Active Directory Group Policy objects must have proper access control permissions.Microsoft Windows Server 2022
WN22-DC-000100V2R7Windows Server 2022 Active Directory Domain Controllers Organizational Unit (OU) object must have the proper access control permissions.Microsoft Windows Server 2022
WN22-DC-000110V2R7Windows Server 2022 organization created Active Directory Organizational Unit (OU) objects must have proper access control permissions.Microsoft Windows Server 2022
WN22-DC-000350V2R7Windows Server 2022 Add workstations to domain user right must only be assigned to the Administrators group on domain controllers.Microsoft Windows Server 2022
WN22-DC-000420V2R7Windows Server 2022 Enable computer and user accounts to be trusted for delegation user right must only be assigned to the Administrators group on domain controllers.Microsoft Windows Server 2022
WN22-MS-000010V2R7Windows Server 2022 must only allow administrators responsible for the member server or standalone or nondomain-joined system to have Administrator rights on the system.Microsoft Windows Server 2022
WN22-MS-000060V2R7Windows Server 2022 must restrict remote calls to the Security Account Manager (SAM) to Administrators on domain-joined member servers and standalone or nondomain-joined systems.Microsoft Windows Server 2022
WN22-MS-000130V2R7Windows Server 2022 Enable computer and user accounts to be trusted for delegation user right must not be assigned to any groups or accounts on domain-joined member servers and standalone or nondomain-joined systems.Microsoft Windows Server 2022
WN22-UR-000010V2R7Windows Server 2022 Access Credential Manager as a trusted caller user right must not be assigned to any groups or accounts.Microsoft Windows Server 2022
WN22-UR-000020V2R7Windows Server 2022 Act as part of the operating system user right must not be assigned to any groups or accounts.Microsoft Windows Server 2022
WN22-UR-000040V2R7Windows Server 2022 back up files and directories user right must only be assigned to the Administrators group.Microsoft Windows Server 2022
WN22-UR-000050V2R7Windows Server 2022 create a pagefile user right must only be assigned to the Administrators group.Microsoft Windows Server 2022
WN22-UR-000060V2R7Windows Server 2022 create a token object user right must not be assigned to any groups or accounts.Microsoft Windows Server 2022
WN22-UR-000070V2R7Windows Server 2022 create global objects user right must only be assigned to Administrators, Service, Local Service, and Network Service.Microsoft Windows Server 2022
WN22-UR-000080V2R7Windows Server 2022 create permanent shared objects user right must not be assigned to any groups or accounts.Microsoft Windows Server 2022
WN22-UR-000090V2R7Windows Server 2022 create symbolic links user right must only be assigned to the Administrators group.Microsoft Windows Server 2022
WN22-UR-000100V2R7Windows Server 2022 debug programs user right must only be assigned to the Administrators group.Microsoft Windows Server 2022
WN22-UR-000110V2R7Windows Server 2022 force shutdown from a remote system user right must only be assigned to the Administrators group.Microsoft Windows Server 2022
WN22-UR-000120V2R7Windows Server 2022 generate security audits user right must only be assigned to Local Service and Network Service.Microsoft Windows Server 2022
WN22-UR-000130V2R7Windows Server 2022 impersonate a client after authentication user right must only be assigned to Administrators, Service, Local Service, and Network Service.Microsoft Windows Server 2022
WN22-UR-000140V2R7Windows Server 2022 increase scheduling priority: user right must only be assigned to the Administrators group.Microsoft Windows Server 2022
WN22-UR-000150V2R7Windows Server 2022 load and unload device drivers user right must only be assigned to the Administrators group.Microsoft Windows Server 2022
WN22-UR-000160V2R7Windows Server 2022 lock pages in memory user right must not be assigned to any groups or accounts.Microsoft Windows Server 2022
WN22-UR-000180V2R7Windows Server 2022 modify firmware environment values user right must only be assigned to the Administrators group.Microsoft Windows Server 2022
WN22-UR-000190V2R7Windows Server 2022 perform volume maintenance tasks user right must only be assigned to the Administrators group.Microsoft Windows Server 2022
WN22-UR-000200V2R7Windows Server 2022 profile single process user right must only be assigned to the Administrators group.Microsoft Windows Server 2022
WN22-UR-000210V2R7Windows Server 2022 restore files and directories user right must only be assigned to the Administrators group.Microsoft Windows Server 2022
WN22-UR-000220V2R7Windows Server 2022 take ownership of files or other objects user right must only be assigned to the Administrators group.Microsoft Windows Server 2022
WN25-00-000170V1R1Windows Server 2025 default permissions for the HKEY_LOCAL_MACHINE registry hive must be maintained.Microsoft Windows Server 2025
WN25-DC-000010V1R1Windows Server 2025 must only allow administrators responsible for the domain controller to have Administrator rights on the system.Microsoft Windows Server 2025
WN25-DC-000070V1R1Windows Server 2025 permissions on the Active Directory data files must only allow system administrators (SAs) access.Microsoft Windows Server 2025
WN25-DC-000080V1R1Windows Server 2025 Active Directory SYSVOL directory must have the proper access control permissions.Microsoft Windows Server 2025
WN25-DC-000090V1R1Windows Server 2025 Active Directory (AD) Group Policy Objects (GPOs) must have proper access control permissions.Microsoft Windows Server 2025
WN25-DC-000100V1R1Windows Server 2025 Active Directory Domain Controllers Organizational Unit (OU) object must have the proper access control permissions.Microsoft Windows Server 2025
WN25-DC-000110V1R1Windows Server 2025 organization created Active Directory Organizational Unit (OU) objects must have proper access control permissions.Microsoft Windows Server 2025
WN25-DC-000350V1R1The Windows Server 2025 "Add workstations to domain" user right must only be assigned to the Administrators group on domain controllers.Microsoft Windows Server 2025
WN25-DC-000420V1R1The Windows Server 2025 "Enable computer and user accounts to be trusted for delegation" user right must only be assigned to the Administrators group on domain controllers.Microsoft Windows Server 2025
WN25-MS-000010V1R1Windows Server 2025 must only allow administrators responsible for the member server or stand-alone or nondomain-joined system to have Administrator rights on the system.Microsoft Windows Server 2025
WN25-MS-000060V1R1Windows Server 2025 must restrict remote calls to the Security Account Manager (SAM) to Administrators on domain-joined member servers and stand-alone or nondomain-joined systems.Microsoft Windows Server 2025
WN25-MS-000130V1R1The Windows Server 2025 "Enable computer and user accounts to be trusted for delegation" user right must not be assigned to any groups or accounts on domain-joined member servers and stand-alone or nondomain-joined systems.Microsoft Windows Server 2025
WN25-UR-000010V1R1The Windows Server 2025 "Access Credential Manager as a trusted caller" user right must not be assigned to any groups or accounts.Microsoft Windows Server 2025
WN25-UR-000020V1R1The Windows Server 2025 "Act as part of the operating system" user right must not be assigned to any groups or accounts.Microsoft Windows Server 2025
WN25-UR-000040V1R1The Windows Server 2025 "Back up files and directories" user right must only be assigned to the Administrators group.Microsoft Windows Server 2025
WN25-UR-000050V1R1The Windows Server 2025 "Create a pagefile" user right must only be assigned to the Administrators group.Microsoft Windows Server 2025
WN25-UR-000060V1R1The Windows Server 2025 "Create a token object" user right must not be assigned to any groups or accounts.Microsoft Windows Server 2025
WN25-UR-000070V1R1The Windows Server 2025 "Create global objects" user right must only be assigned to Administrators, Service, Local Service, and Network Service.Microsoft Windows Server 2025
WN25-UR-000080V1R1The Windows Server 2025 "Create permanent shared objects" user right must not be assigned to any groups or accounts.Microsoft Windows Server 2025
WN25-UR-000090V1R1The Windows Server 2025 "Create symbolic links" user right must only be assigned to the Administrators group.Microsoft Windows Server 2025
WN25-UR-000100V1R1The Windows Server 2025 "Debug programs" user right must only be assigned to the Administrators group.Microsoft Windows Server 2025
WN25-UR-000110V1R1The Windows Server 2025 "Force shutdown from a remote system" user right must only be assigned to the Administrators group.Microsoft Windows Server 2025
WN25-UR-000120V1R1The Windows Server 2025 "Generate security audits" user right must only be assigned to Local Service and Network Service.Microsoft Windows Server 2025
WN25-UR-000130V1R1The Windows Server 2025 "Impersonate a client after authentication" user right must only be assigned to Administrators, Service, Local Service, and Network Service.Microsoft Windows Server 2025
WN25-UR-000140V1R1The Windows Server 2025 "Increase scheduling priority" user right must only be assigned to the Administrators group.Microsoft Windows Server 2025
WN25-UR-000150V1R1The Windows Server 2025 "Load and unload device drivers" user right must only be assigned to the Administrators group.Microsoft Windows Server 2025
WN25-UR-000160V1R1The Windows Server 2025 "Lock pages in memory" user right must not be assigned to any groups or accounts.Microsoft Windows Server 2025
WN25-UR-000180V1R1The Windows Server 2025 "Modify firmware environment values" user right must only be assigned to the Administrators group.Microsoft Windows Server 2025
WN25-UR-000190V1R1The Windows Server 2025 "Perform volume maintenance tasks" user right must only be assigned to the Administrators group.Microsoft Windows Server 2025
WN25-UR-000200V1R1The Windows Server 2025 "Profile single process" user right must only be assigned to the Administrators group.Microsoft Windows Server 2025
WN25-UR-000210V1R1The Windows Server 2025 "Restore files and directories" user right must only be assigned to the Administrators group.Microsoft Windows Server 2025
WN25-UR-000220V1R1The Windows Server 2025 "Take ownership of files or other objects" user right must only be assigned to the Administrators group.Microsoft Windows Server 2025
This website is not created by, run, approved, or endorsed by the U.S. Department of Defense. Use at your own risk. This website is created by open-source software.