Details
This policy setting determines whether users can increase the base priority class of a process. (It is not a privileged operation to increase relative priority within a priority class.) This user right is not required by administrative tools that are supplied with the operating system but might be required by software development tools.
The recommended state for this setting is: Administrators.
Note: The CIS recommended state for this setting is: Administrators, Window ManagerWindow Manager Group, which differs from the STIG recommended state.
Rationale:
A user who is assigned this user right could increase the scheduling priority of a process to Real-Time, which would leave little processing time for all other processes and could lead to a DoS condition.
Impact:
None – this is the default behavior.
Solution
To establish the recommended configuration via GP, set the following UI path to Administrators:
Computer ConfigurationPoliciesWindows SettingsSecurity SettingsLocal PoliciesUser Rights AssignmentIncrease scheduling priority
Default Value:
On Windows Server 2016 or older: Administrators.
On Windows Server 2019 or newer: Administrators, Window ManagerWindow Manager Group.
Additional Information:
Microsoft Windows Server 2016 Security Technical Implementation Guide:
Version 2, Release 2, Benchmark Date: May 04, 2021
Vul ID: V-225083
Rule ID: SV-225083r569186_rule
STIG ID: WN16-UR-000230
Severity: CAT II
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Access Control.This control applies to the following type of system Windows.