Details

This setting is used by Credential Manager during Backup/Restore. No accounts should have this privilege, as it is only assigned to Winlogon. Users saved credentials might be compromised if this privilege is given to other entities.

Solution

Policy Path: User Rights Assignments
Policy Setting Name: Access Credential Manager as a trusted caller

Supportive Information

The following resource is also helpful.

• https://blogs.technet.microsoft.com/secguide/2018/04/30/security-baseline-for-windows-10-april-2018-update-v1803-final/

This security hardening control applies to the following category of controls within NIST 800-53: Access Control.This control applies to the following type of system Windows.

References

• 800-53|AC-6(7)(b)
• CSCv6|5.1

Source

• Tenable.com/audits