Details
This user right is useful to kernel-mode components that extend the object namespace. However, components that run in kernel mode have this user right inherently. Therefore, it is typically not necessary to specifically assign this user right.
The recommended state for this setting is: No One.
Rationale:
Users who have the Create permanent shared objects user right could create new shared objects and expose sensitive data to the network.
Impact:
None – this is the default behavior.
Solution
To establish the recommended configuration via GP, set the following UI path to No One:
Computer ConfigurationPoliciesWindows SettingsSecurity SettingsLocal PoliciesUser Rights AssignmentCreate permanent shared objects
Default Value:
No one.
Additional Information:
Microsoft Windows Server 2019 Security Technical Implementation Guide:
Version 2, Release 1, Benchmark Date: November 13, 2020
Vul ID: V-205755
Rule ID: SV-205755r569188_rule
STIG ID: WN19-UR-000080
Severity: CAT II
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Access Control.This control applies to the following type of system Windows.