Users with Administrative privileges must have separate accounts for administrative duties and normal operational tasks.

From Windows Server 2016 Security Technical Implementation Guide

Part of SRG-OS-000480-GPOS-00227

Associated with: CCI-000366

SV-87869r1_rule Users with Administrative privileges must have separate accounts for administrative duties and normal operational tasks.

Vulnerability discussion

Using a privileged account to perform routine functions makes the computer vulnerable to malicious software inadvertently introduced during a session that has been granted full privileges.

Check content

Verify each user with administrative privileges has been assigned a unique administrative account separate from their standard user account. If users with administrative privileges do not have separate accounts for administrative functions and standard user functions, this is a finding.

Fix text

Ensure each user with administrative privileges has a separate account for user duties and one for privileged duties.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer