ASD's Blueprint for Secure Cloud

ASD Windows Hardening Guidelines-User Rights Assignment

This section describes the configuration of device configuration profiles within Microsoft Intune associated with systems built according to the guidance provided by ASD's Blueprint for Secure Cloud.

Estimated reading time: 2 minutes

Basics

ItemValue
NameASD Windows Hardening Guidelines-User Rights Assignment
Description
PlatformWindows 10 and later
Profile typeCustom

Assignments

Included groups

ItemValue
GroupsAll devices

Excluded groups

None

Scope tags

ItemValue
Scope tagsDefault

Configuration settings

The below must be configured using Graph API

SeCreatePermanentPrivilege

ItemValue
DisplaynameSeCreatePermanentPrivilege
umaUri“./Device/Vendor/MSFT/Policy/Config/UserRights/CreatePermanentSharedObjects”
IsEncryptedfalse

SeCreateTokenPrivilege

ItemValue
DisplaynameSeCreateTokenPrivilege
umaUri“./Device/Vendor/MSFT/Policy/Config/UserRights/CreateToken”
IsEncryptedfalse

SeEnableDelegationPrivilege

ItemValue
DisplaynameSeEnableDelegationPrivilege
umaUri“./Device/Vendor/MSFT/Policy/Config/UserRights/EnableDelegation”
IsEncryptedfalse

SeLockMemoryPrivilege

ItemValue
DisplaynameSeLockMemoryPrivilege
umaUri“./Device/Vendor/MSFT/Policy/Config/UserRights/LockMemory”
IsEncryptedfalse

SeTrustedCredManAccessPrivilege

ItemValue
DisplaynameSeTrustedCredManAccessPrivilege
umaUri“./Device/Vendor/MSFT/Policy/Config/UserRights/AccessCredentialManagerAsTrustedCaller”
IsEncryptedfalse

SeTcbPrivilege

ItemValue
DisplaynameSeTcbPrivilege
umaUri“./Device/Vendor/MSFT/Policy/Config/UserRights/ActAsPartOfTheOperatingSystem”
IsEncryptedfalse

Security & Governance

  • None identified

Design

  • None identified

Configuration

  • None identified

References

  • None identified

Do you have a suggestion on how the above page could be improved? Get in touch! ASD's Blueprint for Secure Cloud is an open source project, and we would love to get your input. Submit an issue on our GitHub, or send us an email at blueprint@asd.gov.au

Acknowledgement of Country icon

Acknowledgement of Country
We acknowledge the Traditional Owners and Custodians of Country throughout Australia and their continuing connections to land, sea and communities. We pay our respects to them, their cultures and their Elders; past, present and emerging. We also recognise Australia's First Peoples' enduring contribution to Australia's national security.

Authorised by the Australian Government, Canberra