New security check to report results when you do not assign rights to a user for a policy

  • 7023267
  • 14-Aug-2018
  • 14-Aug-2018

Environment

Secure Configuration Manager 7.1

Situation

This release resolves an issue where security checks that evaluate permissions for a specified policy fail to report accurate results if no user or group has been assigned permissions. For example, the security policy "Access credential manager as a trusted caller" determines who can access credential manager. To assess compliance with the policy, you might run the User rights security check. However, this check requires you to enter a value for the user or group to check for permissions but does not allow you to enter 'no one' or leave the value blank.

Resolution

To resolve this issue, run the new User rights not assigned security check. This security check lists user rights, along with the user accounts that have each right, for the specified policy. If no user or group has rights to the setting, then this security check returns a correct value of "No one".

Cause

Previously this check did not allow you to enter 'no one' or leave the value blank.