search cancel

Removing User Rights Assignment on Site and Notification Server causes unexpected results

book

Article ID: 173604

calendar_today

Updated On:

Products

IT Management Suite

Issue/Introduction

May we remove User Rights Assignment on Site and Notification Server so that we meet STIG 26489

Steps to implement:

Run "gpedit.msc".

Navigate to Local Computer Policy >> Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> User Rights Assignment.

If any accounts or groups other than the following are granted the "Generate security audits" user right, this is a finding:

Local Service
Network Service

Resolution

We found that removing the AppPool information from User Rights Assignment on the Package Server caused unstable communications between NS and Site Servers.  It is not recommended.

We also found that reinstalling Package and Task Services recreates these assignments.