How to remove User Rights Assignment on Site and Notification Server so that we meet STIG 26489?

ITMS 8.x

Steps to implement:

Run "gpedit.msc".

Navigate to Local Computer Policy >> Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> User Rights Assignment.

If any accounts or groups other than the following are granted the "Generate security audits" user right, this is a finding:

Local Service
Network Service

It was found that removing the AppPool information from the User Rights Assignment on the Package Server caused unstable communications between the Notification Server and Site Servers, so this is not recommended.

Workaround: Reinstalling both the Package and Task Services recreates these assignments.