May we remove User Rights Assignment on Site and Notification Server so that we meet STIG 26489
Steps to implement:
Navigate to Local Computer Policy >> Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> User Rights Assignment.
If any accounts or groups other than the following are granted the "Generate security audits" user right, this is a finding:
We found that removing the AppPool information from User Rights Assignment on the Package Server caused unstable communications between NS and Site Servers. It is not recommended.
We also found that reinstalling Package and Task Services recreates these assignments.