Risks with allowing users 'Create Global Objects' right in Local Policy

Posted on 2008-11-18
Last Modified: 2013-12-04
Hi Experts,

I have been having an issue with users accessing an Oracle based application within a Citrix enivironment.  After much research, i discovered that if I go to the Local Security Settings>User Rights Assignment>Create global objects policy and add those users to that right, the application launches properly and is able to establish a db connection.  My question is, what are the ramifications or risks with providing non-admin users this access?  Am I opening up my Citrix servers to abuse by giving too much power to these users?  I have done some research and cannot find any real substantial case for or against allowing this right other than "only give to right to trusted users".  Any insight would be greatly appreciated.
Question by:jamesdow
    1 Comment
    LVL 19

    Accepted Solution

    From the Threats And Countermeasures guide:

    "Create global objects

    This policy setting determines whether users can create global objects that are available to all sessions. Users can still create objects that are specific to their own session if they do not have this user right.

    The possible values for the Create global objects setting are:
    "      A user-defined list of accounts
    "      Not Defined


    Users who can create global objects could affect processes that run under other users' sessions. This capability could lead to a variety of problems, such as application failure or data corruption.


    Restrict the Create global objects user right to members of the local Administrators and Service groups.

    Potential Impact

    None. This is the default configuration."

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Highfive + Dolby Voice = No More Audio Complaints!

    Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

    Article by: btan
    The intent is not to repeat what many has know about Ransomware but more to join its dots of what is it, who are the victims, why it exists, when and how we respond on infection. Lastly, sum up in a glance to share such information with more to help…
    You cannot be 100% sure that you can protect your organization against crypto ransomware but you can lower down the risk and impact of the infection.
    This video is in connection to the article "The case of a missing mobile phone (". It will help one to understand clearly the steps to track a lost android phone.
    In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

    794 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    17 Experts available now in Live!

    Get 1:1 Help Now