Risks with allowing users 'Create Global Objects' right in Local Policy

Hi Experts,

I have been having an issue with users accessing an Oracle based application within a Citrix enivironment.  After much research, i discovered that if I go to the Local Security Settings>User Rights Assignment>Create global objects policy and add those users to that right, the application launches properly and is able to establish a db connection.  My question is, what are the ramifications or risks with providing non-admin users this access?  Am I opening up my Citrix servers to abuse by giving too much power to these users?  I have done some research and cannot find any real substantial case for or against allowing this right other than "only give to right to trusted users".  Any insight would be greatly appreciated.
jamesdowAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

CoccoBillCommented:
From the Threats And Countermeasures guide:

"Create global objects

This policy setting determines whether users can create global objects that are available to all sessions. Users can still create objects that are specific to their own session if they do not have this user right.

The possible values for the Create global objects setting are:
"      A user-defined list of accounts
"      Not Defined

Vulnerability

Users who can create global objects could affect processes that run under other users' sessions. This capability could lead to a variety of problems, such as application failure or data corruption.

Countermeasure

Restrict the Create global objects user right to members of the local Administrators and Service groups.

Potential Impact

None. This is the default configuration."

http://www.microsoft.com/technet/security/guidance/serversecurity/tcg/tcgch04n.mspx
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
OS Security

From novice to tech pro — start learning today.