• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 7858
  • Last Modified:

Risks with allowing users 'Create Global Objects' right in Local Policy

Hi Experts,

I have been having an issue with users accessing an Oracle based application within a Citrix enivironment.  After much research, i discovered that if I go to the Local Security Settings>User Rights Assignment>Create global objects policy and add those users to that right, the application launches properly and is able to establish a db connection.  My question is, what are the ramifications or risks with providing non-admin users this access?  Am I opening up my Citrix servers to abuse by giving too much power to these users?  I have done some research and cannot find any real substantial case for or against allowing this right other than "only give to right to trusted users".  Any insight would be greatly appreciated.
0
jamesdow
Asked:
jamesdow
1 Solution
 
CoccoBillCommented:
From the Threats And Countermeasures guide:

"Create global objects

This policy setting determines whether users can create global objects that are available to all sessions. Users can still create objects that are specific to their own session if they do not have this user right.

The possible values for the Create global objects setting are:
"      A user-defined list of accounts
"      Not Defined

Vulnerability

Users who can create global objects could affect processes that run under other users' sessions. This capability could lead to a variety of problems, such as application failure or data corruption.

Countermeasure

Restrict the Create global objects user right to members of the local Administrators and Service groups.

Potential Impact

None. This is the default configuration."

http://www.microsoft.com/technet/security/guidance/serversecurity/tcg/tcgch04n.mspx
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now