none
Create a token object

    Question

  • Hello

    I have been cleaning up some old GPO due to audit concerns and ran into a User Right within GPO " Create a token object " right. I see we have 1 account listed in there but I am not sure if it still required. At some point we have Symantec Backupexec which required an account with that right so that it can backup files it doesn't have rights to , but Symantec has since changed that and it is no longer required.

    What I am asking here is how common is it to have an account listed there and is there anyway to check for a particular event ID to see if this is still occurring within the infrastructure. I want to remove the account but I am afraid something will break.

    Wednesday, January 18, 2017 3:48 PM

All replies

  • Hi,
    This right determines which accounts can be used by processes to create a token which can then be used to get access to any local resources when the process uses NtCreateToken() or other token-creation APIs.
    It is recommended that if a process requires this right, it should be assigned to the Local System account and the Create A Token Object setting is Not Defined for Enterprise Client environments and should be set to No One
    Please see details from: https://technet.microsoft.com/en-us/library/cc976505.aspx
    Best regards,
    Wendy

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Thursday, January 19, 2017 3:09 AM
    Moderator
  • Hi,

    I am checking how the issue going, if you still have any questions, please feel free to contact us.

    And if the replies as above are helpful, we would appreciate you to mark them as answers, and if you resolve it using your own solution, please share your experience and solution here. It will be greatly helpful to others who have the same question.

    Appreciate for your feedback.

    Best regards,

    Wendy


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Monday, January 23, 2017 9:54 AM
    Moderator