deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-18 20:03:40 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Acrolinx Enhancement Effort

Browse Source
This commit is contained in:
Siddarth Mandalika
2022-06-23 12:23:39 +05:30
parent bdcca70e0a
commit d7e7827aee
15 changed files with 112 additions and 114 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
windows/security/threat-protection/security-policy-settings/create-global-objects.md
View File

@ -27,9 +27,9 @@ Describes the best practices, location, values, policy management, and security
## Reference
This policy setting determines which users can create global objects that are available to all sessions. Users can still create objects that are specific to their own session if they do not have this user right.
This policy setting determines which users can create global objects that are available to all sessions. Users can still create objects that are specific to their own session if they don't have this user right.
A global object is an object that is created to be used by any number of processes or threads, even those not started within the users session. Remote Desktop Services uses global objects in its processes to facilitate connections and access.
A global object is an object that can be used by any number of processes or threads, even those processes or threads not started within the users session. Remote Desktop Services uses global objects in its processes to facilitate connections and access.
Constant: SeCreateGlobalPrivilege
@ -40,7 +40,7 @@ Constant: SeCreateGlobalPrivilege
### Best practices
- Do not assign any user accounts this right.
- Don't assign any user accounts this right.
### Location
@ -63,7 +63,7 @@ The following table lists the actual and effective default policy values. Defaul
## Policy management
A restart of the device is not required for this policy setting to take effect.
A restart of the device isn't required for this policy setting to take effect.
Any change to the user rights assignment for an account becomes effective the next time the owner of the account logs on.
@ -90,7 +90,7 @@ By default, members of the **Administrators** group, the System account, and ser
### Countermeasure
When non-administrators need to access a server using Remote Desktop, add the users to the **Remote Desktop Users** group rather than assining them this user right.
When non-administrators need to access a server using Remote Desktop, add the users to the **Remote Desktop Users** group rather than assigning them this user right.
### Potential impact