Create permanent shared objects (Windows)

Module: Account Integrity

Supported Platforms: Windows 2000, Windows 2003, Windows 2008, Windows Vista, Windows XP

This check reports accounts with rights to create permanent shared objects. Accounts with this right can create directory objects in the Windows object manager to extend the object name space. This is normally used only by kernel-mode components. Because all components that are running in kernel mode automatically have this right, it should not be necessary to directly assign this right to any accounts. You can use the name list to exclude or include users that are not already excluded or included by the Users to check option.

The following table lists the error message for the check.

Table: Error message for Create permanent shared objects

Message String ID and Category

Platform and Message Numeric ID

Message Title and Description

Additional Information

String ID: ESM_CREATE_SHARED

Category: Policy Compliance

  • Windows 2000 (105936)

  • Windows 2003 (205936)

  • Windows 2008 (248936)

  • Windows Vista (228932)

  • Windows XP (200932)

Title: Create permanent shared objects

Description:The user or security group has the right to create permanent shared objects. Accounts with this right can create directory objects in the Windows object manager to extend the object name space. This is normally used only by kernel-mode components. Because all components that are running in kernel mode automatically have this right, it should not be necessary to directly assign this right to any accounts. Use the Correct feature to revoke the right.

Severity: yellow-1

Correctable: true

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [%s]