CIS-CAT Pro Assessor Error: "STATUS_ACCESS_DENIED (0xc0000022)"

Owned by Nick Romanzo, created
Last updated: May 08, 2024 by Amanda McGown
1 min read

Product Name

CIS-CAT Pro Assessor v4

Product Version

All

Date

May 8, 2024

Ā 

Problem

I am unable to perform a remote Windows assessment. The assessor-cli.log file contains:
STATUS_ACCESS_DENIED (0xc0000022): Could not connect to \\x.x.x.x\C$

Solution

The user is unable to connect to the target systems administrative share. This is due to not having UAC Remote Restrictions disabled.

On the target system, set following registry setting to disable UAC Remote Restrictions:
https://ciscat-assessor.docs.cisecurity.org/en/latest/Configuration%20Guide/#remote-setup-microsoft-windows

  • Click Start, click Run, type regedit, and then press ENTER.

  • Locate and then click the following registry subkey:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System

    • If the LocalAccountTokenFilterPolicy registry entry does not exist, follow these steps:

      • On the Edit menu, point to New, and then click DWORD Value.

      • Type LocalAccountTokenFilterPolicy, and then press ENTER.

  • Right-click LocalAccountTokenFilterPolicy, and then click Modify.

  • In the Value data box, type 1, and then click OK.

  • Exit Registry Editor.

The Assessor accesses the administrative shares on the remote host, which are only accessible for users that are part of the Administrators group (or similar group with administrator privileges) on that host, or are configured as domain administrators.

Keywords; Status Access Denied 0xc0000022

Content by Label

Copyright Ā© 2024

Center for Internet SecurityĀ®

Ā