This setting is used by Credential Manager during Backup/Restore. No accounts should have this privilege, as it is only assigned to Winlogon. Users saved credentials might be compromised if this privilege is given to other entities.
Policy Path: User Rights Assignments
Policy Setting Name: Access Credential Manager as a trusted caller
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Access Control.This control applies to the following type of system Windows.