UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

OS services that are critical for directory server operation must be configured for automatic startup.


Overview

Finding ID Version Rule ID IA Controls Severity
V-8327 DS00.3260_AD SV-31553r1_rule ECTM-1 ECTM-2 Medium
Description
AD is dependent on several Windows services. If one or more of these services is not configured for automatic startup, AD functions may be partially or completely unavailable until the services are manually started. This could result in a failure to replicate data or to support client authentication and authorization requests.
STIG Date
Active Directory Service 2008 Security Technical Implementation Guide (STIG) 2011-05-23

Details

Check Text ( C-14108r2_chk )
1. Start the Services console (Start, Run, “services.msc”).

2. Check the Startup Type field for the following Windows services:
- Distributed File System
- DNS Client
- File Replication Service
- Intersite Messaging
- Kerberos Key Distribution Center
- Net Logon
- Windows Time.

3. If the Startup Type for any of these services is not Automatic, then this is a finding.

Supplemental Notes:

The Windows Time service is not required if another time synchronization tool is implemented to start automatically.

The Distributed File System is not required if the site is not utilizing this service and can be disabled.
Fix Text (F-15016r2_fix)
Configure OS services that are critical for directory server operation for automatic startup.