OS services that are critical for directory server operation must be configured for automatic startup.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-8327 | DS00.3260_AD | SV-31553r1_rule | ECTM-1 ECTM-2 | Medium |
| Description |
|---|
| AD is dependent on several Windows services. If one or more of these services is not configured for automatic startup, AD functions may be partially or completely unavailable until the services are manually started. This could result in a failure to replicate data or to support client authentication and authorization requests. |
| STIG | Date |
|---|---|
| Active Directory Service 2008 Security Technical Implementation Guide (STIG) | 2011-05-23 |
Details
| Check Text ( C-14108r2_chk ) |
|---|
| 1. Start the Services console (Start, Run, “services.msc”). 2. Check the Startup Type field for the following Windows services: - Distributed File System - DNS Client - File Replication Service - Intersite Messaging - Kerberos Key Distribution Center - Net Logon - Windows Time. 3. If the Startup Type for any of these services is not Automatic, then this is a finding. Supplemental Notes: The Windows Time service is not required if another time synchronization tool is implemented to start automatically. The Distributed File System is not required if the site is not utilizing this service and can be disabled. |
| Fix Text (F-15016r2_fix) |
|---|
| Configure OS services that are critical for directory server operation for automatic startup. |