Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
Active Directory Access must be securely configured.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-25265 | OSX00125 M6 | SV-38518r1_rule | DCNR-1 ECCT-1 ECCT-2 | High |
| Description |
|---|
| The “Allow administration by” setting should not be used in sensitive environments. It can cause unintended privilege escalation issues because any member of the group specified will have administrator privileges on a computer. |
| STIG | Date |
|---|---|
| MAC OSX 10.6 Workstation Security Technical Implementation Guide | 2013-04-09 |
Details
| Check Text ( C-37732r1_chk ) |
|---|
| Open Finder. Click the Hard Drive icon. Double Click System. Double Click Library. Double Click CoreServices. Double Click Directory Utility. Click the Services tab. Double Click on Active Directory. Click on Show Advanced Options. Click on Administrative tab and ensure "Allow administration by" is not selected. If "Allow administration by" is selected, this is a finding. |
| Fix Text (F-32976r1_fix) |
|---|
| Open Finder. Click the Hard Drive icon. Double Click System. Double Click Library. Double Click CoreServices. Double Click Directory Utility. Click the Services tab. Double Click on Active Directory. Click on Show Advanced Options. Click on Administrative tab and deselect "Allow administration by" option. |