Active Directory Access must be securely configured.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-25265 | OSX00125 M6 | SV-38518r1_rule | DCNR-1 ECCT-1 ECCT-2 | High |
| Description |
|---|
| The “Allow administration by” setting should not be used in sensitive environments. It can cause unintended privilege escalation issues because any member of the group specified will have administrator privileges on a computer. |
| STIG | Date |
|---|---|
| MAC OSX 10.6 Workstation Security Technical Implementation Guide Draft | 2013-01-10 |
Details
| Check Text ( C-37732r1_chk ) |
|---|
| Open Finder. Click the Hard Drive icon. Double Click System. Double Click Library. Double Click CoreServices. Double Click Directory Utility. Click the Services tab. Double Click on Active Directory. Click on Show Advanced Options. Click on Administrative tab and ensure "Allow administration by" is not selected. If "Allow administration by" is selected, this is a finding. |
| Fix Text (F-32976r1_fix) |
|---|
| Open Finder. Click the Hard Drive icon. Double Click System. Double Click Library. Double Click CoreServices. Double Click Directory Utility. Click the Services tab. Double Click on Active Directory. Click on Show Advanced Options. Click on Administrative tab and deselect "Allow administration by" option. |