The Microsoft SCOM server must use an active directory group that contains authorized members of the SCOM Administrators Role Group.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-237436 | SCOM-IA-000002 | SV-237436r643954_rule | Medium |
| Description |
|---|
| During the initial installation, SCOM grants the Builtin\Administrators group administrator rights to the application. This configuration will allow any local administrator to the SCOM server to have full administrative rights into SCOM. |
| STIG | Date |
|---|---|
| Microsoft SCOM Security Technical Implementation Guide | 2021-03-15 |
Details
| Check Text ( C-40655r643952_chk ) |
|---|
| Open the Operations Console and select the Administrative workspace. In the left pane, expand Security and select User Roles. In the center pane, double-click on Operations Manager Administrators. If Builtin\Administrators is listed, this is a finding. |
| Fix Text (F-40618r643953_fix) |
|---|
| From Active Directory Users and Computers, create a group following the organizational naming standards for SCOM Administrators. Add the SCOM service accounts to this group along with any user's administrative account that is required to administer SCOM. Make note of the group name. Log on to the SCOM console with an administrative account. Select the Administration workspace. Expand Security and click User Roles. From the center pane, double-click on Operations Manager Administrators. Click the Add button and type the name of the group created above and click Check Names. The name should validate. Click OK. The new group should now be added to the Operations Manager Administrators role. Click on Builtin\Administrators and click Remove. Click OK. |