The default Builtin\Administrators group must be removed from the SCOM Administrators Role Group.

The default Builtin\Administrators group must be removed from the SCOM Administrators Role Group.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-237437	SCOM-IA-000003	SV-237437r643957_rule		Medium

Description
SCOM servers with default well-known operating system groups defined the SCOM Administrators Global Group may allow a local administrator access to privileged SCOM access.

STIG	Date
Microsoft SCOM Security Technical Implementation Guide	2021-03-15

Details

Check Text ( C-40656r643955_chk )
Review the SCOM Administrators Global Group and verify that the Built-in\Administrators Group is not a member. If the Built-in\Administrators group is a member, this is a finding.

Fix Text (F-40619r643956_fix)
Remove the Built-in\Administrators group from the SCOM Administrators Role Group.