SQL Server registry keys should be properly secured.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-3838	DM0927-SQLServer9	SV-25432r1_rule	ECAN-1	Medium

Description
Registry keys contain configuration data for the SQL Server services and applications. Unrestricted access or access unnecessary for operation can lead to a compromise of the application or disclosure of information that may lead to a successful attack or compromise of data.

STIG	Date
Microsoft SQL Server 2005 Instance Security Technical Implementation Guide	2015-06-16

Details

Check Text ( C-1385r1_chk )
Use regedit.exe (Windows 2003) or regedt32.exe (Windows XP, Windows 2000) to review registry permissions To review registry permissions using regedit.exe, navigate to the registry key indicated, right-click on the key, and select Permissions. Select the users and groups permissions and view the assigned Permissions in the Permissions box. To view Special Permissions (From the Permissions window for the key): 1. Click on the Advanced button 2. Select the Effective Permissions tab 3. Click the Select button 4. Select the User or Group name to review 5. To see the list of users or groups: a. Click on the Advanced button b. Click on the Find Now button c. Select a user or group account d. Click OK View registry permissions for the following registry keys and sub-keys under: HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Microsoft SQL Server If Full Control permissions are granted to other than Administrators, the DBA group, Creator Owner, System or the SQL Server service group with the following exceptions, this is a Finding. 1. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Microsoft SQL Server \ Instance Names \ RS \ = Full Control to key to local group account SQLServer2005ReportServerUser$[instance name] 2. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Microsoft SQL Server \ MSSQL.1 \ MSSearch \ = Full Control to keys and Subkeys to local group account SQLServer2005MSFTEUser$[instance name] 3. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Microsoft SQL Server \ MSSQL.1 \ SQLServerAgent \ = Full Control to key to local group account SQLServer2005SQLAgentUser$[instance name] 4. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Microsoft SQL Server \ MSSQL.1 \ SQLServerAgent \ = Full Control to key to local group account SQLServer2005SQLServerADHelperUser$[instance name] 5. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Microsoft SQL Server \ Instance Names \ RS \ = Read to keys and Subkeys to local group account Remote Desktop Users If other than Read permissions are granted to the custom SQL Server Users group or members of that group, this is a Finding. Note: During SQL Server 2005 installation, service group memberships are granted Read access to specific registry keys. If this Read access duplicates the custom SQL Server Users group access, this would not be a Finding. The DBA, Creator Owner, System, Administrators and SQL Server service groups should be granted Full Control.

Check Text ( C-1385r1_chk )

Use regedit.exe (Windows 2003) or regedt32.exe (Windows XP, Windows 2000) to review registry permissions

To review registry permissions using regedit.exe, navigate to the registry key indicated, right-click on the key, and select Permissions. Select the users and groups permissions and view the assigned Permissions in the Permissions box.

To view Special Permissions (From the Permissions window for the key):

1. Click on the Advanced button
2. Select the Effective Permissions tab
3. Click the Select button
4. Select the User or Group name to review
5. To see the list of users or groups:
a. Click on the Advanced button
b. Click on the Find Now button
c. Select a user or group account
d. Click OK

View registry permissions for the following registry keys and sub-keys under:

HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Microsoft SQL Server

If Full Control permissions are granted to other than Administrators, the DBA group, Creator Owner, System or the SQL Server service group with the following exceptions, this is a Finding.

1. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Microsoft SQL Server \ Instance Names \ RS \ = Full Control to key to local group account SQLServer2005ReportServerUser$[instance name]
2. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Microsoft SQL Server \ MSSQL.1 \ MSSearch \ = Full Control to keys and Subkeys to local group account SQLServer2005MSFTEUser$[instance name]
3. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Microsoft SQL Server \ MSSQL.1 \ SQLServerAgent \ = Full Control to key to local group account SQLServer2005SQLAgentUser$[instance name]
4. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Microsoft SQL Server \ MSSQL.1 \ SQLServerAgent \ = Full Control to key to local group account SQLServer2005SQLServerADHelperUser$[instance name]
5. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Microsoft SQL Server \ Instance Names \ RS \ = Read to keys and Subkeys to local group account Remote Desktop Users

If other than Read permissions are granted to the custom SQL Server Users group or members of that group, this is a Finding.

Note: During SQL Server 2005 installation, service group memberships are granted Read access to specific registry keys. If this Read access duplicates the custom SQL Server Users group access, this would not be a Finding.

The DBA, Creator Owner, System, Administrators and SQL Server service groups should be granted Full Control.

Fix Text (F-14806r1_fix)
Review permissions assigned to the SQL Server registry keys and Subkeys. Revoke Full Control permissions to accounts or groups other than DBAs, Administrators, System and Creator Owner except for keys and Subkeys listed in the check procedures. Revoke all Read permissions from any custom SQL Server users group and specific other groups as listed in the check procedures.