Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-226075 | WN12-AD-000006-DC | SV-226075r569184_rule | Medium |
Description |
---|
When directory service data files, especially for directories used for identification, authentication, or authorization, reside on the same logical partition as user-owned files, the directory service data may be more vulnerable to unauthorized access or other availability compromises. Directory service and user-owned data files sharing a partition may be configured with less restrictive permissions in order to allow access to the user data. The directory service may be vulnerable to a denial of service attack when user-owned files on a common partition are expanded to an extent preventing the directory service from acquiring more space for directory or audit data. |
STIG | Date |
---|---|
Microsoft Windows Server 2012/2012 R2 Domain Controller Security Technical Implementation Guide | 2020-10-15 |
Check Text ( C-27777r475548_chk ) |
---|
Refer to the AD database location obtained in check V-8316. Note the logical drive (e.g., C:) on which the files are located. Determine if the server is currently providing file sharing services to users with the following command. Enter "net share" at a command prompt. Note the logical drive(s) or file system partition for any site-created data shares. Ignore all system shares (e.g., Windows NETLOGON, SYSVOL, and administrative shares ending in $). User shares that are hidden (ending with $) should not be ignored. If user shares are located on the same logical partition as the directory server data files, this is a finding. |
Fix Text (F-27765r475549_fix) |
---|
Ensure files owned by users are stored on a different logical partition then the directory server data files. |