Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-226269 | WN12-RG-000002 | SV-226269r569184_rule | High |
Description |
---|
Permissions on the Active Setup\Installed Components registry key must only allow privileged accounts to add or change registry values. If standard user accounts have these permissions, there is a potential for programs to run with elevated privileges when a privileged user logs on to the system. |
STIG | Date |
---|---|
Microsoft Windows Server 2012/2012 R2 Domain Controller Security Technical Implementation Guide | 2021-03-05 |
Check Text ( C-27971r476651_chk ) |
---|
Run "Regedit". Navigate to the following registry keys and review the permissions: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\ (64-bit systems) If the default permissions listed below have been changed, this is a finding. Users - Read Administrators - Full Control SYSTEM - Full Control CREATOR OWNER - Full Control (Subkeys only) ALL APPLICATION PACKAGES - Read |
Fix Text (F-27959r476652_fix) |
---|
Maintain the default permissions of the following registry keys: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\ (64-bit systems only) Users - Read Administrators - Full Control SYSTEM - Full Control CREATOR OWNER - Full Control (Subkeys only) ALL APPLICATION PACKAGES - Read |