UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Anonymous access to the registry must be restricted.


Overview

Finding ID Version Rule ID IA Controls Severity
WN12-RG-000004 WN12-RG-000004 WN12-RG-000004_rule High
Description
The registry is integral to the function, security, and stability of the Windows system. Some processes may require anonymous access to the registry. This must be limited to properly protect the system.
STIG Date
Microsoft Windows Server 2012 Domain Controller Security Technical Implementation Guide 2013-07-25

Details

Check Text ( C-WN12-RG-000004_chk )
Using the Registry Editor, navigate to the following key:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurePipeServers\Winreg\

If the key does not exist, this is a finding. If the permissions are not at least as restrictive as the defaults listed below, this is a finding.

Administrators - Full
Backup Operators - Read(QENR)
Local Service - Read
Fix Text (F-WN12-RG-000004_fix)
Ensure the system is configured to prevent anonymous users from gaining access to the registry. Maintain the default permissions of the following registry key:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurePipeServers\Winreg\

Administrators - Full
Backup Operators - Read(QENR)
Local Service - Read