Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-224975 | WN16-DC-000120 | SV-224975r569186_rule | Medium |
Description |
---|
When directory service data files, especially for directories used for identification, authentication, or authorization, reside on the same logical partition as user-owned files, the directory service data may be more vulnerable to unauthorized access or other availability compromises. Directory service and user-owned data files sharing a partition may be configured with less restrictive permissions in order to allow access to the user data. The directory service may be vulnerable to a denial of service attack when user-owned files on a common partition are expanded to an extent preventing the directory service from acquiring more space for directory or audit data. |
STIG | Date |
---|---|
Microsoft Windows Server 2016 Security Technical Implementation Guide | 2021-09-29 |
Check Text ( C-26666r465827_chk ) |
---|
This applies to domain controllers. It is NA for other systems. Run "Regedit". Navigate to "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters". Note the directory locations in the values for "DSA Database file". Open "Command Prompt". Enter "net share". Note the logical drive(s) or file system partition for any organization-created data shares. Ignore system shares (e.g., NETLOGON, SYSVOL, and administrative shares ending in $). User shares that are hidden (ending with $) should not be ignored. If user shares are located on the same logical partition as the directory server data files, this is a finding. |
Fix Text (F-26654r465828_fix) |
---|
Move shares used to store files owned by users to a different logical partition than the directory server data files. |