File Replication Service (FRS) directory data files must have proper access control permissions.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-27109	DS00.0121_2003	SV-34409r2_rule		Medium

Description
Improper access permissions for directory data files could allow unauthorized users to read, modify, or delete directory data.

STIG	Date
Windows 2003 Domain Controller Security Technical Implementation Guide	2014-04-02

Details

Check Text ( C-49673r2_chk )
Run "Regedit". Navigate to "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NtFrs\Parameters". Note the value for "Working Directory", typically "%SystemRoot%\ntfrs". Verify the permissions of the noted location. If the access control permissions of the FRS directory are not at least as restrictive as those below, this is a finding. FRS Directory Permissions: Administrators - Full Control (F) SYSTEM - Full Control (F)

Check Text ( C-49673r2_chk )

Run "Regedit".
Navigate to "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NtFrs\Parameters".
Note the value for "Working Directory", typically "%SystemRoot%\ntfrs".
Verify the permissions of the noted location.
If the access control permissions of the FRS directory are not at least as restrictive as those below, this is a finding.

FRS Directory Permissions:
Administrators - Full Control (F)
SYSTEM - Full Control (F)

Fix Text (F-50021r2_fix)
Maintain the access control permissions for the FRS directory as outlined below. FRS Directory Permissions: Administrators - Full Control (F) SYSTEM - Full Control (F)