UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

A Windows system has an incorrect default DCOM authorization level.


Overview

Finding ID Version Rule ID IA Controls Severity
V-6825 5.107 SV-29737r2_rule ECSC-1 Medium
Description
The DCOM default authentication level has been detected to be below the required setting. If the authentication level is None, then any user can access any object on the system without authentication.
STIG Date
Windows 2003 Domain Controller Security Technical Implementation Guide 2015-06-03

Details

Check Text ( C-40668r1_chk )
Open a command prompt.
Execute “Dcomcnfg.exe”.
In the “Component Services” window, navigate to Component Services -> Computer -> My Computer
Right-click “My Computer” and select “Properties”.
Select the “Default Properties” tab.
If the “Default Authentication Level” is set to “None” or “Call”, this is a finding.
Fix Text (F-36078r1_fix)
Fortify DCOMs default permissions. This should be thoroughly tested to verify DCOM objects continue to function under tightened security.
Open a command prompt.
Execute “Dcomcnfg.exe”.
In the “Component Services” window, navigate to Component Services -> Computer -> My Computer
Right-click “My Computer” and select “Properties”.
Select the “Default Properties” tab.
Select a “Default Authentication Level” other than “None” or “Call”. For sensitive systems, an authentication level of “Packet Privacy” is recommended.
Click OK.