Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-27109 | DS00.0121_2008 | SV-34410r2_rule | Medium |
Description |
---|
Improper access permissions for directory data files could allow unauthorized users to read, modify, or delete directory data. |
STIG | Date |
---|---|
Windows 2008 Domain Controller Security Technical Implementation Guide | 2017-03-02 |
Check Text ( C-49675r2_chk ) |
---|
If the system is using the more current Distributed File System (DFS) replication, this is NA. Execute the command "Dfsrmig /getmigrationstate", to verify DFSR is being used. The following message should be returned if the system is using DFSR: "All Domain Controllers have migrated successfully to Global state ('Eliminated'). Migration has reached a consistent state on all Domain Controllers." If the system is using FRS: Run "Regedit". Navigate to "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NtFrs\Parameters". Note the value for "Working Directory", typically "%SystemRoot%\ntfrs". Verify the permissions of the noted location. If the access control permissions of the FRS directory are not at least as restrictive as those below, this is a finding. FRS Directory Permissions: Administrators - Full Control (F) SYSTEM - Full Control (F) |
Fix Text (F-50023r2_fix) |
---|
If the system is using the more current DFS replication, this is NA. Maintain the access control permissions for the FRS directory as outlined below. FRS Directory Permissions: Administrators - Full Control (F) SYSTEM - Full Control (F) |