File Replication Service (FRS) directory data files must have proper access control permissions.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-27109 | DS00.0121_2008 | SV-34410r2_rule | Medium |
| Description |
|---|
| Improper access permissions for directory data files could allow unauthorized users to read, modify, or delete directory data. |
| STIG | Date |
|---|---|
| Windows 2008 Domain Controller Security Technical Implementation Guide | 2019-06-18 |
Details
| Check Text ( C-49675r2_chk ) |
|---|
| If the system is using the more current Distributed File System (DFS) replication, this is NA. Execute the command "Dfsrmig /getmigrationstate", to verify DFSR is being used. The following message should be returned if the system is using DFSR: "All Domain Controllers have migrated successfully to Global state ('Eliminated'). Migration has reached a consistent state on all Domain Controllers." If the system is using FRS: Run "Regedit". Navigate to "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NtFrs\Parameters". Note the value for "Working Directory", typically "%SystemRoot%\ntfrs". Verify the permissions of the noted location. If the access control permissions of the FRS directory are not at least as restrictive as those below, this is a finding. FRS Directory Permissions: Administrators - Full Control (F) SYSTEM - Full Control (F) |
| Fix Text (F-50023r2_fix) |
|---|
| If the system is using the more current DFS replication, this is NA. Maintain the access control permissions for the FRS directory as outlined below. FRS Directory Permissions: Administrators - Full Control (F) SYSTEM - Full Control (F) |