UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Anonymous access to the registry must be restricted.


Overview

Finding ID Version Rule ID IA Controls Severity
V-1152 3.030 SV-29595r2_rule High
Description
The registry is integral to the function, security, and stability of the Windows system. Some processes may require anonymous access to the registry. This must be limited to properly protect the system.
STIG Date
Windows 2008 Member Server Security Technical Implementation Guide 2016-05-12

Details

Check Text ( C-66325r1_chk )
Run "Regedit".
Navigate to the following registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers\Winreg\

If the key does not exist, this is a finding.

Review the permissions.

If the default permissions listed below have been changed, this is a finding.

Administrators - Full Control
Backup Operators - Special
(Special = Query Value, Enumerate Subkeys, Notify, Read Control (effectively = Read) - This key only)
LOCAL SERVICE - Read
(Exchange Enterprise Servers group on Domain Controllers and Exchange server s - Full Control)
Fix Text (F-71713r1_fix)
Maintain the default permissions of the following registry key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers\Winreg\

Administrators - Full
Backup Operators - Special
(Special = Query Value, Enumerate Subkeys, Notify, Read Control (effectively = Read) - This key only)
LOCAL SERVICE - Read