Anonymous access to the registry must be restricted.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-1152	3.030	SV-29595r2_rule		High

Description
The registry is integral to the function, security, and stability of the Windows system. Some processes may require anonymous access to the registry. This must be limited to properly protect the system.

STIG	Date
Windows 2008 Member Server Security Technical Implementation Guide	2016-05-12

Details

Check Text ( C-66325r1_chk )
Run "Regedit". Navigate to the following registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers\Winreg\ If the key does not exist, this is a finding. Review the permissions. If the default permissions listed below have been changed, this is a finding. Administrators - Full Control Backup Operators - Special (Special = Query Value, Enumerate Subkeys, Notify, Read Control (effectively = Read) - This key only) LOCAL SERVICE - Read (Exchange Enterprise Servers group on Domain Controllers and Exchange server s - Full Control)

Check Text ( C-66325r1_chk )

Run "Regedit".
Navigate to the following registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers\Winreg\

If the key does not exist, this is a finding.

Review the permissions.

If the default permissions listed below have been changed, this is a finding.

Administrators - Full Control
Backup Operators - Special
(Special = Query Value, Enumerate Subkeys, Notify, Read Control (effectively = Read) - This key only)
LOCAL SERVICE - Read
(Exchange Enterprise Servers group on Domain Controllers and Exchange server s - Full Control)

Fix Text (F-71713r1_fix)
Maintain the default permissions of the following registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers\Winreg\ Administrators - Full Backup Operators - Special (Special = Query Value, Enumerate Subkeys, Notify, Read Control (effectively = Read) - This key only) LOCAL SERVICE - Read