UCF STIG Viewer Logo

Standard user accounts must only have Read permissions to the Active Setup\Installed Components registry key.


Overview

Finding ID Version Rule ID IA Controls Severity
V-32282 WINRG-000001 SV-42617r2_rule High
Description
Permissions on the Active Setup\Installed Components registry key must only allow privileged accounts to add or change registry values. If standard user accounts have this capability there is a potential for programs to run with elevated privileges when a privileged user logs on to the system.
STIG Date
Windows 2008 Member Server Security Technical Implementation Guide 2019-06-18

Details

Check Text ( C-66323r2_chk )
Run "Regedit".
Navigate to the following registry keys and review the permissions:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\ (64-bit systems)

If the default permissions listed below have been changed, this is a finding.

Users - Read
Administrators - Full Control
SYSTEM - Full Control
CREATOR OWNER - Special
(Special = Full Control - Subkeys only)
Fix Text (F-71711r1_fix)
Maintain the default permissions of the following registry keys:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\ (64-bit systems only)

Users - Read
Administrators - Full Control
SYSTEM - Full Control
CREATOR OWNER - Special
(Special = Full Control - Subkeys only)