Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-3245 | 2.015 | SV-25006r2_rule | Medium |
Description |
---|
Shares on a system can provide network access, exposing sensitive information. If a share is necessary, permissions must be reconfigured to give the minimum access to those accounts that require it. |
STIG | Date |
---|---|
Windows 7 Security Technical Implementation Guide | 2017-12-01 |
Check Text ( C-62071r2_chk ) |
---|
Open the Computer Management Console. Expand the "System Tools" object in the left pane. Expand the "Shared Folders" object. Select the "Shares" object. Right click any user-created shares (ignore administrative shares; the system will prompt you if Properties are selected for administrative shares). Select "Properties". Select the "Share Permissions" tab. If user-created file shares have not been reconfigured to remove ACL permissions from the "Everyone" group, this is a finding. If shares created by applications require the "Everyone" group, this must be documented with the ISSO. |
Fix Text (F-66969r2_fix) |
---|
Remove permissions from the "Everyone" group from locally-created file shares and assign them to authorized groups. |