UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

File share permissions must be reconfigured to remove the Everyone group.


Overview

Finding ID Version Rule ID IA Controls Severity
V-3245 2.015 SV-25006r2_rule Medium
Description
Shares on a system can provide network access, exposing sensitive information. If a share is necessary, permissions must be reconfigured to give the minimum access to those accounts that require it.
STIG Date
Windows 7 Security Technical Implementation Guide 2017-12-01

Details

Check Text ( C-62071r2_chk )
Open the Computer Management Console.
Expand the "System Tools" object in the left pane.
Expand the "Shared Folders" object.
Select the "Shares" object.
Right click any user-created shares (ignore administrative shares; the system will prompt you if Properties are selected for administrative shares).
Select "Properties".
Select the "Share Permissions" tab.

If user-created file shares have not been reconfigured to remove ACL permissions from the "Everyone" group, this is a finding.

If shares created by applications require the "Everyone" group, this must be documented with the ISSO.
Fix Text (F-66969r2_fix)
Remove permissions from the "Everyone" group from locally-created file shares and assign them to authorized groups.