Anonymous access to the registry must be restricted.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-1152	3.030	SV-25137r4_rule		High

Description
The registry is integral to the function, security, and stability of the Windows system. Some processes may require anonymous access to the registry. This must be limited to properly protect the system.

STIG	Date
Windows 7 Security Technical Implementation Guide	2018-02-12

Details

Check Text ( C-74003r2_chk )
Run "Regedit". Navigate to the following registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg\ If the key does not exist, this is a finding. Right-click on "winreg" and select "Permissions…". Select "Advanced". If the permissions are not as restrictive as the defaults listed below, this is a finding. The following are the same for each permission listed: Type - Allow Inherited from - Columns: Name - Permission - Apply to Administrators - Full Control - This key and subkeys Backup Operators - Special - This key only (Special = Query Value, Enumerate Subkeys, Notify, Read Control (effectively = Read)) LOCAL SERVICE - Read - This key and subkeys

Check Text ( C-74003r2_chk )

Run "Regedit".
Navigate to the following registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg\

If the key does not exist, this is a finding.

Right-click on "winreg" and select "Permissions…".
Select "Advanced".

If the permissions are not as restrictive as the defaults listed below, this is a finding.

The following are the same for each permission listed:
Type - Allow
Inherited from -

Columns: Name - Permission - Apply to
Administrators - Full Control - This key and subkeys
Backup Operators - Special - This key only
(Special = Query Value, Enumerate Subkeys, Notify, Read Control (effectively = Read))
LOCAL SERVICE - Read - This key and subkeys

Fix Text (F-80399r1_fix)
Maintain permissions at least as restrictive as the defaults listed below for the "winreg" registry key. It is recommended to not change the permissions from the defaults. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg\ The following are the same for each permission listed: Type - Allow Inherited from - Columns: Principal - Access - Applies to Administrators - Full Control - This key and subkeys Backup Operators - Special - This key only (Special = Query Value, Enumerate Subkeys, Notify, Read Control (effectively = Read) LOCAL SERVICE - Read - This key and subkeys

Fix Text (F-80399r1_fix)

Maintain permissions at least as restrictive as the defaults listed below for the "winreg" registry key. It is recommended to not change the permissions from the defaults.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg\

The following are the same for each permission listed:
Type - Allow
Inherited from -

Columns: Principal - Access - Applies to
Administrators - Full Control - This key and subkeys
Backup Operators - Special - This key only
(Special = Query Value, Enumerate Subkeys, Notify, Read Control (effectively = Read)
LOCAL SERVICE - Read - This key and subkeys