File share permissions must be reconfigured to remove the Everyone group.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-3245	2.015	SV-25006r2_rule		Medium

Description
Shares on a system can provide network access, exposing sensitive information. If a share is necessary, permissions must be reconfigured to give the minimum access to those accounts that require it.

STIG	Date
Windows 7 Security Technical Implementation Guide	2018-02-12

Details

Check Text ( C-62071r2_chk )
Open the Computer Management Console. Expand the "System Tools" object in the left pane. Expand the "Shared Folders" object. Select the "Shares" object. Right click any user-created shares (ignore administrative shares; the system will prompt you if Properties are selected for administrative shares). Select "Properties". Select the "Share Permissions" tab. If user-created file shares have not been reconfigured to remove ACL permissions from the "Everyone" group, this is a finding. If shares created by applications require the "Everyone" group, this must be documented with the ISSO.

Check Text ( C-62071r2_chk )

Open the Computer Management Console.
Expand the "System Tools" object in the left pane.
Expand the "Shared Folders" object.
Select the "Shares" object.
Right click any user-created shares (ignore administrative shares; the system will prompt you if Properties are selected for administrative shares).
Select "Properties".
Select the "Share Permissions" tab.

If user-created file shares have not been reconfigured to remove ACL permissions from the "Everyone" group, this is a finding.

If shares created by applications require the "Everyone" group, this must be documented with the ISSO.

Fix Text (F-66969r2_fix)
Remove permissions from the "Everyone" group from locally-created file shares and assign them to authorized groups.