Standard user accounts must only have Read permissions to the Active Setup\Installed Components registry key.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-32282 | WN08-RG-000002 | SV-48295r2_rule | High |
| Description |
|---|
| Permissions on the Active Setup\Installed Components registry key must only allow privileged accounts to add or change registry values. If standard user accounts have this capability, there is a potential for programs to run with elevated privileges when a privileged user logs on to the system. |
| STIG | Date |
|---|---|
| Windows 8/8.1 Security Technical Implementation Guide | 2018-02-12 |
Details
| Check Text ( C-64139r1_chk ) |
|---|
| Run "Regedit". Navigate to the following registry keys and review the permissions: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\ (64-bit systems) If the default permissions listed below have been changed, this is a finding. Users - Read Administrators - Full Control SYSTEM - Full Control CREATOR OWNER - Full Control (Subkeys only) ALL APPLICATION PACKAGES - Read |
| Fix Text (F-69319r1_fix) |
|---|
| Maintain the default permissions of the following registry keys as noted below: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\ (64-bit systems only) Users - Read Administrators - Full Control SYSTEM - Full Control CREATOR OWNER - Full Control (Subkeys only) ALL APPLICATION PACKAGES - Read |