Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-3245 | 2.015 | SV-32264r1_rule | ECAN-1 | Medium |
Description |
---|
By default, the Everyone group is given full control to new file shares. When a share is created, permissions should be reconfigured to give the minimum access to those accounts that require it. |
STIG | Date |
---|---|
Windows Server 2008 R2 Domain Controller Security Technical Implementation Guide | 2012-09-05 |
Check Text ( C-32711r1_chk ) |
---|
Open the Computer Management Console. Expand the “System Tools” object in the Tree window. Expand the “Shared Folders” object. Select the “Shares” object. Right click any user-created shares (ignore administrative shares; the system will prompt you if Properties are selected for administrative shares). Select Properties. Select the Share Permissions tab. If user-created file shares have not been reconfigured to remove ACL permissions from the “Everyone” group, then this is a finding. Documentable Explanation: If shares created by applications require the “Everyone” group, this should be documented with the IAO. |
Fix Text (F-59r1_fix) |
---|
Remove permissions from the Everyone group from locally-created file shares and assign them to authorized groups. |