Unnecessary features will not be installed.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-16006	5.260	SV-32277r2_rule	ECSC-1	Medium

Description
Windows Server 2008 includes additional features available for installation through Server Manager. The majority of these are unnecessary for the server roles and may also increase the attack surface of the system.

STIG	Date
Windows Server 2008 R2 Domain Controller Security Technical Implementation Guide	2015-06-16

Details

Check Text ( C-32841r1_chk )
Start “Server Manager”. Select “Features” node. View Features Summary to determine any installed features. The “Add Features” link provides a complete list of available features Any installed features must be documented with the IAO to include the reason for installation and any mitigations of risk. Current Exceptions: Group Policy Management, Windows Server Backup Features, Bitlocker. If any unnecessary, undocumented features are installed, then this is a finding.

Check Text ( C-32841r1_chk )

Start “Server Manager”.
Select “Features” node.
View Features Summary to determine any installed features.
The “Add Features” link provides a complete list of available features

Any installed features must be documented with the IAO to include the reason for installation and any mitigations of risk.

Current Exceptions: Group Policy Management, Windows Server Backup Features, Bitlocker.

If any unnecessary, undocumented features are installed, then this is a finding.

Fix Text (F-29055r1_fix)
Uninstall any unnecessary, undocumented features.