UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Active Directory data files must have proper access control permissions.


Overview

Finding ID Version Rule ID IA Controls Severity
V-8316 DS00.0120_2008_R2 SV-38994r3_rule High
Description
Improper access permissions for directory data related files could allow unauthorized users to read, modify, or delete directory data or audit trails.
STIG Date
Windows Server 2008 R2 Domain Controller Security Technical Implementation Guide 2017-07-28

Details

Check Text ( None )
None
Fix Text (F-80451r1_fix)
Ensure the permissions on NTDS database and log files are at least as restrictive as the following:
NT AUTHORITY\SYSTEM:(I)(F)
BUILTIN\Administrators:(I)(F)

(I) - permission inherited from parent container
(F) - full access