Active Directory data files must have proper access control permissions.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-8316 | WN12-AD-000001-DC | SV-51175r3_rule | High |
| Description |
|---|
| Improper access permissions for directory data related files could allow unauthorized users to read, modify, or delete directory data or audit trails. |
| STIG | Date |
|---|---|
| Windows Server 2012/2012 R2 Domain Controller Security Technical Implementation Guide | 2017-04-28 |
Details
| Check Text ( None ) |
|---|
| None |
| Fix Text (F-80453r1_fix) |
|---|
| Ensure the permissions on NTDS database and log files are at least as restrictive as the following: NT AUTHORITY\SYSTEM:(I)(F) BUILTIN\Administrators:(I)(F) (I) - permission inherited from parent container (F) - full access |