Active Directory data files must have proper access control permissions.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-8316 | WN12-AD-000001-DC | SV-51175r2_rule | ECAN-1 ECCD-1 ECCD-2 | High |
| Description |
|---|
| Improper access permissions for directory data related files could allow unauthorized users to read, modify, or delete directory data or audit trails. |
| STIG | Date |
|---|---|
| Windows Server 2012 / 2012 R2 Domain Controller Security Technical Implementation Guide | 2016-07-22 |
Details
| Check Text ( None ) |
|---|
| None |
| Fix Text (F-44332r1_fix) |
|---|
| Ensure the permissions on NTDS database and log files are maintained as follows. NT AUTHORITY\SYSTEM:(I)(F) BUILTIN\Administrators:(I)(F) (I) - permission inherited from parent container (F) - full access |