File share ACLs have not been reconfigured to remove the Everyone group.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-3245 | 2.015 | SV-29212r1_rule | Medium |
| Description |
|---|
| By default, the Everyone group is given full control to new file shares. When a share is created, permissions should be reconfigured to give the minimum access to those accounts that require it. |
| STIG | Date |
|---|---|
| Windows Vista Security Technical Implementation Guide | 2017-01-30 |
Details
| Check Text ( C-29r1_chk ) |
|---|
| Run the Computer Management Applet. Expand the “System Tools” object in the Tree window. Expand the “Shared Folders” object. Select the “Shares” object. Right click any user-created shares (ignore “Netlogon”, “Sysvol” and administrative shares; the system will prompt you if Properties are selected for administrative shares). Select Properties. Select the Share Permissions tab. If user-created file shares have not been reconfigured to remove ACL permissions from the “Everyone group”, then this is a finding. Note: On Application Servers, if regular users have write or delete permissions to shares containing application binary files (i.e. .exe, .dll, .cmd, etc.) this is a finding. Documentable: If shares created by applications require the "Everyone" group, this should be documented with the IAO. |
| Fix Text (F-59r1_fix) |
|---|
| Remove permissions from the Everyone group from locally-created file shares and assign them to authorized groups. |