UCF STIG Viewer Logo

ACLs for system files and directories do not conform to minimum requirements.


Overview

Finding ID Version Rule ID IA Controls Severity
V-1130 2.006 SV-18445r1_rule ECCD-1 ECCD-2 Medium
Description
Failure to properly configure ACL file and directory permissions, allows the possibility of unauthorized and anonymous modification to the operating system and installed applications.
STIG Date
Windows XP Security Technical Implementation Guide 2014-04-07

Details

Check Text ( None )
None
Fix Text (F-29105r1_fix)
Maintain the default file ACLs, configure the Security Option: “Network access: Let everyone permissions apply to anonymous users” to “Disabled” (V-3377) and restrict the Power Users group to include no members.

Configure permissions on the following so that only Administrators and System have Full (no other permissions assigned to other accounts or groups).

\regedit.exe
\System32\arp.exe
\System32\at.exe
\System32\attrib.exe
\System32\cacls.exe
\System32\debug.exe
\System32\edlin.exe
\System32\eventcreate.exe
\System32\eventtriggers.exe
\System32\ftp.exe
\System32\nbtstat.exe
\System32\net.exe
\System32\net1.exe
\System32\netsh.exe
\System32\netstat.exe
\System32\nslookup.exe
\System32\ntbackup.exe
\System32\rcp.exe
\System32\reg.exe
\System32\regedt32.exe
\System32\regini.exe
\System32\regsvr32.exe
\System32\rexec.exe
\System32\route.exe
\System32\rsh.exe
\System32\sc.exe
\System32\secedit.exe
\System32\subst.exe
\System32\Systeminfo.exe
\System32\telnet.exe
\System32\tftp.exe
\System32\tlntsvr.exe

\System32\mshta.exe will have Users – Read and Execute in addition to the permissions above.