Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
ACLs for system files and directories do not conform to minimum requirements.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-1130 | 2.006 | SV-18445r1_rule | ECCD-1 ECCD-2 | Medium |
| Description |
|---|
| Failure to properly configure ACL file and directory permissions, allows the possibility of unauthorized and anonymous modification to the operating system and installed applications. |
| STIG | Date |
|---|---|
| Windows XP Security Technical Implementation Guide | 2014-04-07 |
Details
| Check Text ( None ) |
|---|
| None |
| Fix Text (F-29105r1_fix) |
|---|
| Maintain the default file ACLs, configure the Security Option: “Network access: Let everyone permissions apply to anonymous users” to “Disabled” (V-3377) and restrict the Power Users group to include no members. Configure permissions on the following so that only Administrators and System have Full (no other permissions assigned to other accounts or groups). \regedit.exe \System32\arp.exe \System32\at.exe \System32\attrib.exe \System32\cacls.exe \System32\debug.exe \System32\edlin.exe \System32\eventcreate.exe \System32\eventtriggers.exe \System32\ftp.exe \System32\nbtstat.exe \System32\net.exe \System32\net1.exe \System32\netsh.exe \System32\netstat.exe \System32\nslookup.exe \System32\ntbackup.exe \System32\rcp.exe \System32\reg.exe \System32\regedt32.exe \System32\regini.exe \System32\regsvr32.exe \System32\rexec.exe \System32\route.exe \System32\rsh.exe \System32\sc.exe \System32\secedit.exe \System32\subst.exe \System32\Systeminfo.exe \System32\telnet.exe \System32\tftp.exe \System32\tlntsvr.exe \System32\mshta.exe will have Users – Read and Execute in addition to the permissions above. |