ACTIVE DIRECTORY SECURITY CHECKLIST ... - Leet Upload
ACTIVE DIRECTORY SECURITY CHECKLIST ... - Leet Upload
ACTIVE DIRECTORY SECURITY CHECKLIST ... - Leet Upload
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Active Directory Checklist, V1R1.2 Field Security Operations<br />
22 September 2006 Defense Information Systems Agency<br />
GPT (SYSVOL) Directories<br />
Component Object Account Name Type Access<br />
GPT<br />
…\SYSVOL Administrators Allow Full Control<br />
parent directory<br />
Authenticated Users Allow Read, Read &<br />
Execute, List<br />
Folder Contents<br />
CREATOR OWNER<br />
[None on dir.]<br />
Server Operators Allow Read, Read &<br />
Execute, List<br />
Folder Contents<br />
SYSTEM<br />
Allow Full Control<br />
GPT<br />
…\SYSVOL\ Administrators Allow Full Control<br />
policies directory domain\Policies Authenticated Users Allow Read, Read &<br />
Execute, List<br />
Folder Contents<br />
CREATOR OWNER<br />
[None on dir.]<br />
Group Policy Creator Allow Read, Read &<br />
Owners<br />
Execute, List<br />
Folder Contents,<br />
Modify, Write<br />
Server Operators Allow Read, Read &<br />
Execute, List<br />
Folder Contents<br />
SYSTEM<br />
Allow Full Control<br />
A.1.2 Windows Support Tools Permissions<br />
Object Account Name Type Access<br />
…\%ProgramFiles%\<br />
Support Tools\<br />
Administrators<br />
SYSTEM<br />
[Other IAOauthorized<br />
groups]<br />
A.1.3 Synchronization\Maintenance Software Permissions<br />
UNCLASSIFIED<br />
Allow<br />
Allow<br />
Allow<br />
Component Account Name Type Access<br />
Synch\Maint<br />
Software and<br />
Config Files<br />
Administrators<br />
[App account]<br />
[App SAs]<br />
SYSTEM<br />
Allow<br />
Allow<br />
Allow<br />
Allow<br />
Full Control<br />
Full Control<br />
Read, Execute<br />
With propagation<br />
Full Control<br />
Read, Execute<br />
Full Control<br />
Full Control<br />
A-2