ACTIVE DIRECTORY SECURITY CHECKLIST ... - Leet Upload

More documents

Recommendations

Info

Active Directory Checklist, V1R1.2 Field Security Operations 22 September 2006 Defense Information Systems Agency DS10.0130 AD Data File Locations STIG ID \ V-Key DS10.0130 \ V0008317 Severity Cat II Short Name AD Data File Locations IA Controls DCSP-1 MAC /Conf 1-CSP, 2-CSP References AD STIG 2.3.1.5 Long Name: The AD data files are located on the same logical partition as directories and files owned by users. Checks: • Refer to the AD database, log, and work file information obtained in check DS00.0120. Note the logical drive (e.g., “C:”) on which the files are located. • At a command line prompt enter “net share”. • Record the logical drive(s) for any site-created shares. [Ignore all system (NETLOGON, SYSVOL, and administrative (ending in $)) shares.] • If any site-created shares are located on the same logical drive as the AD database, log, or work files, then this is a Finding. UNCLASSIFIED 5-4
Active Directory Checklist, V1R1.2 Field Security Operations 22 September 2006 Defense Information Systems Agency DS10.0120 Support Tools Access Permissions STIG ID \ V-Key DS10.0120 \ V0008320 Severity Cat II Short Name Support Tools Access Permissions IA Controls DCSL-1 MAC /Conf 1-CSP, 2-CSP, 3-CSP References AD STIG 2.3.1.4 Long Name: Windows Support Tools program files do not have proper access permissions (ACLs). Checks: • Start Windows Explorer. • Right-click the “My Computer” item and select “Search…” - Enter “Support*” in the file name field. - Select “Local Hard Drives” in the “Look in:” field. - Click the Search button. • Record the location for the “Support Tools” directory. Note: The SA may have installed the Support Tools in an alternate location. If the default directory is not found, ask the SA. • If the directory is not found and the SA confirms that the Support Tools are not installed, then this check is Not Applicable. • Using the recorded location, compare the ACL of the Support Tools directory to the specifications in Checklist appendix A.1.2. • If the actual permissions are not at least as restrictive as those in the appendix, then this is a Finding. UNCLASSIFIED 5-5
Page 1 and 2:
ACTIVE DIRECTORY SECURITY CHECKLIST
Page 3 and 4:
Active Directory Checklist, V1R1.2
Page 5 and 6:
Page 7 and 8:
Page 9 and 10:
Page 11 and 12:
Page 13 and 14:
Page 15 and 16:
Page 17 and 18:
Page 19 and 20:
Page 21 and 22:
Page 23 and 24: Active Directory Checklist, V1R1.2
Page 73: Active Directory Checklist, V1R1.2
Page 125 and 126:
Page 127 and 128:
Page 129 and 130:
Page 131 and 132:
Page 133 and 134:
Page 135 and 136:
show all

ACTIVE DIRECTORY SECURITY CHECKLIST ... - Leet Upload

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?