ACTIVE DIRECTORY SECURITY CHECKLIST ... - Leet Upload
ACTIVE DIRECTORY SECURITY CHECKLIST ... - Leet Upload
ACTIVE DIRECTORY SECURITY CHECKLIST ... - Leet Upload
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Active Directory Checklist, V1R1.2 Field Security Operations<br />
22 September 2006 Defense Information Systems Agency<br />
DS10.0290 Windows Services Startup<br />
STIG ID \ V-Key DS10.0290 \ V0008327<br />
Severity Cat II<br />
Short Name Windows Services Startup<br />
IA Controls ECTM-1, ECTM-2<br />
MAC /Conf 1-CSP, 2-CSP, 3-CSP<br />
References AD STIG 2.3.3.7<br />
Long Name: Windows services that are critical for AD are not configured for automatic<br />
startup.<br />
Checks:<br />
• Start the Services console (“Start”, “Run…”, “services.msc”)<br />
• Check the Startup Type field for the following:<br />
- Distributed File System<br />
- DNS Client<br />
- File Replication Service<br />
- Intersite Messaging<br />
- Kerberos Key Distribution Center<br />
- Windows Time<br />
• If the Startup Type for any of these services is not Automatic, then this is a<br />
Finding.<br />
Note: The Windows Time service is not required *if* another time synchronization<br />
tool is implemented.<br />
UNCLASSIFIED<br />
5-9