ACTIVE DIRECTORY SECURITY CHECKLIST ... - Leet Upload
ACTIVE DIRECTORY SECURITY CHECKLIST ... - Leet Upload
ACTIVE DIRECTORY SECURITY CHECKLIST ... - Leet Upload
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Active Directory Checklist, V1R1.2 Field Security Operations<br />
22 September 2006 Defense Information Systems Agency<br />
DS10.0210 Synchronize Directory Service Data Right<br />
STIG ID \ V-Key DS10.0210 \ V0011758<br />
Severity Cat I<br />
Short Name Synchronize Directory Service Data Right<br />
IA Controls ECAN-1, ECCD-1, ECCD-2, ECLP-1<br />
MAC /Conf 1-CSP, 2-CSP, 3-CSP<br />
References AD STIG 2.3.3.4<br />
Long Name: The Synchronize Directory Service Data user right has been assigned to an<br />
account.<br />
Checks:<br />
• Use the procedures in Section 5.4, “Using the Microsoft Management Console,”<br />
of the Windows Checklist to start the Security Configuration and Analysis tool.<br />
- Note: It is not necessary to use the customized template file for this check. Any<br />
file that causes the “Synchronize Directory Service Data Right” to display is<br />
sufficient.<br />
• Select and expand the “Security Configuration and Analysis” item in the left<br />
pane.<br />
• Select and expand the “Local Policies” item in the left pane.<br />
• Select the “User Rights Assignment” item in the left pane.<br />
• Scroll down to the “Synchronize Directory Service Data Right” item in the right<br />
pane.<br />
• Note the values indicated in the Computer Setting column.<br />
• If any accounts (including groups) are assigned the “Synchronize Directory<br />
Service Data Right”, then this is a Finding.<br />
This check includes one rights check from Windows Checklist item 4.010. That item will be<br />
updated to remove this single check in future versions of the Windows Checklists.<br />
UNCLASSIFIED<br />
5-15