Detections
Analytics
1.1.1.2.1.70 Set 'Network access: Remotely accessible registry paths'
Information
1.1.1.2.1.70 Set 'Network access: Remotely accessible registry paths' to 'System\CurrentControlSet\Control\ProductOptions System\CurrentControlSet\Control\Server Applications Software\Microsoft\Windows NT\CurrentVersion'This policy setting determines which registry paths will be accessible after referencing the WinReg key to determine access permissions to the paths. Note: This setting does not exist in Windows XP. There was a setting with that name in Windows XP, but it is called Network access: Remotely accessible registry paths and subpaths in Windows Server 2003, Windows Vista, and Windows Server 2008. Note: When you configure this setting you specify a list of one or more objects. The delimiter used when entering the list is a line feed or carriage return, that is, type the first object on the list, press the Enter button, type the next object, press Enter again, etc. The setting value is stored as a comma-delimited list in group policy security templates. It is also rendered as a comma-delimited list in Group Policy Editor's display pane and the Resultant Set of Policy console. It is recorded in the registry as a line-feed delimited list in a REG_MULTI_SZ value. The registry is a database that contains computer configuration information, and much of the information is sensitive. An attacker could use this information to facilitate unauthorized activities. To reduce the risk of such an attack, suitable ACLs are assigned throughout the registry to help protect it from access by unauthorized users.
Solution
To implement the recommended configuration state, set the following Group Policy setting to System\CurrentControlSet\Control\ProductOptions System\CurrentControlSet\Control\Server Applications Software\Microsoft\Windows NT\CurrentVersion.Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Network access- Remotely accessible registry paths
Impact- Remote management tools such as the Microsoft Baseline Security Analyzer and Microsoft Systems Management Server require remote access to the registry to properly monitor and manage those computers. If you remove the default registry paths from the list of accessible ones, such remote management tools could fail. Note- If you want to allow remote access, you must also enable the Remote Registry service.
See Also
Item Details
Audit Name: CIS Windows 2003 MS v3.1.0
Category: ACCESS CONTROL
References: 800-53|AC-6(7), CCE|CCE-3729-1
Plugin: Windows
Control ID: 1b01706dfb000b86a2356dc33bd37ce200420acf9e85140371c8ca696accee1b