20.38 Ensure 'Non-system-created file shares must limit access to groups that require it'

Information

This policy setting ensures that non-system-created file shares limit access to groups that require it.

Shares on a system provide network access. To prevent exposing sensitive information, where shares are necessary, permissions must be reconfigured to give the minimum access to accounts that require it.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

If a non-system-created share is required on a system, configure the share and NTFS permissions to limit access to the specific groups or accounts that require it.

Remove any unnecessary non-system-created shares.

Impact:

Shares will be locked down to Users/Groups that need access.

See Also

https://workbench.cisecurity.org/benchmarks/18857