3.055 - The default permissions of Global system objects will be increased.

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

Windows system maintains a global list of shared system resources such as DOS device names, mutexes, and semaphores. Each type of object is created with a default DACL that specifies who can access the objects with what permissions. If this policy is enabled, the default DACL is stronger, allowing non-admin users to read shared objects, but not modify shared objects that they did not create.

Solution

Configure the policy value for Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Security Options -> 'System Objects: Strengthen default permissions of internal system objects (e.g. Symbolic links)' to 'Enabled'.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_Windows_2008_R2_MS_V1R33_STIG.zip

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6, CAT|III, CCI|CCI-000366, CSCv6|3.1, CSCv6|14.4, Rule-ID|SV-32312r1_rule, STIG-ID|3.055, Vuln-ID|V-1173

Plugin: Windows

Control ID: 70465e8b05311c810813a59b35178b95d85ed03cdb22b7bed8914db4764ba783