WN12-AD-000001-DC - Active Directory data files must have proper access control permissions.

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

Improper access permissions for directory data related files could allow unauthorized users to read, modify, or delete directory data or audit trails.

Solution

Ensure the permissions on NTDS database and log files are at least as restrictive as the following:
NT AUTHORITY\SYSTEM:(I)(F)
BUILTIN\Administrators:(I)(F)

(I) - permission inherited from parent container
(F) - full access

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_Windows_2012_and_2012_R2_DC_V3R4_STIG.zip

Item Details

References: CAT|I, CCI|CCI-002235, Rule-ID|SV-226070r794318_rule, STIG-ID|WN12-AD-000001-DC, STIG-Legacy|SV-51175, STIG-Legacy|V-8316, Vuln-ID|V-226070

Plugin: Windows

Control ID: 9c4d772d0e772d20ecf630d4a883550cc062653d2ab0d6bf1de396d71226b4c1